Over the weekend a number of articles broke describing a “hack” that allowed nude photos of celebrities to be stolen and then reposted on the internet (4chan). Although the story held minimal interest at the time of its release we did not see it as big news since phone and cloud service hacks are far too common these days, just because it happened to be someone famous did not make it anymore news worthy. If anything it made it less as you should not be storing nude or explicit images of yourself on your phone or in any cloud service these days.
Palestinian security researcher Khalil Shreateh attempted to inform Facebook of a security flaw. Shreateh contacted Facebook with a message stating, “My name is Khalil Shreateh. I finished school with a BA Degreen in Information Systems. I would like to report a bug in your main site (www.facebook.com) which I discovered it… The bug allow Facebook users to share links to others facebook users, I tested it on Sarah Goodin wall and I got success post (sic).” Their lack of interest in asking more questions and denying it was a bug, led to him posting a message directly to Mark Zuckerberg’s wall.
At one of the presentations at the security conference BlackHat USA 2013, researchers from the American University George Tech have demonstrated a method of hacking the iPhone by using seemingly safe charger to charge the battery. Billy Lau, Yeongin Jang and Chengyu Song took advantage of the failure to charge that allowed them to connect to the USB port on any iPhone, bypassing security mechanisms that prevent arbitrary installation of the software, and finally install their own harmful programs. These programs can then be transferred and hidden in the same way as Apple hides their own built-in apps.
Last year we opened up a can of worms when we covered the discovery of how vulnerable commercial (and possibly military) drones were when it comes to keeping them on course. The GPS signals used to make sure that these drones are where they need to be was vulnerable to a simple spoofing attack that was put together by a group of college kids and with a budget of only $3,000. Considering the budgets that criminal organizations and governments have this news was not good at all.
It looks like there is a simple hack, containing of only one line of code that can start an unstoppable factory reset on the Samsung Galaxy S3. According to security researchers there is a simple USSD (Unstructured Supplementary Service Data) code that can do some serious harm to S3 owners. USSD is a session based GSM protocol unlike SMS and MMS, and it is used to send messages between a mobile phone and an application server. With the advancements in technology there are more than few services based on USSD, some of them are social networking apps, mobile banking, prepaid recharge/account balance, even the NFC technology and QR codes.