No one likes a stranger standing close to them. And at least one of the reasons for that is to avoid “shoulder-surfing,” or the event when a stranger is looking over your shoulder to your phone or ATM to observe a financial transaction and catch a glimpse of your PIN or account number. But the good news is that researchers at the NYU Tandon School of Engineering are developing an application that will fight shoulder-surfing, whether it is done in person or via a camera.
The new technology is called “IllusionPIN,” and it works by using a hybrid-image keyboard that appears one way to the user and differently to an observer at a distance of three feet (or more). You, the user, being closest to the phone will see one configuration of numbers, while someone who may be trying to spy on you will see a completely different keypad.
The underlying technology of IllusionPIN blends one image of a keyboard configuration with high spatial frequency and a second with low spatial frequency. This produces two different images; or to be more precise, the image is dependant on the distance from which it is viewed.
Importantly, IllusionPIN reconfigures the keyboard each time the user logins.

Reference:
NYU Tandon School of Engineering via ScienceDaily (https://www.sciencedaily.com/releases/2017/08/170822153610.htm)

As if regular hackers weren’t enough, soon we’ll have to deal with artificially intelligent (AI) cyber attacks too. And according to experts, the first AI-powered cyber attack could come very soon indeed: in the next 12 months.
At a recent cybersecurity conference, out of 100 industry professionals, 62 said that we could expect AI cyber attacks within a year. If you’re wondering what does that mean, it means that AI will simply make existing cyber attacks more powerful and more efficient, and as a result, much more difficult to deal with.
Things such as identity thefts, password crackings, personal data thefts, etc., could hit us harder and bigger. Larger attacks could harm thousands of people at the same time, cut power to large groups of people, even cities, shut down hospitals, and yes, even affect national security.
With the Internet of Things (IoT) still in its infancy, we’re bound to fill our homes, offices, factories, and roads with more and more internet-connected systems as time goes by. While this may improve our lives, on the one hand, it may harm us on another, as all of the IoT will be susceptible to cyber attacks.
All in all, it’s evident that AI will escalate what is already a growing concern. More research and development from cybersecurity experts are needed to protect consumers shortly.

Reference:
Phys.org (https://phys.org/news/2017-08-artificial-intelligence-cyber.html)

Hackers and fraudsters can be hard to avoid even if you’re doing everything right. Stealing your money or your identity or your private information are just some of the things these fraudsters and hackers do, so being super-careful while on the internet is a must.
However, even being super-careful can sometimes be not enough. This is because some fraudsters don’t use regular, cliche ways to trick people, but they develop relationships with them first and then take their money. So the best way to protect yourself is to learn the tricks thieves use.
Loved One in Trouble
Impostors will pretend to be a family member in trouble who needs money.
Protect yourself: If the person doesn’t tell you their name, ignore the email. If you’re really worried, call your relatives and check on everyone you think may be in danger.
Owning the Government
Thieves will pretend to be from IRS or another agency, saying you owe money. They may pressure and even threaten you if you don’t pay the “debt.”
Protect yourself: rest assured that no government will send you an email if you owe them money. However, if you’re still unsure, call the agency to see if there is a problem.
Broken Computer
Hackers will send you an email saying that your computer is broken or has a virus. They may pretend to be from Microsoft or another big company and ask you to share some of your files or pay for the “repair.”
Protect yourself: Companies have no way of knowing if your computer has a problem, so they will never contact you in this manner. Ignore these emails completely.

Reference:
Phys.org (https://phys.org/news/2017-08-dont-fall-financial-scams.html)

A new study conducted by Brigham Young University (BYU) researchers has revealed that most users of popular messaging apps such as Viber and WhatsApp are making themselves exposed to hacking and fraud. How? By not using important security options.
The researchers wanted to understand how typical users use messaging apps and how they’re protecting themselves while they’re using them. And their results are disheartening.
Although Viber, Facebook Messenger and WhatsApp use encryption by default, all three apps also require authentication ceremony to ensure real security. The problem is this – most users are simply not aware of the authentication ceremony and its importance. So, “it is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations,” explains BYU computer science Ph.D. student Elham Vaziripour, who led the study.
Even more worrying is the fact that once the researchers told users about the authentication ceremonies, many thought the process was not simple, they were frustrated with it, and it took them a long time actually to do it.
Vaziripour explains that the ultimate goal is to perform the authentication ceremony “behind the scenes” automatically so that the problems can be addressed without making the users educate themselves.

Source:
Brigham Young University via ScienceDaily (https://www.sciencedaily.com/releases/2017/08/170810173313.htm)

New research has shown that a surge in computer hacking has led to an incredible breach of security – more than six billion records were hacked so far this year. Bear in mind that we’re still nowhere near the end of 2017, and this number has already topped the total for 2016.
Risk Based Security in Virginia said that it identified 2,227 publicly disclosed data compromise events affecting government, medical, educational and business data. This came as a part of a mid-year report.
Inga Goddijn, Executive Vice President for Risk Based Security, said that is is “stunning” to observe this steady increase in the number of data breaches that affect one million or million or more records.
Interestingly, the report said that employment and tax records are among the most hacked records. As for the techniques the hackers use, many have successfully used phishing or spoofing emails to obtain tax information from US citizens. Of course, tax and employment records are only some of the targets; others include human resources departments, employment agencies, and as mentioned, medical, educational, government and business data.
“While news of politically motivated foreign interference in election systems continues to dominate the headlines, the breach activity we are tracking this year is a stark reminder of just how many data compromise incidents are motivated by financial gain,” warned Goddijn.

Source:
Phys.org (https://phys.org/news/2017-07-billion-hacked-year.html)

The Black hat conference, a computer security conference, has recently had its summit, where Facebook chief security officer Alex Stamos (among others) spoke. Stamos explained that the focus now needs to be on preventing brazen attacks. Here’s how.
Stamos’ idea is quite original: hackers that were once known for small, relatively harmless mischief should now reach out and help researchers detect and prevent major attacks that threaten billions of people worldwide.
This hacker summit follows a series of major attacks that have caused blackouts, interfered with national elections, disrupted commerce and paralyzed hospitals.
Stamos said that it’s unfair to expect from users to “know better.” It is up to the industry to find better ways to protect users and help them protect themselves. Common things such as reusing old passwords, email phishing attempts and not updating the OS were mentioned.
In essence, Stamos called for a broader focus on defensive techniques.
Amit Yoran, CEO of Columbia, Maryland-based security firm Tenable, and a former cybersecurity official during the administration of President George W. Bush also spoke. He said that the part of the problem lies in the fact that we focus too much on the threat of the day instead of on the foundational problems that are always present.

Source:
Phys.org (https://phys.org/news/2017-07-hacker-summit-focus-brazen.html)

BM has announced that the company has been granted a patent on a system that will use the inherent structure of a PCB (printed circuit board) to protect codes and cryptographic keys in a manner that is designed to be highly secure and tamper-resistant.
IBM’s patented system won’t require extensive use of materials such as resin, which is used to encase packages or modules containing keys and codes. This should also reflect in a decrease in repairs, which is great news. But most importantly, the system could help protect keys and codes that encrypt data stored on any platform, meaning it would make no difference if your data were stored in an enterprise storage system or the cloud.
Traditionally, preventing tampering involves encasing modules or packages in a plastic or epoxy-like resin. Although effective, these approaches usually bring a host of problems as well: deformations and warping of circuit boards being one of them.
IBM’s approach is different as it relies on using circuitry on layers of a PCB or other laminates structure to encode codes and keys. There are physical access barriers too: additional layers of the PCB or laminate structure added above and below the layers that contain keys and codes. Also, the circuitry protecting the codes and keys can be placed in random patterns and locations. Furthermore, this circuitry is compromised of materials which are undetectable via X-ray or acoustic microscopy.
All in all, great news for security and data protection!

Source:
Phys.org (https://phys.org/news/2017-07-cryptographic-keys-codes.html)

Today, our text messages, as well as our health information and bank transactions are based on mathematical algorithms encryption. Although highly efficient, this approach will be hard to keep safe once the quantum computer hit the scene. This is because, unlike regular computers, super-powerful computers can figure out the exact algorithm used to encrypt data.
An efficient satellite-based quantum encryption network would go a long way – it could provide not only a safe but a super-safe way to encrypt data sent over long distances. For this reason, it is highly desired.
Now, in a new study, researchers managed to demonstrate ground-based measurements of quantum states sent by a laser aboard a satellite which is 38,000 kilometers above Earth –and they look good.
As Christoph Marquardt from the Max Planck Institute for the Science of Light, Germany explains, the team was quite surprised to discover how well the quantum states survived traveling through the atmosphere to a ground station. This is great news, as it means that technology on satellites – which is already space-proof against various severe environmental tests – can also be used for achieving quantum-measurements, meaning satellite-based quantum encryption networks are possible.
But that’s not all: according to Marquardt, we can expect to see satellite-based quantum encryption networks in just about five years from now.

Source:
The Optical Society via ScienceDaily (https://www.sciencedaily.com/releases/2017/06/170615120552.htm)

According to researchers at the University of Alabama at Birmingham, hackers could use your brainwaves to steal your passwords. This is thanks to increasingly popular technology brainwave-sensing headsets, also known as EEG headsets.
EEG headsets allow users to use only their thoughts to control various robotic toys and video games. Although there are only a handful on the market, brainwave-sensing headsets are becoming increasingly popular for obvious reasons.
However, according to the researchers, there’s a serious reason for concern over this piece of technology. Nitesh Saxena, Ph.D., associate professor in the UAB College of Arts and Sciences Department of Computer and Information Sciences, Ph.D. student Ajaya Neupane and and former master’s student Md Lutfor Rahman, found that when a user of an EEG headset pauses a video game in order to log in to their bank account, he/she puts himself/herself at risk for having his/her passwords stolen by a malicious software program. Other sensitive and personal data can be stolen in the same way.
So, the team advises that instead of focusing on developing more advanced brain-computer technologies, the companies should first focus on safety and security aspects of EEG headsets.

Source:
University of Alabama at Birmingham via ScienceDaily (https://www.sciencedaily.com/releases/2017/07/170701081756.htm)

For the first time ever, Google has been ordered to remove a website from its global search results. If you’re worried about censorship, freedom of expression and rights to access information, read on to find out what exactly happened.
On Wednesday, the Top court in Canada ordered Google to remove a website from its global search results because of a copyright protection case. Equustek Solutions, which is a Canadian telecommunications equipment manufacturer, successfully sued another company for stealing its products. Apparently, this company simply relabeled Equustek Solutions’ products and passed them off as their own.

Supreme Court then ordered Google to de-index 345 web pages that are associated with the offending company, but only in Canada. However, the offending firm then fled the country and continued to market “stolen” goods from an unknown location.
After this, Equustek Solutions asked Google to go a step further and de-index all mentions of the offending firm worldwide. But Google resisted, arguing that they’re not a party to the dispute and that such measure would be an overreach that tips the balance of freedom of expression.

However, the Supreme Court concluded: “Without the injective relief, it was clear that Google would continue to facilitate that ongoing harm. The Internet has no borders—its natural habitat is global. The only way to ensure that the interlocutory injunction attained its objective was to have it apply where Google operates—globally.”
After the ruling, some copyright organizations, civil liberties, and media groups argued that this could set the precedent: governments and various commercial entities could see this as justifying censorship.
What do you think? Is this a rightful ruling or a beginning or global censorship?

Reference:
Phys.org (https://phys.org/news/2017-06-canada-court-google-block-website.html)