Top infosec trends in the social media spotlight this week
You don’t have to be a keen yogi to know Baba Ramdev, the Indian guru-turned businessman.
His latest venture was slammed online for its lack of security in the moments following its unveiling this week.
After boasting that his privacy-focused messaging app Kimbho was a “WhatsApp killer”, it was removed from the Google Play Store today after a researcher (who calls himself Elliot Alderson) laid bare its multiple flaws.
The app reportedly stored data in easy-readable text and its two-step verification could be manipulated to allow another party access to the users’ messages.
After criticism blew up online the app’s developer, Patanjali Products, claimed that there were no vulnerabilities, and that the messaging service was rolled out as a one-day trial.
But Alderson, (no, not that Alderson), called their bluff and accused the company of lying about the launch.
The app's developers, meanwhile, claimed it was removed because demand was too high.
Alderson later appeared in what may be this moment’s most popular meme, after Kimbho became his latest in a line of victims.
Bonus fact: According to reports ‘Kimbho’, a Hindi Sanskirt word, translates into English as ‘What’s up?’
A group of researchers disclosed an unusual attack method last week after they demonstrated how to cause a PC to crash by playing sounds through the computer’s speaker.
The team from the University of Michigan and Zhejiang University released a report detailing the Blue Note attack, which can cause physical damage to hard drives using sound waves.
Hard disk drives found in desktop and laptop PCs could become damaged, causing file system corruption and reboots, using the vibrations from audible sound waves.
Researchers also disclosed that the attack can be used to corrupt digital security cameras, too.
Elsewhere, researchers from St Polten University of Applied Sciences unveiled their latest project, the first ever ultrasound firewall for mobile phones, this week.
The free firewall detects acoustic cookies and alerts the user, allowing them to block tracking attempts.
However Reddit users were skeptical about the software.
The researchers were undeterred by the criticism though, and have already started working on an ultrasound firewall for IoT devices.
Discovering a new vulnerability or technique is hard enough without having to come up with a catchy name for it.
Hence why the subject of bug naming is back in the news.
Recent disclosures have been slammed by security bods for Efailing to focus on harm reduction rather than branding and self-promotion – remember Heartbleed, or the AMD chip flaw?
What stood out to social media users, though, was the revelation that the US government employs a unit to specifically name bugs.
Though whether employees can base the names on their favourite childhood TV shows – Fraggle Rock, anyone? – is hardly likely.
Finally, Santander showed how easy it is to be compromised by training an 86-year-old computer novice to become a hacker in minutes.
Alec Daniels was taught by security expert Marcus Dempsey to successfully carry out a phishing attack and breach public WiFi hotspots in the bank’s latest security-minded campaign.
The drive hopes to inform more senior citizens about the risks of banking scams, after 41% of people said they use public WiFi to access their online bank accounts.