Posts

Ultrasonic Fingerprint Reader has a security loophole

Image
In theory,  An  ultrasonic fingerprint sensor  works by bouncing a sonic pulse wave off of your fingertip to create a three-dimensional image. It's much more secure than optical in-display  sensors  and will work even if your fingers are greasy, dirty, or wet. A Galaxy S10 user recently got a Rs.100/-  ‘gel screen protector’ off eCommerce site.  However, he realized that after using the protector, any fingerprint could unlock the phone.  According to Samsung, the case is under investigation. Nevertheless, the company considers this issue to be related to the cost of the screen protector  Rs. 100/-  .  Samsung earlier had warned Galaxy S10 owners against unofficial screen protectors. Galaxy S10  series which comes with an  ultrasonic fingerprint sensor . While this fingerprint reader is top-notch, it does not work well with a tempered glass screen protectors. Many users can not use a smartphone without a screen protector, s...

SIM Swap Fraud Remedy via Consumer Courts

Image
SIM Swap Fraud Remedy via Consumer Courts By Prashant Mali Case No. 1 : Positive order BSNL Bengaluru and the Union Bank of India have been ordered to pay Rs 9.6 lakh to a businessman after fraudsters siphoned off money from his bank account in what was described as a sim swap fraud. The national telecom provider was pulled up for issuing a duplicate sim to fraudsters without adhering to Know Your Customer (KYC) norms and the bank for not alerting the customer on time. Nagarathpet resident Ramesh Kumar has been using a mobile phone with a BSNL sim card for many years and had linked it to his account at Union Bank of India’s BVK Iyengar Road branch. On September 22, 2015, Kumar checked his email to find that an unknown beneficiary had been added to his online bank account. By the time he could alert bank authorities about the breach, the fraudsters managed to transfer Rs 9,62,700 from his account. The sim card on his cellphone that was supposed to receive a one-time password (OTP...

SIM Swap Fraud Solution which India should Adapt By Prashant Mali

Image
SIM Swap or SIM Exchange Fraud Solution which India should Adapt By Prashant Mali Being a long-time crusader of SIM swap fraud victims in India and winning many cases in favour of victims, I thought of penning this advice.  Sim Exchange fraud or Sim Hijacking fraud (also known as Port-Out scam or SIM splitting) is a type of account takeover fraud that generally targets a weakness in two-factor authentication & two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. In 2018, over 80% of adults were expected to have a bank account, over 1.18 billion people own a mobile phone in India How SIM Swap Fraud works? Fraudsters obtain banking account details and your registered mobile number through phishing or through Trojans/Malware or through a leaked database. Under the pretext of losing the mobile handset, new handset or damaged SIM card, fraudster approaches mobile service provider using a forged author...

Hackers are targeting ATMs in India with new malware that steal data

Image
A banking malware named  ATMDTrack   has been active in India since late last summer,  in a  kaspersky report . Allegedly State sponsored Hackers from North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India. Further analysis of the malware by the Moscow-based cybersecurity firm found the samples to be part of a bigger remote access trojan (RAT) called DTrack. Calling it a spy tool to attack financial institutions and research centers in India, the experts said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.” The DTrack RAT was detected as recently as this month, the researchers noted. Collecting key logs and browser histories The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dro...

Right to Internet is a fundamental right in India

Image
Internet Access is a fundamental Right held by  Kerala High Court. i.e. that the right to have access to the #Internet is part of the right to education as well as the right to privacy under Article 21 of the Indian Constitution . The verdict came on a petition filed by a Kozhikode college student challenging her expulsion for not adhering to restrictions on the use of mobile phone Justice P.V. Asha made the observation while ordering the Principal of Sree Narayanaguru College, Kozhikode, to re-admit a student who had been expelled from the college hostel for using her mobile phone beyond the restricted hours. The court observed, “When the Human Rights Council of the United Nations has found that the right of access to Internet is a fundamental freedom and a tool to ensure right to education, a rule or instruction which impairs the said right of the students cannot be permitted to stand in the eye of law.” The verdict came on a petition filed by Faheema Shirin, a third-semes...

Cyber Warfare: Two Instances where Kinetic Force was used in response to Cyberattack

Image
Two Tales of Using Kinetic Force in Response to  Cyberattack  May 2019, the  Israel Defense Forces (IDF)  launched a physical attack on Hamas in immediate response to an alleged  cyber-assault . The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by  Hamas cyber operatives  to attack Israel’s cyber space. It came  amid days of intense fighting  between the IDF and terror groups in the Gaza Strip. The IDF claimed it stopped the attack online before launching its airstrike on Hamas. It claims it has now wiped out Hamas’ cyber operational capabilities.  Israel Defense Forces said  via Twitter : “We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed.”  It could mark a change in  modern cyber warfare  tactics,...

First Space Cybercrime of Indentity Theft

Image
First Space #cybercrime of #identitytheft in ISS  Nasa is investigating a claim that an astronaut Ms. Anne McClain the first Lady astronaut has allegedly accessed the bank account of her estranged husband from the International Space Station. Accused has acknowledged the crime but denied any wrongdoing When her husband Mr  Summer Worden, had filed a complaint with the Federal Trade Commission FTC. Lady astronaut  has since returned to Earth. The astronaut claims, she was merely making sure that the family's finances were in order and there was enough money to pay bills and care for Ms Worden's son - who they had been raising together prior to the divorce in 2018 How does the law work in space? There are five national or international space agencies involved in the ISS - from the US, Canada, Japan, Russia and several European countries - and a legal framework sets out that national law applies to any people and possessions in space. So if a Canadian national were to commit...