Tag: security

Categories
Mobile Syrup

Samsung, Pixel devices vulnerable to exploits that expose calls and texts

Google’s ‘Project Zero,’ an in-house team of cybersecurity experts and analysts, warned in a new blog post of 18 different potential exploits in some phones using Samsung’s Exynos modems. That includes devices from Samsung, Vivo and Google’s own Pixel line (more on the specific devices below).

Project Zero warns that the exploits are severe and should be treated as zero-day vulnerabilities — the term ‘zero-day’ refers to recently-discovered exploits that software makers and manufacturers have zero days to fix. The exploits could allow malicious actors to compromise a device just by knowing the associated phone number, and the device’s owner wouldn’t notice a thing.

Specifically, four of the 18 exploits could allow a malicious actor to gain access to the data coming in and out of a device’s modem using just the phone number. That data includes things like phone calls and text messages. Particularly concerning is that this could be done remotely, while some of the other vulnerabilities would require local access to a device.

Project Zero recommends that people with affected devices install upcoming security updates as soon as possible to protect themselves from the vulnerability, though when those updates will arrive varies by manufacturer. Google included a patch for some of the flaws in its March 2023 security update for Pixel phones, for example. Impacted devices include:

  • Samsung phones including the Galaxy S22 series, the Galaxy M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04
  • Vivo phones including the S16, S15, S6, X70, X60 and X30
  • Google Pixel 6 and 7 series
  • Wearables using the Exynos W920 chipset
  • Vehicles that use the Exynos Auto T5123 chipset

Those with an affected device will want to take a few steps to mitigate risks until patches arrive. Project Zero advises people to turn off Wi-Fi calling and Voice-over-LTE (VoLTE) — you should be able to find both of these in the Settings menu under Network & internet > SIMs, though the exact location may vary from device to device.

Project Zero reported the exploits to manufacturers in late 2022 and early 2024, but the team withheld publication for four other vulnerabilities due to the ongoing severity.

Source: Project Zero Via: CNET

Categories
Mobile Syrup

Over 200 million email addresses leaked in Twitter breach

Hackers have posted usernames and email addresses belonging to over 200 million Twitter users in a database. The data was compiled from several Twitter breaches dating back to 2021, and while the online database does not include passwords, the collection of data will likely pose a security threat to those exposed.

Several reports from security researchers and media outlets, including The Verge and Bleeping Computer, have detailed the breach, with researcher Alon Gal warning the breach “will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.”

Bleeping Computer shared screenshots of the database, revealing it contains several text files listing email addresses and linked Twitter usernames along with email addresses and real names (if users shared their real names with Twitter). The database also includes information like users’ follower counts and account creation dates. Bleeping Computer also said it was able to confirm the validity of many email addresses including in the leak. The database is being sold on one hacking forum for as low as $2 USD.

Troy Hunt, who created the cybersecurity alert site ‘Have I Been Pwned‘ to help people check if their phone number or email was included in a data breach, posted on Twitter that he found 211,524,284 unique email addresses in the Twitter breach. “[The breach] looks to be pretty much what it’s been described as,” Hunt wrote.

The breach has since been added to Have I Been Pwned so Twitter users can head to the site and check if their information was included in the breach.

As mentioned above, the Twitter breach can trace its origins back to 2021 when hackers found a vulnerability in Twitter’s security systems. That vulnerability allowed malicious actors to look up accounts with an automated system that entered email addresses and phone numbers to see if they were associated with Twitter accounts.

Twitter disclosed the vulnerability in August 2022 and claimed it fixed the issue in January after it was reported as a bug bounty. Moreover, Twitter said at the time it had “no evidence to suggest someone had taken advantage of the vulnerability,” but cybersecurity researchers had already found databases of Twitter credentials for sale in July 2022. This latest database of Twitter info appears to have origins in the old vulnerability.

Source: The Verge, Bleeping Computer

Categories
Mobile Syrup

November security patch fixes Pixel lock screen bypass bug

Google’s November 2022 security patch dropped for Pixel phones a few days ago, and, if you haven’t already updated your Pixel phone, you should. The update includes a fix for a security flaw that could allow someone to bypass the phone’s lock screen using a SIM card.

David Schütz discovered the issue and detailed it in a blog post and video. While the post is well worth a read if you’re interested in this kind of thing, the short version is that someone with physical access to a Pixel device could bypass lock screen protections, including the fingerprint and PIN, and gain access to the phone.

To do so, all an attacker would need to do is swap the SIM card in the phone. In the video, Schütz shows himself swapping a SIM card into a locked Pixel 6, which then asks for the SIM PIN. After entering that wrong three times, the Pixel asks for a personal unblocking key (PUK), which is used to reset a SIM PIN if a user forgets it. However, in the case of Pixel phones, after entering the PUK and typing in a new SIM PIN, the phone unlocks.

Put another way, an attacker would only need a SIM card with a SIM PIN a PUK code that they know to gain access to any Pixel smartphone. The November 2022 security patch, which is now available for the Pixel 4a and newer, fixes the problem.

Frustratingly, Schütz reported the security flaw to Android’s Vulnerability Rewards Program in the middle of 2022, but Google didn’t do anything until September after some in-person prodding. Still, Schütz got a $70,000 USD reward (about $93,703 CAD), which is a good chunk of change for spotting the flaw.

Source: Schütz Via: 9to5Google

Categories
Mobile Syrup

Ontario’s Peel Region warns citizens of COVID-19 vaccination phishing texts

Ontario’s Peel Region is warning residents that a new COVID-related phishing message is circulating.

The Region of Peel has turned to Twitter to notify residents of a phishing/spam text circulating that claims recipients can get paid for COVID-19 vaccinations. The region warns recipients not to open links or send personal information to these texts.

The texts are fake, and you will not get paid for COVID-19 vaccinations.

This isn’t the first COVID-19 scam we’ve experienced. Back in 2021, the Canadian Centre of Cyber Security noted that many cybercriminals used the ongoing pandemic as a way to lure victims to visit fake websites, apps and open email attachments.

Source: @regionofpeel

Categories
Mobile Syrup

Plex warns users to change passwords following data breach

Digital media player and streaming service Plex sent a letter to users warning that a “third-party was able to access a limited subset of data,” including emails, usernames, and encrypted passwords.

Plex said it already addressed the method the attacker used to gain access to its systems and is doing additional security reviews. Moreover, the company said it doesn’t store credit card or other payment data on its servers, and so the attacker was not able to gain access to that data. Finally, Plex says it is requiring all Plex accounts to reset passwords “out of an abundance of caution.”

However, Plex did not share what method the attacker used to gain access.

Interestingly, ‘Have I Been Pwned‘ creator Troy Hunt was “pwned” in the Plex breach. Hunt tweeted a copy of the letter along with a reminder that users can’t do anything to avoid being caught in a breach, but they can take steps to lessen the impact of breaches. For example, using a password manager to generate unique, random passwords for each account, as well as using two-factor authentication (2FA), can help mitigate the severity of security breaches.

If you use Plex, you should go change your account password now. However, it’s worth noting that several users report having issues with changing their password — per Hunt’s tweets, it seems there’s an issue with the option to sign out connected devices after changing the password. As such, anyone having issues changing their Plex password should uncheck the option to sign out connected devices as that should fix the problem.

Source: Troy Hunt (Twitter) Via: Engadget

Categories
Mobile Syrup

Zoom rolls out fix for Mac app security flaw

Source: https://www.shutterstock.com/image-photo/london-uk-april-2nd-2020-popular-1691467153

Zoom has pushed out version 5.11.5 of its Mac app, which includes an important security fix for a relatively recent security flaw.

Security researcher and founder of the non-profit Objective-See Foundation Patrick Wardle uncovered the Zoom security flaw and presented it at last week’s Def Con hacking conference. Per The Verge, the exploit leverages the Zoom installer, which requires special user permissions to run. Wardle discovered that it was possible to ‘trick’ Zoom into installing a malicious program by adding Zoom’s cryptographic signature to the package.

Once installed, attackers can use the malicious program to gain more access to a user’s system, potentially to modify, delete, or even add files to the device.

As spotted by MacRumors, Zoom addressed the issue in its August 13th security bulletin, noting that version 5.11.5 of Zoom for Mac fixes the flaw and is now available.

In a tweet, Wardle congratulated Zoom on the quick fixing, noting that it looks like the installer now “invokes lchown to update the permissions of the update” package to prevent malicious apps from sneaking in.

As such, you’ll likely want to grab the latest Zoom update right away to make sure you are protected against the exploit. You can update Zoom by opening the app and clicking the name in the menu bar, then ‘Check for updates.’ If one’s available, you’ll need to click ‘Update’ to start the process.

Header image credit: Shutterstock

Source: Zoom Via: MacRumors, The Verge

Categories
Mobile Syrup

Android 13 may not arrive until September

Google’s next big Android update may not arrive until September, as implied by details in a recent security bulletin.

Spotted by Android Police, Google’s Android 13 monthly security bulletin notes that the next major Android update will ship with a default security patch level of “2022-09-01.” In other words, the Android 13 update will ship with the September 2022 security patch.

The document goes on to detail several fixes included in the September security patch, noting that Android 13 devices “with a security patch level of 2022-09-01 or later are protected against these issues.”

While this all suggests a September release for Android 13, Android Police points out that Pixels might get it earlier. With last year’s Android 12 release, Google rolled out the update to Pixel devices two weeks after releasing the Android Open Source Project (AOSP) Android 13 build.

With that in mind, it’s hard to say what will happen with Android 13 and Pixel phones this year. Google made the Android 13 developer preview (the stage before the public beta) available in February 2022, a month earlier than past developer previews. The Android 13 beta similarly came out earlier than usual in April — Google usually announces the beta at the I/O developer conference in May.

In the latest Android 13 beta news, Google just added the newly-released Pixel 6a to the list of supported Pixels. That means Pixel 6a owners can head to the Android Beta Program website and opt-in to join the beta. Doing so sends an over-the-air (OTA) update that will bump your Pixel 6a from Android 12 to Android 13 Beta 4.1. Learn more about that here.

Source: Google Via: Android Police

Categories
Cottage Life

Low-tech security systems for keeping your cottage secure

Our editorial team independently selects these products. If you choose to buy any, we may earn a commission that helps fund our content. Learn more.

Regardless of whether your cottage is located in a remote area or tight-knit community, you probably still have concerns about break-ins. Even when theft isn’t a big consideration—like when the highest ticket item in the cottage a hand-me-down sofa—having a security system is still a must.

Having a security system in place can protect you from the obvious (theft) but it can also alert you to animal break-ins and damages to your property, like burst pipes and flooding.

“I suggest to all my customers that they get an alarm system,”says Dan Moreau, who is a retired police officer and chief inspector and CEO of Cottage Choppers Property Service, in Barrie, ON. “If you don’t have one you’re vulnerable.” 

It’s ultra-important to have someone check in on your property when you’re not there too—especially if you want to maintain your insurance coverage. “If you’re not having someone check on your policy on a regular basis, your policy may not cover you at all,” says Moreau. “Read the fine print in your insurance policy, especially where it relates to leaving a property vacant to unattended.”

Animals are a main concern

Moreau explains that breaks in are not a major worry of most of his clients, but animals, like racoons, mice and bats, can get into your cottage and wreak major havoc. “There are systems that go off if there is an animal intrusion,” says Moreau. “These include motion sensors, and many have sensitivity levels that can pick up anything bigger than a mouse.” There are also systems that include glass break sensors, in case of a human break-in, or if a bird flies into your window and breaks the glass.

No cell service, no problem

If your cottage is located in an area that won’t allow you to make a clear cell phone call or have WiFi, you can still get a security system. For most basic systems, all you need is the capability to run a landline telephone (remember those?). “You can get a landline telephone and run security through that,” says Moreau. This type of system is also quite cost-effective if you want a little security without breaking the bank. “Monitoring is where the expense comes from. An alarm company hires people to sit there and answer phones and charges you $25 to $30 a month for that service.” 

If you go with a basic system, there are a few different ways it can work. A common one is that an alarm goes off dials a number, whether it’s your number in the city or one of your neighbours. That way you can hypothetically go check on the property should the alarm goes off. 

However, Moreau advises proceeding with caution when checking on a break-in: If you hear your neighbour’s alarm going off, dial 911. If you see someone coming and going, try to get a description or license plate, but don’t approach them or attempt to make a citizens arrest.” Instead of putting yourself in danger, he says “aim to become a good witness.” And if you have a friend checking on your property, advise them to do the same.

Get a motion sensor light

At the least, a motion-sensor outdoor light never hurts as a deterrent, according to Moreau. “As a cop, a lot of the break and enters I’ve seen may have been prevented if they had a motion sensor light outside.” 

Lock your boats

If you’re storing valuable boats in the garage or boathouse, invest in security for that space. “If you have an expensive boat, make sure it’s in an alarmed garage or boathouse,” says Moreau. 

Watch out for water damage

Besides burglary and animals, water damage is another concern. “In winter, many people leave their water and heat on low, so it’s ready if they come up occasionally.” However, he explains that if the place isn’t being checked on regularly, and you happen to get an interruption in the heat source, pipes start freezing.” This can lead to all kinds of problems and potential water damage, so opt for a system with a water damage sensor and a low-temperate sensor if this is a concern. 

Double up

Ideally, go for both a security system and a friend, neighbour or trust key-holder to check in on your property and have a system set up to keep you in the know, when you’re there and when you’re not.

When in doubt, cover it up

A lot of cottagers don’t have an alarm system—and they don’t really worry about it. If you’re one of these folks, Moreau advises you not to leave anything in your cottage that you can’t afford to lose. If you have to leave some goods behind, keep it low-key. “Anything of value should be covered, and keep your curtains closed,” says Moreau. 

Here are some home security devices that include some of these features:

security alarm system Image courtesy of Ring/Best Buy

All-in-one security system

This system includes a base station, keypad, four contact sensors and a motion detector. It can also send alerts to directly your phone or tablet, but there is the option to buy into a 24/7 monitoring plan for a monthly fee.

 

 

Buy from Best Buy
$326.99

leak detector Image courtesy of Resideo/ Home Depot
security

Water leak and freeze detector

This handy battery-powered device can be placed wherever a leak is likely, such as near a sump pump, sink, basement drain or water heater. If it detects even a small amount of water, it notifies you—something that could end up saving you thousands of dollars in damages. It can also measure temperature, helping you stay ahead of frozen pipes, and humidity.

 

Buy from Home Depot
$77.47

door and window alarm Image courtesy of Globe Electric/Walmart

Door and window alarm system

This simple alarm can be placed on any door or window, alerting you when they’re opened via an app on your phone.

 

Buy from Walmart
$21.98

window and door alarm Image courtesy of Ideal/Home Depot
cottage security

Contact alarm

This easy-to-install, affordable system sets off an alert when doors or windows are opened. Great for alerting you to intruders and warning you if a small child leaves the cottage unexpectedly.

Buy from Home Depot
$13.98

motion sensor light Image courtesy of Philips HUE/Walmart

Outdoor motion sensor light

Not only can this light help you watch your step at night, but it can deter people from coming near your cottage. Plus, it conserves energy when not in use, and takes only minutes to install.

Buy from Walmart
$65.98

window alarm Image courtesy of EverNary/Amazon
cottage security

Door and window alarm

This battery-powered system with built-in sensor vibration alerts you, and deters intruders, with a 125-decibel alarm. The alarm can be used on standby for one year without having to change the battery.

 

Buy from Amazon
$56.99

analog wired security system Image courtesy of Lorex/Amazon

4K security system

This system includes four high-definition cameras that can be used both indoors and out. It also features motion detection and night vision technology, and it can be monitored using the Lorex app.

 

 

Buy from Amazon
$319.99

home security for cottage Image courtesy of GE/Amazon
alarm

Door and window alarm

These low-maintenance alarms set off an audible sound to scare away cottage intruders when a door or window is opened. This package includes five alarms that you can place around your cottage property.

Buy from Amazon
$31.99

Categories
Mobile Syrup

Eastlink Smart Home and Security helped me simplify my life

There comes a time when you notice a shift in your priorities. Whether that’s because you’ve started a family or you’ve invested in your first home, it’s a good time to protect the things that are most important — and simplify your life in the process.

That’s where smart home and security comes in, such as this one offered by Eastlink. For me, it’s not just about keeping my home and family safe; it’s about removing the stress from everyday situations. In addition to offering cameras for the interior and exterior of your home, the system can be fully customized to include everything from smart locks to smart plugs. You can tailor it to your needs, saving time, money, and sleep.

With HD cameras, smart locks, video doorbells, and plenty of other smart devices, it’s not an exaggeration to say that this is the future I pictured when I would watch cartoons as a kid. This system takes a lot of the stress out of home ownership, giving you the power to control everything from a single app on your phone. It’s not a flying car, but it’s a lot more useful. If that’s not living in the future, I don’t know what is.

Cameras for every situation

Eastlink offers a wide array of tech options as part of its smart home and security system, so let’s look at what’s available, starting with the cameras.

There are currently four cameras available. Each one has a specific purpose, but all of them work together to create a complete experience.

Both the indoor and outdoor night vision cameras offer 1080p video and a wide field of view to clearly capture what’s happening in and around your home at all hours. Where they differ is in their design. The outdoor camera is weather-resistant, so you’ll still be able to see if it’s safe to let your pets out during those cold, dark winter mornings. The indoor camera is designed to let you check on your home, and you can even communicate through the camera from your smartphone. Together, the two cameras give you full access to your home.

If you’ve been battling the pesky raccoons in your neighbourhood for control of the garbage bins, the outdoor night vision camera could be just what you need. And if you’re battling your desire to see your pets while you’re at work, the indoor camera allows you to check in on them from your smartphone.

My partner and I are in the process of adopting a dog, but one of our concerns is that the Finnish Lapphund breed we want suffers from separation anxiety. Having a camera that has two-way audio means we’ll be able to talk to our new puppy to calm it until it’s comfortable being alone.

The HomeView camera is another indoor camera with two-way audio, but it has a couple of premium features that set it apart. It has a 180-degree field of view so that you can see everything in your space, and that’s paired with a 6-megapixel zoom. This is the camera you’ll want in your main living space.

To round out the collection, we have the video doorbell. As you might expect, the doorbell captures live video and audio when its motion sensor is triggered. On its own, that’s great for seeing who’s at your door, but it goes much further. Being able to check that your kids made it home after school — or late at night after a party — is an easy way to reduce your stress. And for those who don’t have kids, you’ll love having the smart doorbell for package deliveries. Knowing you’ll be notified if anyone approaches your door to check out your package is a comfort in and of itself, but it’s also easy to communicate with the delivery person in real-time thanks to the two-way audio to make sure that they place the package out of sight.

If you’re worried about being bombarded with notifications, fear not. You’re able to customize your notification settings. The outdoor camera and indoor cameras offer advanced analytics to distinguish between humans, animals, and vehicles, meaning you won’t get a buzz every time a car uses your driveway to turn around. Unless that’s your thing. Then, by all means, buzz away.

Unlock your home’s potential

I’ve written about smart locks a few times, and I’ll continue to evangelize the technology. Years ago, when I lived with four other guys during university, we’d regularly lock ourselves out of rooms because we forgot our keys. It turns out that when your landlord charges you $100 to unlock your door, you become really good at picking your own lock. You know what we never forgot though? Our phones. There was no such thing as smart locks back then — or smartphones for that matter — but now that I have one, I can’t look back.

Having a smart lock is beneficial in ways that most people don’t consider. I’m the type of person who wakes up in the middle of the night wondering if I locked the door when I got home. It used to mean that I’d have to get out of bed to go check. Now I just reach over, grab my phone, and lock them if needed.

Smart locks also give you the ability to try unique passcodes for people who need access to your home. I had a pipe burst a few weeks ago in my kitchen, and while I thought I’d fixed it on my own, it turns out that my degree in film and communications didn’t adequately teach me the skills to be a plumber. I couldn’t be home at the time the actual plumber was available, so I just gave him a passcode that was different from the one that my partner and I use, and I erased it after he was gone.

If you have a babysitter, or parents who regularly drop by, giving them a passcode lets you see who was using the door and when. The smart lock lets you know who’s coming and going, and you’ll be able to open the doors, even at a distance.

Smart technology can be cool or hot

Beyond cameras and smart locks, Eastlink offers a range of smart home technology to improve your everyday life, ranging from smart thermostats to smart dimmers. These devices allow you to control the most important features in your home all from a single application on your phone.

The smart home system is powered by the sophisticated alarm.com app. The app gives you access to all of the smart devices I’ve covered above, as well as your security panel, and any other smart devices you have through Eastlink, such as a smart garage door opener, as well as many devices you may already own..

Without a doubt, my favourite part of the system is the app’s ability to create what they refer to as “scenes.” Scenes are essentially commands for multiple devices that are triggered all at once. I have scenes for everything. I’ve scheduled night-time routines that make sure the doors are locked and the lights are off. When the family is going on a weekend getaway, I just tap the scene called “Getaway,” and it arms the security panel and lowers the thermostat. And I can also schedule lights to turn on or music to play at specific hours so that neighbours never know we’re gone.

I didn’t realize how handy it would be until I got my hands on it. But having all of the power in the palm of my hand means that I can enjoy my time both at and away from home without worrying. And saving money by scheduling the hours that I’m running my AC and heat isn’t a bad thing either.

Security is still the key

A security system still needs to be about security, and the Smart Home and Security System provided by Eastlink is top tier. I’ve already covered a lot of ways that smart devices can increase your security, but let’s examine how the system directly keeps you and your family safe.

The touchscreen panel is your main access point for the security in your home. You can arm and disarm the system, set the level of strictness, and set how long you have to disarm the system when it’s triggered. You can have it trigger when a door is opened, when the system detects motion, and other safety hazards.

The system has sensors designed to detect flooding, smoke, glass breaking, and carbon monoxide, among other threats. Depending on your preferences, you can set your system to immediately call emergency services if it detects carbon monoxide, and even shut off the air conditioning to prevent the spread of harmful fumes. And if you aren’t near your touchscreen panel, you can do it from the alarm.com app, giving you complete control over the system and your safety. And of course, you’re protected through 24-hour monitoring by a team of professionals to keep you safe at all times.

Eastlink has you covered

Smart home and security technology has come leaps and bounds over the last few years. Thanks to some great products you can easily keep track of what’s happening around your home, make sure that your family is safe, and stop worrying about the small things like whether you remembered to lock your door at night. Installing Eastlink Smart Home and Security provides peace of mind.

I’ll take that over a flying car any day.

For more information about Eastlink Smart Home and Security, visit their website.

MobileSyrup publishes sponsored posts. These partnerships do not influence our editorial content.

Categories
Mobile Syrup

Canada to ban Huawei from 5G network

Smart phone with the logo of Huawei and 5G. The 5g are new communication technologies that Huawei incorporates. United States, California, Friday, January 17, 2020,

The federal government is banning Huawei from Canada’s 5G network, according to the National Post. 

The move sees Canada following the footsteps of its allies in the Five Eyes intelligence network. The alliance includes Australia, New Zealand, the U.K., and the U.S. Each of these countries have restricted the use of Huawei equipment.

The decision has been in the works for years, prompting some companies to move ahead with their 5G networks without Huawei. For example, Telus and Bell are working with Nokia and Ericsson to build their 5G networks. Rogers is working with Ericsson.

Telus and Bell have previously asked the federal government to compensate them to remove Huawei equipment utilized in their 4G networks. 

A detailed timeline explaining how Canada got to this point is available here.

More to come…

Image credit: Shutterstock

Source: National Post