Users of the popular messaging app Viber were struck with a disturbing notification last week. The Syrian Electronic Army claimed responsibility for hacking into Viber’s database and website. The hackers posted a warning on their Twitter last week, recommending that Viber users delete the app from their phones.
Viber is used by over 200 million users worldwide. The website displayed a taunting message from the Syrian hackers: “Dear All Viber Users, the Israeli-based Viper is spying and tracking you.” The message has since been removed from the website.
The company denies that the hackers accessed any sensitive user information but acknowledges their website was breached due to a phishing attack on one of their employees. The Syrian Electronic Army gained access to basic user information, including the user’s country and location, their device’s make and model, and an internal ID used by the company.
In 2013 alone, the Syrian Electronic Army has taken responsibility for numerous public hacks, including hacking the Twitter profiles of the Associated Press, CBS, BBC, NPR and more. Viber promises it is working toward making sure any future attacks will be thwarted.
We recommend you keep tabs on the list of programs you have installed on your computer. Sneaky spyware, tool bars, and adware are threatening the safety of your computer and your information. Even without your permission, these programs can and will be installed on your computer while you think you are installing an innocent video streamer program or some other exciting but harmless software the internet has to offer. The file names are so inconspicuous it is easy to think they are supporting programs on your computer. When in doubt, think again. Spyware, Adware, and the likes of them can be the vulnerable spots viruses and other malware will take advantage of to infect your computer.
Here’s what we recommend you do to make sure your computer isn’t being taken advantage of:
1. Go to the Control Panel>Programs>Programs and Features
2. Go through the programs that are installed on your computer
3. Write down the programs you are not sure of (If you’re not sure what the program does, write it down)
4. Look up the programs on the Internet.
The work is a bit tedious but it is completely worth it. I found 3 relatively unknown key spyware on my personal computer. What did you find?
Thought your mobile phone SIM card is an un-hackable nutshell? Well, you might have to rethink about it because it is now officially “breakable.”
A German researcher, Karstetn Nohl from Security research Labs revealed the hole of GSM encryption. Hackers can remotely break into some outdated DES (Date Encryption Standard) SIM cards and access your personal data with just a personal computer less than 2 minute.
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl said to Forbes.
With only a couple fake text messages sending to your phone that claims coming from a carrier, there is quarter chance that you will receive an error message back containing a set of 56-bit digital key from DES SIM card. With the code, hackers can send malware to the SIM card via text message. From then on, the hacker can monitor the phone calls, hijacks the data and identity on the phone.
Up to 750 million SIM cards could be hacked. Fortunately, many wireless carriers now adapt the newer and more secure triple DES SIM card. GSMA (Global System for Mobile Association) has already notified the security flaw to the SIM card manufactures and vendors. Experts are now striving to find out the optimal solution for the breach. Nohl will give more detail about the research process in the Black Hat conference in Las Vegas on August 1st.
He suggests the industry to take action on such matter and gradually phase out the SIM cards to eliminate the security vulnerability. Consumers using SIM cards more than 3 years old ideally should request for a new card.
According to a blog post on Tumblr’s staff blog, a significant vulnerability put many users login information at risk or exposed. Tumblr has over 300 million monthly unique visitors.
The accounts at risk have used the iPad or iOS application and Tumblr is urging users to download the security update. The popular micro-blogging site is also asking users to update their password immediately, as well as any other accounts of theirs using the same password.
Tumblr offers a brief apology to its users saying, “Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.”
Visit the App Store on your iOS device to update your Tumblr app immediately, and visit the desktop site to change your password.
It is said that this significant flaw had been around since Android 1.6 (Android 1.6 Donut). It may impact any Android phone for the past four years; in other words, 900 million devices could be affected.
According to Gina Scigliano, Google’s Android communications manager, “A patch has been provided to our partners—some OEMs, like Samsung, are already shipping the fix to the Android devices.” However, in order to update the security system, current Android users have to turn to their hardware vendors for updates.
In order to assure that the software has not been modified by a third-party, each program contains cryptographic signature of authentic Android application. However, such security loophole allows hackers to enable the malicious code under the condition of not affecting the cryptographic signature. In consequence, any Android developer who takes the advantage of such loophole can access to use’s phone like a legit regular app.
Nevertheless, Android users shouldn’t be worried too much. Scigliano also said that “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools,” “Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”