Obama’s cybersecurity adviser: Biometrics will replace passwords for safety’s sake

The days of using a password to access a bank account or cellphone will soon be a thing of the past, President Obama’s top cybersecurity adviser said Thursday.

The risk of getting hacked by criminals has grown so widespread that far more sophisticated identification technology — including biometric scanning devices — will become the norm, said Michael Daniel, the White House’s cybersecurity coordinator.

“You’ve started to see some of that with the emergence of the fingerprint readers,” said Mr. Daniel, adding that the technology will become increasingly mainstream as cellphone cameras, “hard” card readers and other authentication gadgets replace the annoying process for millions of Americans of punching in a password to confirm their identity.

Continue reading →

600 million Apple devices contain secret backdoors, researcher claims

A security researcher considered to be among the foremost experts in his field says that more than a half-billion mobile devices running Apple’s latest iOS operating system contain secret backdoors.

Jonathan Zdziarski, also known by his online alias “NerveGas,” told the audience attending his Friday morning presentation at the Hackers on Planet Earth conference in New York City that around 600 million Apple devices, including iPhones and tablets, contain hidden features that allow data to be surreptitiously slurped from those devices.

During Zdziarski’s HOPE presentation, “Identifying Backdoors, Attack Points and Surveillance Mechanisms in iOS Devices,” the researcher revealed that several undocumented forensic services are installed on every new iPhone and iPad, making it easier that ever for a third-party to pull data from those devices in order to compromise a target and take hold of their personal information, including pictures, text messages, voice recordings and more.

Among the hidden functions running on iOS devices, Zdziarski said, are programs called “pcapd,” “file_relay” and “file_relay.” If used properly, he added, those programs can allow anyone with the right means and methodology to pull staggering amounts of data from a targeted phone, even when the rightful owner suspects the device is sufficiently locked. Continue reading →