Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Side Eye attack: Eav ...

 Business

Researchers from two universities in the U.S. recently published a paper examining the Side Eye attack — a way to extract audio data from smartphone video. Theres a rather obscure thing wed like to clarify here. When you record a video on your phone, naturally, both the image and the accompanying audio are captured.   show more ...

The authors attempted to find out whether sound can be extracted from the image even if, for some reason, the source lacks an actual audio track. Imagine a video recording of a conversation between two businessmen, posted online with the sound pre-cut to preserve the privacy of their discussions. It turns out that its possible, albeit with some caveats, to reconstruct speech from such a recording. This is due to a certain feature of the optical image stabilization system integrated into most of the latest generation smartphones. Optical stabilization and the side-channel attack Optical stabilizers provide higher-quality images when shooting videos and photos. They smooth out hand tremors, camera shake while walking, and similar undesirable vibrations. For this stabilization to work, the manufacturers ensure that the cameras sensor is movable relative to the lens. Sometimes the lenses within the camera itself are also made movable. The general idea of optical stabilization is illustrated in the image below: when motion sensors in a smartphone or camera detect movement, the matrix or lens in the camera moves so that the resulting image remains steady. In this way, most small vibrations dont affect the final video recording. Diagram of the optical image stabilization system in modern cameras. Source Understanding exactly how such stabilization works isnt necessary. The important thing is that the camera elements are movable relative to each other. They can shift when necessary — aided by miniature components known as actuators. However, they can also be moved by external vibrations —such as those caused by loud sounds. Imagine your smartphone lying on a table near a speaker, recording a video (without sound!). If the speakers loud enough, the table vibrates, and along with it, the phone and these very components of the optical stabilizer. In the recorded video, such vibrations translate into microscopic shaking of the objects captured. During casual viewing, this trembling is completely unnoticeable, but it can be detected through careful analysis of the video data. Another problem arises here: a typical smartphone records video at a rate of 30, 60, or at best 120 frames per second. We only have that much opportunity to capture slight object shifts in the video — and its rather little. According to the Nyquist-Shannon sampling theorem, an analog signal (such as sound) of a given frequency can be reconstructed from measurements taken at twice that frequency. By measuring the shake of an image at a frequency of 60 hertz, we can at best reconstruct sound vibrations with a frequency of up to 30 hertz. However, human speech lies within the audio range of 300 to 3400 hertz. Its a mission impossible! But another feature of any digital camera comes to the rescue: the so-called rolling shutter. Each frame of video is captured not all at once, but line by line — from top to bottom. Consequently, when the last line of the image is digitized, fast-moving objects in the frame may already have shifted. This feature is most noticeable when shooting video from the window of a fast-moving train or car. Roadside posts and poles in such a video appear tilted, while in reality theyre perpendicular to the ground. Another classic example is taking a photo or video of a rapidly rotating airplane or helicopter propeller. The relatively slow reading of data from the camera sensor means that the blades have time to move before the frame is completed. Source Weve shown a similar image before — in this post about an interesting method of attacking smart card readers. But how can this rolling shutter help us analyze micro-vibrations in a video? The number of samples, meaning the frequency at which we can analyze the image, significantly increases. If video is recorded with a vertical resolution of 1080 pixels, this number needs to be multiplied by the number of frames per second (30, 60, or 120). So we end up being able to measure smartphone camera vibrations with much greater precision — tens of thousands of times per second, which is generally enough to reconstruct sound from the video. This is another example of a side-channel attack: when the exploitation of an objects non-obvious physical characteristics leads to the leakage of secrets. In this case, the leakage is the sound that the creators of the video tried to conceal. Difficulties in practical implementation But… not so fast, tiger. Lets not assume that, with this complex video signal processing, the authors of the study managed to restore clear and intelligible human speech. The graph on the left shows the original spectrogram of the audio recording, in which a person sequentially says zero, seven, and nine. On the right is the spectrogram of the sound restored from the video recording. Even here, its clear that there was significant loss in the restoration of the data. On the projects website, the authors have provided real recordings of both the original and restored speech. Check out the results to get a clear idea of the shortcomings of this sophisticated eavesdropping method. Yes, some sound can be reconstructed from the video — but its more just a kind of weird rattling than human speech. Its very difficult to guess which numeral the person is uttering. But even such heavily damaged data can be successfully processed using machine learning systems: if you give the algorithm known pairs of original and restored audio recordings to analyze, it can then infer and reconstruct unknown data. Restoring audio from video using the rolling shutter effect. Source The success of the algorithm is tested on relatively simple tasks — not on real-life human speech. The results are as follows: in almost 100% of cases, it was possible to correctly determine a persons gender. In 86% of cases, it was possible to distinguish one speaker from another. In 67% of cases, it was possible to correctly recognize which digit a person was naming. And this is under the most ideal conditions when the phone recording the video was placed 10 centimeters away from the speaker on a glass tabletop. Change the tabletop to wood, and the accuracy starts to decrease. Move the phone farther away — it gets even worse. Lower the volume to the normal level of a regular conversation, and the accuracy drops critically. Now, lets move on from theoretical considerations and try to imagine the real-life applications of the proposed scenario. We have to immediately exclude all eavesdropping scenarios. If a hypothetical spy with a phone can get close enough to the people having a secret conversation, the spy can easily record the sound with a microphone. What about a scenario where we record the people talking on a surveillance camera from a distance, and the microphone cannot capture the speech? In this case, we likewise wont be able to reconstruct anything from the video: even when the researchers moved the camera away from the speaker by three meters, the system basically didnt work (the numerals were correctly recognized in about 30% of cases). Therefore, the beauty of this study lies simply in finding a new side channel of information leakage. Perhaps it will be possible to somehow improve the proposed scheme in the future. The authors main discovery is that the image stabilization system in smartphones, which is supposed to eliminate video vibrations, sometimes carefully records them in the final video. Moreover, this trick works on many modern smartphones. Its enough to train the algorithm on one, and in most cases, it will be able to recognize speech from video recorded on another device. Anyway, if somehow this attack is dramatically improved, then the fact that it analyzes recorded video becomes critical. We can fantasize about a situation in the future where we could download various videos from the internet without sound and find out what the people near the camera were talking about. Here, however, we face two additional problems. It wasnt for nothing that the authors produced the speech from a speaker placed on the same table as the phone. Analyzing real human speech using this video eavesdropping method is much more complicated. Also, phone videos are usually shot handheld, introducing additional vibrations. But, you must agree, this is an elegant attack. It once again demonstrates how complex modern devices are, and that we should avoid making assumptions when it comes to privacy. If youre being filmed on video, dont rely on assurances that theyll change the audio track later. After all, besides machine learning algorithms, theres also the ancient art of lip reading.

image for Tips for a Successfu ...

 Feed

Dark Reading's special report on SecOps data analytics looks at the elements needed to set up a proper data foundation — because getting the data right when collecting, aggregating, and analyzing it is essential.

 Mobile Security

Google has announced a significant update to its Google Play Protect feature in response to the increasing threats targeting mobile devices. It includes real-time code-level scanning during the installation process to counter evasion techniques.

 Malware and Vulnerabilities

The recent campaigns targeting various sectors, including the energy and government sectors, highlight the effectiveness of known vulnerabilities even with available patches, emphasizing the importance of proactive software security measures.

 Threat Intel & Info Sharing

The vulnerability allows attackers to execute arbitrary code on the server, potentially leading to the theft of source code and private keys. TeamCity is used by many high-profile organizations, making it an attractive target for hackers.

 Govt., Critical Infrastructure

EDF, the company operating nuclear power plants in the UK, is facing increased regulatory attention after an inspection of its cybersecurity practices. The company failed to provide a comprehensive cybersecurity improvement plan.

 Malware and Vulnerabilities

The BlackCat ransomware group has introduced a new evasion tool called Munchkin, distributed as an ISO file, allowing them to run ransomware on remote machines. The controller malware is written in Rust and resembles the BlackCat malware family.  Organizations are recommended to leverage the updated IOCs associated with the malware to stay safe.

 Feed

This Metasploit module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator user and   show more ...

upload a malicious plugins to get arbitrary code execution. All versions of Confluence between 8.0.0 through to 8.3.2, 8.4.0 through to 8.4.2, and 8.5.0 through to 8.5.1 are affected.

 Feed

Ubuntu Security Notice 6165-2 - USN-6165-1 fixed vulnerabilities in GLib. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that GLib incorrectly handled non-normal GVariants. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or perform other unknown attacks.

 Feed

Gentoo Linux Security Advisory 202310-13 - A vulnerability has been discovered in Mailutils where escape sequences are processed in a context where this may lead to RCE. Versions greater than or equal to 3.12-r3 are affected.

 Feed

Ubuntu Security Notice 6435-1 - It was discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service. Bernd Edlinger discovered that OpenSSL incorrectly handled excessively large Diffie-Hellman parameters. An attacker could possibly use this issue to cause a denial of service.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

Red Hat Security Advisory 2023-5865-01 - An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-5851-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-5850-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-5849-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2023-5761-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

 Feed

Red Hat Security Advisory 2023-5746-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

 Feed

Red Hat Security Advisory 2023-5745-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements. Issues addressed include an integer overflow vulnerability.

 Feed

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The shortcoming has been actively

 Feed

North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 (CVSS score: 9.8), have been attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It's worth noting that both the

 Feed

The time between a vulnerability being discovered and hackers exploiting it is narrower than ever – just 12 days. So it makes sense that organizations are starting to recognize the importance of not leaving long gaps between their scans, and the term "continuous vulnerability scanning" is becoming more popular. Hackers won’t wait for your next scan One-off scans can be a simple ‘one-and-done'

 Feed

Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices. "Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats," the tech giant said. Google Play Protect is a 

 Feed

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called PowerExchange, the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News

 Feed

An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. "The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows

 Phishing

How hunting for an aubergine could be all it takes for you to hand your credit card details over to a scammer, and just how good is a podcast entirely built by AI? All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault. Warning: This podcast may contain nuts, adult themes, and rude language.

 Data loss

Golem, the hacker who leaked the data of one million Ashkenazi Jews from the 23andMe ancestry service earlier this month has now released 4.1 million more genetic data profiles. The hacker claims they've included details of "the wealthiest people living in the US and Western Europe," including the British Royal family. Read more in my article on the Hot for Security blog.

2023-10
Aggregator history
Thursday, October 19
SUN
MON
TUE
WED
THU
FRI
SAT
OctoberNovemberDecember