Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Samsung. Show all posts

Mobile Security Alert: CERT-In Flags Risks in Top Brands

The Indian Computer Emergency Response Team (CERT-In) has discovered security flaws in high-profile smartphone brands, including Samsung, Apple, and Google Pixel devices. After carefully analyzing these devices' security features, CERT-In has identified certain possible weaknesses that can jeopardize user privacy and data.

The CERT-In advisory highlights significant concerns for iPhone users, indicating a security flaw that could be exploited by malicious entities. This revelation is particularly alarming given Apple's reputation for robust security measures. The advisory urges users to update their iOS devices promptly, emphasizing the critical role of regular software updates in safeguarding against potential threats.

Samsung and Google Pixel phones are not exempt from security scrutiny, as CERT-In identified vulnerabilities in these Android-based devices as well. The CERT-In advisory underscores the importance of staying vigilant and promptly applying security patches and updates provided by the respective manufacturers. This is a reminder that even leading Android devices are not immune to potential security risks.

The timing of these warnings is crucial, considering the increasing reliance on smartphones for personal and professional activities. Mobile devices have become integral to our daily lives, storing sensitive information and facilitating online transactions. Any compromise in the security of these devices can have far-reaching consequences for users.

As cybersecurity threats continue to evolve, both manufacturers and users need to prioritize security measures. CERT-In's warnings underscore the need for proactive steps in identifying and addressing potential vulnerabilities before they can be exploited by malicious actors.

In response to the CERT-In advisory, Apple and Samsung have assured users that they are actively working to address the identified security flaws. Apple, known for its commitment to user privacy, has pledged swift action to resolve the issues outlined by CERT-In. Samsung, too, has expressed its dedication to ensuring its users' security and promised timely updates to mitigate the identified risks.

Cybercriminals are utilizing techniques that evolve along with technology. Users should prioritize the security of their mobile devices as a timely reminder provided by the CERT-In alerts. When it comes to preserving the integrity and security of smartphones, manufacturers' regular updates and patches are essential. Protecting our personal and business data while navigating the digital landscape requires us to be vigilant and knowledgeable about potential security threats.

Securing Generative AI: Navigating Risks and Strategies

The introduction of generative AI has caused a paradigm change in the rapidly developing field of artificial intelligence, posing both unprecedented benefits and problems for companies. The need to strengthen security measures is becoming more and more apparent as these potent technologies are utilized in a variety of areas.
  • Understanding the Landscape: Generative AI, capable of creating human-like content, has found applications in diverse fields, from content creation to data analysis. As organizations harness the potential of this technology, the need for robust security measures becomes paramount.
  • Samsung's Proactive Measures: A noteworthy event in 2023 was Samsung's ban on the use of generative AI, including ChatGPT, by its staff after a security breach. This incident underscored the importance of proactive security measures in mitigating potential risks associated with generative AI. As highlighted in the Forbes article, organizations need to adopt a multi-faceted approach to protect sensitive information and intellectual property.
  • Strategies for Countering Generative AI Security Challenges: Experts emphasize the need for a proactive and dynamic security posture. One crucial strategy is the implementation of comprehensive access controls and encryption protocols. By restricting access to generative AI systems and encrypting sensitive data, organizations can significantly reduce the risk of unauthorized use and potential leaks.
  • Continuous Monitoring and Auditing: To stay ahead of evolving threats, continuous monitoring and auditing of generative AI systems are essential. Organizations should regularly assess and update security protocols to address emerging vulnerabilities. This approach ensures that security measures remain effective in the face of rapidly evolving cyber threats.
  • Employee Awareness and Training: Express Computer emphasizes the role of employee awareness and training in mitigating generative AI security risks. As generative AI becomes more integrated into daily workflows, educating employees about potential risks, responsible usage, and recognizing potential security threats becomes imperative.
Organizations need to be extra careful about protecting their digital assets in the age of generative AI. Businesses may exploit the revolutionary power of generative AI while avoiding associated risks by adopting proactive security procedures and learning from instances such as Samsung's ban. Navigating the changing terrain of generative AI will require keeping up with technological advancements and adjusting security measures.

Guidelines on What Not to Share with ChatGPT: A Formal Overview

 


A simple device like ChatGPT has unbelievable power, and it has revolutionized our experience of interacting with computers in such a profound way. There are, however, some limitations that it is important to understand and bear in mind when using this tool. 

Using ChatGPT, OpenAI has seen a massive increase in revenue resulting from a massive increase in content. There were 10 million dollars of revenue generated by the company every year. It, however, grew from 1 million dollars in to 200 million dollars in the year 2023. In the coming years, the revenue is expected to increase to over one billion dollars by the end of 2024, which is even higher than what it is now. 

A wide array of algorithms is included in the ChatGPT application that is so powerful that it is capable of generating any text the users want, from a simple math sum to a complex rocket theory question. It can do them all and more! It is crucial to acknowledge the advantages that artificial intelligence can offer and to acknowledge their shortcomings as the prevalence of chatbots powered by artificial intelligence continues to rise.  

To be successful with AI chatbots, it is essential to understand that there are certain inherent risks associated with their use, such as the potential for cyber attacks and privacy issues.  A major change in Google's privacy policy recently made it clear that the company is considering providing its AI tools with the data that it has collected from web posts to train those models and tools.  

It is equally troubling that ChatGPT retains chat logs to improve the model and to improve the uptime of the service. Despite this, there is still a way to address this concern, and it involves not sharing certain information with chatbots that are based on artificial intelligence. Jeffrey Chester, executive director of the Center for Digital Democracy, an organization dedicated to digital rights advocacy stated these tools should be viewed by consumers with suspicion at least, since as with so many other popular technologies – they are all heavily influenced by the marketing and advertising industries.  

The Limits Of ChatGPT 


As the system was not enabled for browsing (which is a requirement for ChatGPT Plus), it generated responses based on the patterns and information it learned throughout its training, which included a range of internet texts while it was training until September 2021 when the training cut-off will be reached.  

Despite that, it is incapable of understanding the context in the same way as people do and does not know anything in the sense of "knowing" anything. ChatGPT is famous for its impressive and relevant responses a great deal of the time, but it is not infallible. The answers that it produces can be incorrect or unintelligible for several reasons. 

Its proficiency largely depends on the quality and clarity of the prompt given. 

1. Banking Credentials 


The Consumer Financial Protection Bureau (CFPB) published a report on June 6 about the limitations of chatbot technology as the complexity of questions increases. According to the report, implementing chatbot technology could result in financial institutions violating federal consumer protection laws, which is why the potential for violations of federal consumer protection laws is high. 

According to the Consumer Financial Protection Bureau (CFPB), the number of consumer complaints has increased due to a variety of issues that include resolving disputes, obtaining accurate information, receiving good customer service, seeking assistance from human representatives, and maintaining personal information security. In light of this fact, the CFPB advises financial institutions to refrain from solely using chatbots as part of their overall business model.  

2. Personal Identifiable Information (PII). 


Whenever users share sensitive personal information that can be used to identify users personally, they need to be careful to protect their privacy and minimise the risk that it will be misused. The user's full name, home address, social security number, credit card number, and any other information that can identify them as an individual is included in this category. The importance of protecting these sensitive details is paramount to ensuring their privacy and preventing potential harm from unauthorised use. 

3. Confidential information about the user's workplace


Users should exercise caution and refrain from sharing private company information when interacting with AI chatbots. It is crucial to understand the potential risks associated with divulging sensitive data to these virtual assistants. 

Major tech companies like Apple, Samsung, JPMorgan, and Google have even implemented stringent policies to prohibit the use of AI chatbots by their employees, recognizing the importance of protecting confidential information. 

A recent Bloomberg article shed light on an unfortunate incident involving a Samsung employee who inadvertently uploaded confidential code to a generative AI platform while utilizing ChatGPT for coding tasks. This breach resulted in the unauthorized disclosure of private information about Samsung, which subsequently led to the company imposing a complete ban on the use of AI chatbots. 

Such incidents highlight the need for heightened vigilance and adherence to security measures when leveraging AI chatbots. 

4. Passwords and security codes 


In the event that a chatbot asks you for passwords, PINs, security codes, or any other confidential access credentials, do not give them these things. It is prudent to prioritise your safety and refrain from sharing sensitive information with AI chatbots, even though these chatbots are designed with privacy in mind. 

For your accounts to remain secure and for your personal information to be protected from the potential of unauthorised access or misuse, it is paramount that you secure your passwords and access credentials.

In an age marked by the progress of AI chatbot technology, the utmost importance lies in the careful protection of personal and sensitive information. This report underscores the imperative necessity for engaging with AI-driven virtual assistants in a responsible and cautious manner, with the primary objective being the preservation of privacy and the integrity of data. It is advisable to remain well-informed and to exercise prudence when interacting with these potent technological tools.

Samsung Announces Second Customer Data Breach

The industry leader in technology, electronics, and smartphone producer, Samsung reported a data breach in its system. Earlier, the company was hit by a cyberattack in late July 2022. In August, the company discovered that a group of threat actors accessed its systems and breached customer personal data. 

The hackers had access to Samsung customers’ personal details including contacts, product registration data, dates of birth, and demographic information. However, the company said that the Social Security or credit card numbers were safe from the security breach. 

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that the personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement...” 

“…We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information,” reads a notice published by the company. 

The company further added that the information exposed for each relevant customer may vary, however, the company has started notifying impacted customers, and also advised them to remain cautious of any unrecognized and illegal communications that ask for their personal credentials or refer them to a web page asking for personal information. Customers must also review their accounts for suspicious and unsolicited activity. Besides, they should avoid clicking on links or downloading attachments from unrecognized and suspicious emails

The company has become one of the most recognizable names in technology and produces industry electronics, including appliances, digital media devices, memory chips, semiconductors, and integrated systems. The company produces a fifth of South Korea's total exports. 

Furthermore, Samsung claims to have detected the vulnerability in the system caused by the attack and to have taken measures to secure the impacted systems. Also, the company hired a leading cybersecurity firm to investigate the matter and report it to law enforcement.

LAPSUS$ Group Targets SuperCare Health

 


SuperCare Health, a California-based respiratory care provider, has revealed a data breach that exposed the personal details of over 300,000 patients. Someone had access to specific systems between July 23 and July 27, 2021. By February 4, the company had assessed the scope of the data breach, learning the attackers had also acquired patient files including sensitive personal information such as:
  • Names, addresses, and birth dates.
  • A medical group or a hospital.
  • Along with health insurance details, a patient's account number and a medical record number are required. 
  • Data about one's health, such as diagnostic and treatment information. 
  • A small number of people's Social Security numbers and driver's license information were also revealed. 

"We have no reason to suspect any information was published, shared, or misused," according to SuperCare Health, but all possibly impacted patients should take extra security precautions to avoid identity theft and fraud. 

On March 25, the company notified all affected customers and implemented extra security steps to prevent the following breaches. The breach has affected 318,379 people, according to the US Department of Health and Human Services. Based on the number of people affected, this is presently among the top 50 healthcare breaches disclosed in the last two years. SuperCare Health further told, "We have reported the event to a Federal Bureau of Investigation and it will cooperate to help us identify and prosecute those involved." 

In the last several months, several healthcare institutions have revealed massive data breaches. Monongalia Health System (400,000 people affected), South Denver Cardiology Associates (287,000 people affected), Norwood Clinic (228,000 people affected), and Broward Health (228,000 people affected) are among the organizations on the list (1.3 million). 

Last week, the Health Department issued an advisory to healthcare groups, warning companies about the impact of a major cybercrime attack by the Lapsus$ cybercrime group. In recent months, the hackers have targeted Samsung, NVIDIA, Vodafone, Ubisoft, Globant, Microsoft, and Okta, among others. The organization takes information, often source code, and threatens to release it unless they are paid.

LAPSUS$ steals confidential information from organizations which have been hacked, then threatens to disclose or publish the information if the requested amount is not paid. The LAPSUS$ extortion ring, on the other hand, has abandoned the typical ransomware strategies of file encryption and computer lockout. 

According to the notice, the Health Department is aware of healthcare institutions which have been hacked as a result of the Okta attack; Okta has verified that more than 300 of its clients have been affected by the breach. In the light of the incident, Police in the United Kingdom have identified and charged several accused members of the Lapsus$ gang.

Thousands of Secret Keys Discovered in Leaked Samsung Source Code

 

Thousands of secret keys were exposed in the recently stolen Samsung source code, according to an analysis, including several that might be extremely beneficial to nefarious actors. GitGuardian, a business that specialises in Git security scanning and secret detection, conducted the research. 

The firm's analysts examined source code that was recently stolen by a cybercrime outfit known as Lapsus$. In recent weeks, the hackers claim to have hacked into several large corporations, including NVIDIA, Samsung, Ubisoft, and Vodafone. They appear to have acquired source code from the victims in numerous cases, some of which have been made public. Cybercriminals claim to have stolen 190 GB of data from Samsung, and the tech giant has verified that the hacked data contained the source code of Galaxy devices. 

More than 6,600 secret keys were discovered during GitGuardian's analysis of the exposed Samsung source code, including private keys, usernames and passwords, AWS keys, Google keys, and GitHub keys. The number of valid keys revealed is yet to be determined by the firm's researchers. However, 90 percent are likely related to internal systems, which may be more difficult for an attacker to use, according to their research. The remaining keys, which number around 600, can give attackers access to a wide range of systems and services. 

“Of the more than 6,600 keys found in Samsung source code roughly 90% are for Samsung's internal services and infrastructure, whilst the other 10%, critically, could grant access to Samsung's external services or tools such as AWS, GitHub, artifactory and Google,” explained Mackenzie Jackson, developer advocate at GitGuardian. 

The exposure of specific keys, according to Casey Bisson, head of product and developer relations at code security firm BluBracket, might lead to the TrustZone environment on Samsung devices being hacked. Researchers are yet to determine whether the revealed keys undermine the TrustZone, which holds sensitive data like fingerprints and passwords and acts as a security barrier against Android malware attacks. 

Bisson told SecurityWeek, “If the leaked data allows the malware to access the TrustZone environment, it could make all data stored there vulnerable. If Samsung has lost control of the signing keys, it could make it impossible for Samsung to securely update phones to prevent attacks on the TrustZone environment. Compromised keys would make this a more significant attack than Nvidia, given the number of devices, their connection to consumers, and amount of very sensitive data that phones have.”

GitGuardian reviewed the source code leaked from Amazon's live streaming service Twitch, from which hackers obtained and made public around 6,000 internal Git repositories, a few months ago. AWS keys, Twilio keys, Google API keys, database connection strings, and GitHub OAuth keys were among the secrets found by GitGuardian in those repositories.

Hackers Expose 190GB of Alleged Samsung Data

 

Hackers that exposed secret information from Nvidia have now turned their attention to Samsung. The hacker group known as Lapsus$ is suspected of taking 190GB of data from Samsung, including encryption and source codes for many of the company's new devices. 

On Saturday, hackers launched an attack on Samsung, leaking critical data collected through the attack and making it accessible via torrent. The hackers shared the complete data in three sections in a note to their followers, as seen by Bleeping Computer, along with a text file that details the stuff available in the download. 

The exposed material includes "source code from every Trusted Applet" installed on every Samsung smartphone, as per the message. It also includes "confidential Qualcomm source code," algorithms for "all biometric unlock operations," bootloader source code for the devices, and source codes for Samsung's activation servers and Samsung account authentications, including APIs and services. 

In short, the Lapsus$ attack targets Samsung Github for critical data compromise: mobile defence engineering, Samsung account backend, Samsung pass backend/frontend, and SES, which includes Bixby, Smartthings, and store. 

The attack on Samsung comes after the cyber organisation attempted to extort money from Nvidia in a ransom scheme. It's worth noting that it's not a straightforward monetary request. Instead, the hackers have asked Nvidia to lift the restriction on Ethereum cryptocurrency mining that it has placed on its Nvidia 30-series GPUs. Nvidia's GPU drivers must be open-sourced forever, according to the hackers. 

The hackers are plainly looking for money from the disclosed data, as evidenced by the updates. For $1 million, one of them promised to sell anyone a bypass for the crypto nerf on Nvidia GPUs. Another communication from the group, according to The Verge, claimed that instead of making the data public, they are attempting to sell it straight to a buyer. 

Last Monday, Nvidia confirmed the breach, acknowledging a leak of "employee credentials" and "proprietary information." It, on the other hand, disputed that the attack was linked to the ongoing Russia-Ukraine crisis and claimed that the cyberattack would have no impact on its operations. 

As of currently, there are no reports of Lapsus$ demanding a similar ransom from Samsung. If they do, however, Samsung is likely to suffer a significant setback, especially given the type of data that the hacking group now claims to have access to.

Samsung Delivered 100 Million Phones with Faulty Encryption

 

Samsung is thought to have shipped 100 million smartphones with flawed encryption, including models ranging from the 2017 Galaxy S8 to last year's Galaxy S21. Tel Aviv University researchers discovered "serious" cryptographic design defects that might have allowed attackers to steal the devices' hardware-based cryptographic keys, keys that unlock the vast trove of security-critical data present in smartphones. 

To keep crucial security operations isolated from normal apps, Android devices, which almost all employ Arm-compatible silicon, rely on a Trusted Execution Environment (TEE) backed by Arm's TrustZone technology. TEEs use their own operating system, TrustZone Operating System (TZOS), and it is up to suppliers to integrate cryptographic features within TZOS. 

According to the researchers, the Android Keystore provides hardware-backed cryptographic key management via the Keymaster Hardware Abstraction Layer (HAL). Samsung implemented the HAL with Keymaster TA, a Trusted Application running in the TrustZone that performs cryptographic activities such as key generation, encryption, attestation, and signature creation in a safe environment. The outcomes of these TEE crypto calculations can subsequently be used in apps that run in less secure Android environments. 

The Keymaster TA saves cryptographic keys as blobs — the keys are wrapped (encrypted using AES-GCM) so that they may be saved in the Android file system. They should, in theory, only be readable within the TEE. 

Samsung, on the other hand, failed to successfully deploy Keymaster TA in its Galaxy S8, S9, S10, S20, and S21 phones. The researchers reverse engineered the Keymaster application and demonstrated that they could use an Initialization Vector (IV) reuse attack to get keys from hardware-protected key blobs. The IV is supposed to be a unique number each time, ensuring that the AES-GCM encryption operation provides a different result even when the same plain text is encrypted multiple times. 

According to the experts, the problem isn't simply with how Samsung handled encryption. According to the Tel Aviv University's study, these issues arise as a result of companies – specifically, Samsung and Qualcomm – keeping their cryptography designs close to the vest.

“Vendors including Samsung and Qualcomm maintain secrecy around their implementation and design of TZOSs and TAs,” they wrote in their paper. “As we have shown, there are dangerous pitfalls when dealing with cryptographic systems. The design and implementation details should be well audited and reviewed by independent researchers and should not rely on the difficulty of reverse engineering proprietary systems.”

Riskware Android Streaming Apps Found on Samsung's Galaxy Store

 

Recently, the researchers unit has claimed that Samsungs’ Galaxy Store has had an infiltration of riskware apps that led to multiple Play Protect warnings on users’ devices. 

Riskware is a word used to describe software whose installation and execution in the devices pose certain risks to a host computer. 

The incident first was registered by the Android Police unit; the cybercriminals imitate apps ShowBox, a pirate app that was reported in 2018, after a coalition of movie studios managed to disclose the identity of the criminal and took legal actions against him. 

Pirate apps ‘ShowBox and MovieBox’ allow users to have wild access to copyright-protected movies and TV shows without taking membership plans to the legitimate content providers. 

As per the mobile security analyst "linuxct", when users install pirate apps in their devices it increases security risks in their devices because these apps trigger Google Play Protect warnings while apps request access to risky permissions that could allow the installation of malware on the Android device.

If the users allow those requests, then the apps get access to users’ important credentials such as contact lists, execute code, call logs, fetch malware payloads click on ads, and more. Also, after examining the functions of the app, Linuxct discovered that ad technology could be used to perform remote code execution, allowing it to be abused to execute commands on the device. 

Multiple anti-virus engines on VirusTotal detect samples of these apps as trojan, riskware, ad clicker, or generic malware. 

"Samsung is hosting literal malware on the Galaxy Store. Google's anti-virus protection software, built into Play Services, stops the install. I've found at least 5 of these apps in a row on the Galaxy Store", Freelance writer Max Weinbach said. 

Researchers said, Samsung should take legal actions, and the company should have rejected these apps for what they claim to be, even if the applications weren't posing any threats to the devices.

To Target Security Firms, the Zinc Group Disguised as Samsung Recruiters

 

According to Google TAG researchers, a spear-phishing campaign targeting South Korean security organisations that market anti-malware solutions was carried out by a North Korean-linked APT group posing as Samsung recruiters. The state-sponsored hackers, according to the Google Threat Horizons report, issued false job offers to employees at security firms. In previous campaigns, the same gang, known as Zinc, attacked security experts, according to Google TAG researchers. 

“TAG observed a North Korean government-backed attacker group that previously targeted security researchers posing as recruiters at Samsung and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.” reads the Google Threat Horizons report. 

According to Google, the emails included a PDF that purported to be a job description for a position at Samsung, but the PDFs were malformed and wouldn't open in a conventional PDF reader. If the targets complained that they couldn't open the job offer archive, the hackers promised to assist them by providing a link to a "Secure PDF Reader" app that they could download. 

Google, on the other hand, claims that this file was a modified version of PDFTron, a genuine PDF reader, that was altered to install a backdoor trojan on the victims' machines. 

The Zinc APT group, also known as Lazarus, increased its activities in 2014 and 2015, and its members generally utilised custom-tailored malware in their assaults. This threat actor has been active since at least 2009, and potentially as early as 2007, and has been involved in both cyber espionage and sabotage campaigns aiming at destroying data and disrupting systems. 

The threat actor's methods have baffled the security community, which believes the organisation tried to obtain unreleased vulnerabilities and exploits from some of their naive and negligent members, as tracked by Microsoft under the codename "Zinc." 

 The attacks were ascribed to the same team of North Korean hackers who previously attacked security researchers on Twitter and other social networks in late 2020 and into 2021, according to the Google Threat Analysis Group, the Google security team that discovered the malicious emails. 

 The attack against South Korean antivirus makers could be different since compromising their employees could give the group access to the tools they need to launch a targeted supply chain attack on South Korean enterprises that use their anti-malware software.

By Tempering Apps In Samsung, Hackers can Spy the Users

 

Hackers can now snoop on users by manipulating the pre-installed Samsung apps. 

Hackers can monitor users and probably control the whole system altogether. Alarmingly, the vulnerabilities appear to be part of a much larger group of exploitable flaws. A security scientist of Samsung summarized the situation to the bug bounty program of the technological giant. 

Samsung works to patch numerous vulnerabilities that impact its smartphones, that can be exploited to spy or control the system in the wild. 

Sergey Toshin — the creator of the Oversecured mobile app security company — uncovered more than a dozen flaws that affect Samsung devices from the beginning of the year. 

The information in three of them is currently light due to the noteworthy risk to users. Toshin said that the less pressing of these problems would allow attackers to obtain SMS messages if they deceived the victim without going into particulars. 

However, the other two are more problematic, as they are more robust. No action by Samsung's device owner is required to exploit them. An attacker might use it to read and/or write high permission arbitrary files. 

It is uncertain when the improvements are presented to the consumers because generally the process takes approximately two months to assure that the patch doesn't cause other complications. 

All three safety vulnerabilities have been reported responsibly by Toshin and are currently awaiting the bounties. 

The hacker has earned about $30,000 from Samsung alone since the beginning of the year, to reveal 14 vulnerabilities. Meanwhile, three more vulnerabilities await a patch. In a blog post Toshin shares technical specifics and proof-of-concept user instructions on seven of these issues that have been patched beforehand, bringing $20,690 in bounties. 

For discovering and acquainting Samsung about the issues (CVE-2021-25393) in the Settings app that arbitrarily allowed hackers to gain access to read/write Toshin won a hefty bounty of $5460. 

To mitigate possible security threats, users should use the latest firmware upgrades from the fabricators. 

Toshin has identified over 550 vulnerabilities through HackerOne's platform and several bug bounty programs over the US $1 million in bug prizes.

The Samsung Group is a global South Korean conglomerate based in Samsung Town, Seoul. It consists of many affiliates and the majority of them are under the mark of Samsung (business conglomerate). Also, it is the most prominent South Korean chaebol. 

Samsung and SK Telecom Unveil World's First Quantum Security Tech 5G Smartphone


The two companies have recently revealed the world's first QRNG (Quantum Random Number Generator) 5G smartphone. The smartphone is named Galaxy A Quantum (a newer version of the A71 5G) and gives some excellent smartphone features, but QRNG technology makes it different from the rest, as it makes the apps and services prone to hacks. The Normal Random Generated Numbers are used in multiplatform logins like payment platforms and 2 step authentication, which is easy for hackers to infiltrate.


The QRNG technology, with the world's smallest chipset of dimensions 2.5mm by 2.5mm, on the other hand, uses CMOS image sensors and LED. The LED and CMOS sensors are responsible for emitting image noise and capturing the light, respectively, to create a random number of strings with unpredictable patterns. No technology in the industry is capable of hacking the Galaxy A Quantum, one of the most secure smartphones, says SK Telecom. However, it should be noted that the chip SKT IDQ S2Q000 is only for use with SK services. But, the tighter the challenge, the better the hackers. The Galaxy A Quantum has a 6.7-inch super AMOLED Infinity-O display, an in-display fingerprint reader, and a full HD resolution.

A 64-megapixel main camera, 12-megapixel ultrawide-angle camera, 5-megapixel macro camera, and a 5-megapixel depth sensor, together form the rear quad camera setup. The front camera comes with 32 megapixels. "This is the company's first phone with a dynamic OLED panel -- technology that Samsung's marketing department is referring to as "Infinity O AMOLED." We're looking at an HDR10+ screen that uses "dynamic tone mapping" to improve the contrast, keep details visible even in dark spots and optimize colors when you're saying, watching a movie. Unrelated to that, the screen also reduces blue light by 42 percent to minimize eye strain. That's not a special night mode, mind you, but the default experience," Engadget in its review.

It is not the first time that the two companies have worked together, in September 2019, the companies were working on first 8K TV with 5G connectivity. We hope that this won't be the last.

The Worldwide Pandemic Prompts Technology Giant Samsung to Embrace Electronic Voting


There is no denying the fact that the rise of COVID-19 has taken the world by storm yet it’s very astounding that the technology sector also has been affected to a critical degree. Technology giant Samsung Electronics has thus embraced electronic voting in favor of the first run through ever during this year's annual general meeting (AGM) on March 18, asking shareholders to utilize it to help check the spread of the worldwide pandemic coronavirus. 

Samsung's investor relations website on Monday encouraged shareholders to take the opportunity to cast a ballot via the internet up to March 17. This is on the grounds that the company directed a 1-to-50 stock split in 2018, prompting a huge increment in the shareholders numbers. 

Samsung's AGM is said to be held at a convention hall in Suwon, around 30 km (18 miles) south of Seoul, with a capacity of around 3,000 people as per reports by the centre's website Samsung explicitly called for electronic voting by shareholders with manifestations, or who have visited locales with high-risk districts, or who are identified as high-risk, for instance, pregnant women and those aged 65 or above. Reflecting guidance from the "Korea Centers for Disease Control and Prevention Guidance". 

The shareholders' gathering is said to be furnished with thermal cameras and contactless thermometers, and those with fever or cough symptoms might be restricted from entering. 
Those with a fever at the scene will be coordinated to an area away from the main hall, the website informs. 

In what is the second-biggest outbreak in Asia after China, South Korea announced 74 new COVID-19 infections on Monday, bringing the nation's aggregate to 8,236 and hence such precautions are a must.

Samsung announces a new product Ballie - a robot companion

Samsung has launched a new product at CES 2020, named Ballie a tennis ball-like robot that rolls around following the owner. The bot Ballie has a built-in camera to follow it's the owner and capture special moments, Samsung South Korean tech giant announced the product at CES tech show in Las Vegas.

"I love this guy," said president and chief executive H S Kim as Ballie whizzed around the stage chasing him. 
He said the product is a combination of 5g and Artificial Intelligence, both areas in which Samsung plans to focus on in 2020.

Ballie is being received with both positive and negative views. One analyst said that it seems fun but might struggle with stairs. It has roared on the internet and is already being compared with robot companions from several movies - including BB-8 from the latest Star Wars trilogy films.

Along with being a perfect robot companion, Ballie overshadows it's owner, acts as a fitness assistant and can help in household chores like switching on smart devices at home. 
"It's fun - it reminded me of a cross between a Sphero toy and R2-D2 with the sounds it was making," said Simon Bryant at market research firm Futuresource.
He also mentions that it's strange that Samsung introduces Ballie with its own voice recognition ability without any mention of the company's virtual assistant Bixby.

Paul Gagnon, an analyst at IHS Markit comments, "I can see a lot of people who will be hesitant with security and privacy concerns". Though, Samsung assures that Ballie would strictly follow privacy and data protection standards. 

Samsung has not yet revealed when Ballie will be available in the market to buy or how much it will cost. 
When asked by the BBC why a product like this now, Samsung spokesman Benjamin Braun said, "There are two technologies that are helping this come to life. One is artificial intelligence and the other one is 5G. Those very much focus areas for Samsung in 2020."
Though, Mr. Bryant said he was unimpressed by these ideas, "I thought it just smacked as a desperate attempt to move on from mobile," he said. 

Amazon, Sony, Xiaomi, Samsung Devices Hacked at Pwn2Own Hacking Contest at Tokyo


In a hacking contest held at Tokyo, a duo of white-hat hackers known as Fluoroacetate breached pass devices of some of the most popular tech companies namely Amazon, Samsung, Sony, Xiaomi and others. On the first day itself, the team won prize money of $145,000 (around 1.02 crore) and 15 Master of Pwn points which secured them a dominant lead ahead of others in the competition. The contestants receive a bounty for each successful breach and points that add on to the total ranking. However, the overall winner obtains the grand title 'Master of Pwn'.

The leading team, Fluoroacetate which comprises Hacker Amat Cama and Richard Zhu, amassed a lot of success early on as they managed to bypass five devices. Making history, the duo cracked down Sony X800G, first-ever Television exploited in the contesting history of Pwn2Own. Moving onto their next targets, Amazon Echo Show and Samsung Q60 television, the hackers employed an integer overflow in JavaScript to compromise both the devices. While hacking Xiaomi Mi 9, the duo used a JavaScript exploit to extract a picture from the smartphone. Next up on their list was Samsung Galaxy S10, which the remarkable duo slashed down by pushing a file on the phone via a stock overflow. The last contributor for the team's winning streak was Netgear Nighthawk Smart Wi-Fi Router R6700 (LAN interface).

Points and bounty distribution 

Team Fluoroacetate piled up a total bounty of $145,000 and 15 Master of Pwn points at the end of the first day at Pwn2Own, in the following order.

Sony X800G smart TV: $15,000 and 2 Master of Pwn points.
Amazon Echo Show 5: $60,000 and 6 Master of Pwn points.
Samsung Q60 smart TV: $15,000 and 2 Master of Pwn points.
Xiaomi Mi9 smartphone: $20,000 and 2 Master of Pwn points.
Samsung Galaxy S10: $30,000 and 3 Master of Pwn points.

Pwn2Own is the top computer hacking contest that was first conducted in 2007 with the purpose of demonstrating the security flaws present in widely used software and devices. The hackers gather at the contest to demonstrate vulnerabilities for a pre-set list of software and devices, to earn points on successful discoveries the hackers must ensure that all the exploits put forth at the contest are new. After the contest, the event organizers take charge of all the bugs and vulnerabilities discovered throughout the competition and subsequently hand them over to the respective companies.

After the final day of the tournament, Fluoroacetate, accumulating total prize money of $195,000, 18.5 Master of Pwn points along with a shining trophy and other goodies, has emerged victorious and as the rightful owner of the title 'Master of Pwn'. Notably, the team's most striking accomplishment has to be the bypassing of Samsung Galaxy S10 that won the duo a whopping sum of $50,000 and 5 valuable Master of Pwn points.

Apple and Samsung smart phones emits more radiofrequency radiation than allowed


Radiofrequency radiation emitted from popular smartphones like iPhone 7 and Samsung Galaxy S8 is more than double over the legal safety limit set by the US regulators, a Chicago Tribune investigation reveals.

The Federal Communications Commission, which regulates phones emission, cleared the devices for the sale, on its website it states that the device “will never exceed” the maximum allowable exposure limit, which is harmful to humans.

“We take seriously any claims on non-compliance with the RF (radiofrequency) exposure standards and will be obtaining and testing the subject phones for compliance with FCC rules,” agency spokesman Neil Grace said.

The test was sponsored by the Tribune and conducted as per the federal guidelines at an accredited lab.

A year ago, the Tribune set out an important question to explore: Are cellphones as safe as manufacturers and government regulators say?

The Tribune tested 11 cellphones by measuring how much radiofrequency radiations were absorbed by the human body if the device is positioned near to it. Most of the popular smartphones were proved to be hazardous for the human body.

Apple then issued a statement, questioning the Tribune's test results for the iPhone 7s “were inaccurate due to the test setup not being in accordance with procedures necessary to properly assess the iPhone models.”

“All iPhone models, including iPhone 7, are fully certified by the FCC and in every other country where iPhone is sold,” the statement said. “After careful review and subsequent validation of all iPhone models tested in the (Tribune) report, we confirmed we are in compliance and meet all applicable … exposure guidelines and limits.”

The Tribune tested 11 cellphone models by measuring how much radiofrequency radiation was absorbed by a simulated body positioned near the phone. The Federal Communications Commission has set an exposure limit of 1.6 watts per kilogram averaged over one gram of tissue.

Samsung advised its smart TV customers to scan for malware




Samsung recently advised smart TV users’ to scan their devices regularly as it is susceptible to malware just like PCs.

The company tweeted through their US Support Twitter account but later deleted the tweet without any reason. 

The tweet read: “Scanning your computer for malware viruses is important to keep it running smoothly. This also is true for your QLED TV if it’s connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks.”

The tweet also had a demonstration video showing how to scan your Samsung TV. 

This action has raised a question whether its smart TVs are vulnerable to virus attacks.

However, the firm clarified that the tweet was a response to a query made by a customer and nothing to worry. 

Scanning smart TV is really easy. Go to the settings menu on your Samsung TV and then select General. Click on System Manager and scroll down to Smart Security. 

Click on Smart Security, then select Scan and your Samsung TV will start scanning for viruses and malware.