Digital DNA Makes Terrible Authentication

Keyboarding Fingerprints A Risk / Who Is AntiToxin And Why Are They Already In Your Conversation? / Skype Shares Mobile Screens / EU Drains GOOG Cash / Rural Internet Realities

Photo by TimSon Foox from Pexels
watch on YouTube

Charlie Osborne for Zero Day writes about Malboard: Hackers can now pose as victims through their keyboards

A new form of cyberattack has been developed by researchers which is able to mimic a user’s identity through their keystrokes.

The continual evolution of cyberattacks and their increasing sophistication has led to a situation where signature-based antivirus products are no longer enough.

A multi-layered approach to personal security — including two-factor authentication (2FA) — is slowly becoming commonplace in order to reduce our reliance on passwords alone.

The idea of verifying our identity through behavioral patterns, such as through keystrokes or mouse movements, is also being explored, but as Ben-Gurion University of the Negev (BGU) Malware Lab researchers have revealed, no single security solution is foolproof.

On Wednesday, the team said they have developed a new form of attack, dubbed Malboard, which is able to evade detection products “that are intended to continuously verify the user’s identity based on personalized keystroke characteristics.”

It is not just the speed of keystrokes which can be used to verify a user — how we respond to typographical errors and whether or not we tend to mistype particular characters are behavioral elements which can be used to verify our identity, too.

In a paper published in the academic journal Computer and Security, available online, BGU showed how a compromised keyboard can be used to generate and send malicious keystrokes which mimic its victim.

The team used keyboards developed by Microsoft, Lenovo, and Dell in their research. The aim was to fool KeyTrac, TypingDNA and DuckHunt, which are all risk-based behavioral authentication systems.

These forms of software use AI-based algorithms and machine learning to analyze our keystrokes in order to add another layer of verification to user accounts. However, these same algorithms can also be used to fool them.

In order to develop Malboard, the team used behavioral data generated from 30 participants performing three different keystroke tests. This information was fed into the attack’s underlying AI database and algorithms created by the system were pitted against the detection software.

A keyboard infected with Malboard was able to automatically generate keystrokes in the style of the participants by injecting keystroke movements “as malicious software.” In 83 to 100 percent of the tests, KeyTrac, TypingDNA, and DuckHunt were fooled.

Read more from ZDnet.

For every new technology there is an equal and opportunistic anti-technology hackers will use to undermine it. Multi-factor authentication simply must have a security component, like a password, that the user can choose and change. We can’t change our biometrics and for them to be used, there must be a hash to check them against. Location coordinates can be spoofed. And once a behavioral trend has enough data to create a hash, then that too can be replicated. Let’s get serious about security instead of trying to create prestidigitation to wow users.

Josh Constine writes today: AntiToxin sells safetytech to clean up poisoned platforms

The big social networks and video games have failed to prioritize user well-being over their own growth. As a result, society is losing the battle against bullying, predators, hate speech, misinformation and scammers. Typically when a whole class of tech companies have a dire problem they can’t cost-effectively solve themselves, a software-as-a-service emerges to fill the gap in web hosting, payment processing, etc. So along comes AntiToxin Technologies, a new Israeli startup that wants to help web giants fix their abuse troubles with its safety-as-a-service.

It all started on Minecraft. AntiToxin co-founder Ron Porat is cybersecurity expert who’d started popular ad blocker Shine. Yet right under his nose, one of his kids was being mercilessly bullied on the hit children’s game. If even those most internet-savvy parents were being surprised by online abuse, Porat realized the issue was bigger than could be addressed by victims trying to protect themselves. The platforms had to do more, research confirmed.

…Unfortunately, the massive scale of the threat combined with a late start on policing by top apps makes progress tough without tremendous spending. Facebook tripled the headcount of its content moderation and security team, taking a noticeable hit to its profits, yet toxicity persists. Other mainstays like YouTube and Twitter have yet to make concrete commitments to safety spending or staffing, and the result is non-stop scandals of child exploitation and targeted harassment. Smaller companies like Snap or Fortnite-maker Epic Games may not have the money to develop sufficient safeguards in-house.

“The tech giants have proven time and time again we can’t rely on them. They’ve abdicated their responsibility. Parents need to realize this problem won’t be solved by these companies” says AntiToxin CEO Zohar Levkovitz, who previously sold his mobile ad company Amobee to Singtel for $321 million. “You need new players, new thinking, new technology. A company where ‘Safety’ is the product, not an after-thought. And that’s where we come-in.” The startup recently raised a multimillion-dollar seed round from Mangrove Capital Partners and is allegedly prepping for a double-digit millions Series A.

AntiToxin’s technology plugs into the backends of apps with social communities that either broadcast or message with each other and are thereby exposed to abuse. AntiToxin’s systems privately and securely crunch all the available signals regarding user behavior and policy violation reports, from text to videos to blocking. It then can flag a wide range of toxic actions and let the client decide whether to delete the activity, suspend the user responsible or how else to proceed based on their terms and local laws.

Through the use of artificial intelligence, including natural language processing, machine learning and computer vision, AntiToxin can identify the intent of behavior to determine if it’s malicious. For example, the company tells me it can distinguish between a married couple consensually exchanging nude photos on a messaging app versus an adult sending inappropriate imagery to a child. It also can determine if two teens are swearing at each other playfully as they compete in a video game or if one is verbally harassing the other. The company says that beats using static dictionary blacklists of forbidden words.

…AntiToxin believes abuse would proliferate if encryption becomes a wider trend, and it claims the harm that it causes outweighs fears about companies or governments surveiling unencrypted transmissions. It’s a tough call. Political dissidents, whistleblowers and perhaps the whole concept of civil liberty rely on encryption. But parents may see sex offenders and bullies as a more dire concern that’s reinforced by platforms having no idea what people are saying inside chat threads.

Read more about how Israeli Antitoxin has tapped into conversations and is becoming the middleman in negotiating harmful online behavior at TechCrunch.

And let’s ask this question often. Who has access to the back end of electronic communications? Is it just the service we’re using or have they outsourced tech support? Are they domestic to the United States and if not, what vulnerability does that represent? And who else might leverage these connections beyond technical or customer help? Might there be foreign powers who would “wiretap” those services? And what could hacker gangs accomplish by stealing identities, skimming money and harassing with ransoms?

Mariella Moon writes: Skype brings screen sharing to Android and iOS devices

Skype has officially launched screen sharing for Android and iOS devices less than a couple of months after the feature rolled out for beta testers. Screen sharing can be a valuable tool for video calls, whether for personal or work purposes — say, to show a colleague the graphs you’ve been working on or to show a friend how to find a particular setting in their phone. It’s high time the feature made its way to mobile, seeing as smartphones are everywhere now.

The screen sharing feature lives within the newly redesigned “…” menu that you can see at the bottom right corner of the screen while you’re in a video call. It shares its home with call recording, subtitles and the ability to add people. While the feature is active, a banner at the top clearly indicates that it’s beaming a copy of your screen to the other person in the call.

In addition, Skype’s redesigned mobile calling experience is now also out of beta. It lets you focus on video calls by hiding call controls with a single tap and all the elements on the screen with a double tap. Skype has started rolling out the features for Android and iOS devices running iOS 12 and up.

Find this story and more over at Engadget today.

In reviewing this article I wondered how useful this feature really is. I don’t work much directly from my phone, but for millions it is their primary computing device. Will you use screen-sharing from your mobile phone? Perhaps drawings using a tablet make more sense?

Natasha Lomas: Google appeals $1.7BN EU AdSense antitrust fine

Like clockwork, Google has filed a legal appeal against the €1.49 billion ($1.7BN) antitrust penalty the European Commission slapped on its search ad brokering business three months ago.

The Telegraph reported late yesterday that the appeal had been lodged in the General Court of the European Union in Brussels.

A Google spokesperson confirmed the appeal has been filed but declined to comment further.

Reached for comment, a Commission spokesperson told us: “The Commission will defend its decision in Court.”

This is not the first multi-billion dollar fine for GOOG from the EU. Read more about this over at TechCrunch.

What seems to be the norm now in the EU is retroactively applying new ideas of anticompetitive behavior to punitively extract cash from tech giants. These fines curb future behavior but don’t write new laws. Here in the States, we look at whether laws were broken and if so, levy fines. And if the law is insufficient to curb the behavior, we modify the law for future behavior. These fundamental differences about how we regulate differently, create challenges for multinationals who’d much rather work in a singular way across jurisdictions. Perhaps this explains “lowest common denominator” behavior once a tech company outgrows the United States’ domestic market to branch out, and why they begin to behave in unAmerican ways.

Carl Weinschenk writes today about a Study which says Broadband Reduces Unemployment, Especially in Rural Areas

Here are some highlights from the report:

- In studying 95 counties in Tennessee from 2011 to 2016, researchers found that access to high speed broadband can significantly reduce unemployment rates, especially in rural communities.

- Counties with access to high speed broadband have an approximately 0.26 percentage point lower rate of unemployment compared to low speed counties.

- Early adoption of high speed broadband could reduce unemployment rates by an average of 0.16 percentage points per year.

- Counties lacking high speed broadband have smaller populations and population density, lower household income, and a slightly smaller proportion of people with at least a high school diploma.

This article is over at Telecompetitor.com

How much should government subsidize the expansion of broadband internet? Perhaps studies like this show, that like the telephone, connecting more people outside of population centers improves overall quality of life by reducing poverty due to unemployment. But to take advantage of telework, those rural employees will need the skills and structure to take advantage of it. Are we also doing enough to shepherd all Americans into this new connected age? I’d love to get your feedback about this either in the comments below or on Twitter @Weym0

Eric Mack writes: SpaceX Starlink satellites have astronomers amplifying the cosmic alarm

The world’s largest organization of professional astronomers is sounding the galactic alarm over Elon Musk’s plan to send a swarm of SpaceX satellites into low-Earth orbit.

Almost immediately after a Falcon 9 rocket released the first batch of the company’s Starlink broadband internet satellites last month, stargazers were dismayed by just how bright and noticeable the train of orbiting routers is in the night sky. Now the concern has moved from chatter on social media to a more formal call for new government regulation from the International Astronomical Union.

In a statement Monday, the IAU said large satellite constellations like Starlink could have unforeseen consequences for advancing our understanding of the universe and the protection of nocturnal wildlife.

“We do not yet understand the impact of thousands of these visible satellites scattered across the night sky and despite their good intentions, these satellite constellations may threaten both,” the statement reads.

Observatory scientists are alarmed by the new clutch of broadband satellites which impede their study of the night sky.

… Elon Musk also hinted at a possible long-term solution on Twitter: “We need to move telelscopes (sic) to orbit anyway.”

You can check out just how congested thing are up there in this article over at c-net.

Help me spread the news! Share this blog across social media, won’t you?

Get updates throughout the day from my Twitter feed @WeyM0 Subscribe free to the “Your Tech Moment” blog, the RSS feed, the Amazon Skill for your Flash Briefing, listen to the podcast from SoundCloud, Stitcher, Spotify and Apple… or watch on YouTube.

If you have a special news item you’d like us to promote or if you would like to sponsor this podcast with an embedded advertisement, please follow me on Twitter and when I follow you back, send a direct message to get more information.

The product opinions in this article are my own. No paid product endorsements are contained in this article.

©WHTS

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Weyman Holton

Weyman Holton

author of “The Dirty Deeds Playbook” out now in paperback and on Amazon Kindle.