Connect with us


Hackers can steal your ATM pin from your Smart Watch



Hackers can steal your ATM pin from your Smart Watch 1
Hackers can steal your ATM pin from your Smart Watch 2

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. 

A recent study from Binghamton University also suggests your smartwatch or fitness tracker is not as secure as you think – and it could be used to steal your ATM PIN code. 

The risk lies in the motion sensors used by these wearable devices. The sensors also collect information about your hand movements among other data, making it possible for“attackers to reproduce the trajectories” of your hand and “recover secret key entries.” 

In the paper, titled ” Friend or Foe?: Your Wearable Devices Reveal Your Personal PIN,”computer scientists from the Stevens Institute of Technology and Binghamton University used a computer algorithm that can guess your password and PIN with about 80% success rate on the first attempt, and over 90% of the time with 3 tries. 

Retrieving Passwords and PINs Using this Algorithm

Researchers say their “ Backward PIN-Sequence Inference” algorithm can be used to capture anything a person type on any keyboard – from automatic teller machine or ATM keypads to mobile keypads – through infected smartwatches, even if the person makes the slight hand movements while entering PINs. 

“The team was able to record millimeter-level information of fine-grained hand movements from accelerometers, gyroscopes and magnetometers inside the wearable technologies regardless of a hand’s pose,”reports

Although the researchers do not name specific wearable devices that are vulnerable, they note that attackers can record information about your hand movements… 

…either directly by infecting your wearable device with malware or remotely by intercepting the Bluetooth connection that links your wearable device to your phone. 

The bottom Line:

The team says it doesn’t have any robust solution to prevent this attack but recommends manufacturers and developers to confuse attackers by inserting “a certain type of noise data” that would allow the device to be still used for fitness tracking, but not for guessing keystrokes. 

Another way is to take a low-tech approach – Always enter your passwords or PINs with the hand that is not having a wearable device with the highly sophisticated motion tracker.

The Hacker News

Michael Ajah is a Computer Science Student of The University of Port Harcourt and a Chelsea Fan. He loves RnB and a little mix of Trap Music. An awesome tech reviewer and analyst

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Google pays Student $10,000 For Reporting Security Flaw



Hackers don’t always make money from criminal activities. Big Tech companies like Google and Facebook have bug bounty programs in which security researchers are rewarded for disclosing existing flaws in the system.
Google pays Student $10,000 For Reporting Security Flaw 3

Last year, Google released a result which shows that hackers were rewarded $3 million throughout 2016. Recently, a Uruguayan student has been rewarded with $10,000 because he managed to discover a vulnerability in Google.

According to Ezequiel Pereira, he found the vulnerability when he was playing with Google services using a web security testing tool known as Burp Suite.

He was actually playing with Burp Suite to find the vulnerability, after many failed attempts, he discovered that the internal web page of didn’t have the username or password check in place. hosts several Google App Engine applications.

Ezequiel Pereira wrote

“The website’s homepage redirected me to “/eng”, and that page was pretty interesting, it had many links to different sections about Google services and infrastructure, but before I visited any section, I read something in the footer: “Google Confidential

“At that point I stopped poking at the website and reported the issue right away, without even thinking of a better way to show the vulnerability than with Burp”

He also shared screenshots of the email exchanges with Google’s security team the same day. Google’s security team confirmed that the bug he reported was very effective. Pereira says he was very surprised when he received $10,000 from Google team for his work after a month.

However, Google has resolved the vulnerability and the large reward was because they found a few variants that would have allowed an attacker access sensitive data”

Continue Reading


Have A Look At The 7 Most Beautiful Hackers In The World



They’re extremely cute but these set of ladies can clear an entire bank with just a set of computers. Let me introduce the most beautiful hackers in the world – With a combination of beauty, brains and sex appeal. You certainly won’t want to mess with them.

Have A Look At The 7 Most Beautiful Hackers In The World 4
Adeanna Cooke

She is a hacker and former playmate . An old friend of hers decided to pose on the internet as her and started taking money for doing so.

This did not go down well with her. If there was anyone who was going to be making money off her body, it was going to be her.

She came across an unauthorized website with her pictures, then she took matters into her own hands and hacked into the account herself to take them down the photos.

After the successful attempts, Cooke also used her hacking skills to help others in similar situations
She was also known as the “Hacker Fairy” to other  women being taken advantage of on the Internet.

Have A Look At The 7 Most Beautiful Hackers In The World 5
Ying Cracker

Ying teaches people the basics of hacking; things like changing your IP address or wiping Office passwords

Who doesn’t want to learn how to hack from a beautiful chic ?

She was first noticed in a Chinese Hackers’ forum post that got her noticed and created a huge fan base for her.

Her work is quite impressive as well. She’s an expert in writing hacking software and charges a lot of money for simple courses on  hacking tools.

She usually makes about $2000 per month in the hacking business and for that, she certainly deserves your respect.

Have A Look At The 7 Most Beautiful Hackers In The World 6
Kristina Svenchiskaya

Kristina was a student at The New York University and is a money mule hacker.

She attempted to defraud several British and U.S. banks of millions of dollars using a Trojan horse malware. With collective team efforts, she earned a sum of more than $3 million by opening fake bank accounts and using fake passports.

Kristina was later arrested in 2011 but released after signing a bond and paying $25,000 as bail.

If she had been convicted, she could have been imprisoned for more than 40 years.

Have A Look At The 7 Most Beautiful Hackers In The World 7
Raven Adler

Ravel Alder is certainly s one of the most gifted and intelligent hackers who’s using her education for good use. She was the first female to give a presentation at DefCon, one of the worlds most prestigious gatherings of hackers .

She currently helps corporations protect their data and other sensitive information. She is also a consultant, lecturer and author who deals in hacking and computer security.

Have A Look At The 7 Most Beautiful Hackers In The World 8
Kim Vanvaeck

Kim also known as Gigabyte, the Belgium national is well known for developing many high caliber viruses that target hardwares and subsequently destroy sensitive information.

She wrote her first virus when she was 14.  She wrote the viruses not to gain money but to cement her position in a group of hackers that are dominated by men. She wanted to prove to the world that women too can write viruses and can be dangerous hackers, unlike what the world knows it to be. Her virus, Sharp, is credited to being the first virus ever written in C Sharp.

Vanvaeck was later arrested when she was aged 17 but was out on bail in 24 hours due to her minor status.

Have A Look At The 7 Most Beautiful Hackers In The World 9
Xiao Tian

Tian formed the female hacking group called “China Girl Security Team,” as she felt that there was no other outlet for teenage girls like her in the male-dominated world of hacking.

Her group has  ties with some of the most notorious hacking organisations in the world and has become one of the largest Chinese-based hacking groups.

As with most well-known and outspoken groups of this nature, Tian and the rest of China Girl Security Team continue to receive attention from national and international police organizations due to their activities.

Have A Look At The 7 Most Beautiful Hackers In The World 10
Anna Chapman

Anna was a Russian hacker who lived in New York City before she was arrested, along with nine others in 2010. She was accused of working for the Illegals Program spy ring under the Russian Federation’s external intelligence agency.

Chapman pleaded guilty to a charge of conspiracy to act as an agent of a foreign government without notifying the U.S. Attorney General, and was deported to Russia, as part of a prisoner swap. She also lost her U.S. citizenship.

Continue Reading


It Actually Happened : Google Was Just Hacked The Second Time



It Actually Happened : Google Was Just Hacked The Second Time 11
When I first saw this online, I was really wondering how true it was until I saw a video confirming this report.

It Actually Happened : Google Was Just Hacked The Second Time 12
Google Hacked!!!
This is not actually the first time a Google page is being hacked. In December, a group of Pakistani hackers took out the Google Bangladesh website with the same DNS redirection exploit. As expected Google sprung into action to fix this.

A lone hacker managed to hack the Google Brazil domain and deface it for about 30 minutes. According to reports, the hacker, who uses the name, ‘Kuroi’SH’, managed to post messages celebrating his exploit on the Google Brazil home page.

For about 30 minutes on Tuesday evening, users of Google in Brazil were greeted by a message announcing the hack by ‘Kuroi’SH. News of the successful hack immediately went viral in Brazil, with fresh claims that the hacker had also succeeded in defacing other major domains emerging.

‘It is a great moment to die. Two Google at once. I don’t even care,’ the hacker wrote on the Google Brazil domain page. The message continued with some pretty hard words.

According to the hacker the term he used ‘two Google at once,’  indicated that he had successfully hacked the Google domains for Brazil and Paraguay. The hacker indicated that although he had successfully defaced the Google domain for Paraguay, he did not have the time to upload the defaced homepage. It is still not clear if the hacker had successfully defaced the Google domain name for Paraguay as well.

It apparently seems that the hacker was not sponsored by any form of high ideals, as many would expect.

‘It was meant to show that everything can be hacked and that we should take our security issues very seriously,’ he said.

This just comes in a period when it appears that hackers are increasingly targeting high-value domains for fun. A few weeks ago, a group of Pakistani hackers  ‘TeaM Pak’, managed to hack the Google domain for Bangladesh . The hackers then uploaded a defaced page filled with pro-Pakistani messages and indicating that everyone is vulnerable to such attacks.

In the case of Google Brazil case, the company was quick to point out that it had not been hacked.

‘DNS servers may have suffered an attack, redirecting to other sites,’ it posted.

However, there were also unverified reports which indicated that the hacker may have also managed to deface Google Translate and Google Maps domain. However, these reports were not  verified. Also, the Google Brazil homepage was restored almost immediately news of the hacking started spreading.

It Actually Happened : Google Was Just Hacked The Second Time 13
Here’s the Video Demonstration :

Continue Reading


Hackers Threaten To Take Down Xbox Live And PSN on Christmas Day



Hackers Threaten To Take Down Xbox Live And PSN on Christmas Day 14
Once again it’s the season when most of you will get new PlayStations and XBoxes that have always been among the most popular gifts for Christmas, but it’s quite possible that you’ll not be able to log into the online gaming console this Christmas.

On 25th December 2014, a  notorious hacking group Lizard Squad knocked out the Playstation Network and Xbox Live  for many gamers by launching massive DDoS attacks against the gaming networks. 

Now, a new hacking group, which took down down Tumblr this week for about two hours, has warned gamers of launching another large-scale distributed denial-of-service (DDoS) attack against XBox Live and PlayStation networks. 

Calling itself R.I.U. Star Patrol, the hacking group, posted a video on YouTube, announcing that they’re planning to take down Sony’s PSN and Microsoft’s Xbox Live on Christmas Day by launching coordinated DDoS attacks. 

“We do it because we can,” the group said. “We have not been paid a single dollar for what we do.”

Neither Sony nor Microsoft has yet responded to the hackers’ warning. 

However, both Sony and Microsoft previously promised to enhance the protection of their systems to block any attack disrupting their networks, but downtime and short outages happen almost every Christmas. 

Continue Reading


New Virus/Malware Tordow 2.0 Can Empty Your Bank Account



New Virus/Malware Tordow 2.0 Can Empty Your Bank Account 15
A Security firm COMODO just reported that “Tordow,” a banking Trojan first discovered in September 2016, received a massive update this December.

The new “Tordow 2.0” virus stands out among other types of virus because it has the ability to gain root access  on Android devices. This makes Tordow 2.0 especially vicious, as it enables the malware to do the following:

steal login credentials

empty out online bank accounts

make phone calls and control SMS texts

act as ransomware

visit websites

reboot your phone

encrypt and/or rename files

access contacts

scan web browsers like Chrome for sensitive information

Tordow 2.0, in short, is capable of doing almost anything it wants to do on your phone. As of now, the virus is mainly isolated to Russia, but cybersecurity experts are keeping  close tabs on Tordow and its movements. Comodo explains:

Although the majority of victims have been in Russia, successful hacker techniques usually migrate to other parts of the globe.

— Comodo

It is almost impossible to remove Tordow 2.0 due to its ability to root. Once downloaded, the malware spreads to every nook and cranny of the host device’s system and files. The only effective way to rid yourself of Tordow is flash a stock rom  into your device. Simply doing a hard reset on the device won’t work.

Continue Reading


New Malware Gooligan Has Affected Almost A Million Android Phones



New Malware Gooligan Has Affected Almost A Million Android Phones 16
The last time it was Quadrooter, now there’s another malware which has affected almost a million Android devices. Asian users account for 74% of the affected devices. (Gooligan)

Like many other malware attacks on an Android-based device, Gooligan starts when the user either downloads a corrupt app from a third party store (not Google Play) or if a person clicks on a  suspicious link in an SMS or email message that sends them to the malware source.

Once Gooligan is installed, Check Point claims it sends out data on the infected device to a command and control server. Then it downloads rootkit software that can steal information such as email accounts and authorization tokens that can be used to breach Google accounts. The blog states that the majority of infected Android devices are in Asia, but about 19 percent of those devices are in the Americas.

Check Point has a list of the known apps that have been infected by the Gooligan malware. It also says it has already sent the information it collected on this breach to Google. Adrian Ludwig, Google’s director of Android security, is quoted in the blog post as saying that the company has “taken numerous steps to protect our users and improve the security of the Android ecosystem overall.”

In the meantime, most people can likely avoid having their Android smartphone or tablet get infected by staying away from unsecured third-party app stores and not clicking on any random links from emails and messages from unknown sources.

Continue Reading


FUTA Website Hacked By Indonesian Hacking Group



FUTA Website Hacked By Indonesian Hacking Group 17
FUTA Website Hacked By Indonesian Hacking Group 18
A quick check through FUTA’s website  ( shows that the website has been defaced by an Indonesian hacking group (Indonesian Code Party) which has been linked to the hack of several websites on the Internet.

Possible Cause Of The Hack

1.FUTA’s website  runs on  just PHP and SQL on an Apache Server. This can easily be exploited by any hacker.

2.Their ICT Team Failed To Apply Patches and Updates To The School Website

Many webmasters know how vulnerable websites based on PHP and SQL can be.I must say that It’s really appalling for a Federal University to use an outdated and buggy CMS.


I The successful defacement and hack of the FUTA website depends on the exploit used by these hackers . It does not necessary mean that the hackers connected to the database directly although I’m not ruling out the possibility .

The hackers might first check the server to find what the app stack is (Programming Languages,
Database, CMS, OS).
Looking at HTML, Javascript code, URL pattern, hitting standard URL’s of admin pages & port scanning helps a lot.

Once this is done, he or she knows which exploits to try.

With CMSes, exploits become public very fast. Security patches are made available just as fast. If they regularly apply security patches they’ll be OK. Other
than that CMSes are vulnerable mostly due to bad configuration, or poor password choice.

Custom applications are more vulnerable to loop holes in code. There are many vulnerabilities that can be exploited.

1. Database fields become exposed to modification
because the programmer choose to simply persist the
entire object received from the user instead of only
picking those fields that the user was allowed to
modify from that page.

2. Having ajax methods such as getObject(int objectid)
in Javascript with no corresponding validation on
server side to find whether the requested object
should be accessible to the current user.
These seemingly lame coding blunders are surprisingly
very common in custom built applications.

Possible Solution

1.Scan Website Server for Vulnerabilities With Nikto On Linux and install patch/ fixes for every vulnerability

2.Change Website CMS To Joomla

Continue Reading