Singapore Wants to Register Hackers in New Law

Singapore is one of the most advanced and important countries for information security. However, a likely new local law is dividing opinions: any ethical hacker who wants to operate in the country will have to take a license.

Ethical hacking is the term used for the individual who modifies the internal aspects of devices, programs and computer networks for the “common good” without taking any kind of advantage.

The law is not yet implemented, however, if any hacker is caught – or if any individual wants to help some company via penetration tests, for example – acting without the license, will have to pay $114 Thousand and face up to two years in prison.

As noted by <a href="https://qz.com/1026300/singapores-government-wants-to-license-hackers/&quot; target=

Advertisements

Singapore is one of the most advanced and important countries for information security. However, a likely new local law is dividing opinions: any ethical hacker who wants to operate in the country will have to take a license.

Ethical hacking is the term used for the individual who modifies the internal aspects of devices, programs and computer networks for the “common good” without taking any kind of advantage.

The law is not yet implemented, however, if any hacker is caught – or if any individual wants to help some company via penetration tests, for example – acting without the license, will have to pay $114 Thousand and face up to two years in prison.

As noted by Joon Ian Wong of Quartz, the law is likely to be sanctioned. This is because it “is in line with the reputation of extreme order” present in Singapore – Wong lived in the country for a while.

The other side

The law is a real danger even for the local telecommunications market. Usually, teens and youngsters start hacking out of curiosity. They track videos on YouTube, read forum tutorials, chat online, and virtually conduct their studies on the internet. Most of them test the tools as a way of learning. With the law, they can be arrested.

In addition to the arrest of young hackers entering the world, the law preventing young people from testing tools ultimately inhibits their willingness to act in this segment. With that, many young people who wish to work professionally in the areas of technology and telecommunications will be discouraged.

Going further: the law could lead to better hackers. More applications and tools that hide IPs and identities can be developed. If the license is paid, ethical hackers without pocket money will start working off the government radar – and there are VPNs, Tors, encryption and various technologies to shut down the authorities.

Sound-Proof Will Replace Your Password With Noise

Passwords could soon be a thing of the past. A Swiss startup has developed a new method, which should make the log-in safer and easier. This is based on noise.

Secure passwords and multi-level authentication systems are becoming more and more important. On the Internet, we pay our bills, communicate via business and at the same time also reveal all sorts of private features. And yet, many people use the same password for all their accounts. Identity theft and Internet espionage are increasing worldwide.

The Swiss Startup Futurae has now developed a method to improve the authentication process and to facilitate it as well. Instead of hacking passwords, which have to be entered first and forgotten, the team of scientists at the ETH Zurich is focusing on sounds – and indeed sounds from the immediate environment. Your app is called Sound-Proof.

If a user wants access to an Internet

Passwords could soon be a thing of the past. A Swiss startup has developed a new method, which should make the log-in safer and easier. This is based on noise.

Secure passwords and multi-level authentication systems are becoming more and more important. On the Internet, we pay our bills, communicate via business and at the same time also reveal all sorts of private features. And yet, many people use the same password for all their accounts. Identity theft and Internet espionage are increasing worldwide.

The Swiss Startup Futurae has now developed a method to improve the authentication process and to facilitate it as well. Instead of hacking passwords, which have to be entered first and forgotten, the team of scientists at the ETH Zurich is focusing on sounds – and indeed sounds from the immediate environment. Your app is called Sound-Proof.

If a user wants access to an Internet service, such as online banking, he usually has to enter a password on his homepage and then, depending on the authentication process (usually still a code) starts the transaction.

But if the service works with sound proof and the user has installed the sound proof app on a second device with a microphone (such as the smartphone, the tablet or even the computer), then the authentication process takes place via noise.

Both devices record ambient noise for three seconds, then an algorithm compares the two audio tracks. Supposedly, the recorded files scan for equal words or similar pitches: for example, the same part of a song or even a conversation of passers-by is sufficient for authentication.

If it is absolutely quiet, then Sound-Proof switches on the ultrasound: thus the browser transmits an encrypted message from the browser to the mobile phone. This receives and decrypts the signal and thereby authenticates the user.

But what if a hacker is aware of the password and is in the same room as the user or is just listening to the same song? In this case, too, the team from Futurae thinks that if you log in for the first time in a new browser or on a new device, the app requires a manual confirmation.

According to the manufacturer, the technology is to work even if the smartphone is in an adjoining room – provided the door is open. At the end of March, the team won some 121,000 euros of start-up capital at the Venture-Kick competition.

How Hackers Can Get to Your PIN Using Smartphone Sensors

In a typical smartphone, there are about 25 sensors, often only a few millimeters in size, which make it a kind of digital Swiss pocket knife.

Magnetometer and Accelerometer make the device a compass, the barometer tells the fitness app how many levels you have already climbed, the brightness sensor automatically controls the display light, and the gyroscope registers rotations, such as rotating the screen or controlling games.

Researchers from Newcastle University have now shown that it is theoretically possible to conclude from some of these sensory data on information that should remain secret. From the motion data of the gyroscope, they were able to derive a four-digit PIN code with 70% probability in the first experiment. In the fifth trial, the hit rate was even 100 percent.

According to the researchers, the smartphone manufacturers are aware of this security risk. A solution or even the will to sacrifice user friendliness in favor of security, they would not have. In a

In a typical smartphone, there are about 25 sensors, often only a few millimeters in size, which make it a kind of digital Swiss pocket knife.

Magnetometer and Accelerometer make the device a compass, the barometer tells the fitness app how many levels you have already climbed, the brightness sensor automatically controls the display light, and the gyroscope registers rotations, such as rotating the screen or controlling games.

Researchers from Newcastle University have now shown that it is theoretically possible to conclude from some of these sensory data on information that should remain secret. From the motion data of the gyroscope, they were able to derive a four-digit PIN code with 70% probability in the first experiment. In the fifth trial, the hit rate was even 100 percent.

According to the researchers, the smartphone manufacturers are aware of this security risk. A solution or even the will to sacrifice user friendliness in favor of security, they would not have. In a press release, Maryam Mehrnezhad, the author of the study in the International Journal of Information Security, writes: “Because apps and websites do not need permission to access most of the sensors, malicious programs can” spy “the sensor data Sensitive information such as telephone times, physical and tactile activities such as PIN and passwords.

Hackers can easily misuse just the gyroscope that measures the rotations. The sensor is one of those, for whose use many apps do not have to ask as with Camera or GPS after permission. Every tap, every squeezing and pushing movement, every tilt of the phone leaves a unique pattern that can be interpreted.

Siamak Shahandashti, the co-author of the study, explains the danger: “It’s a bit like a puzzle, the more parts you put together, the better you can see the whole picture.” Each sensor contributes to the puzzle Of personal information is always better to recognize. “Personal fitness gadgets that transfer the movements of the wrist to an online profile are a whole new threat,” adds the scientist.

The researchers from Newcastle were able to show during the course of their study that a website or app, which activates sensors secretly, can grab data in some browsers as long as the tab remains open in the background – in some cases, even when the smartphone is in the blocked state.

Who then, for example, enters his online banking PIN, by his movements indirectly reveals the combination of numbers. “People are much more worried about the data of the camera or the GPS, the quiet sensors are usually underestimated,” says Mehrnezhad.

As early as 2011, researchers at the Georgia Institute of Technology demonstrated that the acceleration sensor or the microphone of an iPhone could translate keyboard strokes into actual words. For this, the smartphone had only to lie on the desk next to the desktop PC. And Stanford researchers were able to convert the motion sensor into a microphone in 2014 to listen to conversations.

To close security gaps like this, the researchers at Newcastle University also want to work with the industry. Until a solution comes in, users should be able to master security monitoring: keep the operating system up-to-date, change passwords regularly, close tabs, and download apps only from trustworthy sources.