source: wired.com

THOUGH THERE ARE other authentication dongles out there, YubiKeys are largely the face of the physical two-factor authentication movement. Unfortunately, to date it's also been unavailable for the most high-profile smartphone in the world. But on Tuesday manufacturer Yubico is releasing the first Lightning port YubiKey for use with iPhones and iPads. It's been a long time coming.

First announced in January, the Lightning YubiKey has been in the works for more than a year now. Yubico first needed to get Apple's MFi certification—a license required for all Lightning devices—before it could start designing the product and getting third-party developers on board. The dongle, priced at $70, has a Lightning connector on one side and USB-C on the other side. That way it works with not only iPhones and iPads, but also MacBooks or any other USB-C device. Up until now, Yubico hasn't had any offerings that could work with iOS devices, and even among competitors the only option was Bluetooth authentication dongles, which can be glitchy, need to be charged, and potentially introduce their own insecurities.

Though the Lightning YubiKey is finally here with Apple's (mandatory) blessing, the company still hasn't incorporated the underlying open authentication standard, FIDO 2, into its operating systems by default. As a result, the Lightning YubiKey can't automatically work as an authentication token throughout your iOS experience. Each app needs to add compatibility individually through a new application programming interface. For today's launch, you can use the new Lightning YubiKey with a number of password managers and authentication services, like 1Password​, LastPass​, and ​Okta. You can also sign in with the key on a number of websites through the ​Brave iOS browser app​.

 source: securitymagazine.comn

A study from Southern Methodist University's Darwin Deason Institute for Cybersecurity found that hackers can figure out a person’s password by  listening to them type on a keyboard.

Aacoustic signals, or sound waves, produced when a person types on a computer keyboard can successfully be picked up by a smartphone, the study found. The sounds intercepted by the phone can then be processed, allowing a skilled hacker to decipher which keys were struck and what they were typing.

The researchers were able to decode much of what was being typed using common keyboards and smartphones – even in a noisy conference room filled with the sounds of other people typing and having conversations.

“We were able to pick up what people are typing at a 41 percent word accuracy rate. And we can extend that out – above 41 percent – if we look at, say, the top 10 words of what we think it might be,” said Eric C. Larson, one of the two lead authors and an assistant professor in SMU Lyle School’s Department of Computer Science.

The study was published in the June edition of the journal Interactive, Mobile, Wearable and Ubiquitous Technologies. Co-authors of the study are Tyler Giallanza, Travis Siems, Elena Sharp, Erik Gabrielsen and Ian Johnson – all current or former students at the Deason Institute.

It might take only a couple of seconds to obtain information on what you’re typing, noted lead author Mitch Thornton, director of SMU’s Deason Institute and professor of electrical and computer engineering.

“Based on what we found, I think smartphone makers are going to have to go back to the drawing board and make sure they are enhancing the privacy with which people have access to these sensors in a smartphone,” Larson said.

 source: cnet.com

If you ask your voice assistant to find and call a company's customer service number, there's a chance you'll end up connecting with scammers instead. Voice assistants like Siri, Alexa and Google Assistant are being tricked into picking up fraudulent support phone numbers created by scammers, warned the Better Business Bureau on Friday. 

Con artists create fake numbers then bump them to the top of search results, according to the group. This could lead to Siri, Alexa or Google Assistant accidentally picking up a scam number when you do voice search. If you do call a phony customer service number, the BBB warned that the "representative" might ask for you to pay for something via wire transfer or prepaid debit card. They might even ask for remote access to your computer or tell you to visit an unfamiliar website, the group said.

"We work hard to fight against spammers and protect people from scams. When these fake numbers are reported, we remove them," a Google spokesperson said in an email. 

Google said that it designs its systems to prioritize authoritative sources and work to prevent scams from being surfaced, but the systems aren't 100% perfect. When the company receives reports that scam phone numbers are being highlighted in its products, it'll remove them, according to the spokesperson.

To protect yourself, the BBB suggests looking up a customer service number based on a company's contact information on your bill or in your email or directly from the company's website. You can also check out CNET's guide to avoiding online scams.

Amazon declined to comment. Apple didn't immediately respond to request for comment.

 source: independent.co.uk

Police in China using gait recognition technology to identify suspects by the way they walk can now do so in real time.

Officers on the streets of Beijing, Shanghai and Chongqing have been trialling software by artificial intelligence start-up Watrix since October, which can identify individuals from the shape and movement of their silhouette from up to 50 metres away.

The software can be used on footage captured on standard surveillance cameras.

Until now, the footage could only be analysed once it was recorded, which took about 10 minutes to do, however Watrix released an update last week which now allows it to work in real time.

The technology works by analysing thousands of metrics about a person’s walk and storing them in a database.

It still works even if a person’s face is hidden and can’t be fooled by someone pretending to limp or walk with splayed feet or a hunch.

Huang Yongzhen, co-founder and chief executive of Watrix, said the software is about 96 per cent accurate, thereby giving his company a headstart in terms of catching suspects who otherwise could avoid surveillance.