GeekSpeak for 2015-05-30

Adult Friends Reset Their Focus Virtually

Teaser medium

VR is going social, how to stop fob hacking car thieves, more Starbucks hacking, security breaches, more NSA Snowden stuff and much more Geek News of the Week.

CareFirst BlueCross BlueShield Security Breach

CareFirst BlueCross BlueShield, one of the largest regional health insurers in the U.S., has confirmed a major security breach which is thought to have affected as many as 1.1 million customers.
The Washington D.C.-based firm announced yesterday that the hack had taken place in June last year. CareFirst said that the breach had been a “sophisticated cyberattack” and that those behind the crime had accessed and potentially stolen sensitive customer data including names, dates of birth, email addresses and ID numbers.
However the health insurance group did assure that usernames must be used in tandem with a password created by the members themselves to gain access to the personal account data stored on the website.
The affected database did not contain these unique member passwords, which the company encrypts and stores in an isolated system as a protection mechanism against such cyber threats.

Starbucks says gift card hack was 'fraudulent activity'

Egor Homakov found a flaw that let him duplicate funds on a gift card, which he spent in a store to test his theory.
He told Starbucks so they could fix the flaw, but said that the company had then called his actions “malicious”.
"The unpleasant part is a guy from Starbucks calling me with nothing like “thanks” but mentioning “fraud” and “malicious actions” instead," he wrote.

Adult dating site hack exposes millions of users

The stolen data reveals the sexual preferences of users, whether they’re gay or straight, and even indicates which ones might be seeking extramarital affairs. In addition, the hackers have revealed email addresses, usernames, dates of birth, postal codes and unique internet addresses of users’ computers.

New research suggests that hackers can track subway riders through their phones

Underground subways offer no place to hide from hackers.
Determined hackers can track the movements of millions of subway riders around the world even as they go underground by breaking into smartphone motion detectors, new research from Chinese academics reveals. The attack can track subway riders with up to 92 percent accuracy.

NSA Planned to Hijack Google App Store to Hack Smartphones

The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals.
The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the “Five Eyes” alliance — the United States, Canada, the United Kingdom, New Zealand and Australia.
The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012.

Millions of Android phones don't completely wipe data

Weaknesses in the factory reset function within Google’s Android mobile operating system mean data from more than 500 million phones can be discovered despite being wiped, researchers have found.

Mars Rover's Laser-Zapping Instrument Gets Sharper Vision

Tests on Mars have confirmed success of a repair to the autonomous focusing capability of the Chemistry and Camera (ChemCam) instrument on NASA’s Curiosity Mars rover.
This instrument provides information about the chemical composition of targets by zapping them with laser pulses and taking spectrometer readings of the induced sparks. It also takes detailed images through a telescope.

Oculus' next big move is to make VR a social experience

Edward Saatchi, a Story Studio producer, believes that virtual reality doesn’t have to be isolated, but instead can feel like something you can do with your friends, where you talk to each other and discover VR worlds together. “We’ve heard so much: ‘Well, how is this gonna interact with cinema? Cinema is so social. There’s people in a cinema; you are together.’ So we wanted to give a hint of where we think the future of VR in cinema is,” he says. "We think the future of VR in cinema is social, that you’re with your friends. You’re not in the same room, maybe; maybe you’re all going in together at the same time, and that’s where the lines between cinema and an MMO [massive multiplayer online] start to blur.

Key Fob Hacking

A car does a low frequency (120 to 135 KHz) “hello” which is short range. And a fob does a response at a long range higher frequency (UHF 315 or 433 MHz) saying ‘hello’ back with a cryptographic signature.

The hack – amplify that first low frequency to go a far distance. From the street into a person’s house. And then the fob yells back ‘hello’ and the car hears it and unlocks the car.

Solution: Try taking the battery out of your fob, or keep the fob in a mettle satchel that will act as a Faraday Cage

“Here is a scary story covering the fob hacking theves

Google Tone broadcasts URLs to any device within earshot

A new Chrome extension can instantly share URLs among nearby devices, using sound to broadcast the information to microphones.
Google Tone is an experimental feature that could be used to easily share browser pages, search results, videos and other pages among devices in an office, classroom or family setting, according to Google Research.
While it can’t pass through walls or travel beyond earshot, the system is designed to make sharing browser URLs as easy as talking to people nearby.