Products
Personal Monitor
Record PC users's actions, grab screenshots and passwords
Keylogger
Keystrokes recording software. Keylogger free trial
Hoverwatch
Cell phone and computer spy
Employee Monitor
Access and control the time spent by your workers
Terminal Monitor
Track employee activities on Terminal Server
Free Keylogger
Free keyboard logger keeps track of all typed text

The US National Security Agency purchases exploits

8 October 2013

We recently learned about an annual contract between the US NSA and the French company VUPEN, according to which the French supplied the NSA with access to their database of vulnerabilities and exploits for targeted attacks against systems and sites.

Thanks to the Freedom of Information Act in the US, it was learned that this contract was signed as early as September 2012.

It also came to light that VUPEN cooperates with other NATO representatives, as well. According to an employee of the company, they actually do sell access to their data to the military and intelligence agencies.

Among hackers, however, this revelation caused mixed reaction since VUPEN’s database is not known for being either cheap or up-to-date, i.e. it is possible to obtain more complete and up-to-date information for less money. It was assumed that it is not the main channel for obtaining exploits, just one of them.

Samsung SmartTV Hacked

13 September 2013

samsung-smarttvMartin Herfurt, a German information security expert, announced a successful attempt to hack a Samsung TV with SmartTV functionality.

The attack was made from a remote computer and aimed at disrupting the broadcast over HbbTV.

The hack became possible thanks to the use of WebKit 1.1 in the TV’s web browser. WebKit 1.1 is known for multiple unfixed vulnerabilities and lack of SSL support.

The expert managed to replace the broadcast with his own footage, enable subtitles and even install a Bitcoin generation on the TV set.

Vulnerability found in smart toilets

13 September 2013

Toilet hackedA great and rather unique piece of news for our “madness and information security” section – experts have found a software vulnerability in a line of smart toilets.

The vulnerability was found in Japanese Lixil Satis toilets, but it was discovered by American (not British!) experts from Trustwave SpiderLabs.

Some features of Japanese toilets include music playback, automatic seat lifts, automatic flushing, personal settings and toilet usage statistics.

The equipment is controlled with a special Android application via Bluetooth. The essence of the vulnerability is that the developers used a single PIN code for connecting to the toilets – 0000. The code can be used by anyone to connect to any model of this line of toilets.

To do this, one needs to download the My Satis all from Google Play, install it on the phone and locate a Lixil Satis toilet within the Bluetooth working range.

Security Flaw in Electronic Locks Exploited

20 December 2012

The thief entered a hotel room by opening its electronic lock using a special device and stole a laptop. Quite naturally, the police found no evidence of a break-in and none of the hotel’s keys were used. The investigation showed that the lock was opened using a special electronic tool. As the result, the police arrested the 27-year-old Matthew Allen Cook, who had been previously convicted for theft. He was caught trying to sell the stolen equipment.

He entered the hotel room using a security flaw in electronic locks made by Onity. Such locks are used in 4 million hotels around the globe.

The vulnerability was presented at the Black Hat Security conference by Cody Brocious, a security expert who used a sub $50 programming device to demonstrate how any hotel room can be easily opened. The vulnerability exists due to the fact that opened unencrypted ports of the lock allow any device to read device management data from its memory.

The manufacturer of electronic locks who obviously underestimated the value of information security, has been refraining from comments so far.

Vulnerability in Samsung and Dell network printers

30 November 2012

Neil Smith, an IT security expert, found a hidden embedded program in Samsung printers that makes it possible to remotely connect to them, change settings and manage printing. This is a real backdoor created by the manufacturer for the convenience of technical support experts.

Apparently, the company never disclosed the existence of such functionality. The same kind of program was found in Dell printers, which can be attributed to their mutual manufacturing contracts.

This backdoor uses a modified version of the SNMP protocol that is not visible in the list of connections and continues to work even if the user disables SNMP in the printer settings.

Since the information has been made public, emergence of working exploits for this vulnerability is just a matter of time. Obviously, these exploits will not try to intercept documents being printed, but will aim to execute arbitrary unauthorized code with administrator rights in an external network. Samsung believes that it will be able to release a patch before hackers find a way to create an exploit.

Jailbreaking Apple’s latest gadgets

23 March 2012

By the day after release of Apple’s new iPad 3, hackers had already found three ways to jailbreak the OS of the tablet device. This represented a drop of six days compared to the time necessary for jailbreaking the iPad 2 after launch.

Hackers also dryly noted that out of Apple’s entire device lineup, the best-protected device is also the very cheapest one: the Apple TV 3.1 television appliance.

Why? Most of the features in Apple’s iOS operating system, which is used on all of the company’s mobile devices, are simply discarded and disabled on the Apple TV. This reduces the “area for attack” available to hackers, thus creating significant obstacles for them.

Although the newer version of the Apple TV was ultimately hacked nonetheless, the jailbreak tool did not catch on with users. It is usually the case that Apple gradually updates the operating system with the features that users had hoped to gain through jailbreaking their devices.

Android: protection of private information

11 May 2011

As Android, an open source mobile platform, is steadily gaining popularity, more and more applications are released for it. The flipside of this popularity, however, is the emergence of malware modules, backdoor tools and other unexpected and unpleasant “Easter eggs” in regular applications that are often used for collecting more user-related information than necessary and allowed.

Luckily, users now have a decent (and affordable) solution for this problem. A set of two security tools, Privacy Blocker and Privacy Inspector, will help you keep excessively curious programs on your smartphone on a short leash.

Privacy Inspector is a vulnerabilities scanner. It scans the entire system, checks every program installed and reports any suspicious functions they use. A thievish app can be removed at once or “tricked” using the second tool from the set.

Privacy Blocker can also scan your Android OS and show you what programs are requesting data irrelevant to their primary purpose. But that’s not all. Privacy Blocker makes it possible to use suspicious programs if you really need them. However, it will pitch completely useless gibberish to them instead of the information they request, so rest assured that your private information is safe and won’t be sent to third parties.

New online service from Refog. Track any device online. Just install the free android spy. And Information from your phones and computers will reflect in your online Hoverwatch account.

Most secret company data is not protected

5 April 2011

Companies working in the internet security business have been conducting annual research for several years on data protection in organisations. Their reports show that fro 2008 to 2011 the situation has changed significantly. Theft and leaks of secret information have massively increased.

At the same time hackers are attacking corporate web sites more often, successfully stealing company secrets. There are specific reasons for this.

1. Data is saved on devices difficult to make secure.

With the development of mobile technologies and wireless communication systems employees of large companies are becoming more interested in accessing their work information using mobile devices (telephones, smartphones, tablet computers, laptops). It is extremely difficult to protect such devices from even simple theft, even though they often contain important corporate information.

2. Workplace remote access systems.

These are becoming more popular, and they are much simpler to break into than internal closed corporate networks.

3. Use of cloud services for storing information.

Corporate cloud systems often lack the necessary security and there is a high risk of losing information stored there. In addition such systems are often located outside the reach of company specialists (hosting in other countries), which makes it harder to organise the appropriate security measures.

4. High demand for corporate data.

The significantly increased demand and high cost of such services encourages hackers to attack company networks. Hackers can easily sell stolen marketing statistical data or development codes for new software at a high price.

5. Incorrect response to discovered vulnerabilities.

In many cases companies do not even realise that information has been stolen. Moreover, only half of companies who discover information leaks try to restore and improve their security system. Only 30% turn to network security consultants and experts.

Experts recommend, as a precautionary measure, that companies strictly control the staff members who have access to secret information.

It is necessary that mobile devices are carefully controlled with, at the very least, password protection.

Information on internal computer systems (and also the stored information) should not be given to people who have no relation to the company’s security services.