PIN
Latest
Dodge's 2FA security update for muscle cars will slow thieves to a crawl
A security PIN for Dodge's performance vehicles stops anyone else from speeding away -- even if they have a key.
Google's PIN-encrypted Android 'Safe Folder' protects crucial documents
Google has introduced a new way for Android users to protect crucial files like ID documents, particularly in developing countries where devices are often shared. Called “Safe Folder” and located in the Files by Google app, it lets you protect documents, images, videos and audio files with a 4-digit PIN code, on top of your Android lock screen security.
Shopify's new app makes it easier for merchants to sell on Pinterest
A new app makes it easier for Shopify merchants to promote products on Pinterest.
Android TV will benefit once Assistant is linked to live TV guide data
Remember Android TV? Google does, and not just so it can throw some unexpected advertisements on it. During the opening day of I/O 2019, Google revealed that over 80 percent of Android TV devices are already running version 7 or higher, and the company expects to have more that 60 percent on 8+ / Oreo by the end of the year -- even if it didn't discuss any upgrades on the way to software based on P or even Q. It's also counting over 1,000 streaming content providers on the platform these days, with more than 5,000 compatible apps.
Xfinity Mobile PINs were left as '0000' by default
Comcast is a media and telecoms conglomerate that made close to $28 billion in the last three months of 2018. You would think that a company of that size, and wealth, would be able to avoid a security blunder akin to making all default passwords "password." Alas, according to The Washington Post, the company allowed its customers Xfinity Mobile accounts to be hijacked because the default PIN was... "0000."
Thieves steal a Tesla Model S by hacking the entry fob
A Tesla owner who recorded thieves stealing his Model S by hacking the passive entry system has published the video on YouTube so we can all watch (and learn). It shows the crooks using a tablet to apparently capture the passive signal from his keyfob, then using the data to open the vehicle. Amusingly, the pair didn't drive off as quickly as they could have simply because they couldn't figure out how to detach the charging cable (hint: there's a button).
T-Mobile, AT&T customer account PINs were exposed by website flaws
As if news of a recent breach leaking T-Mobile customer data to attackers weren't bad enough, Buzzfeed News highlights a pair of issues that could've revealed PIN numbers for customers of T-Mobile and AT&T. The security flaws were uncovered by two security researchers, Ryan aka "Phobia" and Nicholas "Convict" Ceraolo. The T-Mobile issue occurred via its link to Apple's online store, where they found that a page in the middle of the iPhone purchasing flow would allow an interested party unlimited attempts at guessing an account PIN or last four digits of the account holder's social security number. Given unlimited tries for a safety feature that's probably four digits with no rate limiting lets hackers run through all the possibilities quickly.
Microsoft Edge now supports passwordless sign-ins
Edge users will soon be able to securely sign into websites without having to remember their passwords. Microsoft has today announced support for the Web Authentication specification in the browser, which will let you log on using Windows Hello hardware (so that's IR cameras and fingerprint readers), as well as PINs or external FIDO2 security keys, like the one launched by Google last week.
Major UK electrical retailer Dixons Carphone confirms it was hacked
One of Europe's largest electrical retailers has been the subject of a cyber attack that's compromised more than 5.9 million card records and as many as 1.2 million personal accounts. Dixons Carphone, the owner of Currys PC World and Dixons Travel stores, says that most of these cards have chip and pin protection and noted that the data accessed doesn't include PIN numbers, card verification values (CVV) or any authentication data "enabling cardholder identification or a purchase to be made." However, some 105,000 cards were from non-EU countries and do not have the chip and pin feature.
Equifax's data breach response has its own security flaw
The Equifax data breach is already unnerving thanks to the sheer scale of sensitive data involved, but it's not helped by the credit reporting agency's initial response. Clients have discovered that the PIN codes Equifax is handing out to help lock your credit report (so a thief can't open a line of credit in your name) are generated by the date and time you made the request. An attacker could determine your code simply through brute force, especially if they have an idea as to when you locked your report.
Now you can unlock Chrome OS with a PIN code
Want to unlock your screen by typing in a few numbers instead of a hefty password? The experimental feature is currently being tested in the latest Chrome OS developer update, according to Google employee François Beaufort. In a Google+ post, he describes how to drop the new functionality into your system:
IRS says identity thieves nabbed 100,000 income tax e-file PINs
Tax season is a busy time for the Internal Revenue Service, and identity thieves are only making it worse. The IRS confirmed that hackers used stolen social security numbers automated malware to generate over 100,000 e-file (electronic filing) PINs before the department but the clamps on the attack last week. Thieves were actually after 464,000 of the numbers, but were stopped about a quarter of the way through.
Google Plus now lets you pin posts to keep them front and center
Ever crafted a Google+ post that was so important that you just had to make sure people saw it? There's now an easy way to do exactly that. Much like Twitter, Google+ on the web now lets you pin a post to the top of your profile, making sure that people will see your screed even if it's technically old news. It's a simple addition, but it could well come in handy -- you can now keep a poll going for a long time, ensure that friends see vacation photos or give new followers a heads-up about what you're doing. You can only see these pins on Android and the desktop right now, although iOS viewing is coming soon.
Stick a pin in your Kingdom Hearts 2.5 HD Remix pre-order
Customers who pre-order Kingdom Hearts HD 2.5 Remix will automatically be upgraded to the Limited Edition, Square Enix announced today via the PlayStation Blog. Along with updated versions of Kingdom Hearts 2 Final Mix, Kingdom Hearts: Birth By Sleep Final Mix and Kingdom Hearts: Re: Coded, those who score a copy of the Limited Edition will also receive a nifty pin featuring Sora and Mickey. Now, a pin may not seem like a big fuss, but this is an official, collectible Disney pin - and thus, it is part of the pin trading tradition that officially kicked off in 1999. Disney pin trading is serious business to those with a passion for it, as some pins have reached prices upward of $1,000 on the secondhand market. So you take care of that pin, young man/lady! It just might be worth something someday. [Image: Square Enix]
Hackers get encrypted PINs in Target data breach
Holiday shoppers have already been reeling from a breach of Target's database, and their situation isn't improving now that Christmas is over. The store chain has confirmed that the perpetrators took encrypted PIN codes, theoretically scoring access to legions of accounts. There is some consolation for affected customers, though. Target notes that the encryption key rests with an outside payment processor; unless the hackers attacked both companies, they won't have an easy time cracking into the financial data. The reassurances won't help those who've had to replace bank cards in light of the breach, but they do suggest that Target avoided the worst possible outcome.
Pinterest redesign shows pins related by creator and activity, stokes curiosity
Going on a Pinterest spree isn't always easy -- not when there's been extra work involved in exploring someone else's board, or figuring out what else is similar. The company may have licked both of those problems with a redesign that's exiting its testing phase today. As of now, visiting a pin will show others from the same board or company, as well as items that fellow explorers have pinned alongside the one you're viewing. Lower-profile changes are in store as well: the pin content itself is bigger, and the site will finally remember your place when you step back from a curious click. Web-based Pinterest fans should soon get an invitation to use the discovery-friendly revamp, while the Android and iOS apps will eventually see the new tricks through updates.
Visualized: Samsung's PIN pop-up stores take London
Samsung deflated a few enthusiast tires when its "one more thing" Galaxy S III reveal turned out to be a pop-up retail plan. No matter now, as those great mobile expectations have shifted to the device's imminent launch, a debut the company's only too happy to showcase. Starting May 29th, PIN glass housings, like the one you see above, will begin to populate commercial centers in and around London, letting eager consumers gets hands-on with the ICS handset's nature-made design. Westfield's Shepherd's Bush and Old Spitalfields Market will be the first two UK locations for this temporary retail presence, with larger 7-by 7-meter versions, as well as a smattering of overseas appearances to follow in the coming months. In the meantime, check out our full review to get yourself well-acquainted with this flagship follow-up.
Samsung Galaxy S III to be sold in Mobile Pin pop-up stores (updated with video)
At the very tail end of its Galaxy S III event, Samsung promised one more surprise -- and what it gave us was a special retail strategy. The company will be opening Mobile Pin locations, or glass-housed pop-up stores, to help showcase its new flagship phone. We had a chance to look at examples of the stores first-hand. Those not at the launch event will get a look in the near future, with Mobile Pins appearing at several locations throughout London. The first Pins will open on May 29th, with the Pin 5 (a 5-by-5 meter indoor location) making temporary appearances at Spitalfields Market, Westfield and White City, while the 7-by-7 outdoor version (Pin 7) will pop up in the Olympic Park along with Hyde Park at a later date this year. Samsung is also planning to introduce the Pin concept abroad, with plans for two US cities currently in the works, along with a yet-unnamed country in Asia -- Korea would be our guess. We've got a gallery and video walkthrough below to explore the locations in more detail.
BlackBerry phones could get rhythm-to-unlock, like dun-da-da-dun-dun
Who needs face unlock when you could just tap out a private ditty on your smartphone? Maybe you'd risk giving away your credentials to any vaguely rhythmic phone thief within ten feet, but RIM's engineers have a patent-approved answer to that: Rather than just sensing rhythm, they reckon a phone's accelerometer could also detect the magnitude and location of each tap, which would make it harder for eavesdroppers to mimic. Just don't pick something too syncopated -- not unless you're this guy.
Google Wallet gets prepaid security fix, but 'brute-force' issue still hangs in the air
Google says it's fixed a Wallet security flaw that potentially allowed a phone thief to spend a user's prepaid balance. The ability to provision new prepaid cards had been suspended pending the update, but has now been restored. Things aren't quite back to normal in the Big G's world of mobile money, however. Users still find themselves caught between two competing arguments over an entirely different vulnerability, which involves a 'brute-force' attack on rooted devices. Google insists that this isn't a major concern, so long as Wallet users refrain from rooting, and that the system still "offers advantages over the plastic cards and folded wallets in use today." On the other hand, the company that discovered this issue -- zvelo -- has come back at Google with an equally blunt response. It acknowledges that a handset must be rooted to be vulnerable, but crucially its researchers also say that a device doesn't have to be rooted before it's stolen. In other words, they allege that a savvy thief can potentially steal a phone and then root it themselves, and they won't be happy with Wallet until it requires longer PIN number. Whichever argument sways you, it's worth bearing in mind that there's no evidence that anyone has yet managed to exploit these weaknesses for criminal purposes.
