{"id":5339,"date":"2016-02-26T08:41:47","date_gmt":"2016-02-26T13:41:47","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5339"},"modified":"2019-11-15T15:24:16","modified_gmt":"2019-11-15T11:24:16","slug":"mwc2016-scary-trends","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/mwc2016-scary-trends\/5339\/","title":{"rendered":"Scary trends coming out of Mobile World Congress 2016"},"content":{"rendered":"<p>Mobile World Congress is always about smartphones. But if you stop looking for them and take a look from a different angle \u2014 you\u2019ll find a lot of other stuff. As we headed to MWC 2016 with that goal in mind \u2013 looking with a different lens\u2014 unfortunately what we saw at the conference was quite scary. Read along to see why.<\/p>\n<h3>Mobile payments: obsession with convenience<\/h3>\n<p>It seems that a lot of companies have become obsessed with mobile payments \u2014 and there were many announcements during MWC were dedicated to that theme. A recurring theme was that they were looking for mobile payments to become and more convenient. What was not emphasized in the spin cycle was that they were not trending on becoming more secure.<\/p>\n<p>For example, Samsung revealed that Samsung Pay\u00a0<a href=\"http:\/\/www.expertreviews.co.uk\/mobile-phones\/1403754\/samsung-pay-is-coming-to-the-uk-in-2016-heres-everything-you-need-to-know\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">is coming to several new countries<\/a>\u00a0including Brazil, UK, Canada, China and Spain. While we have no reason to believe that Samsung Pay is not safe (while\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/apple-pay\/5964\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">we do<\/a>\u00a0for Apple Pay). It is worth noting that a group of hackers\u00a0<a href=\"http:\/\/www.nytimes.com\/2015\/10\/08\/technology\/chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html?&amp;_r=0\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">broke into LoopPay recently<\/a>. This is of note as this is the system behind Samsung Pay; acquired by the Korean company a year ago.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/SamsungPay?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#SamsungPay<\/a>: An Early Examination of Security: <a href=\"https:\/\/t.co\/PTWVfwi7wl\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/PTWVfwi7wl<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Samsung?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Samsung<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/mobilepayments?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#mobilepayments<\/a> <a href=\"http:\/\/t.co\/Tx0J56ZsI8\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Tx0J56ZsI8<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/576384821947183104?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 13, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Samsung claims that those hackers wanted to steal the technology in order to create a similar system of their own, but there is no guarantee that they do not possess enough data to compromise Samsung Pay\u2019s users\u2019 accounts.<\/p>\n<p>https:\/\/www.instagram.com\/p\/7LgOaiv0Gl\/<\/p>\n<p>A few days before MWC\u00a0<a href=\"http:\/\/www.multivu.com\/players\/English\/7761352-qualcomm-fingerprint-wechat-mobile-payment\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Qualcomm and Tencet announced<\/a>\u00a0that a Qualcomm-based phone now supports biometric fingerprint authentication for payments in WeChat, the biggest Chinese messenger. While Qualcomm accentuates that these payments are super secure because of the Qualcomm Heaven framework, we all know that there are\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/fingerprints-sensors-security\/10951\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">certain problems<\/a>\u00a0with fingerprint scanner security. So we can only hope that Qualcomm and Tencent have created a really worthy payment system, but it\u2019s quite possible that hackers will find a way to compromise it \u2014 as they usually do with new payment systems.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5341\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/02\/05103355\/mwc2016-8-qualcomm.jpg\" alt=\"mwc2016-8-qualcomm\" width=\"2048\" height=\"1280\"><\/p>\n<p>VISA is taking cautious steps towards the same direction. While one of the two biggest credit card companies is quite fond of contactless payments (e.g VISA PayWave), it\u2019s engineers try to triple check everything to be sure their technology is absolutely secure \u2014 and that\u2019s really music to our ears. Yet the concept of iris authentication is already approved within the company, and at MWC they showcased a fingerprint authentication system. Fortunately for everyone, it is in its early testing stage, and engineers are even thinking of making a two-factor authentication system using both a finger and an iris.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Great piece from our <a href=\"https:\/\/twitter.com\/hashtag\/MWC16?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#MWC16<\/a> panel hosts <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a> on <a href=\"https:\/\/twitter.com\/hashtag\/cybersecurity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#cybersecurity<\/a> and the <a href=\"https:\/\/twitter.com\/hashtag\/tokenisation?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#tokenisation<\/a> approach: <a href=\"https:\/\/t.co\/7cqd8gerhj\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/7cqd8gerhj<\/a><\/p>\n<p>\u2014 VisaNewsEurope (@VisaNewsEurope) <a href=\"https:\/\/twitter.com\/VisaNewsEurope\/status\/702795171268841472?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 25, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>We asked the man working on VISA\u2019s booth for his opinion on spoofing\u00a0<a href=\"http:\/\/www.scmagazine.com\/starbugs-in-your-eyes-german-hacker-spoofs-iris-recognition\/article\/449314\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">iris<\/a>\u00a0and\u00a0<a href=\"http:\/\/www.theguardian.com\/technology\/2014\/dec\/30\/hacker-fakes-german-ministers-fingerprints-using-photos-of-her-hands\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">fingerprint<\/a>recognition. No, he\u2019s not aware if it\u2019s even possible. He did assure us that if it turns out that such things are actually possible, he\u2019s quite certain that researchers would have to think of some additional security \u2014 for example, monitoring the blood flow in the veins which also has a unique pattern for every human.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5342\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/02\/05103353\/mwc2016-6-visa.jpg\" alt=\"mwc2016-6-visa\" width=\"2048\" height=\"1280\"><\/p>\n<p>VISA\u2019s main rival Mastercard stole the show by introducing the selfie-payments. Yes, you read it right: the selfie-payments. It means using selfies instead of passwords \u2014 and Mastercard claims that would enhance security because people tend to\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/wrong-password-behaviour\/10683\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">treat their passwords the wrong way<\/a>: write them down and lose them or re-use them.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/d0ErAHeABs4?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>The video above shows that the system requires you not only to be in front of the camera but also to blink, so it cannot be tricked by a simple printed photo. But we\u2019re sure hackers all over the world had accepted this as a challenge. Probably a video would be enough to cheat the system.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How easy is it for hackers to steal your face? <a href=\"https:\/\/t.co\/SGtYtE1y63\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/SGtYtE1y63<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/digitalidentity?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#digitalidentity<\/a> <a href=\"https:\/\/t.co\/Cz85TxEkYt\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Cz85TxEkYt<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/659376382410125312?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 28, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Fingerprint sensors: stagnation<\/h3>\n<p>Biometrics is becoming a common things, fingerprint readers can now be found not only in the flagship phones, but also in those in mid to lower tiered price buckets. Huawei has even integrated a fingerprint reader in its new 2-in-1 Windows-based laptop\/tablet MateBook.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Mobile?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Mobile<\/a> fingerprint sensors: more or less secure? <a href=\"https:\/\/t.co\/m3eqgNRcrI\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/m3eqgNRcrI<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"https:\/\/t.co\/Asx52xPiao\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Asx52xPiao<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/690184074007281664?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 21, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>At MWC, we talked with representatives from two fingerprint reader manufacturers. The new scanner that Synaptics had announced is as secure as possible: the data is encrypted, and Synaptics highly recommends that cellphone manufacturers use the special ARM Trustzone secure environment for processing this data.<\/p>\n<p>At the same time the other fingerprint manufacturer, NEXT, has two types of sensors, and one of them does not encrypt the data. And NEXT does not stress the necessity of using secure sandboxes for biometric data, but is very aggressive in terms of pricing it\u2019s products as low as possible. Since not many manufacturers consider security their top priority, we apprehend that these cheap and insecure NEXT fingerprint scanners may end up in a lot of devices, and that would make the aforementioned contactless payments with smartphones even less secure than they are now.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5343\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/02\/05103352\/mwc2016-4-next.jpg\" alt=\"mwc2016-4-next\" width=\"2048\" height=\"1280\"><\/p>\n<h3>Connected cars<\/h3>\n<p>First connected, and then self-driving cars are certainly going to be our future. But for now car manufacturers are paying way more attention to on-the-road behaviour and safety of these cars than to their cybersecurity. And researchers have already shown that cybersecurity is a must for every car that is exposed to Internet.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BlackHat?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#BlackHat<\/a> 2015: The full story of how that Jeep was hacked <a href=\"https:\/\/t.co\/y0d6k8UE4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/y0d6k8UE4n<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/bhUSA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#bhUSA<\/a> <a href=\"http:\/\/t.co\/SWulPz4Et7\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/SWulPz4Et7<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/629651596876644352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Samsung and Sony have both introduced their \u2018make-a-connected-car-yourself\u2019 kits that are compatible even with old cars. The one Sony has announced is connected via USB and Bluetooth and seems to be more like a controller for the navigation app in you phone. Compromising it probably won\u2019t give the hacker much more that the destination you are heading, the music you are listening and the way to change those things. Nothing too scary.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5344\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/02\/05103350\/mwc2016-1-sony.jpg\" alt=\"mwc2016-1-sony\" width=\"2048\" height=\"1280\"><\/p>\n<p>But Samsung has introduced a more complex device. One of its functions is to analyze the car\u2019s vital signs, while the other is to serve as an in-car Wi-Fi hotspot. That means that this device is connected to an OBD II port in the car and to the LTE network at the same time. We already know that a car\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/progressive-snapshot-car-hacking\/7284\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">can be hacked remotely using OBD II<\/a>, and Samsung is making that even easier by connecting it directly to the Internet.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Progressive?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Progressive<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Snapshot?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Snapshot<\/a> Exposes Drivers to Car Hacking: <a href=\"https:\/\/t.co\/c8I8lc1zu0\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/c8I8lc1zu0<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/560112663741857794?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 27, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A car can be super safe and have the highest grades in crash tests, but if it is prone to someone snagging the control and remotely gunning the engine \u2014 in certain circumstances all that safety is of almost no good.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5345\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/02\/05103348\/mwc2016-3-nxp.jpg\" alt=\"mwc2016-3-nxp\" width=\"2048\" height=\"1280\"><\/p>\n<p>Not everything was super-scary at MWC 2016 \u2014 there were really interesting devices and good news. But all in all this year\u2019s Mobile World Congress was definitely about everything becoming connected, and the more things are exposed to the Internet, the more ways are opened to somehow hack and compromise them. We hope that the next MWC will place more emphasis on securing all these connections. Yet we realize that the next\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/black-hat\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Black Hat<\/a>\u00a0definitely will be about hacking all this connected stuff.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mobile World Congress is always about smartphones. But if you stop looking for them and take a look from a different angle \u2014 you\u2019ll find a lot of other stuff.<\/p>\n","protected":false},"author":40,"featured_media":5340,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1136,621,1137,1138,1139,440,1140,161,938],"class_list":{"0":"post-5339","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-biometrics","9":"tag-cars","10":"tag-fingerprint-sensors","11":"tag-mastercard","12":"tag-mwc2016","13":"tag-samsung","14":"tag-samsung-pay","15":"tag-sony","16":"tag-visa"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mwc2016-scary-trends\/5339\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mwc2016-scary-trends\/6773\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mwc2016-scary-trends\/6744\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mwc2016-scary-trends\/7824\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mwc2016-scary-trends\/7594\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mwc2016-scary-trends\/11037\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mwc2016-scary-trends\/11419\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/mwc2016-scary-trends\/6031\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mwc2016-scary-trends\/7118\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/mwc2016-scary-trends\/10566\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mwc2016-scary-trends\/11037\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mwc2016-scary-trends\/11419\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mwc2016-scary-trends\/11419\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/biometrics\/","name":"biometrics"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5339"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5339\/revisions"}],"predecessor-version":[{"id":14889,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5339\/revisions\/14889"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5340"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}