Hacker skills: sister nose successfully unlock Huawei P9 Lite-IT information
Today, in Shanghai, GeekPwn (great) hacker contest, from United States Shellphish team hack Nick successfully broke a new Huawei P9 Lite phone.
On the stage, Nick calls the two sister as an Assistant, attack consists of two steps:
1, intended to let a sister fingerprint entry and pretend mobile phone owners;
2, intended to make another from the book download sister attack tools, and her nose is lightly touched, cell phone moment was open.
The entire process is extremely fast, the audience didn't even understand what happened, this phone all permissions have been obtained by hackers.
The attack means that if hackers have a chance in his App on your phone, then he can unlock the phone anywhere, anytime to see your little secret.
According to GeekPwn Wang, founder in scene, this attack may seem simple, but in fact using up to eight vulnerabilities, described as "a black in the end."
However, for security reasons, the hacker does not intend to disclose his specific principles of attack. But the judges said Basic attack path starts from the App, obtain Root privileges, then entering the core area of the fingerprint storage: TrustZone.
According to GeekPwn officials, any device that uses HUAWEI TrustZone service, will be the impact of such attacks, including the former generation of Huawei P8 Lite.
This is breached for the first time in the world phone fingerprint to unlock the display. Prior to this, many security researchers believe our fingerprints and other secrets rely on the strong hardware encryption is safe and secure. However, hackers told us, and don't be so optimistic, even if the protection system security, strong or trusted unconditionally.
For this attack needs to hack the phone unlocked state of physical contact, meaning hackers must first ask you to help me to unlock the phone, only to continue its offensive. Obviously, such attacks are more stringent.
As to how to avoid Nick with his nose or any other part of the body to unlock your phone, recommends the following:
1, do not keep the cell phone out of sight;
2, try not to make friends with hackers.
后续:
Demonstrates the vulnerability was found at the scene after the attack, Huawei, organizers for the first time the vulnerability is serious and careful analysis and repair work to ensure safety of Huawei mobile phone system to further improve.
Huawei says :
Any smart phone there is some unknown security vulnerabilities and break shows that you can press us constantly aware of the product defects, continuing to test the reliability of the system, and constantly improve the system, keep the product in the relative safety of the State and avoid malicious violation of user interests.
Security is no small matter, Huawei has attached great importance to product safety issues, Huawei mobile phones in the factory has very strict quality testing of software and hardware, and after the sale to provide users with a more comprehensive application security. For the Huawei mobile phones who attaches great importance to user safety, security geeks break shows will undoubtedly become an important opportunity to improve product safety.
黑客炫技:妹子用鼻尖成功解锁华为P9 Lite - IT资讯
今天,在上海举行的GeekPwn(极棒)黑客大赛上,来自美国Shellphish团队的黑客Nick成功攻破了一部全新的华为P9 Lite手机。
在舞台上,Nick呼唤了两位妹子作为小助手,攻击分为两步:
1、手把手让一位妹子录入指纹,装作手机的主人;
2、手把手让另一位妹子从预定地址下载了攻击工具,然后用她的鼻尖轻轻一触,手机瞬间被打开。
整个过程极其快速,现场观众甚至还没明白发生什么,这部手机的所有权限就已经被黑客取得。
这个攻击意味着,如果黑客有机会在你的手机上安装他的App,那么他可以随时随地解锁手机,查看你的小秘密了。
根据GeekPwn创始人王琦在现场介绍,这个攻击看起来简单,但实际上动用了多达八个漏洞,可谓“一黑到底”。
不过,为了安全起见,这位黑客并不打算在现场透露他攻击的具体原理。不过现场评委透漏,基本的攻击路径是从App开始,获得Root权限,进而进入指纹存储的核心区域:TrustZone。
根据GeekPwn官方消息,任何使用HUAWEI TrustZone服务的设备,都会受到这种攻击的影响,包括前代的华为P8 Lite。
这是全球首次攻破手机指纹解锁的展示。在这之前,很多安全研究人员都认为,我们的指纹和其他机密依靠强大的硬件加密是安全无虞的。但是,黑客的攻击告诉我们,并不要这么乐观,即使防护系统安全性再强,也不要无条件地信任。
由于这个攻击需要黑客对手机在解锁状态下进行物理接触,也就是说黑客要先让你帮忙解锁手机,才可以继续进攻。显然,这样的攻击条件还是比较严格的。
至于如何避免Nick用他的鼻子或者任何身体的其他部位解锁你的手机,建议如下:
1、不要让手机离开视线;
2、尽量不要和黑客交朋友。
后续:
在现场演示发现的漏洞被攻破之后,华为第一时间对主办方提供的漏洞进行了慎重仔细的分析及修复工作,以保障华为手机系统的安全性进一步提升。
华为方面表示:
任何智能手机都存在着一定的未知安全漏洞,而攻破演示可以督促我们不断发觉产品漏洞,持续地检验系统的可靠性,不断完善系统,使产品保持在相对安全的状态,避免用户利益被恶意者侵犯。
安全问题无小事,华为公司一直非常重视产品的系统安全问题,华为手机在出厂前有着非常严格的软硬件质量检测,并在销售后为用户提供比较全面的安全保护应用。对于十分重视用户安全的华为手机来说,安全极客的攻破演示无疑成为一次提高产品安全性的重要机会。