Tag Archive for: verification

Google Wallet adds ‘Verification settings’ to balance security and convenience


What you need to know

  • Google Wallet has added a new verification settings menu for Android devices.
  • This setting allows users to decide whether or not they need to be verified before paying for a ticket on public transport.
  • This will help to make Google Wallet even more secure.

The ability to store card details, transit passes, boarding passes, and contactless payments, means Google Wallet is a convenient way to save time.  Now, Google is working hard to make Wallet even more secure and user-friendly by introducing a new ‘Verification settings’ menu.

The new addition, as spotted by 9to5 Google, lets users decide whether or not verification is required, specifically when paying for a transit ticket. Under “Wallet settings” is the new “Security” heading, under which “Verification settings” are listed. When selected, the user can “choose if you’ll need to verify it’s you when using your items stored in Wallet.” 

At the moment, the only available option here is “Transit payments.” When the “verification required” toggle is on, Wallet will require “verification for paying for bus, metro, and more with a credit or debit card.” This means the usual options for a device include a PIN or fingerprint scan, for example.  

Screenshots of the new verification settings menu in Google Wallet

(Image credit: Phone Arena)

If a user already has a transit pass stored in Wallet, the toggle will be switched on by default. The wallet will then require verification before paying with their bank card. If no transit pass is stored, this option will be automatically turned off. 

Source…

Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise


Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

Mobile Verification Toolkit

MVT supports using public indicators of compromise (IOCs) to scan mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. MVT is not intended for end-user self-assessment.

It was developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus Project, along with a technical forensic methodology. It continues to be maintained by Amnesty International and other contributors.

Mobile Verification Toolkit key features

MVT’s capabilities are continuously evolving, but some of its key features include:

  • Decrypt encrypted iOS backups.
  • Process and parse records from numerous iOS system and apps databases, logs, and system analytics.
  • Extract installed applications from Android devices.
  • Extract diagnostic information from Android devices through the adb protocol.
  • Compare extracted records to a provided list of malicious indicators in STIX2 format.
  • Generate JSON logs of extracted records and separate JSON logs of all detected malicious traces.
  • Generate a unified chronological timeline of extracted records, along with a timeline of all detected malicious traces.

Mobile Verification Toolkit is available for download on GitHub. The developers do not want MVT to enable privacy violations of non-consenting individuals. To achieve this, MVT is released under its license.

Source…

Hackers Will Be Quick to Bypass Gmail’s Blue Check Verification System


Google has introduced new blue verified check marks for Gmail addresses. According to Google, the new feature helps protect inboxes against malicious and unwanted emails and increases confidence that those emails are from legitimate sources. Gmail users who added Google’s Brand Indicators for Message Identification (BIMI) feature will now see a check mark icon instead of the verified brand logo.

Creating a verification process makes sense — until hackers and spammers decide to make it their mission to find flaws in the capability. Bypassing blue check marks will be another chapter in the long history of business email compromise schemes designed to propagate malicious code. By sending out emails with impersonated blue check marks, legacy security protection layers will likely pass the message to the suspecting victims.

Another Layer of Protection or Just Another Layer?

Hackers can create fake email accounts that look like they have been verified by Google. They can create a new account and then use a tool to generate a fake verification badge. Once the account has been created, the hacker can then send phishing emails or other malicious messages that appear to come from a legitimate source.

Hackers can use social engineering to trick users into revealing their passwords. They can send emails that appear to be from a legitimate source, such as a bank, government agency, or customer service representative. Or they may create a message that offers a free gift or discount. The email typically will contain a link that takes the user to a fake website that looks like the real thing. Once the user enters their login credentials, the hacker can then use them to access the user’s Gmail account.

Hackers can use malware to steal login credentials. This can be done by sending emails that contain attachments infected with malware. Once the user opens the attachment, the malware will be installed on their computer. The malware can then be used to steal the user’s login credentials for Gmail and other online accounts.

Also, don’t be surprised when hackers send phishing emails with an artificial Gmail verification process to potential victims, fooling them into thinking they’re helping them earn…

Source…