First OCR Spyware Breaches Both Apple and Google App Stores To Steal Crypto Wallet Phrases – Slashdot
Become a fan of Slashdot on Facebook
Nickname:
Password:
Nickname:
Password:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
recovery phrases in photo galleries? ummm WTF. People are stupid.It’s the current version of the old “password on a sticky under the keyboard” thing almost every user did a few years back.recovery phrases in photo galleries? ummm WTF. People are stupid.It’s the current version of the old “password on a sticky under the keyboard” thing almost every user did a few years back.I think that’s why they put it in quotes.You realize that writing the recovery words on a sticky note and putting it under the keyboard would mitigate this exploit, right?Yes, but it doesn’t prevent the office clown from logging in as you, snapshotting your desktop, making it your background, then deleting all your icons.You realize that writing the recovery words on a sticky note and putting it under the keyboard would mitigate this exploit, right?Yes, but it doesn’t prevent the office clown from logging in as you, snapshotting your desktop, making it your background, then deleting all your icons.If the user accidentally points his phone at the sticky note, a variant of this exploit could defeat the mitigation.They should instead install the $Trumpcoin app and enrich South Africa instead of China.Absolutely. Copilot and other AI spyware will just scan those phrases just like anything else while going through your cloud storage without your knowledge and consent. … users’ photo galleries. This is no different to having the pass-phrase in a text file: Anyone can read it. Worse, Microsoft and Google make a point of copying on-device photos (for your safety, pinky-swear). Microsoft has even been caught installing Recall spyware that makes photos, copies them, then translates them to literal text as a quote or description. With that sort of security hole in modern computers, it’s obvious that anything not encrypted is easily stolen. (I side-step the issue that Recall can watch you encrypting stuff, making the activity, insecure.)
Everyone knows by now, don’t attach the password to the device display, don’t put it under your keyboard or on your credit card. It demonstrates extreme laziness, to think that a photo is, somehow, more secure. This is simply people refusing to use the software that actually solves this problem: A password manager. Most of them can also encrypt a photo. … users’ photo galleries.This is no different to having the pass-phrase in a text file: Anyone can read it. Worse, Microsoft and Google make a point of copying on-device photos (for your safety, pinky-swear). Microsoft has even been caught installing Recall spyware that makes photos, copies them, then translates them to literal text as a quote or description. With that sort of security hole in modern computers, it’s obvious that anything not encrypted is easily stolen. (I side-step the issue that Recall can watch you encrypting stuff, making the activity, insecure.)
Everyone knows by now, don’t attach the password to the device display, don’t put it under your keyboard or on your credit card. It demonstrates extreme laziness, to think that a photo is, somehow, more secure. This is simply people refusing to use the software that actually solves this problem: A password manager. Most of them can also encrypt a photo.When you make some malware… you can easily be the first one to raise the alarm… Just saying.This does not make sense. iOS, for a few years now, has blocked 3rd-party apps to your photo library by default. What’s more, when you use a 3rd-party app that wants to read your photos, you authorize each photo you want to share, edit, or whatever you want to do with it, individually.I’m going to guess and hope that no one is enough of a goofus to share the photo of their crypto wallet passphrase with some random app. So how does this malware break through the OS’s protections and get to the rest of the you authorize each photo you want to share, edit, or whatever you want to do with it, individually. That is up to the app. Yes access to Photo gallery is protected by extended permissions that apps don’t have by default,And sure you can change the Permissions you are granting from Full access to limited access and pick specific photosBut an App can still request the Full access to photos at least initially when you install the app. If you are persuaded to click Allow, then the app gets access to you*facepalm*I’ve gone with the “share only some” option every time pretty much immediately on launch. I’ve done it so many times it’s automatic now; almost like muscle memory. I’d kind of forgotten the “share ALL” option was there.There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.Workday To Cut Nearly 2,000 Workers on Profitability Focus’I’m Done With Ubuntu’The one day you’d sell your soul for something, souls are a glut.
