157 new emoji coming to #iOS, #Android . Are you ready for a ton of new emoji? If not, you better hurry to prepare yourself and your phone.

180208091102-new-emojis-780x439

New year, new emoji.
Kaya Yurieff | CNN

The Unicode Consortium — a nonprofit that sets the global standard for emoji — announced on Wednesday 157 new emoji options would be coming later this year. The latest collection includes a cupcake, lobster, pirate flag and more expressive smiley faces.

Emoji will soon have a variety of new hairstyles, such as curly or bald, and more hair color options such as red and white.

There will also be more animals, such as a kangaroo, llama, swan and mosquito. More fun smiley faces include a “cold face” with dangling icicles, a partying face and a “woozy” emoji.

New superheros and villains join the lineup, and popular activities like lacrosse, knitting, sewing and skateboarding are also represented.

After Unicode releases its guidelines, software makers such as Apple and Google design versions for their respective platforms. That’s why emoji on iPhones look different than those on Android phones.

180208113832-new-emojis-2-b-780x439

The new emoji usually begin appearing on mobile phones later this year. Apple typically previews its versions in June and releases them in the fall with the next iOS update. Android will release its emoji later this year.With the latest additions, the total number of approved emojis will total 2,823. In recent years, Unicode has made a bigger effort to include more diverse skin tones, occupations and flags.

 

#1 Password Found in Data Dumps for 2017: “123456”

Splash Data, a password management utilities provider, compiled a list of five million user credentials leaked this year and found the most commonly used password to be 123456. Attackers use these leaked records to build similar lists of leaked passwords, which are assembled as “dictionaries” for carrying out account brute-force attacks.

“123456” Remains Most Common Password Found in Data Dumps in 2017

Bleeping Computer | By Catalin Cimpanu |
For the second year in a row, “123456” remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers.

While having “123456” as your password is quite bad, the other terms found on a list of  Top 100 Worst Passwords of 2017 are just as distressing and regretful.

Some of these include an extensive collection of sports terms (football, baseball, soccer, hockey, Lakers, jordan23, golfer, Rangers, Yankees), car brands (Mercedes, Corvette, Ferrari, Harley), and various expressions (iloveyou, letmein, whatever, blahblah).

But, by far, the list was dominated by names, with the likes of Robert (#31), Matthew (#32), Jordan (#33), Daniel (#35), Andrew (#36), Andrea (#38), Joshua (#40), George (#48), Nicole (#53), Hunter (#54), Chelsea (#62), Phoenix (#66), Amanda (#67), Ashley (#69), Jessica (#74), Jennifer (#76), Michelle (#81), William (#86), Maggie (#92), Charlie (#95), and Martin (#96), showing up on the list.

List compiled from five million leaked credentials

The list was put together by SplashData, a company that provides various password management utilities such as TeamsID and Gpass. The company said it compiled the list by analyzing over five million user records leaked online in 2017 and that also contained password information.

“Use of any of the passwords on this list would put users at grave risk for identity theft,” said a SplashData spokesperson in a press release that accompanied a two-page PDF document containing a list of the most encountered passwords.

This is because attackers use these same leaked records to build similar lists of leaked passwords, which they then assemble as “dictionaries” for carrying out account brute-force attacks.

Attackers will use the leaked terms, but they’ll also create common variations on these words using simple algorithms. This means that by adding “1” or any other character combinations at the start or end of basic terms, users aren’t improving the security of their password.

Advising users on best password policies is a doctoral paper in its own right, but for the time being, users should look into using unique passwords per account, possibly employing a password manager, using more complex passwords, and above all, staying away from the terms below.

1 – 123456 (rank unchanged since 2016 list)
2 – password (unchanged)
3 – 12345678 (up 1)
4 – qwerty (Up 2)
5 – 12345 (Down 2)
6 – 123456789 (New)
7 – letmein (New)
8 – 1234567 (Unchanged)
9 – football (Down 4)
10 – iloveyou (New)
11 – admin (Up 4)
12 – welcome (Unchanged)
13 – monkey (New)
14 – login (Down 3)
15 – abc123 (Down 1)
16 – starwars (New)
17 – 123123 (New)
18 – dragon (Up 1)
19 – passw0rd (Down 1)
20 – master (Up 1)
21 – hello (New)
22 – freedom (New)
23 – whatever (New)
24 – qazwsx (New)
25 – trustno1 (New)

Cyber Security “Hackers can Guess Your Phone PIN Using Its Sensor Data”

Homeland Security Newswire | By Staff | December 26, 2017

Instruments in smart phones such as the accelerometer, gyroscope and proximity sensors represent a potential security vulnerability, according to researchers. Using a combination of information gathered from six different sensors found in smart phones and state-of-the-art machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smart phones with a 99.5 per cent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers

Instruments in smart phones such as the accelerometer, gyroscope and proximity sensors represent a potential security vulnerability, according to researchers from Nanyang Technological University, Singapore (NTU Singapore), whose research was published in the open-access Cryptology ePrint Archive.

Using a combination of information gathered from six different sensors found in smart phones and state-of-the-art machine learning and deep learning algorithms, the researchers succeeded in unlocking Android smart phones with a 99.5 percent accuracy within only three tries, when tackling a phone that had one of the 50 most common PIN numbers.

NTU says that the previous best phone-cracking success rate was 74 percent for the 50 most common pin numbers, but NTU’s technique can be used to guess all 10,000 possible combinations of four-digit PINs.

Led by Dr. Shivam Bhasin, NTU Senior Research Scientist at the Temasek Laboratories @ NTU, researchers used sensors in a smart phone to model which number had been pressed by its users, based on how the phone was tilted and how much light is blocked by the thumb or fingers.

The researchers believe their work highlights a significant flaw in smart phone security, as using the sensors within the phones require no permissions to be given by the phone user and are openly available for all apps to access.

How the experiments were conducted
The team of researchers took Android phones and installed a custom application which collected data from six sensors: accelerometer, gyroscope, magnetometer, proximity sensor, barometer, and ambient light sensor.

“When you hold your phone and key in the PIN, the way the phone moves when you press 1, 5, or 9, is very different. Likewise, pressing 1 with your right thumb will block more light than if you pressed 9,” explains Dr. Bhasin, who spent 10 months with his colleagues, Mr. David Berend and Dr. Bernhard Jungk, on the project.

The classification algorithm was trained with data collected from three people, who each entered a random set of 70 four-digit pin numbers on a phone. At the same time, it recorded the relevant sensor reactions.

Known as deep learning, the classification algorithm was able to give different weightings of importance to each of the sensors, depending on how sensitive each was to different numbers being pressed. This helps eliminate factors which it judges to be less important and increases the success rate for PIN retrieval.

Although each individual enters the security PIN on their phone differently, the scientists showed that as data from more people is fed to the algorithm over time, success rates improved.

So while a malicious application may not be able to correctly guess a PIN immediately after installation, using machine learning, it could collect data from thousands of users over time from each of their phones to learn their PIN entry pattern and then launch an attack later when the success rate is much higher.

Professor Gan Chee Lip, Director of the Temasek Laboratories @ NTU, said this study shows how devices with seemingly strong security can be attacked using a side-channel, as sensor data could be diverted by malicious applications to spy on user behavior and help to access PIN and password information, and more.

“Along with the potential for leaking passwords, we are concerned that access to phone sensor information could reveal far too much about a user’s behavior. This has significant privacy implications that both individuals and enterprises should pay urgent attention to,” said Prof. Gan.
Dr. Bhasin said it would be advisable for mobile operating systems to restrict access to these six sensors in future, so that users can actively choose to give permissions only to trusted apps that need them.

To keep mobile devices secure, Dr. Bhasin advises users to have PINs with more than four digits, coupled with other authentication methods like one-time passwords, two-factor authentications, and fingerprint or facial recognition.