SonarSnoop Framework Can Track User's Touch

This is not a replacement for the usual touchscreen, but the developers with this research wanted to point out a new possible vector of attack
05 September 2018   1859

A group of scientists from Sweden and the United Kingdom developed the SonarSnoop framework, which allows to track touch on the screen of a smartphone. The technology works by the method of echolocation, using the standard equipment of the device. This is not a replacement for the usual touchscreen, but the developers wanted to point out a new possible vector of attack by their research. This is reported by Russian IT media Xakep.

The smartphone's speakers are used to generate sound at frequencies of 18 to 20 kilohertz, which a humancan not hear. Microphones catch signals reflected from a finger or stylus. The received data is processed to obtain possible patterns of motion. Most modern devices have a pair of speakers and microphones, which allows to get a fairly accurate result.

SolarSnoop Framework
SolarSnoop Framework

The published work demonstrates the possibility of stealing graphic keys. For the experiment, the developers of SonarSnoop chose a Samsung Galaxy S4. Theoretically there are 389,112 possible variants of the graphic key, however, practice shows that the most popular is only 12.

Ten volunteers were offered to reproduce these keys in a special application on smartphones. The researchers decided to abandon the standard Android solution for reading graphics keys. Own software should provide more control over the course of the experiment.

Only SonarSnoop was installed directy on the devices in order to collect data, processing was performed on a separate computer. With the best method of processing, it was possible to reduce the average number of possible options from 12 to 2.71. And in some cases, the program immediately gave the right version.

SonarSnoop still exists in the form of a concept demonstrating the possibility of using echolocation. The effectiveness of the technology depends heavily on the particular device model. At the same time, developers noted that background noise has virtually no effect on the result.

Security professionals are constantly looking for and regularly detect the vulnerabilities of modern digital devices. In late August, researchers published information about the vulnerability of smartphones, inherited them from modem 80-ies of the last century.

Java SE 14 to be Available

Java SE 14 is as a regular support period version for which updates will be released before the next release
18 March 2020   351

After six months of development, Oracle released the Java SE 14 (Java Platform, Standard Edition 14), which uses the OpenJDK open source project as its reference implementation. Java SE 14 maintains backward compatibility with previous releases of the Java platform; all previously written Java projects will work without changes when launched under the new version. Ready-to-install Java SE 14 builds (JDK, JRE, and Server JRE) are prepared for Linux (x86_64), Windows, and macOS. The Java 14 reference implementation developed by the OpenJDK project is fully open under the GPLv2 license with GNU ClassPath exceptions that allow dynamic linking to commercial products.

Java SE 14 is categorized as a regular support period for which updates will be released before the next release. As a branch with a long service life (LTS), you should use Java SE 11, updates for which will be released until 2026. The previous Java 8 LTS branch will be supported until December 2020. The next LTS release is scheduled for September 2021. Recall that since the release of Java 10, the project has switched to a new development process, which implies a shorter cycle of generating new releases. New functionality is now being developed in one constantly updated master branch, in which ready-made changes are included and from which branches are released every six months to stabilize new releases.

These are some of the changes and updates:

  • Added experimental support for pattern matching in the instanceof operator, which allows you to immediately determine the local variable to access the checked value.
  • Experimental support has been added for the new “record” keyword, which provides a compact form for defining classes, avoiding the explicit definition of various low-level methods, such as equals (), hashCode () and toString (), in cases where data is stored only in fields, the behavior of work with which does not change.
  • This declaration will automatically add implementations of the equals (), hashCode (), and toString () methods in addition to the constructor and methods that control the change of data (getter).
  • Standardized and enabled by default is support for a new form of switch statements that does not require a break statement, allows you to combine duplicate labels, and allows use not only in the form of an operator, but also as an expression.
  • The experimental support for text blocks has been expanded - a new form of string literals that allows you to include multiline text data in the source code without using character escaping and preserving the original text formatting in the block
  • The informative value of diagnostics in case of NullPointerException exceptions has been expanded.
  • A preliminary version of the jpackage utility has been implemented, which allows you to create packages for self-contained Java applications.
  • A new memory allocation mechanism has been added to the G1 garbage collector, taking into account the specifics of working on large systems using the NUMA architecture.
  • Added API for tracking on-the-fly JFR events (JDK Flight Recorder), for example, for organizing continuous monitoring.
  • Added the jdk.nio.mapmode module, which offers new modes (READ_ONLY_SYNC, WRITE_ONLY_SYNC) for creating mapped byte buffers (MappedByteBuffer) that reference non-volatile memory (NVM).
  • A preliminary version of the Foreign-Memory Access API has been implemented, which allows Java applications to safely and efficiently access memory areas outside the Java heap by manipulating new abstractions of MemorySegment, MemoryAddress, and MemoryLayout.
  • Ports for Solaris OS and SPARC processors (Solaris / SPARC, Solaris / x64 and Linux / SPARC) declared obsolete with intent to delete.

Get more at the Oracle website.