Abstract: Provided herein is a method, apparatus, and system for detecting conditions indicative of an attempt to attach a skimming device to a payment device. Methods may include monitoring at least one wire among a plurality of wires between a card reader device and a motherboard; determining voltage consumption; determining current consumption; identifying a change in voltage consumption or current consumption satisfying a predetermined value; and providing for transmission of an alert of a condition indicating possible attachment of a card skimming device. Methods may include generating a status message periodically and transmitting the status message to a remote entity. The change in voltage consumption or current consumption satisfying the predetermined value may include a voltage instability exceeding a predetermined range about an anticipated voltage. The change in voltage consumption or current consumption satisfying the predetermined value may include a decrease in current satisfying the predetermined value.

Abstract: Various embodiments of the present disclosure provide for detecting audio deepfakes through acoustic prosodic modeling. In one example, an embodiment provides for extracting one or more prosodic features from an audio sample and classifying the audio sample as a deepfake audio sample or an organic audio sample by applying a machine learning model to the one or more prosodic features. The one or more prosodic features can be indicative of one or more prosodic characteristics associated with human speech. Additionally, the machine learning model can be configured as a classification-based detector for audio deepfakes.

Abstract: A method is provided for identifying synthetic “deep-fake” audio samples versus organic audio samples. Methods may include: generating a model of a vocal tract using one or more organic audio samples from a user; identifying a set of bigram-feature pairs from the one or more audio samples; estimating the cross-sectional area of the vocal tract of the user when speaking the set of bigram-feature pairs; receiving a candidate audio sample; identifying bigram-feature pairs of the candidate audio sample that are in the set of bigram-feature pairs; calculating a cross-sectional area of a theoretical vocal tract of a user when speaking the identified bigram-feature pairs; and identifying the candidate audio sample as a deep-fake audio sample in response to the calculated cross-sectional area of the theoretical vocal tract of a user failing to correspond within a predetermined measure of the estimated cross sectional area of the vocal tract of the user.

Abstract: Various examples are provided related to automated security analysis of baseband firmware. In one example, a system includes a wireless front end and processing circuitry communicatively coupled to the wireless front end and a target device. The processing circuitry can generate mutated packets based upon a device state of the target device; provide the mutated packets for transmission to the target device; receive feedback information from the target device in response to reception of the mutated packets; and identify a firmware flaw associated with the target device in response to the feedback information. In another example, a method includes generating mutated packets based upon a device state of a target device; transmitting the mutated packets to the target device; receiving feedback information from the target device in response to reception of the mutated packets; and identifying a firmware flaw associated with the target device using the feedback information.

Abstract: Methods and apparatuses for providing cryptographic authentication within a voice channel are disclosed. The methods and apparatuses can provide cryptographic authentication solely within a voice channel or can use a combination of a voice channel and another data channel. A method for providing cryptographic authentication within a voice channel can operate between telephonic systems and be suitable for operating over G.711/PCMu, AMR and SPEEX™ codecs, and suitable for operating over mobile, PSTN, and VOIP networks. The method can include providing a modem that is codec agnostic and suitable for executing a TLS-based authentication protocol. The method can include using frequency-shift modulation within a frequency range of 300-3400 Hz.

Abstract: Various methods are provided for secure two-factor authentication, and more specifically, for incorporating a layer of security to two-factor authentication using Short Message Service in a manner virtually transparent to the end-user. Methods may include receiving a request for registration for two-factor authentication from a client including a username and password; providing a request for a mobile device number; receiving the mobile device number and a pre-shared key; sending to a mobile device an identity of the client and a server key share; receiving from the mobile device a mobile device key share; sending information corresponding to an exchange with the mobile device and a challenge derived from the pre-shared key to the client in response to the device key share corresponding to the server key share; receiving confirmation of registration with the mobile device; and establishing a shared key in response to verification of the confirmation.

Abstract: Provided herein is a method, apparatus, and system for detecting conditions indicative of an attempt to attach a skimming device to a payment device. Methods may include monitoring at least one wire among a plurality of wires between a card reader device and a motherboard; determining voltage consumption; determining current consumption; identifying a change in voltage consumption or current consumption satisfying a predetermined value; and providing for transmission of an alert of a condition indicating possible attachment of a card skimming device. Methods may include generating a status message periodically and transmitting the status message to a remote entity. The change in voltage consumption or current consumption satisfying the predetermined value may include a voltage instability exceeding a predetermined range about an anticipated voltage. The change in voltage consumption or current consumption satisfying the predetermined value may include a decrease in current satisfying the predetermined value.

Abstract: Disclosed are various embodiments for detecting Signaling System 7 (SS7) redirection attacks by measuring call audio round trip times between phones. Such redirection attacks force calls to travel longer physical distances than usual, thereby causing longer end-to-end delay. Accordingly, various embodiments implement a distance bounding-inspired protocol that allows for securely characterizing the round trip time between two call endpoints. As a result, telephone users can reliably detect SS7 redirection attacks and protect the information contained in their calls.

Abstract: A method is provided for identifying synthetic “deep-fake” audio samples versus organic audio samples. Methods may include: generating a model of a vocal tract using one or more organic audio samples from a user; identifying a set of bigram-feature pairs from the one or more audio samples; estimating the cross-sectional area of the vocal tract of the user when speaking the set of bigram-feature pairs; receiving a candidate audio sample; identifying bigram-feature pairs of the candidate audio sample that are in the set of bigram-feature pairs; calculating a cross-sectional area of a theoretical vocal tract of a user when speaking the identified bigram-feature pairs; and identifying the candidate audio sample as a deep-fake audio sample in response to the calculated cross-sectional area of the theoretical vocal tract of a user failing to correspond within a predetermined measure of the estimated cross sectional area of the vocal tract of the user.

Abstract: A system for distinguishing between a human voice generated command and an electronic speaker generated command is provided. An exemplary system comprises a microphone array for receiving an audio signal collection, preprocessing circuitry configured for converting the audio signal collection into processed recorded audio signals, energy balance metric determination circuitry configured for calculating a final energy balance metric based on the processed recorded audio signals, and energy balance metric evaluation circuitry for outputting a command originator signal based at least in part on the final energy balance metric.

Abstract: Methods and apparatuses for providing cryptographic authentication within a voice channel are disclosed. The methods and apparatuses can provide cryptographic authentication solely within a voice channel or can use a combination of a voice channel and another data channel. A method for providing cryptographic authentication within a voice channel can operate between telephonic systems and be suitable for operating over G.711/PCMu, AMR and SPEEX™ codecs, and suitable for operating over mobile, PSTN, and VOIP networks. The method can include providing a modem that is codec agnostic and suitable for executing a TLS-based authentication protocol. The method can include using frequency-shift modulation within a frequency range of 300-3400 Hz.

Abstract: Devices and methods for detecting credit card skimmers are provided herein. A device can include a printed circuit board having a pattern of electrical traces on its surface, and a computer readable medium comprising instructions that cause a processor to direct an electrical voltage to a trace and detect an electrical current between two points of the trace. A gap can be disposed between the two points across which a voltage is applied in order to detect a magnetic reader. A count of the detected magnetic readers within a credit card reading device may be indicative of the presence of a credit card skimmer.

Abstract: Various examples are provided related to automated security analysis of baseband firmware. In one example, a system includes a wireless front end and processing circuitry communicatively coupled to the wireless front end and a target device. The processing circuitry can generate mutated packets based upon a device state of the target device; provide the mutated packets for transmission to the target device; receive feedback information from the target device in response to reception of the mutated packets; and identify a firmware flaw associated with the target device in response to the feedback information. In another example, a method includes generating mutated packets based upon a device state of a target device; transmitting the mutated packets to the target device; receiving feedback information from the target device in response to reception of the mutated packets; and identifying a firmware flaw associated with the target device using the feedback information.

Abstract: Systems and methods for detecting counterfeit magnetic stripes are provided. A method can include detecting magnetic flux transitions encoded on a magnetic stripe and the variation in distances between clocking flux transitions. The distance between variations in clocking flux transitions is greater in counterfeit cards than in legitimate cards. The variations in distances can be compared with known values of legitimate cards to detect the presence of a counterfeit magnetic stripe.

Abstract: Systems and methods for call authentication are provided. A method can include an enrollment protocol that ensures users control the number they claim to own, a handshake protocol that mutually authenticates the calling parties, and a call integrity protocol that ensures the security of the voice channel and the content it carries. A server can act as either an endpoint or intermediary between user clients and client-server architecture can be employed. All protocols can include end-to-end cryptography and the enrollment protocol can issue a certificate that binds the identity of the client to a phone number.

Abstract: Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or process for particular kinds of suspicious data transformation indicators. Indicators include primary indicators, such as file-type signature changes, notable changes in file data entropy, and out-of-range similarity measurements between the read and write versions of file data, as well as secondary indicators, such as a large number of file deletions and a large reduction in the number of file-types written versus read by a process over time. When indicators are triggered by a process, an adjustment to the process' malware score is made; in the event that the process' malware score reaches a malware detection threshold, the process is marked as malware and appropriate actions are taken.

Abstract: Devices and methods for detecting credit card skimmers are provided herein. A device can include a printed circuit board having a pattern of electrical traces on its surface, and a computer readable medium comprising instructions that cause a processor to direct an electrical voltage to a trace and detect an electrical current between two points of the trace. A gap can be disposed between the two points across which a voltage is applied in order to detect a magnetic reader. A count of the detected magnetic readers within a credit card reading device may be indicative of the presence of a credit card skimmer.

Abstract: A system for distinguishing between a human voice generated command and an electronic speaker generated command is provided. An exemplary system comprises a microphone array for receiving an audio signal collection, preprocessing circuitry configured for converting the audio signal collection into processed recorded audio signals, energy balance metric determination circuitry configured for calculating a final energy balance metric based on the processed recorded audio signals, and energy balance metric evaluation circuitry for outputting a command originator signal based at least in part on the final energy balance metric.

Abstract: Devices and methods for detecting credit card skimmers are provided herein. A device can include a printed circuit board having a pattern of electrical traces on its surface, and a computer readable medium comprising instructions that cause a processor to direct an electrical voltage to a trace and detect an electrical current between two points of the trace. A gap can be disposed between the two points across which a voltage is applied in order to detect a magnetic reader. A count of the detected magnetic readers within a credit card reading device may be indicative of the presence of a credit card skimmer.

Abstract: Disclosed are various embodiments for detecting Signaling System 7 (SS7) redirection attacks by measuring call audio round trip times between phones. Such redirection attacks force calls to travel longer physical distances than usual, thereby causing longer end-to-end delay. Accordingly, various embodiments implement a distance bounding-inspired protocol that allows for securely characterizing the round trip time between two call endpoints. As a result, telephone users can reliably detect SS7 redirection attacks and protect the information contained in their calls.