Category: Hackers


Smartphone scams: Owners warned over malware apps

Filed under: Android, Applications, Cybersecurity, Droid, Exploit, Hackers, Internet, Malware, Mobile, Trojan, WiFi by Ryan Boese — Leave a comment
November 6, 2011

Get Safe Online says that there has been an increase in smartphone malware as the market has grown.

Criminals are typically creating Trojan copies of reputable apps and tricking users into installing them.

Once on the phone, the app can secretly generate cash for criminals through premium rate text messages.

Get Safe Online, a joint initiative between the government, police and industry, said it was concerned that users of smartphones, such as Android devices, were not taking steps to protect their devices.

Get Safe Online said fraudsters are designing apps which generate cash secretly in the background without the owner realising until their monthly bill.

A typical scam involves an app designed to send texts to premium rate services without the user knowing.

Apps can appear to be bona fide software or sometimes masquerade as stripped down free versions of well-known games.

Rik Ferguson, a hacking researcher with internet security firm Trend Micro, said: “This type of malware is capable of sending a steady stream of text messages to premium rate numbers – in some instances we’ve seen one being sent every minute.

“With costs of up to £6 per message, this can be extremely lucrative. The user won’t know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device’s back-end infrastructure.”

Online banking

Another major security firm, Symantec, recently warned in its annual threat assessment that Android phones were at risk and that it had found at least six varieties of malicious software.

Minister for Cyber Security Francis Maude said: “More and more people are using their smartphone to transmit personal and financial information over the internet, whether it’s for online banking, shopping or social networking.

“Research from Get Safe Online shows that 17% of smartphone users now use their phone for money matters and this doesn’t escape the notice of criminals.”

Tony Neate, head of Get Safe Online, urged people to check their phone’s security.

“Mobile phones are very personal. I have talked to people who are never more than a yard away from their mobile phone. Because of that attachment, they start to think that they are in a way invincible.

“It’s the end user that picks up the tab – it’s your phone that incurs the costs. Whether you have pay-as-you-go or a monthly account, that money is going to come from the account and go to the criminal.”

Source: BBC News

Tags: , , , , , , , ,
Comment

Security expert warns hackers can attack Android

Filed under: Android, Applications, Cybersecurity, Exploit, Hackers, Internet, Security, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
August 12, 2011

A mobile security expert says he has found new ways for hackers to attack phones running Google Inc’s Android operating system.

Riley Hassell, who caused a stir when he called off an appearance at a hacker’s conference last week, told Reuters he and colleague Shane Macaulay decided not to lay out their research at the gathering for fear criminals would use it attack Android phones.

He said in an interview he identified more than a dozen widely used Android applications that make the phones vulnerable to attack.

“App developers frequently fail to follow security guidelines and write applications properly,” he said.

“Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message.”

He declined to identify those apps, saying he fears hackers might exploit the vulnerabilities.

“When you release a threat and there’s no patch ready, then there is mayhem,” said Hassell, founder of boutique security firm Privateer Labs.

Hassell said he and Macaulay alerted Google to the software shortcomings they unearthed.

Google spokesman Jay Nancarrow said Android security experts discussed the research with Hassell and did not believe he had uncovered problems with Android.

“The identified bugs are not present in Android,” he said, declining to elaborate.

It was the first public explanation for the failure of Hassell and Macaulay to make a scheduled presentation at the annual Black Hat hacking conference in Las Vegas, the hacking community’s largest annual gathering.

They had been scheduled to talk about “Hacking Androids for Profit.” Hundreds of people waited for them to show up at a crowded conference room.

Hassell said in an interview late on Thursday the pair also learned — at the last minute — that some of their work may have replicated previously published research and they wanted to make sure they properly acknowledged that work.

“This was a choice we made, to prevent an unacceptable window of risk to consumers worldwide and to guarantee credit where it was due,” he said.

A mobile security researcher familiar with the work of Hassell and Macaulay said he understood why the pair decided not to disclose their findings.

“When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information,” the researcher said. “When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy.”

Hassell said he plans to give his talk at the Hack in The Box security conference in Kuala Lumpur in October.

Ryan:  If you are running an Android phone, two must have apps for your phone are:  Lookout Mobile Security for Android & Advanced Task Killer.

Source: Reuters

Tags: , , , ,
Comment

German hackers crack mobile phone GPRS code

Filed under: Cybersecurity, GPRS, Hackers, Security, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
August 10, 2011

The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs.

“With our technology we can capture GPRS data communications in a radius of 5 km,” he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe’s largest hacker coalition.

Phones using the newer UMTS standard are safer, Nohl said, but the crack effects industrial equipment, toll systems and anything using GPRS — including newer devices like Apple Inc’s iPhone or iPad which switch to the older GPRS in remote areas.

Source: Reuters

Tags: , , , , , , , ,
Comment

Android App Turns Smartphones Into Mobile Hacking Machines

Filed under: Android, Applications, Cybersecurity, Exploit, Hackers, Mobile, Security, WiFi by Ryan Boese — Leave a comment
August 6, 2011

Dangerous hacks come in small packages.

Or they will, perhaps, when an app called Anti, or Android Network Toolkit, hits the Android market next week. The program, which Israeli security firm Zimperium revealed at the Defcon hacker conference in Las Vegas Friday and plans to make available to Android users in coming days, is designed for penetration testing–in theory, searching out and demonstrating vulnerabilities in computer systems so that they can be patched. Anti aims to bring all the hacking tools available to penetration testers on PCs to smartphones, with an automated interface intended to make sniffing local networks and owning remote servers as simple as pushing a few buttons.

“We wanted to create a penetration testing tool for the masses, says Itzhak “Zuk” Avraham, founder of Tel-Aviv-based Zimperium. “It’s about being able to do what advanced hackers do with a really good implementation. In your pocket.”

Anti, a free app with a $10 corporate upgrade, will offer a wi-fi-scanning tool for finding open networks and showing all potential target devices on those networks, as well as traceroute software that can reveal the IP addresses of faraway servers. When a target is identified, the app offers up a simple menu with commands like “Man-In-The-Middle” to eavesdrop on local devices, or even “Attack”; The app is designed to run exploits collected in platforms like Metasploit or ExploitDB, using vulnerabilities in out-of-date software to compromise targets.

A screenshot from Anti displaying target machines on the local network.

For now, the demonstration app Avraham showed me was equipped with only a few exploits: One aimed at a bug in Windows–the same flaw exploited by the Conficker worm in 2009–another targeting default SSH passwords in jailbroken iPhones, and a third exploiting a vulnerable, older version of Android. Zimperium has also built a Windows trojan that allows Anti to perform automated commands on hijacked machines like taking a screenshot, ejecting a CD, or opening the calculator, a common penetration-testing demonstration.

Even in its current form, the app raises the possibility of dangerous, stealthy attacks. A hacker could, for instance, walk into a coffee shop or a corporate office with his phone and start sussing out machines for data theft or malware infection. But Avraham says Zimperium will ask users in its terms of service to limit their hacking to “white hat” penetration testing.

Another screenshot showing command options on a target machine, including “man-in-the-middle” and “attack.”

“Hacking is not for the chosen few,” reads one description in the app’s documentation, formatted in Star Wars-style scrolling text. “Anti is your perfect mobile companion, doing it all for you. Please remember, with great power comes great responsibility. Use it wisely.”

Penetration testers who saw the app at Defcon were impressed. “It’s just sick,” says Don Bailey, a researcher with security firm iSec Partners. “The way it populates the screen with vulnerable targets…it’s really elegant.”

Another professional penetration tester for a defense contractor firm who asked that his name not be used called the app a “quick and dirty Swiss army knife for mobile pen testing.” “It’s so polished it’s almost like playing a video game,” he says, comparing it to penetration testing suites that cost thousands of dollars.

With its sheer simplicity, Anti’s impact could be comparable to that of Firesheep, a proof-of-concept tool released in October of last year that allowed anyone to easily snoop on devices on unsecured wi-fi networks that connected to unencrypted web pages. That tool was downloaded more than 1.7 million times, and no doubt used in some instances to spy on web users unawares. But it also helped inspire both Twitter and Facebook to encrypt traffic to their site and prevent such eavesdropping.

“People might use it in dangerous ways,” Avraham says with a shrug. “I really hope not. But I know this might be the risk to help people increase their security, and that’s our goal.”

Ryan: Great, now every kid that owns an Android phone can play wannabe hacker. Just what this world needs.

Source: Forbes

Tags: , , , , , , , , , , , , ,
Comment

Fake FlashPlayer for Mac OS X leads to site redirection attacks

Filed under: Adobe, Applications, Exploit, Flash, Hackers, Mac, Macbook, Malware, Uncategorized by Ryan Boese — Leave a comment
August 1, 2011

Researchers at F-Secure have intercepted a new malicious threat for Apple’s Mac OS X — a Trojan that redirects users to fake Google web sites.

The Trojan is currently being delivered via fake a Adobe Flash Player (FlashPlayer.pkg) update, F-Secure said in a blog post.

Once installed, the trojan adds entries to the hosts file to hijack users visiting various Google sites (e.g., Google.com.tw, Google.com.tl, et cetera) to the IP address 91.224.160.26, which is located in Netherlands.

The server at the IP address displays a fake webpage designed to appear similar to the legitimate Google site.

“Even though the [Google] page looks fairly realistic, clicking on any of the links does not take the user to any other sites. Clicking on the links does however open new pop-up pages, which are all pulled from a separate remote server,” F-Secure said, nothing that this attack may be aimed at serving ads to infected Mac OS X machines.

Apple has struggled recently with scareware attacks on its platform and the latest sighting is further proof that the increase in Mac OS X market share has attracted the attention of malware writers.

Source: ZDNet

Tags: , , , , , , , , ,
Comment

Men build small flying spy drone that cracks Wi-Fi and cell data

Filed under: Computers, Cybersecurity, GPS, Hackers, Linux, Technology, Telecom, VoIP, WiFi, Wireless by Ryan Boese — Leave a comment
July 30, 2011

Built by Mike Tassey and Richard Perkins, the Wireless Aerial Surveillance Platform (otherwise known as the WASP) is a flying drone that has a 6-foot wingspan, a 6-foot length and weighs in at 14 pounds. The small form factor of the unmanned aerial vehicle allows it to drop under radar and is often mistaken for a large bird. It was built from an Army target drone and converted to run on electric batteries rather than gasoline. It can also be loaded with GPS information and fly a predetermined course without need for an operator. Taking off and landing have to be done manually with the help of a mounted HD camera. However, the most interesting aspect of the drone is that it can crack Wi-Fi networks and GSM networks as well as collect the data from them.

It can accomplish this feat with a Linux computer on-board that’s no bigger than a deck of cards. The computer accesses 32GB of storage to house all that stolen data. It uses a variety of networking hacking tools including the BackTrack toolset as well as a 340 million word dictionary to guess passwords. In order to access cell phone data, the WASP impersonates AT&T and T-Mobile cell phone towers and fools phones into connecting to one of the eleven antenna on-board. The drone can then record conversations to the storage card and avoids dropping the call due to the 4G T-mobile card routing communications through VoIP.

Amazingly, this was accomplished with breaking a single FCC regulation. The drone relies on the frequency band used for Ham radios to operate. Not wanting to get into legal trouble with AT&T and T-Mobile, they tested the technology in isolated areas to avoid recording phone conversations other than their own. The duo play to discuss how to build the WASP at the DEFCON 19 hacking conference.

Source: Digital Trends / Yahoo! News

Tags: ,
Comment

Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries

Filed under: Apple, Computers, Cybersecurity, Exploit, Hackers, Laptop, Macbook, Security by Ryan Boese — Leave a comment
July 22, 2011

Your laptop’s battery is smarter than it looks. And if a hacker like security researcher Charlie Miller gets his digital hands on it, it could become more evil than it appears, too.

At the Black Hat security conference in August, Miller plans to expose and provide a fix for a new breed of attack on Apple laptops that takes advantage of a little-studied weak point in their security: the chips that control their batteries.

Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery’s charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes.

When Miller examined those batteries in several Macbooks, Macbook Pros and Macbook Airs, however, he found a disturbing vulnerability. The batteries’ chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips’ firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. “These batteries just aren’t designed with the idea that people will mess with them,” Miller says. “What I’m showing is that it’s possible to use them to do something really bad.”

Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip’s firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding.

From there, zapping the battery such that it’s no longer recognized by the computer becomes trivial: In fact, Miller permanently “bricked” seven batteries just in the course of his tinkering. (They cost about $130 to replace.) More interesting from a criminal perspective, he suggests, might be installing persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash. Few IT administrators would think to check a battery’s firmware for the source of that infection, and if undiscovered the chip could re-infect the computer again and again.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” says Miller.

That attack would require finding another vulnerability in the interface between the chip and the operating system. But Miller says that’s not much of a barrier. “Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.”

And the truly disturbing prospect of a hacker remotely blowing up a battery on command? Miller didn’t attempt that violent trick, but believes it might be possible. “I work out of my home, so I wasn’t super inclined to cause an explosion there,” he says.

In fact, the batteries he examined have other safeguards against explosions: fuses that contain an alloy that melts at high temperatures to break the circuit and prevent further charging. But Miller, who has worked for the National Security Agency and subsequently hacked everything from the iPhone to virtual worlds, believes it might still be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he says. “If you have all this control, you can probably do it.”

Miller, currently a researcher with the consultancy Accuvant, isn’t the first to explore the danger of explosive batteries triggered by hackers. Barnaby Jack, a researcher for with antivirus giant McAfee, says he worked on the problem in 2009, but he says he ”benched the research when I didn’t succeed in causing any lithium ion fires. Charlie has taken it a lot further and surpassed where I was at the time.”

Miller says he’s received messages from several other researchers asking him not proceed with the battery work because it could be too dangerous. But Miller has worked to fix the problems he’s exposing. At Black Hat he plans to release a tool for Apple users called “Caulkgun” that changes their battery firmware’s passwords to a random string, preventing the default password attack he used. Miller also sent Apple and Texas Instruments his research to make them aware of the vulnerability. I contacted Apple for comment but haven’t yet heard back from the company.

Implementing Miller’s “Caulkgun” prevents any other hacker from using the vulnerabilities he’s found. But it would also prevent Apple from using the battery’s default passwords to implement their own upgrades and fixes. Those who fear the possibilities of a hijacked chunk of charged chemicals in their laps might want to consider the tradeoff.

“No one has ever thought of this as a security boundary,” says Miller. “It’s hard to know for sure everything someone could do with this.”

Source: Forbes

Tags: , , , , , , , , , , , ,
Comment

Hackers crack Vodafone’s network, can listen to all calls

Filed under: Cybersecurity, Exploit, Hackers, Security, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
July 13, 2011

The Hacker’s Choice (THC), a group of computer security researchers, released surprising news about cellular carrier Vodafone UK. Using standard consumer hardware, THC was able to access Vodafone’s internal network and customer equipment. This unprecedented hack was made possible by Vodafone’s Sure Signal, a femtocell (think tiny cell tower) customers plug into their home internet connections for better cell reception.

THC began researching femtocells in 2009. The technology has become popular with cellphone companies like AT&T, which offers a 3G MicroCell, because the home access points mean better service for customers in areas with spotty coverage. THC purchased its femtocell from Vodafone UK and examined how the device communicated to Vodafone’s core network. They discovered that because of a flaw in how Vodafone implemented its system, it gave full access to the network to the femtocell, a device the hackers had full control of. Vodafone also used the same ‘newsys’ administrator password across all devices.

Vodafone says only a limited number of registered phones are allowed to access each customer’s femtocell. The hackers were able to uncap this and let any Vodafone customer phone automatically connect to their device. Once a phone connected, THC was able to eavesdrop on phone conversations, place calls as the customer, and even access their voicemail. With phone hacking in the news every day, we wonder what other security flaws are still waiting to be discovered.

Ryan’s Update:  I have been emailed by Vodafone’s Media Relations Team, and they have informed me that they have released a security patch and have fixed any flaws with Vodafone Sure Signal.  I was directed to read the following statement below:

Overnight on July 12, a claim appeared that hackers had found security loopholes in Vodafone Sure Signal which could compromise the security of Vodafone’s network.

This is untrue: The Vodafone network has not been compromised.
The claims regarding Vodafone Sure Signal,  which is a signal booster used indoors, relate to a vulnerability that was detected at the start of 2010.

A security patch was issued a few weeks later automatically to all Sure Signal boxes.

As a result, Vodafone Sure Signal customers do not need to take any action to secure their device.
We monitor the security of all of our products and services on an ongoing basis and will continue to do so.

 

Source: THC Blog / Yahoo! News

Tags: , , , , , , , , , ,
Comment

Apple girding gadgets against hackers

Filed under: Apple, Applications, Exploit, Hackers, Jailbreak, Security, Wireless by Ryan Boese — Leave a comment
July 9, 2011

Apple on Friday said it was working to patch a vulnerability that hackers could use to break into the company’s popular iPad, iPhone and iPod Touch gadgets.

Engineers at the California firm are fixing a weakness pointed out by the German Federal Office for Information Security (BSI).

“Apple takes security very seriously,” Apple spokeswoman Trudy Muller said in response to an AFP inquiry.

“We are aware of this reported issue and developing a fix that will be available in an upcoming software update,” she said.

BSI warned this week of a flaw that would let hackers infiltrate Apple mobile devices by duping users into opening PDF document files booby-trapped with malicious computer code.

Although no attacks have been observed, hackers are likely to try to exploit the weakness, according to a posting on the agency’s website.

Possible “attack scenarios for cyber-criminals” include accessing passwords, email messages, contact lists, or built-in cameras and eavesdropping on phone conversations or getting location information, according to BSI.

The agency recommended that Apple device users guard against hackers by not opening PDF documents from unfamiliar sources.

Apple gadget users should limit Web browsing to reliable websites and avoid clicking on links in emails unless they are certain where they lead, BSI advised.

Source: Yahoo! News

Tags: , , , ,
Comment

Where Have All the Spambots Gone?

Filed under: Computers, Cybersecurity, Exploit, Hackers, Internet, RootKit, Security, Technology, Trojan by Ryan Boese — Leave a comment
July 3, 2011

First, the good news:  The past year has witnessed the decimation of spam volume, the arrests of several key hackers, and the high-profile takedowns of some of the Web’s most notorious botnets. The bad news? The crooks behind these huge crime machines are fighting back — devising new approaches designed to resist even the most energetic takedown efforts.

The volume of junk email flooding inboxes each day is way down from a year ago, as much as a 90 percent decrease according to some estimates. Symantec reports that spam volumes hit their high mark in July 2010, when junk email purveyors were blasting in excess of 225 billion spam messages per day. The company says daily spam volumes now hover between 25 and 50 billion missives daily. Anti-spam experts from Cisco Systems are tracking a similarly precipitous decline, from 300 billion per day in June 2010 to just 40 billion in June 2011.

There may be many reasons for the drop in junk email volumes, but it would be a mistake to downplay efforts by law enforcement officials and security experts.  In the past year, authorities have taken down some of the biggest botnets and apprehended several top botmasters. Most recently, the FBI worked with dozens of ISPs to kneecap the Coreflood botnet. In April, Microsoft launched an apparently successful sneak attack against Rustock, a botnet once responsible for sending 40 percent of all junk email.

In December 2010, the FBI arrested a Russian accused of running the Mega-D botnet. In October 2010, authorities in the Netherlands arrested the alleged creator of the Bredolab botnet and dismantled huge chunks of the botnet. A month earlier, Spamit.com, one of the biggest spammer affiliate programs ever created, was shut down when its creator, Igor Gusev, was named the world’s number one spammer and went into hiding. In August 2010, researchers clobbered the Pushdo botnet, causing spam from that botnet to slow to a trickle.

But botmasters are not idly standing by while their industry is dismantled. Analysts from Kaspersky Lab this week published research on a new version of the TDSS malware (a.k.a. TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove. The latest version of TDSS — dubbed TDL-4 has already infected 4.5 million PCs; it uses a custom encryption scheme that makes it difficult for security experts to analyze traffic between hijacked PCs and botnet controllers. TDL-4 control networks also send out instructions to infected PCs using a peer-to-peer network that includes multiple failsafe mechanisms.

Getting infected with TDL-4 may not be such a raw deal if your computer is already heavily infected with other malware: According to Kaspersky, the bot will remove threats like the ZeuS Trojan and 20 other malicious bot programs from host PCs.  “TDSS scans the registry, searches for specific file names, blacklists the addresses of the command and control centers of other botnets and prevents victim machines from contacting them,” wrote Kaspersky analysts Sergey Golovanov and Igor Soumenkov.

The evolution of the TLd-4 bot is part of the cat-and-mouse game played by miscreants and those who seek to thwart their efforts. But law enforcement agencies and security experts also are evolving by sharing more information and working in concert, said Alex Lanstein, a senior security researcher at FireEye, a company that has played a key role in several coordinated botnet takedowns in the past two years.

“Takedowns can have an effect of temporarily providing relief from general badness, be it click fraud, spam, or credential theft, but lasting takedowns can only be achieved by putting criminals in silver bracelets,” Lanstein said. “The Mega-D takedown, for example, was accomplished through trust relationships with registrars, but the lasting takedown was accomplished by arresting the alleged author, who is awaiting trial. In the interim, security companies are getting better and better about working with law enforcement, which is what happened with Rustock.”

Attacking the botnet infrastructure and pursuing botmasters are crucial components of any anti-cybercrime strategy: TDSS, for example, is believed to be tied to affiliate programs that pay hackers to distribute malware.

Unfortunately, not many security experts or law enforcement agencies say they are focusing attention on another major weapon in battling e-crime: Targeting the financial instruments used by these criminal organizations.

Some of the best research on the financial side of the cybercrime underworld is coming from academia, and there are signs that researchers are beginning to share information about individuals and financial institutions that are facilitating the frauds. Recent studies of the pay-per-install, rogue anti-virus and online pharmacy industries reveal a broad overlap of banks and processors that have staked a claim in the market for handling these high-risk transactions. Earlier this week I published data suggesting that the market for rogue pharmaceuticals could be squashed if banks and credit card companies paid closer attention to transactions destined for a handful of credit and debit card processors. Next week, I will publish the first in a series of blog posts that look at the connections between the financial instruments used by rogue Internet pharmacies and those of the affiliate networks that push rogue anti-virus or “scareware.”

Source: Krebs on Security

Tags: , , , , , , , , ,
Comment