Tag Archive: Hackers


Security expert warns hackers can attack Android

Filed under: Android, Applications, Cybersecurity, Exploit, Hackers, Internet, Security, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
August 12, 2011

A mobile security expert says he has found new ways for hackers to attack phones running Google Inc’s Android operating system.

Riley Hassell, who caused a stir when he called off an appearance at a hacker’s conference last week, told Reuters he and colleague Shane Macaulay decided not to lay out their research at the gathering for fear criminals would use it attack Android phones.

He said in an interview he identified more than a dozen widely used Android applications that make the phones vulnerable to attack.

“App developers frequently fail to follow security guidelines and write applications properly,” he said.

“Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message.”

He declined to identify those apps, saying he fears hackers might exploit the vulnerabilities.

“When you release a threat and there’s no patch ready, then there is mayhem,” said Hassell, founder of boutique security firm Privateer Labs.

Hassell said he and Macaulay alerted Google to the software shortcomings they unearthed.

Google spokesman Jay Nancarrow said Android security experts discussed the research with Hassell and did not believe he had uncovered problems with Android.

“The identified bugs are not present in Android,” he said, declining to elaborate.

It was the first public explanation for the failure of Hassell and Macaulay to make a scheduled presentation at the annual Black Hat hacking conference in Las Vegas, the hacking community’s largest annual gathering.

They had been scheduled to talk about “Hacking Androids for Profit.” Hundreds of people waited for them to show up at a crowded conference room.

Hassell said in an interview late on Thursday the pair also learned — at the last minute — that some of their work may have replicated previously published research and they wanted to make sure they properly acknowledged that work.

“This was a choice we made, to prevent an unacceptable window of risk to consumers worldwide and to guarantee credit where it was due,” he said.

A mobile security researcher familiar with the work of Hassell and Macaulay said he understood why the pair decided not to disclose their findings.

“When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information,” the researcher said. “When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy.”

Hassell said he plans to give his talk at the Hack in The Box security conference in Kuala Lumpur in October.

Ryan:  If you are running an Android phone, two must have apps for your phone are:  Lookout Mobile Security for Android & Advanced Task Killer.

Source: Reuters

Tags: , , , ,
Comment

German hackers crack mobile phone GPRS code

Filed under: Cybersecurity, GPRS, Hackers, Security, Technology, Telecom, Wireless by Ryan Boese — Leave a comment
August 10, 2011

The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs.

“With our technology we can capture GPRS data communications in a radius of 5 km,” he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe’s largest hacker coalition.

Phones using the newer UMTS standard are safer, Nohl said, but the crack effects industrial equipment, toll systems and anything using GPRS — including newer devices like Apple Inc’s iPhone or iPad which switch to the older GPRS in remote areas.

Source: Reuters

Tags: , , , , , , , ,
Comment

Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries

Filed under: Apple, Computers, Cybersecurity, Exploit, Hackers, Laptop, Macbook, Security by Ryan Boese — Leave a comment
July 22, 2011

Your laptop’s battery is smarter than it looks. And if a hacker like security researcher Charlie Miller gets his digital hands on it, it could become more evil than it appears, too.

At the Black Hat security conference in August, Miller plans to expose and provide a fix for a new breed of attack on Apple laptops that takes advantage of a little-studied weak point in their security: the chips that control their batteries.

Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery’s charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes.

When Miller examined those batteries in several Macbooks, Macbook Pros and Macbook Airs, however, he found a disturbing vulnerability. The batteries’ chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips’ firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. “These batteries just aren’t designed with the idea that people will mess with them,” Miller says. “What I’m showing is that it’s possible to use them to do something really bad.”

Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip’s firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding.

From there, zapping the battery such that it’s no longer recognized by the computer becomes trivial: In fact, Miller permanently “bricked” seven batteries just in the course of his tinkering. (They cost about $130 to replace.) More interesting from a criminal perspective, he suggests, might be installing persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash. Few IT administrators would think to check a battery’s firmware for the source of that infection, and if undiscovered the chip could re-infect the computer again and again.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” says Miller.

That attack would require finding another vulnerability in the interface between the chip and the operating system. But Miller says that’s not much of a barrier. “Presumably Apple has never considered that as an attack vector, so it’s very possible it’s vulnerable.”

And the truly disturbing prospect of a hacker remotely blowing up a battery on command? Miller didn’t attempt that violent trick, but believes it might be possible. “I work out of my home, so I wasn’t super inclined to cause an explosion there,” he says.

In fact, the batteries he examined have other safeguards against explosions: fuses that contain an alloy that melts at high temperatures to break the circuit and prevent further charging. But Miller, who has worked for the National Security Agency and subsequently hacked everything from the iPhone to virtual worlds, believes it might still be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he says. “If you have all this control, you can probably do it.”

Miller, currently a researcher with the consultancy Accuvant, isn’t the first to explore the danger of explosive batteries triggered by hackers. Barnaby Jack, a researcher for with antivirus giant McAfee, says he worked on the problem in 2009, but he says he ”benched the research when I didn’t succeed in causing any lithium ion fires. Charlie has taken it a lot further and surpassed where I was at the time.”

Miller says he’s received messages from several other researchers asking him not proceed with the battery work because it could be too dangerous. But Miller has worked to fix the problems he’s exposing. At Black Hat he plans to release a tool for Apple users called “Caulkgun” that changes their battery firmware’s passwords to a random string, preventing the default password attack he used. Miller also sent Apple and Texas Instruments his research to make them aware of the vulnerability. I contacted Apple for comment but haven’t yet heard back from the company.

Implementing Miller’s “Caulkgun” prevents any other hacker from using the vulnerabilities he’s found. But it would also prevent Apple from using the battery’s default passwords to implement their own upgrades and fixes. Those who fear the possibilities of a hijacked chunk of charged chemicals in their laps might want to consider the tradeoff.

“No one has ever thought of this as a security boundary,” says Miller. “It’s hard to know for sure everything someone could do with this.”

Source: Forbes

Tags: , , , , , , , , , , , ,
Comment

Spain arrests hackers blamed for Sony attack

Filed under: Exploit, Hackers, PS3, Sony by Ryan Boese — 1 Comment
June 10, 2011
Spanish national police said on Friday they had arrested three members of Anonymous, a loosely affiliated group of activist hackers thought to be responsible for attacks on Sony and the websites of other companies and governments.

The arrests come in the midst of a wave of cybercrime around the globe. Big technology companies including Lockheed Martin, the defence contractor, and Acer, the computer-maker, have seen their systems breached in recent days.

Codemasters, a UK video game developer, admitted on Friday that its website had been attacked, putting at risk thousands of users’ data.

Sony, the Japanese technology and media group, has been among the most targeted companies. An attack on its PlayStation Network nearly two months ago led to the theft of more than 100m user records.

The group has struggled to recover from the attacks since, despite pledges from chief executive Sir Howard Stringer that the company has overhauled its security measures.

Spanish police said the arrests had been made in Barcelona, Valencia and Almería after attacks on Spanish political sites.

“We detained three people responsible, one of whom had in his home a server used to co-ordinate and execute information attacks on governments, financial organisations and companies around the world,” the police said. “The leadership relied on vast knowledge of IT and telecommunications (security, vulnerabilities and intrusions), which it put to use for the success of the organisation’s operations.”

Targets of the Spanish hackers included Sony and the governments of Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand, according to the police.

“To hide their activities they employed sophisticated coding techniques in their communications which made it practically impossible to intercept and identify them,” the police said.

Discussion of the arrests in one hacker chat room mocked the police’s representation of the individuals detained, saying that they were unlikely to be leaders of Anonymous, which styles itself as an anti-hierarchical organization.

The discussions suggested that the individuals arrested were involved in throwing websites offline, but not the more sophisticated hacking that was able to steal user data.

Sony did not reply to requests for comment.

Source: Financial Times

Tags: , , , ,
Comment

Sony scrambles to revive PlayStation Network

Filed under: Computers, Exploit, Gaming, Hackers, PS3, Sony, Technology by Ryan Boese — 3 Comments
April 22, 2011

Sony on Friday was working to revive its online network that connects PlayStation 3 (PS3) consoles to games, films, and other digital offerings.

Disruption of service at the PlayStation Network began late Wednesday and had some suspecting that hackers followed through on a threat of vengeance for Sony’s legal action against peers that crack PS3 software defenses.

The Japanese consumer electronics giant was working to figure out the cause of the Network outage, Sony spokesman Patrick Seybold said in a blog post with the latest update on the situation.

“We wanted to alert you that it may be a full day or two before we’re able to get the service completely back up and running,” Seybold said in a message posted Thursday.

“Thank you very much for your patience while we work to resolve this matter.”

The PlayStation Network outage came during a heavy playing week in the United States, with many public schools closed for spring break and an Easter holiday providing an opportunity for an extended weekend.

“Probably is hackers,” a user with the screen name Drebin Bushido said in a chat forum below Seybold’s message at the PlayStation blog.

“If they are saying nothing this mean they are hiding something.”

Players were still able to take part in games offline on the consoles, but lost the ability to challenge others on the Internet, stream movies, or get other services.

Internet vigilante group Anonymous had vowed retribution against Sony for taking legal action against hackers who cracked PS3 defenses to change console operating software.

A message signed by Anonymous at website anonnews.org early this month announced an “Operation Payback” campaign aimed at Sony because of its cases against the two hackers, one of whom cut a deal to settle the case.

Anonymous argued that PS3 console owners have the right to do what they wish with them, including modifying them.

The hacker group threatened to retaliate against Sony by attacking the company’s websites.

Source: Yahoo!

Tags: , , , , , , , , , ,
Comment

Adobe warns of new Flash Player zero-day attack

Filed under: Adobe, Exploit, Flash, Hackers, Linux, Mac, Malware, Microsoft by Ryan Boese — 2 Comments
April 11, 2011

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

This latest Flash Player zero-day attack comes just weeks after EMC’s RSA Division was hit with a malware attack that used a rigged Flash (.swf) file embedded in a Microsoft Excel document.

In both cases, the attacks are being used to steal corporate secrets.

Here’s the gist of the latest Flash Player zero-day:

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Adobe says it is in the process of finalizing a schedule for delivering patches for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh.

Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, Adobe plans to fix this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.2.154.25 and earlier for Chrome users
  • Adobe Flash Player 10.2.156.12 and earlier for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Source: ZDNet

Tags: , , , , , , , , ,
Comment

Chinese hackers infiltrate five energy firms: study

Filed under: Computers, Exploit, Hackers, Internet, Security by Ryan Boese — Leave a comment
February 9, 2011

Hackers working in China broke into the computer systems of five multinational oil and gas companies to steal bidding plans and other critical proprietary information, the computer security firm McAfee Inc. said in a new report.

The report, which named the attacks Night Dragon, declined to identify the five known companies that had been hacked and said that another seven or so had also been broken into but could not be identified.

“It … speaks to quite a sad state of our critical infrastructure security. These were not sophisticated attacks … yet they were very successful in achieving their goals,” said Dmitri Alperovitch, McAfee’s vice president for threat research.

The hackers got into the computers in one of two ways, either through their public websites or through infected emails sent to company executives.

During the at least two years — and up to four years — the hackers had access to the computer networks, they focused on financial documents related to oil and gas field exploration and bidding contracts, said Alperovitch.

They also copied proprietary industrial processes.

“That information is tremendously sensitive and would be worth a huge amount of money to competitors,” said Alperovitch.

The hack was traced back to China via a server leasing company in Shandong Province that hosted the malware, another term for malicious software, and to Beijing IP addresses that were active from 9 a.m. to 5 p.m. Beijing time.

McAfee’s report did not identify who was behind the hacking.

“We have no evidence that this is government sponsored in any way,” said Alperovitch.

McAfee provided the data to the Federal Bureau of Investigation, which did not respond to requests for comment.

“This is normal business practice in China. It’s not always state sponsored. And they do it to each other,” said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank.

Asked if Beijing normally agreed to arrest hackers, Lewis responded: “It’s not impossible, but it hasn’t happened very often.”

Western governments and companies have long been concerned about corporate espionage based in China.

“We are aware of these types of threats, but we can’t comment specifically about what’s in the Night Dragon report,” said FBI spokeswoman Jenny Shearer.

Washington believes that hacking attacks on Google Inc that briefly prompted the company to pull out of China were orchestrated by two members of the country’s ruling body, according to U.S. diplomatic cables released by Wikileaks.

The French government is looking into a possible Chinese role in spying on carmaker Renault SA’s and Nissan’s electric vehicle program.

In 2007, a Chinese student working at car parts maker Valeo was sentenced to prison for obtaining confidential documents from the automaker. A French tribunal stopped short of an industrial espionage verdict, instead finding that she had “abused trust.”

Source: Reuters / Yahoo!

Tags: , , , , ,
Comment

How to protect against Firesheep attacks

Filed under: Exploit, FireFox, Hackers, Internet, WiFi by Ryan Boese — 3 Comments
October 26, 2010

Security experts today suggested ways users can protect themselves against Firesheep, the new Firefox browser add-on that lets amateurs hijack users’ access to Facebook, Twitter and other popular services via Wi-Fi.

Firesheep adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site.

A simple double-click gives a hacker instant access to logged-on sites ranging from Twitter and Facebook to bit.ly and Flickr.

Since researcher Eric Butler released Firesheep on Sunday, the add-on has been downloaded nearly 220,000 times.

“I was in a Peet’s Coffee today, and someone was using Firesheep,” said Andrew Storms, director of security operations at San Francisco-based nCircle Security. “There were only 10 people in there, and one was using it!”

But users aren’t defenseless, Storms and several other experts maintained.

One way they can protect themselves against rogue Firesheep users, experts said on Tuesday, is to avoid public Wi-Fi networks that aren’t encrypted and available only with a password.

However, Ian Gallagher, a senior security engineer with Security Innovation, argued that tosses out the baby with the bathwater. Gallagher is one of the two researchers who debuted Firesheep last weekend at a San Diego conference.

“While open Wi-Fi is the prime proving ground for Firesheep, it’s not the problem,” Gallagher said in a blog post earlier on Tuesday. “This isn’t a vulnerability in Wi-Fi, it’s the lack of security from the sites you’re using.”

Free, open Wi-Fi is not only taken for granted by many, but it’s not the problem. There are plenty of low-risk activities one can do on the Internet at a public hotspot, including reading news or looking up the address of a nearby eatery.

So if Wi-Fi stays, what’s a user to do?

The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.

While many business workers use a VPN to connect to their office network while they’re on the road, consumers typically lack that secure “tunnel” to the Internet.

“But there are some VPN services that you can subscribe to for $5 to $10 month that will prevent someone running Firesheep from ‘sidejacking’ your sessions,” Wisniewski said.

A VPN encrypts all traffic between a computer — a laptop at the airport gate, for instance — and the Internet in general, including the sites vulnerable to Firesheep hijacking. “It’s as good a solution as there is,” Wisniewski said, “and no different, really, than using encrypted Wi-Fi.”

One provider, Strong VPN, prices its service starting at $7 per month or $55 per year.

Gallagher, however, warned that a VPN isn’t a total solution. “That’s just pushing the problem to that VPN or SSH endpoint,” he said. “Your traffic will then leave that server just as it would when it was leaving your laptop, so anyone running Firesheep or other tools could access your data in the same way.”

“A blind suggestion of ‘use a VPN’ doesn’t really solve the problem and may just provide a false sense of security,” he said.

Strong VPN disagreed. “Our servers are in a secure datacenter, so no one’s going to be able to ‘sniff’ the traffic coming in or going out,” a company spokesman countered. “All the traffic from, for example, your laptop in San Francisco, is encrypted when it goes to one of our U.S. servers.”

Storms echoed Strong VPN’s assertion. “I can see [Gallagher's point], that a VPN doesn’t solve the root problem, which is on the service end,” he said. “But although it’s true that the traffic would be clear text when it leaves the VPN server for the site, it’s very unlikely that someone would snoop that traffic.”

Sean Sullivan, a security advisor with F-Secure, recommended Comodo’s TrustConnect as “a VPN in all but name only.” Comodo, a rival of F-Secure, sells the service for $7 per month or $50 annually.

If free is the object, there are options there, too, said Wisniewski, Sullivan and Gallagher, who pointed to a pair of free Firefox add-ons that force the browser to use an encrypted connection when it accesses certain sites.

One of those Firefox add-ons, HTTPS-Everywhere, provided by the Electronic Frontier Foundation (EFF), only works with a defined list of sites, including Twitter, Facebook, PayPal and Google‘s search engine.

The other choice, Force-TLS, serves the same purpose as the EFF’s extension, but lets users specify which sites on which to enforce encryption.

However, other browsers, such as Microsoft‘s Internet Explorer and Google’s Chrome, lack similar add-ons, leaving their users out in the cold.

“I expect that [Firesheep] will spur the EFF or others, maybe in the open source community, to some additional development [of such add-ons], maybe Chrome ports of those extensions,” Sullivan said.

That could take months. In the meantime, Sullivan had another idea. “A MiFi device can encrypt [traffic], so with one you’re always carrying your own Wi-Fi hotspot with you,” he said.

MiFi isn’t cheap, however. Verizon, for example, gives away the hardware but charges between $40 and $60 per month for the access to its 3G network.

Ultimately, moves users make to plug the holes Firesheep exposes are stop-gaps. The elephant in the room, said Butler and Gallagher as they defended the release of the add-on, is the lack of full encryption. And only the sites and services can fix that.

“The real story here is not the success of Firesheep but the fact that something like it is even possible,” Butler wrote in his blog on Tuesday. “Going forward, the metric of Firesheep’s success will quickly change from amount of attention it gains, to the number of sites that adopt proper security. True success will be when Firesheep no longer works at all.”

But for the moment, even security professionals are worried. “I’m at the airport right now,” Wisniewski told Computerworld. “And I’m wondering if someone is using Firesheep here. Maybe I should do a little ‘shoulder browsing’ to see if anyone has it running.”

Source : ComputerWorld

Tags: , , , , ,
Comment

Russian Hacker Builds 70 Terabyte Home Computer

Filed under: Computers, Hackers by Ryan Boese — Leave a comment
October 23, 2010

Ever find yourself deleting some files to make room for your overgrown media collection? Thanks to a new hack from a Russian PC enthusiast you should have plenty of room for your MP3 collection, along with the collections of everybody else you know. The hack consists of an array of 60 hard drives and the whole thing holds a whopping 70 terabytes of data.

That translates to 70,000 DVD-quality movies or, if you’re more musically inclined, somewhere in the neighborhood of 24 million songs. Of course, that kind of storage space doesn’t come easy. Besides the 60 drives themselves the rig requires 40 cooling fans to keep the temperature under control.

The final package may not win any awards for case design but the whole thing has a certain kind of stark utilitarian beauty to it. Presumably the unnamed maker is keeping the case open so he can switch the set up out with even heftier drives as they come along to keep the project from looking like an absurd relic a decade or so from now thanks to the storage equivalent to Moore’s Law.

Source: PC World

Tags: , , ,
Comment

Adobe Fixes 20 Vulnerabilities in Shockwave Player

Filed under: Adobe, Exploit, Security by Ryan Boese — Leave a comment
August 25, 2010

Adobe Systems patched 20 security vulnerabilities in its Shockwave Player on Tuesday. Most of the flaws could allow an attacker to run their own code on an affected computer.

The vulnerabilities are in versions of Shockwave Player up to version 11.5.7.609, on both Apple’s Mac OS X and Microsoft Windows. The patched version is 11.5.8.612, according to an Adobe advisory.

Eighteen of the problems could lead to code execution, while the remaining two are denial of service issues, one of which could possibly lead to remote code execution.

Shockwave Player is used to display content created by Adobe’s Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content and offers greater control over how those elements are displayed.

The problems were discovered by various researchers, and Adobe credited Fortinet and Check Point, as well as anonymous researchers who contributed to TippingPoint’s Zero Day Initiative and iDefense’s Vulnerability Contributor Program, both of which will pay researchers for vulnerability information if they meet certain conditions.

Adobe says its Shockwave software is installed on more than 450 million desktops. Adobe has stepped up its security program as attackers have focused on trying to find vulnerabilities in its applications due to their wide installation base.

Source: Yahoo!

Tags: , , , , ,
Comment