Lets hack a drone….and make an army!

Parrot Drone

In this day and age drones are now more easily available for the public and will soon be flying around everywhere for everyone. We remember that a couple years ago Amazon showed that they were working a drone delivery service. Whether or not you have one for personal use, military, or even commercial its just a flying computer and it can be hacked! Sammy Kamkar posted in a blog back on Dec 2, 2013 about a program called SkyJack. SkyJack is a drone that is equipped with with a raspberry Pi, a USB battery, a wireless transmitter, aircrack-ng, node-ar-drone, node.js, and the custom sky jack software. The pi is running separately from the drone and flies around looking for specific MAC address that are reserved for drones. Once the signal has been acquired a de-authorization request with aircrack-ng. The flying drone then connects to the other drone using javascript. If there is a camera on the other drone, then that can be streamed live to the owner of the malicious drone via a wireless chip in the PI. You don’t have to have the hacking software on the drone, run it on the ground and grab drones out of the sky.

A more famous example was back in 2011 when Iran brought done a US surveillance drone by spoofing the GPS location. They clam that the data sent to the drone confused it and made it land at what it thought was home base. But instead it ended up in Iran.

Even if SkyJack no longer works it will not be the last hacking attempt on civilian drones. Given a new piece of technology with restrictions the first thing people want to do is break it and make it do something else. In Colorado there was a proposal to have a Hunting License to shoot down drones. This now prompts an arms race between hackers and drone security personnel.

-Evan O’Malley

Sources:
http://samy.pl/skyjack/

http://www.bbc.com/future/story/20140206-can-drones-be-hacked

Companies Turning to Encryption

With so many ‘mega breaches’ happening around the world companies are beginning to turn to encryption as a means to prevent the loss of data. Securing a network against intrusion seems to be next to impossible these days with the proliferation of internet connected devices and phishing attacks. Encrypting sensitive data allows companies to worry less about breaches since the data will be useless to the attacker if it is properly encrypted.

“Encryption, in some ways, is the antidote to bad security,” said Richard Moulds, vice president for strategy for Thales E-Security. “If you believe there’s a risk that data will be lost from your business, then encryption is your backstop. If you lose encrypted data, then the impact is minimized and may even be zero.”

Encrypting data also exempts companies from reporting the breach which helps preserve the company image and save profits. Of course with any silver bullet solution there are always complications. Encrypting data requires key management and protection which can be cumbersome and dangerous in its own right. If the keys to your encrypted data are stolen then your encryption becomes worthless. Or worse if you lose your keys then the data is lost forever which could be the end of your company. Unfortunately very few companies have the tech savvy capabilities to manage encryption on a large scale and engage in very unsafe practices, such as storing keys in text files. There is great opportunity to mitigate the loss through data breaches using encryption, but currently only the elite have the skills to employ the strategy properly.

~Stephen Brewster

http://www.technewsworld.com/story/81964.html

White House email service hacked.

White House officials this week publicly admitted that during October of last year, hackers were able to access Obama’s and the State Department’s unclassified emails. This resulted in system administrators shutting down the unclassified email system for a month. Although the hackers were unable to access the classified emails in Obama’s Blackberry, they did access the email archives of people inside the White House. It is because of this second breach that actual classified information may have been leaked. These e-mails include, among other things, schedules, e-mails with ambassadors and diplomats, talks about policy and legislation changes, and information about future personnel deployments.
The attack is believed to have originated from Russia. According to the New York Times, the hack “was far more intrusive and worrisome than has been publicly acknowledged,” partly because the hacker group is presumed to be linked to, or working for, the Russian government. Although the president’s email was not directly breached, it remains unclear just how many of his emails were accessed through the accounts of other staff.

According to online security company FIreEye,this latest attack follows the modus operandi of Russian state-sponsored cyber attacks. The compile times for the malware matches the normal working hours of major Russian cities, and there is a lack of focus on monetary gain. Instead, the attacks focus on acquiring military, government and security information. Previous targets of this particular group, known as “APT28”, include US defense and military contractors and NATO officials.

https://www.fireeye.com/content/dam/legacy/blog/2014/10/Table-for-APT28.jpg

-Luis Gonzalez.

Sources:
http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclassified-emails-officials-say.html

http://www.zdnet.com/article/russian-hackers-read-obama-emails-report/

Samsung Knox for Android Unsafe to Use, Researcher Says

samsung-knox-lptp

The Samsung Knox login screen on a Galaxy S4 smartphone. Credit: Laptop Magazine.

In October of 2014 a German security researcher says that pre-installed Samsung Knox has security problems and isn’t safe to use due to some obvious security holes.

Samsung touts its Knox software as a safe partition for business professionals that are looking to comply with their company’s security policies.  Samsung further claims that Knox is a “Comprehensive device management solution ideal for enterprises looking to secure their mobile data, while respecting employees’ privacy.”  Samsung Knox is supposed to be secure as its namesake Fort Knox.

Samsung Knox is supposed to be a competitor for applications like BYOD Divide which setup a separate partition on Android devices that provides a separate work space from personal space.  This allows a company’s IT team to remotely manage company data without interfering with an employee’s personal apps and data.  This also consolidates the number of devices an employee has to carry and saves company cash in that the company doesn’t have to purchase devices for employees to use for company business.

When users setup Knox on their device, they chose a pin in case they forget their password.  The pin that is used during the setup process is stored locally on the device in clear text in the pin.xml file.  When a user taps the “Password forgotten?” button and enters their pin, the Knox app will provide the first and last characters, along with the number of characters in their password.  The password is also stored locally on the device though what looks like an AES encrypted string which is a symmetric encryption algorithm.  The decryption program is also stored locally on the device and can be converted to a jar file to be reverse engineered.

Samsung Knox uses the Android ID together with a hardcoded string and mixes them for the encryption key.  Since Knox doesn’t use randomly generated numbers to make the encryption key, attackers can easily find out the Android ID number and use it to generate the encryption key thereby giving them the means to decrypt the locally stored password.

Samsung has since responded to these concerns in an official statement as follows:

“KNOX does save the encryption key required to auto-mount the container’s file system in TrustZone. However, unlike what is implied in the blog, the access to this key is strongly controlled. Only trusted system processes can retrieve it, and KNOX Trusted Boot will lock down the container key store in the event of a system compromise.”

After these concerns were brought forward, Samsung has since deprecated Knox personal and replaced it with My KNOX; however, it is still pre-installed on older Samsung devices.

https://www.samsungknox.com/en

http://www.tomsguide.com/us/samsung-knox-security-flaw,news-19828.html

http://mobilesecurityares.blogspot.com/2014/10/why-samsung-knox-isnt-really-fort-knox.html

https://www.samsungknox.com/en/blog/response-blog-post-samsung-knox

Bill Edwards

China’s New Great Threat

China is notorious for censoring the internet access of its citizens using the “Great Firewall”, but now they have access to a more alarming weapon.  The weapon is being dubbed the Great Cannon, it was identified by the University of Toronto’s Citizen Lab last week.  The Great Cannon was first used in an attack on GitHub and GreatFire.org, The Cannon used a large scale DDoS attack to paralyze the two targets.   The attack was reported to be a response to thwart circumventing Chinese censorship.  But the alarming quality of the Great Cannon is that it can be used on any target around the world.

The Great Cannon injects code into traffic and also suppresses it, although it seems that it was only designed to inject code and that the suppression capabilities were unintended.  During the attacks on GitHub and GreatFire.org the Cannon intercepted traffic sent to servers belonging to Baidu.  These infrastructure servers hosted analytics, social, and advertising scripts.  The Great Cannon responds to only 2% of JavaScript files on the aforementioned servers, when it responds it sends a malicious script that brings the user into the DDoS attack.

Rob Enderle, an analyst at the Enderle Group, said that “”A weapon like this isn’t naturally restricted by borders and could be used by a variety of entities to do massive amounts of damage.”

One of the Great Cannon’s most alarming characteristics is its apparently un-used ability to exploit by IP address.  By switching the configuration of the weapon from operating on traffic directed to a specific IP to operating on traffic from a specific IP could give the operator the ability deliver malware to any targeted individuals that communicate with Chinese servers.

By Michael Grandeau

Link to original article: http://www.technewsworld.com/story/81949.html