Rootkit Found on Android Phones

3d-android-logo-wallpaperYou can’t get the new phone because it lights on fire, and now you may have to get rid of your old phone. However, most of you should be safe as this pre-installed rootkit was found on Chinese devices. So here’s what the hack allowed:

Over 3 million phones were found to have the following

The vulnerable mechanism, which is associated with Chinese mobile firm Ragentek   Group, contains a hidden binary — resides as /system/bin/debugs — that runs with root privileges and communicates over unencrypted channels with three hosts.
According to the researchers, this privileged binary not only exposes user-specific information to attackers but also acts as a rootkit, potentially allowing attackers to remotely execute arbitrary commands on affected devices as a privileged user.
According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy. (This is where the most comes from).
So why is this a big deal?
This could allow a remote attacker to extract personal information from an affected device, remotely wiping the whole device, and even make it possible to gain access to other systems on a corporate network and steal sensitive data.
  • BLU Studio G
  • BLU Studio G Plus
  • BLU Studio 6.0 HD
  • BLU Studio X
  • BLU Studio X Plus
  • BLU Studio C HD
  • Infinix Hot X507
  • Infinix Hot 2 X510
  • Infinix Zero X506
  • Infinix Zero 2 X509
  • DOOGEE Voyager 2 DG310
  • LEAGOO Lead 5
  • LEAGOO Lead 6
  • LEAGOO Lead 3i
  • LEAGOO Lead 2S
  • LEAGOO Alfa 6
  • IKU Colorful K45i
  • Beeline Pro 2
  • XOLO Cube 5.0

-Nick Walter (njw4227)

Source: http://thehackernews.com/2016/11/hacking-android-smartphone18.html

Cars Are Getting Hacked, What’s New?

Image result

For those who didn’t know, cars are already fully capable of driving themselves and are available for purchase. Now due to legal issues there still must be a person operating the vehicle, but it’s not like that person has to do anything.

Well recently, Tesla was exposed for their self driving car feature being hacked remotely by two guys who were 12 miles away. The hackers were working with Tesla so no real harm was done. The hackers were able to do basically anything they wanted to do with the car from driving it to moving around seats inside of it. The hackers also said that it wasn’t just one model of Tesla, the same hack worked for numerous models they tried it on.

I guess the only bright side to this is that in order for the car to be hacked, the car had to be connected to a malicious WiFi hotspot and the car’s web browser had to be opened manually by the driver. So the moral here is if you ever have a self driving car, a) make sure you’re actually the one driving it. And b) just don’t open your web browser and you’ll be good, for now.

As a side note, Tesla did patch this flaw in their software within 10 days of the flaws being detected, so at least they work faster than apple.

Sources:

http://thehackernews.com/2016/09/hack-tesla-autopilot.html

https://www.google.com/imgres?imgurl=http%3A%2F%2Fbuyersguide.caranddriver.com%2Fmedia%2Fassets%2Fsubmodel%2F7651.jpg&imgrefurl=http%3A%2F%2Fwww.caranddriver.com%2Ftesla%2Fmodel-s&docid=y3jhKqU0YjzsWM&tbnid=WghqSLLXRGvH_M%3A&w=800&h=489&bih=964&biw=1920&ved=0ahUKEwi8lMa7u63PAhXJMz4KHSpRDcgQMwhLKAQwBA&iact=mrc&uact=8