Smartwatches designed for children have become a target for hackers.

Smartwatches are becoming more and more popular to the general population. However did you know even young children are starting to wear smartwatches. In theory this sounds like not such a bad idea they give the parent a way to see where their young child is and communicate with them if need be. These watches also offer a way for the child to quickly call their parents in case of an emergency. This all sound good until you realize a hacker can get into the watch and do the same things.

The Norwegian Consumer Council tested some of these watches and found that some were transmitting the GPS data without encryption. This allows for hackers with basic tools to get into the watch and track the movements of the child wearing the watch, which is an incredibly dangerous problem. The hacker could also spoof the location and make it look like the child is in a completely different place. They also found that the hacker could communicate with the child and eavesdrop on the conversations the child is having with others on the watch. Thankfully many of the company’s who designed and produce the watches have recalled the watches and started to fix the problems and make them more secure.

-Levi Walker

Sources:

http://www.bbc.com/news/technology-41652742?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

 

Advertisements

Lenovo Patches Bug Affecting Tens of Millions of Devices

The security vulnerabilities were discovered on May 10 by Imre Rad, an independent security researcher, and reported to Lenovo on May 14. On Oct. 5, Lenovo released four patches for its Android tablets, Vibe and Zuk phones, and Moto M and Moto E3 model handsets.

According to Rad, the vulnerabilities were related to the Lenovo Service Framework, an Android application exclusive to Lenovo devices. Lenovo states the application is used to receive notifications from Lenovo servers (product promotions, news, notices, surveys) and to facilitate emergency app repairs and upgrades when necessary.

However, the application could be exploited by attackers to help download code onto devices from a server, resulting in remote code execution. Rad described four vulnerabilities:

CVE-2017-3758 – Improper access controls on several Android components of the LSF application.

CVE-2017-3759 – The application accepts responses from the server without proper validation, meaning it was vulnerable to man in the middle attacks.

CVE-2017-3760 – The credentials for integrity verification of downloaded applications and/or data was not secure.

CVE-2017-3761 – The application runs some system commands without proper sanitation of input.

Lenovo states that the issues have been patched and updates are available both manually and automatically. They are not aware of any of the vulnerabilities being exploited.

– Antony Lin

Source:

https://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-android-tablets-and-zuk-vibe-phones/128489/

New DoubleLocker Ransomware Attacks Android Devices

Security researchers have discovered a new kind of ransomware for android that both changes the affected device’s PIN code and encrypts the files. It goes by the name DoubleLocker and is reported to use code from an old banking trojan called Svpeng. This was formerly one one of the more interesting pieces of android malware. It would overlay fake banking logins, steal money from bank accounts using sms account management, change PIN codes, and encrypt user files. Fortunately the DoubleLocker ransomware doesn’t attempt to steal any banking information. At least not yet.

DoubleLocker takes a new approach to ransomware, being the first of its kind to misuse Android’s accessibility service to gain admin rights. Once it is installed, usually through a fake flash player update, the app gives requests device accessibility permissions. If the user enables these, the app is able to simulate touches on the screen so it can make itself a device administrator and set itself as the default home app. This means that whenever the user presses the home button, the malware is re-launched. The app uses its administrator rights to change the PIN code on the phone and encrypt all of the user files to .cryeye files with a random key stored at a remote location.

doublelocker

Once running, the app shows a ransom request for 0.013 BTC (about $70) like this one, which when paid will remotely decrypt the phone and remove the PIN lock.

There are a few ways to protect yourself from these kinds of attacks. For one, Flash Player for mobile is dead so don’t be trying to update it. More generally, however, you should

  • Only install apps from trusted sources
  • Keep the “Unknown Sources” checkbox off unless you have a very good reason to turn it on. Always turn it back off right afterwards.
  • Keep an antivirus app on your smartphone

 

Sources used:

 

~ Daniel Monteagudo

BankBots on the Google Play Store

 

c3452b27c92648ae7f8b3dab2dfee1cd

Image courtesy of SecurityLab.ru. Yes, it’s Russian.

“The Google Play store once again has been invaded with apps carrying BankBot.” The article, written by Bradley Barth for SC Magazine, starts off on a strong note. What catches my attention is the short phrase once again. That, however, is for another time. BankBots are on the rise again, and it’s spread to 160 apps across 27 different countries, according to Barth.

“What is BankBot,” an article on The Merkle, desribes BankBot’s as “Android Banking Trojans.” BankBot is a malicious campaign with an intent to attack us through convenience — banking apps. Once there was a time when the biggest threat to banks were physical robberies and stock market crashes. Nowadays, the Internet of Things is the biggest perpetrator of bank attacks.

With the shift towards total digital domination of our lives, banks have followed suit by developing downloadable apps for ease-of-access banking. Of course, these banks require legitimate credentials for use. BankBots take advantage of this fact, as well as the lack of attention by consumers to develop imitation apps that somehow evade all Google Play Store legitimacy checks. So, how easy is it to get into BankBotting? Buntinx of The Merkle feels as though anyone can get started in the business of malicious banking. Many well-known hacking forums (remaining unnamed for obvious reasons) have multiple easy-to-follow, step-by-step, baby’s-first-BankBot tutorials that anyone can follow, free of charge. Because of this, there isn’t just one type of BankBot; people are taking the base design and creating personalized copies that range in complexity and scope of attacks.

In the months of April, May, and June of 2017, 62 separate long-term BankBot campaigns were discovered and shut-down. This was only the first wave of mass-BankBotting. BankBots were found to be the first malicious banking Trojans able to work their way into many high-security banks, work internationally, bypass Play Store vetting, and have the ability to communicate to web-based backends. These Trojans also have the ability to hijack and intercept SMS messages. Well-known banking Trojans like ZeuZ and EDA2 are beginning to find themselves shadowed by the ability of the BankBot campaign.

This campaign only affects Android users using third-party or non-major banking apps. The only way to protect your banking credentials is using trusted apps and websites (or just stick to iOS).

-Ryan W. Moore, 21 September 2017

Sources:

https://www.scmagazine.com/more-bankbot-apps-sneak-into-google-store-uae-banks-added-to-malwares-targets/article/688379/

https://themerkle.com/what-is-bankbot/

 

BlueBorne, a Bluetooth Vulnerability

Armis has identified a new threat to almost every device we own. There are eight vulnerabilities that have been identified, four of which are critical. These vulnerabilities affect over 5 billion Android, Windows, iOS, and Linux devices. This vulnerability is known as BlueBorne.

What makes this vulnerability different than most cyber attacks is that there is no link that a user has to click on or a malicious file that the user has to download to become a victim. The user doesn’t even have to be connected to the internet. Instead, BlueBorne is spread through a devices Bluetooth connection. The attack doesn’t require the targeted device to be paired to the attackers device or even for the targeted device to be set to discoverable mode.

Image result for BlueBorne

This all contributes to BlueBorne being easily spread to devices at a possible unprecedented rate. Bluetooth processes have high privileges on all operating systems which allows this exploit to completely take over the device. Android devices are vulnerable to remote code execution, information leaks, and Man-in-The-Middle attacks. Windows devices are vulnerable to the Man-in-The-Middle attack. Linux devices running BlueZ are affected by the information leak vulnerability, and Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (This includes many smart watches, smart tvs, and smart refrigerators). iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability, but this vulnerability was already patched for users running iOS 10. Even networks that are “air gapped” are at risk of this attack, and includes industrial systems, government agencies, and critical infrastructure.

Examples of attacks:

  • Taking a picture on a phone and sending it to the hacker
  • Listening to a conversation through a wearable device
  • Redirecting a user to a fake login page to steal their login information
  • Cyber espionage
  • Data theft
  • Ransomware
  • Creating large botnets out of IoT devices

Many companies are pushing out updates for their users, but for many it is too late, and for others they have older devices that will not receive the updates.

As of 9/13/17:

  • Apple users with iOS 10 are safe
  • Google has released a patch for this vulnerability for Android Marshmallow and Nougat, but it might be weeks before the patch is available to some Android users
  • Microsoft patched the vulnerabilities in July
  • A patch for Linux is expected to be released soon

The problem is that even with these patches, there are many users who are unaware of this exploitation and/or do not update their devices regularly. For users that haven’t updated their devices or do not have an update for their device, the safest thing to do is to turn Bluetooth off on your phone and leave it off until there is a patch for your device

 

Source: https://www.armis.com/blueborne/

 

-Matthew Smith