RSA Key Factorization Attack

Following the revelation of the KRACK WPA2 vulnerability,  another widespread vulnerability, dubbed ROCA, appeared affecting millions of devices running Infineon Technology’s Trusted Platform Module chips.

Cryptographic RSA pairs generated on Infineon’s TPM are vulnerable to a factorization attack. It allows attackers to reverse-calculate someone’s private key based solely off of their public key. The risks of this vulnerability are that the attacker can impersonate the key owner, decrypt the user’s data protected by this key, injecting malware into signed software, etc.

Major vendors including Infineon, Google, and Microsoft have already released the software updates for affected hardware and software as well as guidelines for mitigation of the vulnerability.

End users are encouraged to patch their affected devices as soon as possible.

– Matthew Turi

Sources

https://thehackernews.com/2017/10/rsa-encryption-keys.html

Advertisements

The Hard Apple: Why It’s Difficult to Acquire Malware on a Mac

It always seems like there is a new virus, new malware, new adware, that happens to pop up on a computer running Windows. But why do we not here about this happening on a Mac? The answer is hidden under the operating system, tracing it to it’s roots, along with the attacker’s target audience.

Apple Mac computers are a Unix based operating system. Unix is normally a very secure operating system with their own built in features. Along with this, Apple has added its own type of security features along with this. One of these features is called Gatekeeper. Gatekeeper blocks any software than hasn’t been digitally signed and approved by Apple. A second feature  used by Mac’s is known as the act of Sandboxing. The process involves the checking of applications to confirm that they are only doing what they’re supposed to be doing. Sandboxing also isolates the applications from system components and other parts of the computer that do not have anything to do with the app’s initial designed purpose. The final security that is used by Apple is called FileVault2, which is a simple file management system that encrypts all of the files on the Mac computers. These embedded securities created by Apple help to create a more secure system for their users.

Normally, it would be thought that Mac users would be an easy group to target, but based on recent data, it is seen by most attackers that the amount of people present in the Apple community is not worth the overall effort of making a virus or malware that can be successful for passing through all of the Apple security obstacles. The reason why there are very limited viruses/malware for Mac devices, is because the attackers have a greater and easier target audience for Windows users.

Regardless of the very few amount of Mac related viruses and malware, there have still been instances of them occurring. In just 2017, there has been a 230% increase in Mac malware. An example of this is the OSX/Dok malware. OSX/Dok occurred in April 2017 and was a trojan that would hijack all incoming and outgoing traffic with the Mac computer. The trojan was signed with a valid certificate from Apple, meaning that the hackers could have used a legitimate developers account to initialize this attack. Another attack that took place in February of 2017 was called MacDownloader. This adware would display to a user as a free update for the Adobe Flash Player. When the installer ran, the program would prompt the user that there is adware on the Mac and would prompt for the system password. This would then begin the process of transmitting data (ie. usernames, passwords, etc.) to a remote server. The final example of successful Mac malware would be one called Safari-Get. Happening in November of 2016, this was a type of social engineering that involved sending out links through emails and the link either opening multiple iTunes windows, or multiple draft emails (just depending on the Mac operating system version). This would cause the system to freeze or cause a memory overload and force a shutdown.

Regardless of the lack of effort put forth by attackers towards Mac users, there still should be some safety concern for users. This can be made easily by updating applications and being careful when clicking links or even opening certain files.

-Ryan Keihm

Sources

Do Macs get viruses, and do Macs need antivirus software?

16 Apple Security Advances to Take Note of in 2016

Volkswagen establishes new cyber security company called CyMotive Technologies.

Last week on the 14th of September, Volkswagen had announced that they have formed a new corporation called CyMotive Technologies with the goal of helping to insure that smart cars and self driving cars can be protected from attacks by hackers, who could otherwise potentially threaten the lives of both the passengers of the car and the surrounding pedestrians.

volkswagen-emblemThis company is being co-owned by Yuval Diskin, ex-head of Israel’s Shin Bet Intelligence Agency, along with two other of his colleagues.  Diskin has been a consultant in the cyber security community since he left Shin Bat in 2011, also apparently having worked with Volkswagen for about half a decade before CyMotive was launched.

This is no doubt in response to concerns of safety in a more connected vehicle.  As more and more systems become electronic and hackable, the worry of what a hacker can do to a vehicle remotely have also increased.  This need for security will only increase as we start to see companies making self driving cars, which if hacked could be a massive danger to those on the road.

As it stands CyMotive will be only working with Volkswagen, though perhaps over time it might either offer its services to other automotive companies or inspire similar firms to be developed.

Original Article: http://www.reuters.com/article/us-volkswagen-cyber-israel-idUSKCN11K1DA

-jes5746

iPhone Passcode Hack

Just a few days ago, Dr Sergei Skorobogatov, who works at the University of Cambridge laboratory, was able to develop a method to crack an unknown pin code on an iPhone 5c.  He did it by removing the Nand chip, which is the main memory of the phone, studying how it communicated with the phone and successfully cloning it.

The purpose of this is to allow for an unlimited number of passcode attempts as usually an iPhone will lock up after a few incorrect tries. This directly contradicts a claim by the FBI that this method (called Name mirroring) would not work during the time they were attempting to access San Bernardino gunman Syed Rizwan Farook’s iPhone 5c.

Dr Skorobogatov made a YouTube video demonstrating his method of removing and replacing the Nand chip and the successful reset of the passcode lockout counter.

Using this method, he was able to crack a 4 digit code in about 40 hours and a 6 digit code could take hundreds of hours. In order to crack newer phones, Dr Skorobogatov said more information was needed about how Apple stored data in memory and he would need a more sophisticated set-up to extract the memory chip.

Apple has not responded to this yet.

Link to original article: http://www.bbc.com/news/technology-37407047

Bromium and Microsoft: Is Micro-Virtualization the Next Step in Cyber Security?

Using virtual machines to isolate programs and processes that could be harmful in the computing community for years. This ensures that the hardware is fully isolated and cannot be harmed by malicious code. A company called Bromium has taken this concept and created what they call “Micro-Virtualization”, a process of taking programs and running it in their own environment, so nothing they do can effect the hardware directly. This creates a computer that essentially acts as a controller, isolating itself from the actual processes its running to remain uninfected from any attack. However, running this as a 3rd party component of a server or workstation operating system might lead to a slow down in load times and efficiency.

Taking on this problem, Bromium has created a partnership with Microsoft, integrating parts of their system directly into the operating system, rather than having it run on top of it. This would make the ‘hand off’ of programs from hardware to VM seamless, as well as make sure there are no faults in configuring how the program works.m5

Photo Courtesy of blogs.bromium.com

So how does it work? The largest component of Bromium is a system that they call the ‘Microvisor’, which is the name of the Micro-Virtualization implementation that they came up with in Windows 10. By doing this, they claim that any program that is run is perfectly safe, as it eliminates the dangers of ‘Zero Day’ exploits, un-patchable programs, and unpatched programs in the system. The company also claims that the hardware and the system will be ‘invulnerable’.

The other side of the integration is ‘LAVA’, which is their answer to how forensics can be conducted within the Microvisor system that they developed. It works by letting the attack develop in the Micro-Virtualization, and then reporting it to the administrators on the network, giving the full details of the attempted attack as it unfolds in a safe environment. This can help administrators learn how the attacks work in real time, as well as help them develop ways to counter them, or even trace them back without the threat of the virus spreading.

While this system seems secure as it is, no system is ever 100 percent secure. While the Microvisor system runs low in the operating system, it still is not at the kernel level, and thus could theoretically be bypassed. However, the author does believe that this system might be the best step forward in the Cyber Security world, as it catches vulnerabilities in a virtual net so they can be easily managed and dealt with as they arise.

-Will Eatherly

Sources:

http://blogs.bromium.com/2015/07/13/bromium-partners-to-bring-micro-virtualization-to-windows-10/

http://learn.bromium.com/microsoft-partnership.html

http://www.bromium.com/