St. Jude Medical heart devices come under attack in security lawsuit

St. Jude Medical is currently being targeted due to security vulnerabilities in implanted heart devices. Back in August, MedSec and Muddy Waters released a report about how St. Jude’s pacemakers and defibrillators were vulnerable to cyberattacks that could result in battery drain or manipulation of pacemaker beat rates. This could in turn put a patient’s life at risk.

Bishop Fox, an independent security firm, recently provided a testimony stating that the St. Jude cardiac devices ecosystem does not meet the security requirements of a system responsible for safeguarding life-sustaining equipment implanted in patients. In addition, the wireless protocol used by the devices to communicate also have vulnerabilities that allow attackers to take control of the device and deliver shocks to patients at a range up to 10 feet and possibly more with additional components.

-AJ Agena

http://www.zdnet.com/article/st-jude-heart-devices-come-under-attack-in-security-lawsuit/

Android Rooting Easier for Malware with DRAMMER attack

Last year security researchers had gotten access to Linux operating systems by using a design flaw in the memory storage to get higher kernel privileges on the system. Now for the first time with dynamic random access memory exploit called Rowhammer, which was already known about but not implemented on a mobile device, hackers will be able to gain “root” access to many android phones.

VUSec Lab at Vrije Universiteit Amsterdam was able to gain access for the first time using the Rowhammer exploit. The exploit works by “executing a malicious application that repeatedly accesses the same “row” of transistors on a memory chip in a tiny fraction of a second in a process called Hammering.” This can disturb a neighboring row causing energy to leak into more rows which causes a bit to flip. Bit flipping allows anyone to change the contents of memory in an operating system.

Drammer has no quick fix so it could become a very big problem for android phone users. They were able to gain access to many phones but none of the newer phones they only got up to the s5 for Samsung’s Galaxy model. The way they were able to access the phones was using something called ION in the android phones DRAM memory. Once the malicious app is downloaded within minutes it will have root access to your phone.

source: http://thehackernews.com/2016/10/root-android-phone-exploit.html

-Gavin Millikan

Someone May Be Planning To Take Down The Internet

According to a recent report by Bruce Schneier, hackers may be planning a takedown of the internet. While China and Russia are the likely suspects, it is unknown who is launching the attacks, and if the US government knows they have decided to stay quiet. Schneier has done a very nice job of describing the attacks:

These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

 

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

According to VeriSign’s (the registrar for .com and .net domains) quarterly report, the most common vector they experienced was, “UDP floods (including Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and Chargen).” The next most common vectors were TCP Layer attacks, IP Fragment attacks, and Application Layer attacks.

Schneier says he doesn’t see a motive in the attacks. However, he says “it feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar.”

Martin McKeay, security advocate at Akamai, says a complete internet takedown is impossible because, “it’s a whole bunch of networks, and you’re not going to take it down unless you take down all the circuits. You can take down a company, an organization, or part of a government — but you can’t really take down the Internet as a whole.” He cites the fact that the transoceanic cables have terabit switches, which can handle far more data than the 500Gbps record for the largest attack. Tim Mathews, vice president of the Incapsula product line at Imperva, concurs saying that the attacks “are an order of magnitude smaller than the bandwidth capacity the largest transit providers and ISPs manage.”

In the event the attacks do manage to take down a registrar, such as VeriSign, it would cause a mass blackout affecting many sites and emails. VeriSign manages 143.2 million domain names, including domains for banks, the stock market, and insurance companies. In addition, the attacks could target emergency services, such as 911 and hospitals.

In the end Schneier admits that we can’t really do anything about it, “but this is happening. And people should know.”

Author: Christian Martin

Sources:
https://www.lawfareblog.com/someone-learning-how-take-down-internet
https://www.verisign.com/assets/report-ddos-trends-Q22016.pdf
http://www.technewsworld.com/story/83894.html
https://www.verisign.com/en_US/company-information/index.xhtml

Hacking the US Voter Registration System

120923060151-jones-voter-registration-00013513-story-top

Every election season, a new discussion sparks up surrounding the security of voting machines and the handling of voter registration information. For the 2016 election cycle, the first victims of vulnerabilities in these systems were the states of Illinois and Arizona. CNN is reporting that both states have had their registration databases breached, but are claiming that their election systems are currently unaffected.

In Illinois it is apparent that roughly 200,000 unique voter registrations have been accessed, but are apparently unchanged. The attack was likely carried out in early June, but was not detected until late July. The database included voters’ names, addresses, sex and birthdays in addition to other information. The database comprises of 15,000,000 records, and some contain a social security number or drivers license number. It is still unclear who is responsible for the breach, or what their intentions with the data are.

In Arizona the attack is a little more clear, but have been going on much longer. The Arizona voter registration system had to be taken down in May after it was discovered that a local official’s username and password had been made publicly available on a forum online. The account used to post the information is linked to a prominent Russian hacker. After taking down the system the forensic analysts determined that it was more than likely the official who’s information had been made public was the victim of a malware attack. It is apparent that no data has been affected, but the severity of the breach is unknown.

You can read the full CNN article here.

-Max Maurin

DDoS Attacks for Profit

vDOS  a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.

Read the rest of the article here http://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/