Smartwatches designed for children have become a target for hackers.

Smartwatches are becoming more and more popular to the general population. However did you know even young children are starting to wear smartwatches. In theory this sounds like not such a bad idea they give the parent a way to see where their young child is and communicate with them if need be. These watches also offer a way for the child to quickly call their parents in case of an emergency. This all sound good until you realize a hacker can get into the watch and do the same things.

The Norwegian Consumer Council tested some of these watches and found that some were transmitting the GPS data without encryption. This allows for hackers with basic tools to get into the watch and track the movements of the child wearing the watch, which is an incredibly dangerous problem. The hacker could also spoof the location and make it look like the child is in a completely different place. They also found that the hacker could communicate with the child and eavesdrop on the conversations the child is having with others on the watch. Thankfully many of the company’s who designed and produce the watches have recalled the watches and started to fix the problems and make them more secure.

-Levi Walker

Sources:

http://www.bbc.com/news/technology-41652742?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

 

Advertisements

RSA Key Factorization Attack

Following the revelation of the KRACK WPA2 vulnerability,  another widespread vulnerability, dubbed ROCA, appeared affecting millions of devices running Infineon Technology’s Trusted Platform Module chips.

Cryptographic RSA pairs generated on Infineon’s TPM are vulnerable to a factorization attack. It allows attackers to reverse-calculate someone’s private key based solely off of their public key. The risks of this vulnerability are that the attacker can impersonate the key owner, decrypt the user’s data protected by this key, injecting malware into signed software, etc.

Major vendors including Infineon, Google, and Microsoft have already released the software updates for affected hardware and software as well as guidelines for mitigation of the vulnerability.

End users are encouraged to patch their affected devices as soon as possible.

– Matthew Turi

Sources

https://thehackernews.com/2017/10/rsa-encryption-keys.html

Reaper Botnet Dwarfs Mirai

Mirai-botnet-diagram-1


By this point everyone and their mother has heard of the botnet dubbed ‘Mirai’, an infamous botnet infrastructure from last year that managed to take down a good chunk of the internet by attacking Dyn, a DNS provider. Well as of this September, weak passwords might have become the least of your worries if you’re like 60% of Check Point’s ThreatCloud covered corporations, and have un-patched vulnerabilities on your network.

Dubbed Reaper, or IOTroop by some, a new IoT botnet is propagating, and shows no sign of slowing down. Today, researchers have ruled out the possibility that Mirai and Reaper are connected, at least on a technical level, due to the superiority that Reaper has displayed in its intrusion and propagation techniques. Whereas Mirai was spread through the exploitation of default passwords across IoT devices, Reaper utilizes a specialized strand of malware that exploits well known vulnerabilities (such as those present in many printers and IoT toasters) to gain entry to a device, and further uses that device to spread itself to others connected.

With near exponential growth, Qihoo 360 Netlab witnessed approximately 2 million newly infected devices waiting to be processed by a C&C server, of which there are several that have thus been identified. The best thing that any concerned corporation or user can do at this point in time, would be to ensure that every machine on their network has updated firmware, and software in an attempt to limit the spread of this variable plague infecting IoT networks worldwide.

Currently, it appears as if we all might be witnessing a ‘calm before the storm’, situation, with this botnet ramping up massively in numbers and, according to Check Point, updating its capabilities on a daily basis. What else can I say but stay safe, and brace for impact, as when this thing hits, it’ll make the Dyn attack look like a birthday party.

– Kenneth Nero

Sources: Here, and Here, also Here

Lenovo Patches Bug Affecting Tens of Millions of Devices

The security vulnerabilities were discovered on May 10 by Imre Rad, an independent security researcher, and reported to Lenovo on May 14. On Oct. 5, Lenovo released four patches for its Android tablets, Vibe and Zuk phones, and Moto M and Moto E3 model handsets.

According to Rad, the vulnerabilities were related to the Lenovo Service Framework, an Android application exclusive to Lenovo devices. Lenovo states the application is used to receive notifications from Lenovo servers (product promotions, news, notices, surveys) and to facilitate emergency app repairs and upgrades when necessary.

However, the application could be exploited by attackers to help download code onto devices from a server, resulting in remote code execution. Rad described four vulnerabilities:

CVE-2017-3758 – Improper access controls on several Android components of the LSF application.

CVE-2017-3759 – The application accepts responses from the server without proper validation, meaning it was vulnerable to man in the middle attacks.

CVE-2017-3760 – The credentials for integrity verification of downloaded applications and/or data was not secure.

CVE-2017-3761 – The application runs some system commands without proper sanitation of input.

Lenovo states that the issues have been patched and updates are available both manually and automatically. They are not aware of any of the vulnerabilities being exploited.

– Antony Lin

Source:

https://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-android-tablets-and-zuk-vibe-phones/128489/

New DoubleLocker Ransomware Attacks Android Devices

Security researchers have discovered a new kind of ransomware for android that both changes the affected device’s PIN code and encrypts the files. It goes by the name DoubleLocker and is reported to use code from an old banking trojan called Svpeng. This was formerly one one of the more interesting pieces of android malware. It would overlay fake banking logins, steal money from bank accounts using sms account management, change PIN codes, and encrypt user files. Fortunately the DoubleLocker ransomware doesn’t attempt to steal any banking information. At least not yet.

DoubleLocker takes a new approach to ransomware, being the first of its kind to misuse Android’s accessibility service to gain admin rights. Once it is installed, usually through a fake flash player update, the app gives requests device accessibility permissions. If the user enables these, the app is able to simulate touches on the screen so it can make itself a device administrator and set itself as the default home app. This means that whenever the user presses the home button, the malware is re-launched. The app uses its administrator rights to change the PIN code on the phone and encrypt all of the user files to .cryeye files with a random key stored at a remote location.

doublelocker

Once running, the app shows a ransom request for 0.013 BTC (about $70) like this one, which when paid will remotely decrypt the phone and remove the PIN lock.

There are a few ways to protect yourself from these kinds of attacks. For one, Flash Player for mobile is dead so don’t be trying to update it. More generally, however, you should

  • Only install apps from trusted sources
  • Keep the “Unknown Sources” checkbox off unless you have a very good reason to turn it on. Always turn it back off right afterwards.
  • Keep an antivirus app on your smartphone

 

Sources used:

 

~ Daniel Monteagudo