Encryption system used to exploit protected Wifi networks

Everyone knows that they could be a potential target for cyber-crime; as it often appears in the news almost every day. But just how vulnerable is an individual? CERT recently made a statement about how your Wifi network could be exploited if proper precautions are not taken.

On October 16th, 2017, the Computer Emergency Readiness Team made an announcement that addresses the protection of your sensitive information. In short, its advice is to update all your devices when security advancements are available. The reason for this is that a widely used encryption system used on wireless networks can lead to a breach of your credit card information, emails, passwords, etc.

Essentially, the system allows a hacker to gain access to the internet traffic that occurs between computers. Once in, the hacker can manipulate the data that is recovered. Depending on the target’s network configurations, it is even possible for the attacker to inject malware into the network. The unsettling part about this encryption system is that it has the capability of effecting a very wide range of devices including Android, Apple, Linux, and Windows.

Companies such as Intel, Microsoft, Google, and Apple have heeded this advice and have released updates that will help protect people with their devices from this issue.

– Jared Albert

 

Advertisements

Lenovo Patches Bug Affecting Tens of Millions of Devices

The security vulnerabilities were discovered on May 10 by Imre Rad, an independent security researcher, and reported to Lenovo on May 14. On Oct. 5, Lenovo released four patches for its Android tablets, Vibe and Zuk phones, and Moto M and Moto E3 model handsets.

According to Rad, the vulnerabilities were related to the Lenovo Service Framework, an Android application exclusive to Lenovo devices. Lenovo states the application is used to receive notifications from Lenovo servers (product promotions, news, notices, surveys) and to facilitate emergency app repairs and upgrades when necessary.

However, the application could be exploited by attackers to help download code onto devices from a server, resulting in remote code execution. Rad described four vulnerabilities:

CVE-2017-3758 – Improper access controls on several Android components of the LSF application.

CVE-2017-3759 – The application accepts responses from the server without proper validation, meaning it was vulnerable to man in the middle attacks.

CVE-2017-3760 – The credentials for integrity verification of downloaded applications and/or data was not secure.

CVE-2017-3761 – The application runs some system commands without proper sanitation of input.

Lenovo states that the issues have been patched and updates are available both manually and automatically. They are not aware of any of the vulnerabilities being exploited.

– Antony Lin

Source:

https://threatpost.com/lenovo-quietly-patches-massive-bug-impacting-its-android-tablets-and-zuk-vibe-phones/128489/

New DoubleLocker Ransomware Attacks Android Devices

Security researchers have discovered a new kind of ransomware for android that both changes the affected device’s PIN code and encrypts the files. It goes by the name DoubleLocker and is reported to use code from an old banking trojan called Svpeng. This was formerly one one of the more interesting pieces of android malware. It would overlay fake banking logins, steal money from bank accounts using sms account management, change PIN codes, and encrypt user files. Fortunately the DoubleLocker ransomware doesn’t attempt to steal any banking information. At least not yet.

DoubleLocker takes a new approach to ransomware, being the first of its kind to misuse Android’s accessibility service to gain admin rights. Once it is installed, usually through a fake flash player update, the app gives requests device accessibility permissions. If the user enables these, the app is able to simulate touches on the screen so it can make itself a device administrator and set itself as the default home app. This means that whenever the user presses the home button, the malware is re-launched. The app uses its administrator rights to change the PIN code on the phone and encrypt all of the user files to .cryeye files with a random key stored at a remote location.

doublelocker

Once running, the app shows a ransom request for 0.013 BTC (about $70) like this one, which when paid will remotely decrypt the phone and remove the PIN lock.

There are a few ways to protect yourself from these kinds of attacks. For one, Flash Player for mobile is dead so don’t be trying to update it. More generally, however, you should

  • Only install apps from trusted sources
  • Keep the “Unknown Sources” checkbox off unless you have a very good reason to turn it on. Always turn it back off right afterwards.
  • Keep an antivirus app on your smartphone

 

Sources used:

 

~ Daniel Monteagudo

Kaspersky Lab Antivirus Used to Retrieve Sensitive Data

A few days ago, sensitive information from an NSA contractor who worked with top-secret and confidential information on his home computer was stolen because the computer had Kaspersky antivirus software installed on it. Russian hackers used the software to steal the information, but a new report says that this flaw in the software might not even be a flaw at all and in fact intentional. The software would scan for viruses but it would also look for key phrases such as “top secret” which would be present on secret government documents.

This additional hidden feature of Kaspersky’s antivirus software is something that would have had to be added with company knowledge. While suspicious continue to pile up over the program, Kaspersky Lab denies any knowledge of this feature and dismisses claims that they are working with the Russian government. However, there is an interesting connection between the founder of Kaspersky and the Russian government since the founder went to a KGB technical school.

This issue was most likely first brought to light when Israel alerted the US about the spying being done by Kaspersky. Following this report, the US has been able to verify that spying is being done and the Department of Homeland Security banned all federal agencies from using the antivirus software.

~ Alex Haubert

Source: http://bgr.com/2017/10/12/kaspersky-antivirus-spying-users-russia-spies/

Uber is Yet Again Spying on Users’ Phones

Throughout the past year, Uber has been called out on many controversial practices. In May of 2016, they were revealed to be monitoring battery life of users’ phones (Forbes.com). In November they started requiring that the app could always gather data about the user’s location and phone, however in August, they released a statement saying they would stop tracking a user’s location at all times (Reuters.com). They were even caught using software to find out if people were driving for both Uber, as well as their competitor Lyft (wsj.com).

Recently, Uber has been revealed to yet again be monitoring perhaps a bit too much information. Applying only to Apple phones, Uber was able to Record an Uber user’s phone screen, even while the app was just running in the background. Apple explicitly granted them this “entitlement,” something they have given to no other third-party developer. It’s original use was for an old version of the Apple Watch app, specifically to run the heavy lifting of rendering maps on your phone and then send the rendering to the Watch app (Gizmodo.com), however that’s no longer necessary after frequent improvement to Apple’s OS.

This permission could be used for many malicious things; the ability to view and record every user’s screen as long as the app was running in the background is something that shouldn’t be given to many apps, if any at all, and especially not one with such a history as Uber. It could be used to steal passwords and important information, view people’s private messages, and see anything else that someone might be using their phone for. They could also use it to see if people were using their competition, Lyft, which isn’t too far-fetched after being caught using a program to nicknamed “Hell”, which allowed Uber to view how many Lyft drivers were available, and what their prices were, as well as determine if people were driving for both Uber and Lyft.

Thankfully, this function will be removed from the app, so people no longer have to worry. Whether or not Uber will do something again to make user’s wary of privacy is up for debate, but with their history it’s not unlikely.

 

-Chris Heine

Sources:

Screen Monitoring: https://gizmodo.com/researchers-uber-s-ios-app-had-secret-permissions-that-1819177235

Battery Monitoring: https://www.forbes.com/sites/amitchowdhry/2016/05/25/uber-low-battery/#68a6950574b3

Constant Location Tracking: https://www.reuters.com/article/us-uber-privacy/uber-to-end-post-trip-tracking-of-riders-as-part-of-privacy-push-idUSKCN1B90EN

Software “Hell”: https://www.wsj.com/articles/uber-faces-fbi-probe-overprogram-targeting-rival-lyft-1504872001