Hacking Smartphones Running on MediaTek Processors

 

A dangerous backdoor has been discovered in the MediaTek processor that could be exploited to hack Android devices remotely.

MediaTek is a Taiwan-based hardware company that manufacture hardware chips and processor used in the smartphones and tablets.

The backdoor was discovered by security researcher Justin Case, who already informed MediaTek about the security issue via Twitter, as the chipset manufacturer had no proper vulnerability reporting mechanism in place.

The vulnerability is apparently due to a debug tool that was opened up for carriers to test the device on their networks, but unfortunately, it was left open in the shipped devices, thus leaving the serious backdoor open to hackers.

If exploited, the debug feature could allow hackers to compromise personal data of an Android device, including user’s private contacts, messages, photos, videos and other private data.

MediaTek acknowledged the issue, saying "We are aware of this issue, and it has been reviewed by MediaTek’s security team. It was mainly found in devices running Android 4.4 KitKat, due to a debug feature created for telecommunication inter-operability testing in China."

The issue actually resides in MediaTek MT6582 processor, which worryingly is being used in many high profile Android devices.

So, if your smartphone is using this processor, the only thing you can do for now is to…

...Keep your Android device off the Internet in an effort to protect yourself.

The company also said that it has notified all OEMs of the potential loophole, so it's now up to the affected OEMs to issue a security patch to close the backdoor.

"While this issue affected certain manufacturers, it also only affected a portion of devices for those manufacturers. We have taken steps to alert all manufacturers and remind them of this important feature," MediaTek spokesperson released a statement.

Read more

Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls

Are millions of enterprise users, who rely on the next-generation firewalls for protection, actually protected from hackers?

Probably Not.

Just less than a month after an unauthorized backdoor found in Juniper Networks firewalls, an anonymous security researcher has discovered highly suspicious code in FortiOS firewalls from enterprise security vendor Fortinet.

According to the leaked information, FortiOS operating system, deployed on Fortinet's FortiGate firewall networking equipment, includes an SSH backdoor that can be used to access its firewall equipment.

Anyone can Access FortiOS SSH Backdoor

Anyone with "Fortimanager_Access" username and a hashed version of the "FGTAbc11*xy+Qqz27" password string, which is hard coded into the firewall, can login into Fortinet's FortiGate firewall networking equipment.

However, according to the company's product details, this SSH user is created for challenge-and-response authentication routine for logging into Fortinet's servers with the secure shell (SSH) protocol.

This issue affected all FortiOS versions from 4.3.0 to 4.3.16 and 5.0.0 to 5.0.7, which cover FortiOS builds from between November 2012 and July 2014.

Proof-of-Concept Exploit Code is Available Online

The issue was recently reported by an anonymous user (operator8203@runbox.com), who posted the exploit code on the Full Disclosure mailing list this week, helping wannabe hackers generate the backdoor's dynamic password.

System administrators can also make use of this exploit code to automate their testing process in an effort to find out whether they have any vulnerable FortiGuard network equipment laying around.

A Twitter user also shared a screenshot purporting to show someone gained remote access to a server running FortiOS using the exploit code.

The most important fact to be noted here is anyone using this backdoor account doesn't appear in the device's access logs, as the backdoor might be tied to its FortiManager maintenance platform.

Also, there is less chance with professional sysadmins to expose their SSH port online, but this backdoor account can still be exploited by attackers with access to the local network or a virtual LAN, by infecting an organization's computer.

Fortinet Response on the Issue

Fortinet, on its part, attempted to explain why its products were shipped with hard coded SSH logins. According to the company, its internal team fixed this critical security bug (CVE-2014-2216) in version 5.2.3 back in July 2014, without releasing any advisory.

However, Few Hours ago, Fortinet has finally published a security advisory and an official blog post regarding the incident, saying:

"This was not a 'backdoor' vulnerability issue but rather a management authentication issue. The issue was identified by our Product Security team as part of their regular review and testing efforts."

Read more