More than a Billion Snapdragon-based Android Phones Vulnerable to Hacking

 

More than a Billion of Android devices are at risk of a severe vulnerability in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on the device.

Security experts at Trend Micro are warning Android users of some severe programming blunders in Qualcomm's kernel-level Snapdragon code that if exploited, can be used by attackers for gaining root access and taking full control of your device.

Gaining root access on a device is a matter of concern, as it grants attackers access to admin level capabilities, allowing them to turn your device against you to snap your pictures, and snoop on your personal data including accounts’ passwords, emails, messages and photos.

The company’s own website notes that Qualcomm Snapdragon SoCs (systems on a chip) power more than a Billion smart devices, including many Internet of Things (IoTs) as of today. Thus, the issue puts many people at risk of being attacked.

Although Google has pushed out updates after Trend Micro privately reported the issues that now prevents attackers from gaining root access with a specially crafted app, users will not be getting updates anytime soon.

The security update rolls out to your device through a long chain:

Qualcomm → Google → Your device's manufacturer → Your network carrier → Your handheld over the air

"Given that many of these devices are either no longer being patched or never received any patches in the first place," said Trend engineer Wish Wu, "they would essentially be left in an insecure state without any patch forthcoming."

Unfortunately, what’s more concerning is the fact that the same vulnerable chips are used in a large number of IoT devices, which are no longer in line for security updates. This makes it possible for hackers to gain root access to these connected devices, which is more worrying.

"Smartphones aren't the only problem here," said Trend's Noah Gamer. "Qualcomm also sells their SoCs to vendors producing devices considered part of the Internet of Things, meaning these gadgets are just as at risk."

"If IoT is going to be as widespread as many experts predict, there needs to be some sort of system in place ensuring these devices are safe for public use. Security updates are an absolute necessity these days, and users of these connected devices need to know what they're dealing with."

Whatever be the reason: if security patches are not available for your device model or take too long to arrive, in both the cases it gives miscreants time to exploit the security holes to gain control of your device.

However, some users are lucky to choose Google’s handsets that get their patches direct from the tech giant automatically, making them safe from the vulnerabilities. The handsets include Nexus 5X, Nexus 6P, Nexus 6, Nexus 5, Nexus 4, Nexus 7, Nexus 9, and Nexus 10.

All of the smart devices using the Qualcomm Snapdragon 800 series, including the 800, 805 and 810 and running a 3.10-version kernel are affected by the vulnerabilities.

The vulnerable code is present in Android version 4 to version 6. In the tests, researchers found Nexus 5, 6 and 6P, and Samsung Galaxy Note Edge using vulnerable versions of Qualy's code.

Though the researchers do not have access to every Android handset and tablet to test, the list of vulnerable devices is non-exhaustive.

Since the researchers have not disclosed full details about the flaws, the short brief about the vulnerabilities is as follows:

1. Qualcomm-related flaw (CVE-2016-0819): The vulnerability has been described by the researchers as a logic bug that allows a small section of kernel memory to be tampered with after it is freed, causing an information leakage and a Use After Free issue in Android.

2. The flaw (CVE-2016-0805) is in Qualcomm chipset kernel function get_krait_evtinfo: The get_krait_evtinfo function returns an index into an array used by other kernel functions. With the help of carefully crafted input data, it is possible to generate a malicious index, leading to a buffer overflow.

3. Gaining root access: Using both the flaws together on vulnerable devices, attackers can gain root access on the device.

The researchers will disclose the full details of exactly how to leverage the bugs at the upcoming Hack In The Box security conference in the Netherlands to be held in late May 2016.

Read more

Your iPhone will Alert You if You are Being Monitored At Work

Are You an Employee?

It's quite possible that someone has been reading your messages, emails, listening to your phone calls, and monitoring your activities at work.

No, it's not a spy agency or any hacker…

...Oops! It's your Boss.

Recently, European Court had ruled that the Employers can legally monitor as well as read workers' private messages sent via chat software like WhatsApp or Facebook Messenger and webmail accounts like Gmail or Yahoo during working hours.

So, if you own a company or are an Employer, then you no need to worry about tracking your employees because you have right to take care of things that could highly affect your company and its reputation, and that is Your Employees!

Since there are several reasons such as Financial Need, Revenge, Divided Loyalty or Ego, why a loyal employee might turn into an INSIDER THREAT.

Insider Threat is a nightmare for Millions of Employers. Your employees could collect and leak all your professional, confidential data, upcoming project details to your Rivals and much more that could result in significant loss to the company.

According to the latest threat report conducted by the Vormetric, it is analyzed that 40% of organizations experienced a data breach last year, out of which 89% felt that their organizations were vulnerable to insider attacks.

In March 2010, an IT Developer in the British Airways had been accused of leaking the Airport Security procedures for terrorist-related activities. From this example, you could figure out that the Insider Threat may take up its devilish dimension to lead to a dangerous situation.

How Can Companies Monitor their Employees iPhone?

Some strategies could be benefited for the employers by tailing up employee’s daily activities during the work hours.

Major tech companies like Symantec and IBM have a history of maintaining a threat report to their employees by a dedicated device (BYOD) that regularly updates the Employee’s Professional Network usage, such as downloads or other social networking sessions, in a statistical method.

Apple also provides a similar feature to companies for monitoring their employee's activities via work-issued iPhones that are set up with an organization's Mobile Device Management (MDM) server.

This allows employers to remotely upgrade, control, track and supervise various aspects of the iPhone’s software.

iOS 9.3 Offers Companies to Monitor Employees Like Never Before

With the release of its upcoming iOS 9.3 version, Apple will provide a bunch of new features to employers, allowing companies to monitor their employees activities more deeply.

The new mobile operating system would let the company’s IT administrators enforce home screen layouts on your work-issued iPhones as well as lock apps to your home screen so that you can not be moved to a different folder or a page.

The upcoming iOS 9.3 will also allow companies to hide or blacklist specific applications that it does not want their employees to download.

So in short, your favorite games like Candy Crush or Angry Birds that your organization does not wish you to play during work hours could be blocked.

If this is not enough, your company will now also be able to enforce notification settings so that you will not be able to ignore your employers notifications.

So next time if your company calls you to report in a short notice period, you just can not say you have not read the message, neither you can give excuses that you missed it somehow.

These are some pretty significant changes the upcoming iOS 9.3 will bring in employers perspective.

Interestingly, the upcoming iOS 9.3 operating system empowers the employees as well. Let’s talk about what features the OS will offer employees.

iPhone will Notify if Your Company is Tracking You

The iOS 9.3 version will tell employees whether their employers are monitoring their company-issued iPhones.

This warning will now be displayed in two places on the work-issued iPhones:

1. Your iPhone’s lock-screen will display "This iPhone is managed by your organization" near the bottom of the screen, hindering you to use your phone for personal choice apart from professional usage.
2. Additionally, If you’ll check the "About" menu in the Setting, it will reveal what all data had been supervised by your Employer.

Such notification was not available in the previous version of iOS. This is the first time Apple is allowing its users to check whether their organization is keeping tabs on them.

Surely employees will love this new feature in upcoming iOS 9.3, but the companies may hate this features as their stand will be exposed for tracking their employees.

These new features would mark its presence in the upcoming iOS 9.3 release on March 21, 2016.

Read more

Hackers and Cyber Experts to Come Together at NullCon 2016

A crowd of IT professionals, cyber security experts, thought leaders and business decision makers along with the best minds in the hacking community will come together at annual Nullcon security conference 2016 under the same roof to join their efforts in addressing the most critical issues of the Internet Cyberspace.

NullCon, appropriately dubbed "The Next Security Thing", creates opportunities for both presenting as well as participating in an intimate atmosphere with cyber security events offering the opportunity to learn about new threats, get valuable insights from leading experts, and network with other professionals.

Who goes to the Nullcon Conference, and Why?

Delegates from across the globe will be exposing the latest in information security, new cyber attack vectors, solutions to complex security issues with practical scenarios, thought-provoking ideas and research from the luminaries in the global IT security industry.

Additionally, a number of white hat hackers will be giving talks on the latest cyber threats, and the game-changing cyber security technologies and services they're bringing to fight cyber crime.

The major topics to be presented at Nullcon Conference 2016 will include:

• What Google knows about you and your devices, and how to get it
• Practical OS X Malware Detection & Analysis
• Privacy leaks on 4G-LTE networks
• Automatic Automotive Hacking
• Making Machines think about security for fun and profit
• Million Dollar Baby: Towards ANGRly conquering DARPA CGC
• Hitchhiker's Guide to Hacking Industrial Control Systems (ICS)
• Abusing Software Defined Networks

NullCon also builds the right niche network for you, both for information as well as business purposes.

Besides security talks, NullCon also provides 2-day workshops and security training.

Even Job seekers including IT professionals, engineers, product marketers, and sales executives are attending Nullcon in hopes of getting face time with the CEOs, CIOs and CISOs who are seeking experienced cyber talent.

NullCon Conference 2016 will be held at Goa (India) on 9-12th March 2016. March 9-10th are assigned for workshops and security training, and 11-12th March will be for security and hacking sessions.

Read more

Hacker Reveals How to Hack Any Facebook Account

Hacking Facebook account is one of the major queries of the Internet user today. It's hard to find — how to hack Facebook account, but an Indian hacker just did it.

A security researcher discovered a 'simple vulnerability' in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can.

Facebook bounty hunter Anand Prakash from India recently discovered a Password Reset Vulnerability, a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a 6-digit code and reset any account's password.

Here's How the Flaw Works

The vulnerability actually resides in the way Facebook's beta domains handle 'Forgot Password' requests.

Facebook lets users change their account password through Password Reset procedure by confirming their Facebook account with a 6-digit code received via email or text message.

To ensure the genuinity of the user, Facebook allows the account holder to try up to a dozen codes before the account confirmation code is blocked due to the brute force protection that limits a large number of attempts.

However, Prakash discovered that the social media giant had not implemented rate-limiting in its password reset process on the beta sites, beta.facebook.com and mbasic.beta.facebook.com, according to a blog post published by Prakash.

Prakash tried to brute force the 6-digit code on the Facebook beta pages in the 'Forgot Password' window and discovered that there is no limit set by Facebook on the number of attempts for beta pages.

Video Demonstration

Prakash has also provided a proof-of-concept (POC) video demonstration that shows the attack in work. You can watch the video given below that will walk you through the entire procedure:

Here's the culprit:

As Prakash explained, the vulnerable POST request in the beta pages is:

lsd=AVoywo13&n=XXXXX

Brute forcing the 'n' successfully allowed Prakash to launch a brute force attack into any Facebook account by setting a new password, taking complete control of any account.

Prakash (@sehacure) discovered the vulnerability in February and reported it to Facebook on February 22. The social network fixed the issue the next day and had paid him $15,000 as a reward considering the severity and impact of the vulnerability.

Read more

How Just Opening an MS Word Doc Can Hijack Every File On Your System

 

If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.

So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.

Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.

Microsoft MACROS are Back

It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'

This is where the point to appreciate hacker's sheer brilliance of tactics.

Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."

Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

How Does Locky Work?

Once a user opens a malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file and found the content scrambled and a popup that states "enable macros".

Here comes the bad part:

• Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
• This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.

Locky ransomware affects nearly all file formats and encrypts all the files and replace the filename with .locky extension.

Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.

Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.

One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files

The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.

A researcher named Kevin Beaumont along with Larry Abrahms of Bleeping Computer initially discovered the existence of Locky encrypted virus.

To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.

"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.

One hour of infection Statistics:

Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia.

Read more