fbpx
Open post

One Plus, potential for additional disasters

Recently, OnePlus, the phone brand, has been under scrutiny due to a newly discovered security flaw with one of their apps. Their app, also known as OnePlus, leaves the consumer open to attacks because the application was revealed to carry root access for the device.

So what does this mean? It means that your device may be accessed even when locked, using this vulnerability. This access to the root for the device is called “Engineer mode” and was originally made for the purpose of checking the phones functionality before leaving the factory. The issue is, that the application OnePlus also has a backdoor that leads to the root and this functionality. Which means if someone so desired, they could gain access to your phone, despite their being a password lock on it.

A developer who discovered the vulnerability, plans to release an app which exploits this vulnerability and gives OnePlus users an easy root access method.

This exploit still requires ADB, but nonetheless still poses a threat to users. Thus far there has been no action taken, but the CEO of OnePlus said they are “looking into it.” 

 

Open post

Phishing or data breaches? Which should you be worried about?

As of late, there has been a lot of talk about data breaches and online security failures. Naturally these instances can be concerning due to their involvement with their customers, like you! It is important to secure your network and be aware of any gaps that may be taken advantage of, however it is also important to watch out for phishing attempts, some believe even more so.

Recently, Google and UC Berkeley researchers have stated that the real fear should lie with the phishing hook waiting for unsuspecting persons. While data breaches can be devastating, it is thought that phishing can lead to more devastating results in the end, for example losing access to accounts and having your life’s work or personal documents/information out of reach. A strong example would be the loss of your Google account, that most persons now use regularly and hold superfluous  amounts of life activities and records on. Phishing generally has a much higher encounter rate than data breaches.

Last year Google did a study, with their services as the focal point, to study the commonalities of phishing, key logging, and data breaches. Through the study, it was noticeable that phishing was much more relevant than key logging or data breaches. Through the process of this study, the gained knowledge was put to use almost immediately, helping to secure around 67 million Google accounts from possible abuse.

Google used large amounts of sources to help discern accounts that have already been compromised by key logging, phishing and data breaches, and it became known that most of those using phishing kits reside in the following order.

  • Nigeria
  • United States
  • Morocco
  • South Africa
  • United Kingdom
  • Malaysia

The basis of the phishing attacks, involve a false sense of insecurity. They are emails or something of the like, that state there is a problem and that the message can take you to the solution. These messages are often portrayed very convincingly which tends to be the reason they are believed more often than naught. Another part of the ponies tricks is using Google against itself. Often the messages attempt to gain excess forms of information under the premise of being Google asking for these other forms of information. The other forms of information include IP addresses, device make and model, phone numbers, and location, all of these things are something Google may ask for at times, meaning you need to be that much more vigilant. Through gaining access to these other forms of information, those doing the phishing can extend their area of activity and possibly cause even more of a stir-up on your life.

 

Google found that, while data breaches can be a serious problem, there has only been about 7% of accounts that experienced data breaches, and those accounts have long since been inactive before being breached. In saying that, key logging and phishing accounted for around 12 or 25% of account passwords being used by persons other than the account owners. Most of the phishing victims were in the United States, while Brazil and India being the majority of key logging victims.

No matter the form of security breach, it’s important to continually be conscious of your activity online, and ensure your keeping yourself, life, and information safe. 

Open post

IBM is diving into quantum computing

Since last year, IBM has been offering quantum computing as a cloud service. The first version released was a 5 qubit version, however today the company announced a 20 qubit version. In just 18 months IBM achieved such a large leap, this may spell a unique direction for the future of technology.

IBM’s next prototype is a 50 qubit version, thus far however it is uncertain when this will become commercially available.

The early versions of quantum computing cloud service by IBM were made free to build a community of users, while educating them on the technology and help integrate this new form of technology to everyone. The release of the 20 qubit is the first commercial offering announcement. The 20 qubit version will be available by the end of the year!

So what is quantum computing? Normally, computers run on a system of one’s and zero’s, and perform in an on/off state. Quantum computing is much more fluid, and can live in multiple states. This different form of functioning can easily give rise to new forms of functionalities and and software.

The IBM research team says that the increased qubits is only part of the story. They stated that the more qubits there are, the more complex the interactions become due to how they interact with each other and a process called entanglement. Entanglement  is an error that occurs at higher qubit values, so for example a 5 qubit setup has a low entanglement occurence in comparison to a 20 qubit version. IBM has figured out how to actually reverse that in a way, by making the 20 qubit version have an error occurrence as low as if not lower than the 5 qubit version. This allows IBM to solve more problems faster, propelling themselves further and faster.

Another challenge when working with qubit and quantum computing is that the quantum state has a short life span before reverting to the standard one and zero’s computing state. This regression is a process that arrives after ‘coherence’ expires. Basically it means there is a short period of quantum functionality before the quantum drops and basic computing is reapplied.

These challenges make it difficult for programmers to build any kind of quantum algorithm because the software doesn’t last long enough for it to work anything out. This has created a very ambitious challenge for the research team.  Their goal is to create a quantum computing system that is self fixing, correcting any errors that occurs within itself and has unlimited coherence, never reverting back to standard computing performance.

Quantum computing can replace all services that involve computing and technology we use today, be it in hospitals, colleges, government, you name it! IBM wont stop progressing along the long drawn stepping stones until quantum computing reaches the state of perfection and total coherence. 

Open post

Android security update! KRACK be gone and band-aid adhesion!

Android deployed its recent patch for their phones. This patch holds significant updates, that involve KRACK (Key Reinstallation Attack) and also some fixes for the newly released Pixel 2 phones!

Surprisingly, Google actually released three updates for November. There is the main update that involves the normal bug fixes and performance updates. The second patch is in relation to the Qualcomm bug that left users vulnerable to Wi-Fi breaches.

The Qualcomm bug comes second to the Krack update. Earlier this year a weakness was found in the WPA2 Protocol that put thousands of people in a vulnerable position, allowing them to be hacked through most all Wi-Fi points. Krack is all about that new vulnerability in the WPA2, those most vulnerable however would be the Linux and Android 6.0+ devices, this is because their system can be tricked into installing an all-zero encryption key.

The 2017-11-06 patch that addresses KRACK issues affects versions ranging from Android 8.0 Oreo and all the way back to 5.0.2 Lollipop. As for Google’s Pixel and Nexus, the patches thus far released are only up to 2017-11-05, so the KRACK update has not hit those customers yet, but it is presumed they will receive the 2017-11-06 update sometime closer to December.

Along with bug fixes and security reinforcement, Google is now adding functional updates in the mix. When the Google Pixel was released, the XL variation received a lot of criticism due to the screen brightness and burn of the battery that occurred passively. To help diminish these concerns, Google updated the phone with new functionalities. The first would be a new dimming navigation bar, that dims the navigation bar when it is not in use, while also changing to white while in some applications. The patch also lowers the max brightness.

Another complaint was the colors of the display were dull. It seems Google anticipated this possibility and had installed a “Vivid color” check box in the settings menu. However this saturation wasn’t enough for some customers so Google released a new “colors” option that gives three options for saturation, ranging from natural, to saturated, to boosted. Supposedly there have been reports of clicking noises while on the phone with the Pixel, but Google states the November patch fixes that as well.

Open post

USB with breach measurements found in Heathrow

Recently, a USB was found discarded on the streets of London. Well that’s fine right? Nothing is abnormal about some misplaced USB’s…until this one.

The USB that was found contained very high detailed information involving the Queen’s route when using the airport and the security measures taken, as well as timetables of patrols used to guard a site from terror attacks. There were also loads of maps and documents labelled restricted or confidential. ID access information was also included which allowed for access to restricted areas.

One of the even more concerning bits of information (yes there is more) found among the documents were maps showing the location of CCTV cameras, routes and safeguards for cabinet ministers and foreign dignitaries, as well as details of the ultrasound radar system used to scan runways and the perimeter fence.

Thus far there is no suspect to who owned this USB. However There has been statements made that security is still tight and Heathrow remains secure. 

Open post

Update on the wild Bad Rabbit

Ukraine speaks out on the Bad Rabbit running rampant in Russia, stating that the hackers behind the NotPetya virus were the probable group responsible for the release of Bad Rabbit.

A Ukrainian official stated that the attacks from Bad Rabbit could have been mitigated greatly had organisations followed the recommended methods of malware handling, as well as basics on not clicking on suspicious messages. A prominent characteristic of the Bad Rabbit virus is the coding  and method of approach, which leads to further believing that the same group who released the NotPetya, also released Bad Rabbit.

Thus far, it is believed that the hacker group known as Black Energy are responsible for the NotPetya and Bad Rabbit virus’. This hacker group is a Ukrainian hacker group know to work in favor of Russia.

As of late, Ukraine has been the victim of multiple cyber attacks, having power knocked out in thousands of homes, frozen super market tills, and government computers that were left paralyzed. Ukrainian officials have stated that they think Russia sees the Ukraine as a testing ground for cyber attacks.

The US and Ukraine have been working together to teach comprehensive hacking combat techniques and skills.

Ukrainian officials believe there are many more cyber attacks on the way.

Open post

Equifax update. They knew months ahead that a breach was possible

Unfortunately there are some in this world who choose to close their eyes to the issues. Equifax seems to be the type to commit such ignorant acts.

Reportedly, six months ago Equifax was warned about the possibility of a security breach in their network. An anonymous security researcher had informed Equifax that they were susceptible to a forced browsing technique that could potentially expose thousands of customers SSN, birthdays and full names. The anonymous researcher also said they found other bugs that would have allowed a hacker to take control of Equifax servers, including SQL injection vulnerability. SQL vulnerability would allow maliciously crafted data to be forced into a web entry field to run commands in the background without the user being wiser for it.

This is a disappointing realization of information, knowing that a company that is supposed to keep the information of customers at it’s highest priority on lock down, to be so negligent to the weaknesses in their security system. Especially when being told specifically the issues that are there and could be accessed through such an easy manner such as forced browsing. Its reported that Equifax didn’t address those issues for six months. It is uncertain if those weaknesses were the cause of the security breach, which would honestly be more unsettling if there was a different means of access, because that means they were even more lax in another area with the information of the people who trusted them.

There is speculation that more than one hacker group could have been inside of the company’s network at the breach, further enhancing the possible issues that may arise for the Equifax customers. 

Open post

Ransomeware inbound! Another threat is looming on the web

This year alone, there has already been three large outbreaks involving online security and breaches.

Recently a new ransomware campaign has begun, and the targets have been high profile, for example Russia and Eastern Europe. This new threat has been named Bad Rabbit. The appearance of Bad Rabbit had been a grand event, simultaneously hitting organisations causing those affected to reminisce about the attacks earlier this year, like WannaCry and Petya.

So let’s break down what Bad Rabbit is

  • Russia, Ukraine, Germany, Turkey, Poland, South Korea, have all had reports of Bad Rabbit hoping out of it’s hole and causing a stir.
  • Bad Rabbit sent out file-encrypting malware to at least three media organisations in Russia, while also taking one news agency offline for a time.
  • Other organisations include the Odessa International Airport and Kiev Metro.
  • This far it is thought that 200 targets have been infected, and continue to be causing problems for infected organisations.

Bad Rabbit is a ransomware, which means once your infected, your at the mercy of the host of the hostile program.

  • Once the ransomware is active there is a note that takes up the screen informing the reader that all files are locked out unless payment is received and the acquired password is typed in.
  •  Victims are directed to a Tor payment page, where further instructions lie. The hackers demand payment through bitcoins and give a timer, to enhance the tension, saying the price will rise once the timer reaches zero.
  • The encryption used in the ransomware is called DiskCryptor. DiskCryptor is a open source software that is also legitimate and widely used. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

Bad Rabbit takes it’s inspiration from one of the earlier malicious outbreaks known as Petya.

  • There is speculation that this ransomware is an alteration of the Petya dynamic link library. This being said, means there is a strong correlation between Bad Rabbit and Petya in terms of functionality/looks and possibly both stemming from the same group/person.
  • The way Bad Rabbit has spread is through drive-by downloads on hacked websites. A website is hacked and will begin to feature a false flash update that will begin to download if clicked at all.
  • It is estimated that some site have been hacked since June, featuring Bad Rabbits strong presence.

How far does Bad Rabbit go?

  • It’s important to know that Bad Rabbit spreads laterally across networks.
  • This means that Bad Rabbit can propogate without user interaction. So while your counting the timer down, the ransomeware is spreading across infected networks.
  • The ability to spread laterally across networks is due to the list given to Bad Rabbit, that has combinations of simple usernames and passwords which it uses to force itself into networks.

Bad Rabbit may have targets in mind.

  • Researchers have noticed a curious movement of Bad Rabbit, suggesting it has specific locations in mind, rather than indiscriminately infecting. Corporate networks seem to have the most focus, possibly suggesting that corporations are the enemy of the hacker/group.

Last bits of information.

  • There is still no claim as to who is behind this ransomware. Some believe that it’s the same group involved with the Petya virus.
  • Some believe it is not a Russian group due to Russia being under alot of heat from Bad Rabbit, and customarily Eastern Europe cyber-criminals avoid attacking the “Motherland”.
  • The code of Bad Rabbit has references to Game of Thrones.
  • It is possible to protect yourself from becoming infected. A way to prevent the execution of the file is to block ‘c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.’ to help avoid infection at all.

Another day, another hacker, another virus. It’s never too late to up your defenses and avoid the mess of a breached network. 

Open post

OnePlus Update

OnePlus has been under some heat lately for their non-consensual data snooping through their mobile devices.

After a security researcher had exposed OnePlus for their snooping, they have reportedly admitted to the non-consensual action. Their address to their customer service forum on Friday the 13th confirmed such accusations. OnePlus tried to clarify and explain that the intent of the program was to improve user experience on it’s OxygenOS software.

OnePlus stated they have at no point shared any of the information with outside parties, to help ease the anxiety of their customers. OnePlus has stated that they will stop collecting telephone numbers, MAC addresses and WiFi information by the end of October. Also at the end of October, the company will prompt all users on how and why they collect data and will give an option to users to opt out of the data collection.

Their is still tension with some customers for fear of their data being mined for its value to marketers.  Despite opting out of the data gathering, there is still no real change. By opting out, the only difference is that there is no tags that link back to the device the data was gathered from. Currently there is still no sure-fire way to prevent the data from being gathered. 

Open post

OnePlus is getting more than one.

The Chinese smartphone manufacturer OnePlus has been caught sneakily collecting tons and tons amount of data from its smartphones and the users.

The data that’s being collected from the smartphones have been getting transferred to a server along with the serial number of the device. According to a security researcher, OnePlus devices running the OxygenOS have been collecting data that involve when a user locks/unlocks the phone, when apps are opened, used and closed, and which Wi-Fi networks are connected to. This type of information is generally normal and accepted. However there is more at work being collected that strays from the path of normalcy.

OnePlus collects the devices IMEI, phone number, and mobile network names, so the data that is being sent to the servers can be specifically identified with ease. It is believed that the OnePlus device manager and provider has the code that initiates the data collection.

OnePlus has stated the there are two streams of data collection. One stream is for fine-tune purposes that involve the usage analytics, while the other stream is for after-sales support. OnePlus says you can opt out of the data collection in the settings/advanced/”join user experience program” section, however there is no way to opt out of the second data gathering stream that is for “after-sales support”

Posts navigation

1 2 3 4 5 6 7
Scroll to top