Network security cameras that were created by Sony could have been compromised with botnet malware if their firmware is not updated to the latest version. This was detected by SEC Consult, they found two backdoor accounts that existed in 80 models of professional Sony security cameras. Some of these devices were used at government agencies. Sony was notified about the vulnerability in October and released firmware updates for all the affected camera models on November 28th.
Week 13: Evasion Techniques
1- TalkTalk and Post Office customers hit by Mirai worm attack
It has been reported this week that 900,000 routers hit by huge Mirai worm cyber-attack. TalkTalk and Post Office customers were largely affected by this attack in United Kingdom. The good news is that TalkTalk has identified the source of the problem and rolled out a resolution to all customers. Also, a UK Post Office spokesperson confirmed that customers still experiencing problems should reboot their router as a solution. Luckily this was something that TalkTalk and the UK Post Office quickly addressed. Below is the article.
2- Ransomware Crooks Demand $70,000 After Hacking San Francisco Transport System
I know we already posted topics about ransomware on our class blogs, but I also found this article interesting as ransomware is becoming a more and more popular form of attack from hackers. This week, Forbes reported that hackers took control of the San Francisco transportation system and demanded 100 Bitcoin, worth roughly $70,000, to release Muni machines from their control. Ransomware should be one of the areas of focus for cyber security. Article is below.
When Trump begins his presendency on January 20th he will be leading a country that has the highest number of ransomware controlled computers in the world. Three areas in which cyber security is critical to our daily lives is energy, telecommunications and finance. These three essential services need to be managed properly to prevent cyber attacks in the future. In Ukraine more then 250,000 people expereicned a black out when hackers infected the power grid with malware. Even though it is in a less economically powerful country such as the United States it goes to show that hackers can infiltrate electrical grids. There is already malware that is present on our power grid that can be used to perform sserious interruptions. Trump needs to take these things into account when his administration hits the ground running on January 20th not only for the safety of our country but also the safety of the globe.
Recently, researchers at Israel’s Ben-Gurion University have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones. This is made possible by reconfiguring an audio jacks from line-out to line-in. The malware takes advantage of the manner that some audio chipsets in motherboards and soundcards support a little-used jack re-mapping or a jack re-tasking option for changing the function of the audio ports from line-in to line-out via software. The fact that audio jacks can be programmatically switched from output only to input jacks creates a vulnerability that allows attackers be able to turn any computer into an eavesdropping device. A good news is that researchers also said that this was not easy to conduct this attack using the malware because it requires attackers to have full access to the computer and anti-malware tools would also likely spot and block the malware from working. However, to a company, the vulnerability on headphones should be paid attention as an important security risk. In this case, external attacks would be hard, but internal attacks are not. A resentful employee may get physical access to a manager’s computer and thus be able to install the malware that turns the computer into an eavesdropping device for monetary reason or revenge.
Russia has been trying to incorporate elements from China’s great Fire Wall. Due to “Yarovaya’s Law”, which requires Russia’s telecom companies to store users’ data for six months and metadata for three years, Russia has been pushed to seek China’s help. Russia wants Chinese technology, as it will provide them with handling vast amount of data, and due to sanctions against Russia, they cannot go to the West for help. China is willing to help them, sending high ranking officials to Russia to discuss this issue. This is a very interesting, as it shows Russia asking for help from one of the most censored countries in the world. Makes you think that Russia might be moving toward this path. I am also surprised that these two countries are working on cyber security related issues, many countries around the world would probably be too paranoid to discuss such matters.
Beware of new image files you didn’t download: They may launch ‘Locky’ ransomware. Locky arrived on computers via a “malicious macro” in a Word document. Locky has now spread to social media sites such as Facebook.
Typically what happens is that when you click on an image thumbnail, rather than displaying the image in a separate window, the file automatically downloads. It would be natural for most people to then click on the downloaded image — and that’s what executes the Locky code and immediately locks up all your files and demands ransom.
Tesla cars can be tracked, located, unlocked and driven away by compromising the company’s smartphone app. Researchers at Norwegian app security firm Promon demonstrated how easy it appears to be to steal a Tesla. Benjamin Adolphi, mobile software developer at Promon, created a fake free Wi-Fi hotspot that featured an ad targeted at Tesla owners, offering them a free burger at a local restaurant. Owners were then prompted to download an application in order to take advantage of the offer; however, the app contained malware that “manipulated” the Tesla app to grab the owner’s username and password. An OAuth token is used to authenticate the username and password every time the user starts the app. The Tesla app is modified where code was added to steal the username and password and sent to an attacker-controlled server. In order to trigger this code, the user needs to log in again. The Tesla app can be tricked into requiring the user to log in by simply removing the stored token. In the statement to Inforsecurity, Tesla said that the issue uncovered by Promon is to do with underlying mobile application security, rather than their application.
It is great that I can control my car with my phone, but if it has the risk of someone can easily steal my car. I would rather not use the application. I think Tesla should definitely improve the security of the application instead of blaming all mobile application security problem.