Connor Fairman

UK seeks to secure smart home gadgets

October 17, 2018 by Connor Fairman Leave a Comment

This is a post related to the one I put up about FDA hiring ethical hackers to assess the vulnerabilities of medical devices. Smart home gadgets in many ways are similar to medical devices because they often feature embedded systems, which are fundamental in IOT devices. These are systems that need to be fast and efficient in their memory management. These devices tend to utilize lower level languages, such as C or even Assembly, which are highly prone to segfaults, memory leaks, and other issues that high level languages abstract away. These vulnerabilities can be attacked by hackers without too much difficulty because little things will cause entire programs to crash and burn. Therefore, I think it’s a good thing that the UK is creating some guidelines for securing home gadgets.

https://www.bbc.com/news/technology-45863948?intlink_from_url=https://www.bbc.com/news/topics/cz4pr2gd85qt/cyber-security&link_location=live-reporting-story

The Cybersecurity 202: The FDA is embracing ethical hackers in its push to secure medical devices

October 17, 2018 by Connor Fairman 1 Comment

Apparently attacks against medical devices are on the rise and the FDA is turning to ethical hackers. This is something I’ve thought about before. I don’t know much about medical devices, but I’ve always wondered what would happen if a hacker could somehow force a new pacemaker to segfault or something along those lines. This should be a very good measure to take in the FDA approval process because it will hold developers of these medical devices to a higher security standard. Although, I welcome input from anyone in the medical device field who has some experience in this area.

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/10/17/the-cybersecurity-202-the-fda-is-embracing-ethical-hackers-in-its-push-to-secure-medical-devices/5bc6156b1b326b7c8a8d1a01/?utm_term=.8f2d100fa6fb

Meet ‘Intrusion Truth’

October 9, 2018 by Connor Fairman Leave a Comment

I have always found this new era of cyber warfare very fascinating because it is harder than ever to tie attackers to the governments that employ them. Often, attackers are operating out of private corporations or even independently. When fingers get pointed at governments, they claim that these actors are acting on their own and that the government has no control over them. This is the first instance in my experience of the actual hackers being ousted in public – and their relationship with an actual government documented. Intrusion truth has only targeted Chinese hackers, but this could set a precedent for the future. Many believe that Intrusion Truth represents victims of Chinese corporate espionage. Groups like this can surface in the future to respond to threats originating from elsewhere as well.

https://motherboard.vice.com/en_us/article/wjka84/intrusion-truth-group-doxing-hackers-chinese-intelligence

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data

October 9, 2018 by Connor Fairman 4 Comments

Google+ is shutting down after several years of a failed effort to rival Facebook. However, it is not officially closing down due to failed competition. It is ending services because a vulnerability exposed half a million users’ data. Specifically, the issue lies in the Google+ People API, which had a flaw that exposed usernames, email addresses, gender, DOB, etc. to third party developers. These things are not infrequent. However, one has to wonder if this happened to Facebook, the result wouldn’t be so disastrous. This was likely just the nail in the coffin for Google+. Only 438 developers could have had access to this vulnerability and there apparently is no evidence that any one of them were even aware of this.

https://thehackernews.com/2018/10/google-plus-shutdown.html

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

October 9, 2018 by Connor Fairman 1 Comment

Google+ is being shut down after a data breach was recently discovered. Additionally, android is cracking down on what apps can access about their users. From now on, third party apps will not be able to access call logs and SMS data.

Third party apps can still request permission, but users will have to approve each area that the app would like access to, such as the call log, location services, SMS data, etc.

https://thehackernews.com/2018/10/android-app-privacy.html

Hackers Stole 50 Million Facebook Users’ Access Tokens Using Zero-Day Flaw

October 3, 2018 by Connor Fairman Leave a Comment

When you log into any social media platform, you are issued a unique app token, which is usually a hashed string. This allows us to avoid logging in everytime we want to access Facebook, LinkedIn, etc. Hashing this string is supposed to make it impossible for a hacker to brute force figure out. Yet, somehow, hackers have found a zero-day vulnerability in Facebook’s software, which has given them access to 50 million users’ tokens. With this, they presumably could access a user’s account and all of their account data. Also, when users do things on Facebook, such as make a post or like a picture, Facebook first checks their token to make sure they’re someone who is authorized to do these things. Hence, another risk, aside from data and information theft, is that hackers with these access tokens used them to do things on Facebook, like post advertisements or inflammatory posts, under someone else’s name.

https://thehackernews.com/2018/09/facebook-account-hack.html

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

October 3, 2018 by Connor Fairman Leave a Comment

A North Korean hacking agency has devised a new way to trick ATMs into releasing large quantities of cash. The scheme is targets switch application servers. The switch application server is used to communicate with the bank to validate a user’s account details for a requested transaction, such as a withdrawal.

The hackers first infected these servers with malware. Next, they attempt to make a withdrawal. The malware infected server sends back a fake affirmative response which then makes the ATM think the request has been accepted. The bank never gets notified.

https://thehackernews.com/2018/10/bank-atm-hacking.html

Researcher Discloses New Zero-Day Affecting All Versions of Windows

September 26, 2018 by Connor Fairman Leave a Comment

All versions of the Windows OS have a security vulnerability, known as a zero day, which was discovered and not patched within 120 days. An employee has brought this vulnerability to light.

With this vulnerability, a hacker can remotely execute malicious code on any affected machine.

The vulnerability specifically affects a Microsoft database engine integrated with many Microsoft products.

In order to fall victim to this vulnerability, someone has to open a JET database file with a hidden malicious payload. This affects all supported Windows OS.

Microsoft is currently working on patching this vulnerability.

https://thehackernews.com/2018/09/windows-zero-day-vulnerability.html

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

September 25, 2018 by Connor Fairman Leave a Comment

A flaw in Twitter’s API was sending user’s messages to businesses to the wrong place. There are tools available for businesses to build special applications that interact with Twitter. This is used for things like customer service and Q/A. To build these applications, the company has a developer with a developer key registered with Twitter. When a user uses the app created by the developer, their data/whatever they are sending gets sent to the account associated with that developer’s developer key. What happened here is that user data somehow was sent to the wrong developer account. Having built APIs before, I can testify that they sometimes do funky things that you don’t expect. Thankfully, in this situation, it seems as though a very small group of people was affected.

https://thehackernews.com/2018/09/twitter-direct-message-api.html

The Many Faces of Social Engineering

September 24, 2018 by Connor Fairman 3 Comments

I’ve heard this phrase used a few times in class and was curious what a social engineering attack actually entails. It seems that it can come in many forms such as:

Phishing
Ransomware

These are the two most common forms of social engineering attacks, according to the article below.

In phishing attacks, a victim is commonly lured into opening an email attachment, which downloads some form of malware onto the machine. For example, an employee at a company or government agency could receive an email from someone claiming to be from IT requesting that the employee view an attachment.

In ransomware attacks, a user is tricked into downloading a payload that corrupts or encrypts a user’s hard drive. The perpetrators remedy the problem after the victim pays them, usually in bitcoin.

As we’ve discussed in class, the best way to prevent these kinds of attacks in a company are through employee training. The more aware people are of the strategies criminals employ, the better.

https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack