This rig is able to send radio waves at an iPhone or Android with its headphones still plugged in, using the headphone cable as a receiver that picks up the radio signals and relays them to the operating system’s voice recognition software.
Source: Hackers Can Use Radio Waves to Hijack Androids and iPhones via Siri and Google Now
Flat, firewall-free network was a walk in the park, boffins say.[…]They say the casino lacked even basic firewalls around its payment platforms and did not have logging.
“It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel Jean-Georges told the Cyber Defence Summit (formerly Mircon) in Washington DC today.
“Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI (payment) systems … it would have slowed down the attackers and hopefully set off red flags.”
Source: Jackpot: New hacking group steals 150,000 credit cards from casino
“It appears that the focus was to obtain contact information such as names, addresses, email addresses and phone numbers of current and former subscribers in order to send fraudulent solicitations.”[…]“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen,” the letter says. Those individuals are being contacted directly by Dow.
And if you believe that these details weren’t taken while they were in plain view (as well as their encrypted passwords) you’ll believe anything. I have a great deal on used camels for you.
Source: Dow Jones the latest big-name breach
Dridex, which seeks to harvest users’ banking credentials, apparently originates with what the NCA’s release describes as ‘technically skilled cyber criminals in Eastern Europe’, and is said to target both individuals and consumers alike. Losses in the UK to the attacks are currently estimated at £20mn.
Source: FBI and NCA join forces against Dridex banking malware
Depressingly familiar and stupid mistakes in EEG kit, health org’s storage of recorded brains
Source: Hackers can steal your BRAIN WAVES
EEG results are basically not encrypted or stored or transmitted any way securely, allowing them to be stolen, replayed and altered in transit. It’s not too much of a problem to fix, but it should be fixed.
Researchers have created an app that follows the micro-movements of your smartwatch and is able to detect what keys you’re pressing with your left hand and thus guess what words you may be typing on a keyboard.
Source: Creepy Smartwatch Spies What You Type on a Keyboard – Softpedia
WASHINGTON — The number of people applying for or receiving security clearances whose fingerprint images were stolen in one of the worst U.S. government data breaches is now believed to be 5.6 million, not 1.1 million as first thought, the Office of Personnel Management announced Wednesday.
The agency was the victim of what the U.S. believes was a Chinese espionage operation that affected an estimated 21.5 million current and former federal employees or job applicants. The theft could give Chinese intelligence a huge leg up in recruiting informants inside the U.S. government, experts believe. It also could help the Chinese identify U.S. spies abroad, according to American officials.
A British infosec company has found that cheap thermal imaging accessories for smartphones can be used to glean personal identification numbers entered on push-button security devices on bank ATMs..
Thermal imaging devices used to be bulky and expensive, but Sec-Tec told iTnews they can now be bought cheaply as compact iPhone accessories – for instance, the FLIR One, which retails for US$249 (A$340).
The company tested several PIN pads in ATMs, locks and safes with the thermal imagers and found they could “leak” the digits entered by legimate users for longer than a minute after use.
Cheap thermal imagers can steal user PINs
You can be identified by how you type, even behind proxies and Tor. Protect yourself with KeyboardPrivacy.
Source: Behavioral Profiling: The password you can’t change.
Some websites are storing your typing patterns and it turns out that after some training, systems can identify who is in a system by the way in which passwords are typed. You can then be identified on other websites using the same underlying system. Paul Moore has created a proof-of-concept Chrome extension which changes the output of your typing to the website by randomising the rate at which the browser sends it to the website.
UCLA Health hospitals say hackers may have accessed personal information and medical records on 4.5 million patients.The California medical group admitted today that miscreants infiltrated its computer systems as long ago as September. It is possible the intruders accessed databases holding patient names, addresses, dates of birth, social security numbers, medical records, health plan numbers, details of medical conditions, lists of medications, and medical test results.
Source: Hackers invade systems holding medical files on 4.5 million Cali patients • The Register
Aren’t centralised databases great? A one stop shop for all your customer records!
A spokeswoman for AFC Kredieten, when asked if customers whose data had been stolen had been informed, replied: “They are not our customers. They are applicants, we had not necessarily organised a loan for them yet. AFC Credits is the victim here. What that group did is illegal and writing about it would be against the law.”
Source: Loan application data hacked, company responds: Meh, not our customers • The Register
Wow! How to not handle this! They collected the data on their website, so that makes them responsible for the data.
ProxyGambit is a simple anonymization device that allows you to access the Internet from anywhere in the world without revealing your true location or IP, fracturing your traffic from the Internet/IP through either a long distance radio link or a reverse tunneled GSM bridge that ultimately drops back onto the Internet and exits through a wireless network you’re no where near.
While a point to point link is supported, the reverse GSM-to-TCP bridge allows you to proxy from thousands of miles away with nothing other than a computer and Internet with no direct link back to your originating machine.
And let the shouting begin about who’s fault it was.
‘Most devastating cyber attack in US history’
Source: As the US realises it’s been PWNED, when will OPM heads roll? • The Register
“Incidentally, the stolen OPM database was reportedly being offered on Hell, an onion site hosting a e-crim forum. According to Brian Krebs. However, the database being flogged actually originated from a different, undisclosed, data breach of Unicor.gov, also known as Federal Prison Industries.”
Chances are that everyone now knows how to infiltrate the US government as SF-86 government clearance forms were copied as well:
“Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.”
Extortion bonanza: OPM hack exposed “intimate details” of cleared personnel
The best analysis I have found of the hack so far is on Ars Technica, Why the “biggest government hack ever” got past the feds
The way the OPM is handling this is extremely poor, with them admititng first to a breach of 4m records, then the FBI publically telling them it’s 18m. There’s even a 32m record breach being reported somewhere.
Because people don’t every patch their BIOSes, it is extremely likely that the vast majority of systems in the wild are vulnerable to at least one known exploit. We made public the details of the new SMM “Incursion” vulnerabilities (CERT VU# 631788, reported Oct 29th), that can be found automatically from SMM dumps. We showed the “LightEater” SMM implant stealing GPG keys/passwords/decrypted messages from Tails on an MSI system. We also showed how an unskilled attacker can infect a BIOS with an off-the-shelf Dediprog programmer, by just pressing the start button.
Source: Research
These extreme hacks rise above the unending morass of everyday, humdrum hacks because of what they target or because they employ previously unknown, unused, or advanced methods. They push the limit of what we security pros previously thought possible, opening our eyes to new threats and systemic vulnerabilities, all while earning the begrudging respect of those who fight malicious hackers.
This is a look at the handful of hacks that have truly raised eyebrows in the security community in the past few years. Here’s to hoping that the good guys find the most dangerous exploits before the bad guys can use them against us.
Source: Be paranoid: 10 terrifying extreme hacks | InfoWorld
Security researchers presenting at this week’s RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone.
Skycure’s Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot.
And it doesn’t even matter if targeted devices are trying to deliberately connect to the WiFi network or not. The researchers have dubbed their discovery “No iOS Zone”,
via How to crash any iPhone or iPad within WiFi range.
as we’ve long suspected, the computers in today’s cars can be hijacked wirelessly by feeding specially crafted packets of data into their networks. There’s often no need for physical contact; no leaving of evidence lying around after getting your hands dirty.
This means, depending on the circumstances, the software running in your dashboard can be forced to unlock doors, or become infected with malware, and records on where you’ve have been and how fast you were going may be obtained. The lack of encryption in various models means sniffed packets may be readable.
Key systems to start up engines, the electronics connecting up vital things like the steering wheel and brakes, and stuff on the CAN bus, tend to be isolated and secure, we’re told.
http://www.theregister.co.uk/2015/02/09/car_security_senator_report/
ubiquiti makes some pretty cool wifi mesh networking stuff that does some cool things. however by violating GPL they are actually introducing as well as not fixing known security vulnerabilities into networks running their hardware.
http://libertybsd.net/ubiquiti/
Starting on 27 March 2015, a very large number of people have found that their Avios balance has been reset to zero. Their list of transactions shows an "Ex-Gratia" deduction of their entire previous balance. Other people are also reporting they are unable to access their accounts at all, with their BAEC number not being recognised.
BAEC call centre staff do not seem to have received a thorough briefing and are giving at times contradictory information. However, an email has gone out to some, not all, BAEC members affected by this issue, with the subject "Executive Club Password Change", details here in post 181. At present there is no definitive information about the exact cause, but it’s clear that BA believes there has been a serious security breach (or that there was a serious risk of such a breach).
ANTLabs InnGate devices are a popular Internet gateway for visitor-based networks. They’re commonly installed in hotels, convention centers and other places that provide temporary guests access to a WiFi connection. If you’ve ever used WiFi in a hotel, you’re familiar with these types of devices as they are typically tied to a specific room number for billing purposes.
[…]
CVE-2015-0932 gives an attacker full read and write access to the file system of an ANTLabs’ InnGate device. Remote access is obtained through an unauthenticated rsync daemon running on TCP 873. Once the attacker has connected to the rsync daemon, they are then able to read and write to the file system of the Linux based operating system without restriction.
[…]
An attacker exploiting the vulnerability in CVE-2015-0932 would have the access to launch DarkHotel-esque attacks against guests on the affected hotel’s WiFi. Targets could be infected with malware using any method from modifying files being downloaded by the victim or by directly launching attacks against the now accessible systems.
via Vulnerability: CVE-2015-0932.
You can buy the IP box on ebay for around $200. It takes 4 – 5 days to unlock any IOS device, even if it has the “Erase data after 10 attempts” configuration setting enabled.
MDSec Blog: Apple iOS Hardware Assisted Screenlock Bruteforce.
"rowhammer", rapidly writes and rewrites memory to force capacitor errors in DRAM, which can be exploited to gain control of the system. By repeatedly recharging one line of RAM cells, bits in an adjacent line can be altered, thus corrupting the data stored.
This corruption can lead to the wrong instructions being executed, or control structures that govern how memory is assigned to programs being altered – the latter case can be used by a normal program to gain kernel-level privileges.
via Ouch! Google crocks capacitors and deviates DRAM to root Linux • The Register.
The superfish software shipped with Lenovo laptops can intercept and redirect your secure browsing sessions (eg to your bank) so that third parties can hijack them.
You can test to see if your Lenovo product is infected, how to do so is included in the link below. It can also be removed, again instructions in the link.
Lenovo for years has been known as (one of) the best laptop makers out there. I use one and have recommended them to many of my friends. This brand is hugely popular with IT professionals. This changes everything. Any company that allows spyware to be shipped on their systems and then denies it goes onto my boycott list – just like Sony is. This is a real disaster.
So long, Lenovo, and no thanks for all the super-creepy Superfish • The Register.