As involved as that process was, getting unauthorized code covertly installed into an official operating system and keeping it there for years would appear to be an even more complicated—and brazen—undertaking. This 2013 article published by Der Spiegel reported that an NSA operation known as FEEDTHROUGH worked against Juniper firewalls and gave the agency persistent backdoor access.
Source: “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic | Ars Technica
The security bug relates to the fact that the AVG antivirus creates a memory space with full RWX (read-write-execute) privileges where it normally runs. For that particular version of the AVG antivirus, this memory space was not randomized and was often shared with other applications, like, for example, Acrobat Reader or the enSilo product that collided with the antivirus.
If an attacker knew about the antivirus’ predictable behavior and where this address space was, they could force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).
Source: AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products
Dell Foundation Services installs the cert and its purpose is to quicken online support engagements with Dell staff. The certificate, Dell said, allows online support to identify the PC model, drivers, OS, hard drive and more.”
So far, eDellroot has been found on Dell XPS 15 laptops, M4800 workstations, and Inspiron desktops and laptops.
“It means attackers are de facto certificate authorities, free to generate man-in-the-middle certs, or just direct phishing sites that won’t get flagged as illegitimate,”
Earlier this year, G Data contemporary Marble Security found a fake, pre-installed version of Netflix had been stealing personal data from several smartphone models, including the Samsung Galaxy range and the LG Nexus, and transmitting its swag to a server in Russia.
The spyware is delivered either via the aforementioned app, or via an SMS or email that contain a specially crafted URL that will trigger exploits for several vulnerabilities in the default browsers of Android versions 4.0 Ice Cream Sandwich to 4.3 Jelly Bean.
This will allow the attacker to gain root privilege, and allow the installation of a shell backdoor and RCS Android.
Source: Hacking Team’s RCS Android: The most sophisticated Android malware ever exposed
Basically, by generating a specially crafted SSL certificate, attackers can regenerate a bug and cause apps that perform SSL communication to crash at will. With our finding, we rushed to create a script that exploits the bug over a network interface. As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide.
via “No iOS Zone” – A New Vulnerability Allows DoS Attacks on iOS Devices ».
This exploit only crashes a device making it unusable. There is no mention of making end to end encrypted communications vulnerable. By moving outside the range of the access point the IOS device automatically connected to should break the connection bringing the phone back to normal.
Devices with wifi left on will try and connect themselves to any open access point. While this shouldn’t be a problem attacks like this can happen. I would classify this attack more of an irritant than anything serious.
I’ve been in the security field for 30 years, and it takes a lot to surprise me. But the VITA report really shocked me – as bad as I thought the problems were likely to be, VITA’s five-page report showed that they were far worse. And the WinVote system was so fragile that it hardly took any effort. While the report does not state how much effort went into the investigation, my estimation based on the description is that it was less than a person week.
via Decertifying the worst voting machine in the US.
So how would someone use these vulnerabilities to change an election?
- Take your laptop to a polling place, and sit outside in the parking lot.
- Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us).
- Connect to the voting machine over WiFi.
- If asked for a password, the administrator password is “admin” (VITA provided that).
- Download the Microsoft Access database using Windows Explorer.
- Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us.
- Use Microsoft Access to add, delete, or change any of the votes in the database.
- Upload the modified copy of the Microsoft Access database back to the voting machine.
- Wait for the election results to be published.
The freedom to tinker blog has been doing research on voting machines for a very long time although in this case they are reporting the results of research done by Virginia IT people in their decertification. In the past most vulnerabilities uncovered required physical access to a voting machine and a bit of skullduggery making it difficult to change votes on a large scale. I simply cannot comprehend for what purpose these voting devices needed to be on a wifi network other than someone thought it was “cool.” This entire report is mind boggling and makes me wonder how many more areas of the country are doing this now.
A new report from the U.S. Government Accountability Office (GAO) warns that in-flight W-Fi, including wireless entertainment and internet-based cockpit communications, may allow hackers to gain remote access to avionics systems and compromise them. However, other experts disagree and call the report “deceiving.”
via US Report Claims In-Flight Entertainment Leaves Planes Open to Cyberattacks; Others Disagree.
Closing Thoughts
● Nearly every protocol used in aviation is
unsecured
● There is certainly the potential to annoy
ATC and/or small aircraft
● Increasing automation while continuing
with unsecured protocols is problematic
● Airliners are relatively safe (for now)
The above pdf is a good read.
Many of the most serious flaws revealed a kind of sloppiness in the design and production of the devices, Brandon Creighton, Veracode’s research architect, told The Security Ledger. For example: both the Ubi and Wink Relay devices left debugging interfaces exposed and unsecured in their shipped product. That could provide an avenue for attackers who had access to the same network as the device to steal information or bypass other security controls.
Exposed debugging interfaces are useful during product testing, but have little or no utility to consumers. That suggests that the companies merely forgot to restrict access to them before shipping, Creighton said.
via Research: IoT Hubs Expose Connected Homes to Hackers | The Security Ledger.
Researchers from the security firm Norse allege that their investigation of the hack of Sony has uncovered evidence that leads, decisively, away from North Korea as the source of the attack. Instead, the company alleges that a group of six individuals is behind the hack, at least one a former Sony Pictures Entertainment employee who worked in a technical role and had extensive knowledge of the company’s network and operations.
via A New Script: Clues In Sony Hack Point To Insiders | The Security Ledger.