Background Monitoring on Non-Jailbroken iOS 7 Devices

We have created a proof-of-concept “monitoring” app on non-jailbroken iOS 7.0.x devices. This “monitoring” app can record all the user touch/press events in the background, including, touches on the screen, home button press, volume button press and TouchID press, and then this app can send all user events to any remote server, as shown in Fig.1. Potential attackers can use such information to reconstruct every character the victim inputs.

via Background Monitoring on Non-Jailbroken iOS 7 Devices — and a Mitigation | FireEye Blog.

Before Apple fixes this issue, the only way for iOS users to avoid this security risk is to use the iOS task manager to stop the apps from running in the background to prevent potential background monitoring.

Yikes!  This might be a problem for android devices as well.  I have noticed that since a device stays on 24/7 resident apps can build up in the background because even though you think you closed an app it sometimes doesn’t actually close as in terminate until its icon is touched to activate.  The proof of concept above got this “keylogger” through Apple’s App Store which is pretty remarkable.

On Covert Acoustical Mesh Networks in Air

Different applications of covert acoustical mesh networks are presented, including the use for remote keylogging over multiple hops. It is shown that the concept of a covert acoustical mesh network renders many conventional security concepts useless, as acoustical communications are usually not considered. Finally, countermeasures against covert acoustical mesh networks are discussed, including the use of lowpass filtering in computing systems and a host-based intrusion detection system for analyzing audio input and output in order to detect any irregularities.

via On Covert Acoustical Mesh Networks in Air – Volume 8, No. 11, November 2013 – Journal of Communications.

Thieves allegedly install keyloggers to capture credit cards at Nordstrom

The keyloggers the thieves used imitate the look and design of PS/2 keyboard connectors, priced around $30-40. They are connected in series with a keyboard cord, between the computer and the keyboard, to intercept data transmitted between the two.

via Thieves allegedly install keyloggers to capture credit cards at Nordstrom | Ars Technica.

Popular RATs Found Riddled With Bugs, Weak Crypto

The researchers, in conjunction with their research paper (PDF), released tools for decrypting RAT traffic and proof-of-concept exploits for the bugs they found. They found that the tools include weak, or no, encryption: Bandook, for example, uses obfuscation, not encryption, to protect its traffic between the victim’s machine and the C&C server.

via Popular RATs Found Riddled With Bugs, Weak Crypto – Dark Reading.

“A good understanding of their protocols is critical to network and system administrators deploying tools that can notice the presence of a RAT,” they said.

RAT = Remote Administrative Tool which is a tool used by the bad guys to snoop on a victim.  To the victim this is more commonly referred to as a trojan.