Items tagged with backdoor
The SolarWinds breach and subsequent attacks are shaping up to be the most elaborate and long-lasting attacks in some time. Microsoft has done a deep dive into the second stage of the attacks and has found that the attackers are both skilled and elusive. Overall, though, the deep-dive gives us a look into what transpired to make these attacks tick, and it is rather interesting. Once on a network through the Solorigate backdoor (SUNBURST), getting anything done requires new malicious software and a level of secrecy that can be difficult to maintain. Moreover, when executing an attack, you do not want to burn the entire bridge if discovered on a network. Thus, the SolarWinds hackers attempted to...
Read more...
Over the years, lawmakers and law enforcement worldwide have been pushing for backdoors and to eliminate end-to-end encryption in devices. According to security and cryptographic research, however, law enforcement and governments can already access locked smartphones through various tools and tricks. This is mainly due to weaknesses in Android or iOS devices, which honestly, could be a lot better. Recently, cryptographic researchers at Johns Hopkins University analyzed both Android and iOS devices and paired their findings with publicly available data. Johns Hopkins cryptographer Matthew Green stated that the results of the research shocked him, and he has now “come out of the project...
Read more...
Intel has been going through a bit of rough patch over the past few weeks, following the disclosure that its 7nm products have been delayed, which led to an internal reorganization that resulted in the company's chief engineering officer departing the company. Now we're learning that Intel was also the victim of a massive security leak. More specifically, someone improperly gained access to login credentials to the Intel Resource And Design Center and its repository of intellectual property. Twitter user @deletescape claims to have obtained a whopping 20GB of data files that were provided to him by an anonymous source; that same source reportedly breached Intel earlier this year. Unfortunately...
Read more...
Malware is getting sneakier, as Kaspersky researchers just discovered “Titanium”, a trojan backdoor malware. This malware is very difficult to detect and includes various stages. Titanium is currently being used by the Advanced Persistent Threat (APT) actor “Platinum”. Platinum is considered one of the most “technologically advanced” APT actors in the Asia-Pacific region. Their current malware targets Malaysia, Indonesia, and Vietnam. It is unclear exactly how many devices have been affected. Titanium reportedly includes several steps and capabilities. It first releases an exploit that is able to execute code as a SYSTEM user. It then installs a shellcode that essentially downloads the necessary...
Read more...
Yesterday, we reported on a rather alarming security exploit which took advantage of a weakness in the ASUS Live Update utility installed on millions of PCs. Operation ShadowHammer took advantage of Live Update to gain a backdoor to users’ PCs and download malware in the background. ASUS was initially notified of Operation ShadowHammer by Kaspersky Lab on January 31st, but Motherboard reported that the company, “has been largely unresponsive since then and has not notified ASUS customers about the issue.” Well, after widespread coverage of the backdoor yesterday, ASUS has finally issued an official response on its website. The company downplays any widespread...
Read more...
If you have an ASUS computer that is running the company’s Live Update utility, it’s possible that your system was susceptible to backdoor intrusions during the latter half of 2018. The folks at Kaspersky say that they first discovered the existence of Operation ShadowHammer on January 29th, and has been performing forensic analysis on the security exploit ever since. According to Kaspersky, ASUS Live Update, which is preinstalled on ASUS systems, was compromised, allowing Operation ShadowHammer to propagate between June 2018 and November 2018. ASUS Live Update is intended to allow users to easily update a system’s BIOS/UEFI, drivers and OEM apps. But holes in the software gave...
Read more...
Nintendo gaming consoles are typically pretty well locked down (at least initially), and are a tough nut to crack for enthusiasts. About the closest that homebrew wizards came to prying inside the inner working of the Nintendo Switch was to find a hidden NES Golf game, which was included in honor of late Nintendo president Satoru Iwata. However, enthusiasts have a new reason to be excited, as homebrew support will soon be coming to incredibly popular hybrid gaming console. You might ask, "How is this possible?" Well, it all comes down to the fact that Nintendo opted to use NVIDIA's Tegra X1 hardware platform for the Switch, which is a known quantity to developers and hackers alike. Hackers Plutoo,...
Read more...
Over the past few months, we’ve witnessed the Mirai botnet wreak havoc with IoT devices like consumer webcams, DVRs and security cameras. These often budget-minded devices were often equipped with insecure software or employed security countermeasures that were easily overpowered. However, we’re learning today that it isn’t just cheap consumer devices that are susceptible to attacks — even high-end equipment can be compromised if a hacker has enough motivation to dig for exploits. Such is the case with Sony’s professional grade IPELA Engine IP cameras. According to SEC Consult, a backdoor was found on these cameras that would allow a would-be attacker to inject code and further penetrate a network....
Read more...
It’s another day, and another backdoor Android exploit has been discovered. Last week, we brought you news of a secret backdoor installed on a number of budget Android devices that was beaming personal information (test messages, phone numbers, contacts) to servers in China. Today, we’re learning of another exploit that once again targets low-cost Android smartphones. At the center of the discussion this time around is the Ragentek firmware used on a number of Android smartphones. Researchers from BitSight Technologies discovered two internet domains that were hardwired into the firmware. Until recently these domains were unregistered, so BitSight took it upon itself to register the domains...
Read more...
2016 is going to be remembered for a number of fortunate and unfortunate things, with one topic that falls into the latter category being the debacle of U.S. law enforcement vs. Apple. The FBI and other US federal agencies have made it no secret that they would like to be able to gain access to any smartphone if the need arises - something that anyone who cares even remotely about their privacy shouldn't be okay with. In the months that followed, the FBI somehow managed to break into an iPhone 5C without any help from Apple. And while it's not clear if the agency is able to pull that off on more recent iPhones, it looks like the FBI is not willing to divulge how it cracked the device to any other...
Read more...
Microsoft Chief Legal Officer Brad Smith is no fan of the FBI’s efforts to bypass encryption protocols in order to unlock smartphones. Smith’s thoughts on the matter were made even more clear today while speaking at the annual RSA Conference which is held in San Francisco, California. In fact, Smith offered his most blunt criticism of the FBI’s use the courts to get what it wants. “When it comes to security, there is no technology as important as encryption,” said Smith. “Despite the best of intentions, one thing is clear: The path to hell starts at the backdoor. We need to make sure encryption technology remains strong.” That is some pretty strong language, and further solidifies Microsoft’s...
Read more...
U.S. President Barack Obama is getting a little hot under the collar, and we’re not talking about the speech that Israeli Prime Minister Benjamin Netanyahu gave this morning. Instead, President Obama is troubled over new regulations that are being proposed by the Chinese government, which would affect American tech companies that conduct business within China’s borders. President Obama is fearful that China’s plans — which include allowing the Chinese government to install security backdoors, requiring companies to hand over encryption keys, and keeping user data on Chinese soil — are an assault on intellectual property held by American companies and leaves customers open to privacy violations....
Read more...
Chinese OEMs are stepping up their game in the smartphone sector. Companies like Huawei and Xiaomi have bolstered their share of the market, with the latter booting Samsung out of first place in China. One Chinese OEM, however, is looking to expand its presence in the smartphone world while at the same time partaking in nefarious acts. Palo Alto Networks has discovered that Chinese OEM Coolpad has been installing a backdoor called “CoolReaper” on the millions of smartphones that it sells around the globe. Coolpad has taken additional steps to ensure that its CoolReaper backdoor goes undetected by widely available antivirus programs for the Android operating system. Palo Alto Networks’ investigation...
Read more...
A hacker (“Craig”) on a site devoted to embedded device hacking posted a lengthy entry detailing how he, on a whim and armed with boredom and too much Shasta cola, reverse-engineered a firmware update and found a backdoor to certain D-Link routers that allows one to access the devices’ web interface by bypassing authentication. Once you’ve bypassed the authentication process, you can change or access any of the router’s settings. For obvious reasons, this is a serious security problem. This happens if your browser has a certain user agent string. “This is performing a strcmp between the string pointer at offset 0xD0 inside the http_request_t structure and the...
Read more...
While many have dogmatically adhered to the idea that Macs are impervious to malware, some experts have been warning that it was only a matter of time before the Apple systems were hit with significant bugs. Findings like the one from Doctor Web late yesterday confirm that indeed, the malware threat looms large for Mac users. According to Doctor Web, a Russian antivirus vendor, 600,000 Macs were part of the BackDoor.Flashback.39 botnet. (Originally, the company reported the number at 550,000, but a Twitter post later upped it to over 600,000.) The Flashback Trojan isn’t especially new; variants have been around since at least September 2011, but like all good malware, it’s been evolving....
Read more...
Intuit, maker of Quicken products, started using a "strong encryption" method in 2003, but apparently a backdoor has been found that might compromise passwords: "A Russian firm that provides password-recovery services says it has found a backdoor in the encryption mechanism that Quicken uses to secure password-protected files, a feature that makes millions of users of the personal finance program more vulnerable to government spooks or other highly determined snoops." Luckily the security hole is one that requires a lot of resources to compromise, so it's unlikely that a common script kiddie would be able to exploit it....
Read more...
