Issue 91- Week of Nov 14th

1.      Mobile company in UK hacked: One of UK's biggest mobile operators called 'Three', has been hacked and massive data containing personal information and contact details of 6 Million of its customers exposed. The company admitted the data breach last week, saying that computer hackers gained access to a phone upgrade database. It is reported that hackers used an employee login to gain entry. Three people have been arrested. In 2015, another British carrier called TalkTalk was hacked and it suffered a loss of 60M pounds.

2.      Hacker group breaches Mega.nz servers: MEGA is New Zealand-based website that offers  cloud storage and file hosting service. A hacking group has hacked this site and dumped the stolen data online. In a statement released following the dump, Mega Chairman confirmed the incident but said no user data was compromised. The hackers managed to steal the credentials of one of Mega's contractors and using that they gained access to the servers. The dump includes admin logins of several employees, Mega's CMS and some emails. The hackers also claimed to have stolen source codes of various Mega apps and have put them on Auction.

3.      Some Android phones secretly sent user data to China: Shanghai Adups Technology, a China-based company, developed a back-doored firmware software that is installed in thousands of Android-based devices. This backdoor sends all text messages, call log, contact list, location history, and app data to China every 72 hours. It also has the capability to remotely install and update applications on a smartphone. Google issued a statement saying that the company is working with all affected parties to patch the issue, though the tech giant said that it doesn't know how widely AdUps distributed its software.

4.      Three Million Android smartphones infected with dangerous Rootkit: Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a report, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices. This vulnerability is associated with Chinese mobile firm Ragentek Group and it runs with root privileges to communicate over unencrypted channels - allowing a remote attacker to extract personal information from an affected device, remotely wiping the whole device, and even make it possible to gain access to other systems on a corporate network and steal sensitive data.

5.      BlackNurse attack: BlackNurse is the name of a recently discovered network attack that can crash firewalls and routers via ICMP packets, known by most of us as "pings". In this attack, Type 3 ICMP packets with a code of 3 are send to cause a Denial of Service (DoS) state by overloading the CPUs of certain types of server firewalls. The vulnerable firewalls are - some Cisco ASA models, Sonicwall, Palo Alto & Zyxel firewalls. The BlackNurse traffic volume is very small - 40,000 to 50,000 packets per second, which is tiny when compared to the recent 1.1 Tbps DDoS attack on French ISP OVH. The good news is that there are several ways to defend and some of the Vendors have already issued Advisories.

6.      iPhone lock screen hack puts contacts, messages and pics at risk: A new exploit video has been put on Internet, this shows - Hackers can bypass the passcode to access Contacts, Pictures and Messages of a locked phone. All that they need is a physical access to the phone. This vulnerability is across all the current versions of Apple. The Company is likely to patch this in its next release. As this exploit leverages SIRI, one can turn off SIRI till the patch is available.

7.      $5 'Poison Tap' hacks locked computers: A developer has created a $5 device that can hack into an unattended computer even with a locked screen. The tool called Poison Tap can break into a password-protected computer if the user has left an internet browser running in the background. The attacker can then remotely use the victim's web accounts undetected. Samy Kamkar, who has made a YouTube video showing what happens when it breaks into a computer, created the device on a Raspberry Pi microcomputer. As physical access to a machine is required, the best defense is to avoid leaving laptops and computers unattended.

8.      Gone in 70 seconds - Holding Enter key can smash through defense: If a hacker enters a blank password 93 times – or simply holds down the 'Enter' key for roughly 70 seconds – he will gain access to a root initramfs (initial RAM file system) shell. The simple exploit, which requires physical access to the system, exists due to a bug in the Linux Unified Key Setup (LUKS) used in popular variations of Linux.  Exploiting the flaw remotely is also possible. With access to an 'initramfs' environment shell, an attacker could then attempt to decrypt the encrypted filesystem by brute-force. Fortunately, the vulnerability is easy to fix - all that one needs to do is add a command to stop the boot sequence after 'x' number of password attempts.

9.      Password typing fingers can leak passwords: Researchers have found a technique, dubbed 'Windtalker', to exploit a feature called CSI in the WiFi protocol. CSI monitors the general information about the status of the signal. When a user is typing his password (or using keyboard), his fingers are interfering with signal in a certain pattern, which causes the CSI to fluctuate. Analyzing the strong correlation between the CSI fluctuation and the keystrokes, it is possible with 68% accuracy to infer the user’s keystrokes. If the keypad layouts are randomized this attack can be defeated. In Issue 72, we discussed how “Hackers can steal your ATM PIN from your smartwatch or fitness tracker”, using related tricks.

10.   Indian Cybercrime victims refuse to learn from past experience: Consumers in India may be increasingly becoming aware of the cyber threats they face but their online behavior is often contradictory and puts them at risk to ransomware, malware and attacks from cyber criminals. It is also estimated that there are at least 15 ransomware attacks per hour in the country and one in three Indians fall prey to it. In another report based on figures from Ministry of Finance - Top 51 Banks in India have lost ₹485Cr ($71M) between Apr'13 to Nov'16. 56% of the money lost is due to Net-banking thefts and Card cloning.