Showing posts with label internet security. Show all posts
Showing posts with label internet security. Show all posts

Monday, October 9, 2017

Boot Bug in Macs and PC’s

 Mac
Your Mac or Pc could be at risk. Duo security a leading security agency has recently reported that a number of computers could be at risk from sophisticated attacks on personal data stored in computers due to outdated tech.

Many macs were the subject of this research, with many found not to be updating core firmware. This poses a major problem as these computers could be the subject of organized hacking. Although the software, that is operating systems, are being updated on a regular basis especially with prompts given by the computer itself, the basic firmware is not being updated in some computers.

This firmware is known as Extensible Firmware Interface or EFI in short. What it does is to ensure that the computer starts up and runs the main operating system. What it basically means is that it is the foundation for all the rest of the software programs. Of course this is not a problem that relates to only Apple computers but also to windows run computers. Research shows that windows run computers may be even adversely affected due to the fact that computers are made by a range of manufacturers thereby making it difficult to bring all the security for the firmware under a single umbrella or to follow common standards.

Research of more than seventy thousand has showed that some computers could be at risk from a well- resourced and organized hacker such as foreign governments, for espionage purposes. While it may not pose so much of a threat to house users, it could cause serious problems for big players in the field such as government bodies running on outdated versions, banks, top companies and the like.

The boot bug problem is even more serious because of the fact that it does not inform the user of updates to the firmware. Duo security was alarmed to see that so many macs were susceptible to boot bug. They had to go back and double check the results to ensure that they had reached the right conclusions.

How boot bug came into focus is when researchers studied mac computers to see whether they updated firmware when software was updated, which is supposed to be done automatically when software is updated (No prompts are given to the users to update firmware separately) , they found that few computers were not doing the same. At least 4.2% of the computers tested were not being updated. This led to the question as to why this was not happening. Till date no conclusive answer has been reached.

As many as 16 models of Apple macs have been affected by boot bug. Duo security is now providing various tools to be used to identify boot bug in various organizations. Apple has not only appreciated the finding but is also working alongside the security firm to analyze the cause of boot bug. So far both companies are not able to find the answer for such a problem.

Apple has addressed the problem by releasing a feature known as High Sierra which is a software that runs in the background and checks every week to see if firmware is being updated. If this is not happening then the user is informed to contact the company.

Apple said in an interview that it is committed to providing the best security possible to their users and is taking steps to rectify the issue.

Friday, April 28, 2017

iPhone Users Warned About Potentially Dangerous "Siri 108" Prank

Siri 108

Caution – Viral Social Media Campaign 


The police department all across the United States are annoyed over a viral social media campaign which has encouraged iPhone users in saying the number 108 to Siri as a prank, which has gone viral. The police have stated that the scam has been spreading all over Facebook as well as Twitter and when iPhone users tend to test the Siri command `just for fun’, they are in reality tying up phones lines at the emergency call centres.

 If you dial 108 you will hear `calling emergency services in five seconds and within a span of five seconds, you will be transferred to 911. Sergeant Adrian Page with the Lonoke Police Department in Arkansas in a Facebook post which had gone viral with over 1,100 shares, had informed users not to fall for it, since it seems to tie up emergency lines. It has been designed specially as a panic code. The number 108 is in fact the emergency services number in India.

 As reported by sources, Apple desired to make it simple for people to contact emergency services from any location in the world and so telling Siri any emergency number of a country would get the user connected to the service for any location. You could ask Siri to call 911 if one is visiting the U.K. and it would dial 999 for local help.

Phone System Preventing Emergency Calls


The Annapolis Police Department in Maryland had mentioned that this prank has been spreading among Annapolis teens and has the possibility to tie up dangerously the 911 phone system preventing emergency calls from being instantly answered.

They have cautioned users not to fall for this trick. According to the National Emergency Number Association , around 240 million calls are said to be made to 911 each year in the U.S. most of which are made from wireless devices and placing prank call to 911 is said to be an offence.

The Marshall Police Department in Wisconsin had warned recently that this prank is problematic since it tends to use resources which are important for others attempting to receive help in case of genuine emergency conditions.

 The police has informed that essentially, telling Siri to call 108 is not a jest and the same should not be done unless in genuine emergency cases. The police agencies all over the U.S. have been cautioning iPhone users of a probable dangerous viral social media prank.

Users Call Emergency Services From Any Location

Pranksters are attempting to trick users into saying `Hey Siri, 108, prompting the digital assistant to contact emergency services wherein the number in India is equivalent of 911. Siri tends to begin a five second countdown on hearing `108’ enabling the users with the opportunity to terminate the call before it goes through.

 But pranksters who seem to share the trick tell users to `close their eyes and wait for 5 seconds before looking at their phone. Though 108 is said to be the emergency service number in India, Apple has made it that way in order that users can call emergency services from any location they may tend to be in the world, according to CNET.

 Users sharing the trick on social media may consider it as harmless but a similar incident had resulted in the death of a six month old boy wherein the caregiver had called 911 thrice on T-Mobile phone and was kept on hold each time she had called and resulted in the death of the infant.

Wednesday, September 14, 2016

Apple Mac Virus Can Take Screenshots and See Everything You Type

mac

Mac Users Cautioned – Latest Dangerous Virus


Owners of Apple Mac are being cautioned regarding a latest dangerous virus which seems to view all things typed, takes screenshots every thirty seconds as well as accesses all your documents and the videos.Some years back, Flashback malware had broken a security flaw in Java and managed to infect 600,000 Macs, roughly 1% of the user base. Details regarding the same have been posted on the website of Apple.

Thereafter there have been other issues. The KitM.A backdoor application on OS X had taken screenshots of the desktop of user and recently the Rootpipe exploit seemed to be difficult in fixing it. Bogdan Botezatu, Senior E-Threat Analyst of Bitdefender has clarified that `Mac OS X software has more high-risk susceptibilities than all forms of Windows put together.

Apple markets these products as virus-free and states that you do not need an antivirus since they are aware that people hate antivirus software. These utilities often tend to slow down the computer, so they don’t want to promote them’. The Apple Mac virus is a kind of a malware known as Mokes.A which had been discovered by Stefan Orloff from Kaspersky Labs. Same type of malware had also been discovered earlier this year on windows.

Enables Hackers to Remotely Take Control


Since the virus has the potential of seeing what keys have been typed by the user, it tends to give cyber criminals access to passwords, details of bank account together with other personal information. Stefan warns that it also enables the hackers to remotely take control of a breached Mac.

The detection of this unusual OS X malware came up a week after Apple had been forced to release two major security updates for iOS as well as OS X operating systems. Updates had been released after security analysts found out that the hackers could control a device with only a click of a malevolent link.

 Though the devices of Apple are said to be less vulnerable to malware and the viruses than PCs, this is not the first effort that hackers have attempted to target the Mac computers. Mac users had been targeted, earlier in the year in a ransomware attack which could lock their machine till they had handed over payment to the hackers.

Mokes.A Virus – Infect Macs


iPhone users most recently had been continually under attack in an extensive range of phishing attacks. It was unknown how precisely the Mokes.A virus tends to infect Macs; it seems a complex thing for user to know how to defend themselves from it.

Often users are reminded to utilise the anti-virus software and refrain from downloading software, email attachments or any other files from any unreliable source. Users are recommended to always ensure that their operating system is kept up to date. Since several people refrain from using antivirus software on Macs, it tends to get difficult in handling the size of the risk.

Bogdan clarifies that the absence of adoption of antivirus solutions on Mac OS X is evading the truth since malware is not going to get reported. All are aware of the happenings in the Windows eco-system due to this visibility and threat intelligence, but with Mac OS X there is often no antivirus to report back to base’.

Friday, March 4, 2016

Thousands Of Popular Sites' at Risk of Drown Hack Attacks

Drown_Attack

HTTPS Susceptible to Drown Attacks


Researchers on discovering that a new method tends to disable their encryption protection have cautioned websites that they could be exposed to spies. An expert has stated that a third of all computer servers using the HTTPS protocol tend to be represented often by a padlock in web browsers and were susceptible to the so called Drown attacks.

They have warned that the passwords, credit card numbers, emails as well as sensitive documents can be stolen as a result. The issue would be sought though it would take some time for several of the website administrators to protect their systems. A tool that would identify websites which tends to be susceptible has been released by the researchers. They have said that they had not released the code used to prove their theory since there seems to be several servers still susceptible to the attack.There is no evidence yet, that hackers have worked out how to replicate their technique.

An independent expert had commented that he had no doubt that the problem could be real. Prof Alan Woodward from the University of Surrey has stated that `what is shocking regarding this is that they have found a way to use a very old fault which we have known since 1998 and all this was perfectly avoidable.

Computer Server Prone to Attack Supporting Encryption SSlv2


It is the outcome of having used deliberately weakened encryption that people broke years ago and is now combing back to haunt us. Researchers, cyber-security experts from universities in Israel, Germany and US, together with member of Google’s security team have discovered that a computer server can be prone to attack by just supporting 1990s-era encryption protocol SSLv2 – Secure Sockets Layer version 2, even if it employs a day-to-day more modern encryption standards to scramble communications.

Older email servers, in practice, could be more likely in having this problem than the latest computers naturally used to power websites. However, several of the organisations tend to reuse encryption certificates and keys between the two sets of servers. Researchers have dubbed the flaw Drown, which is an acronym for decrypting the Rivest-Shamir Adleman – RSA process with obsolete together with weakened encryption.

Careless Server Configuration


They wrote that operators of vulnerable servers should take action. There is nothing practical which browsers or end-users can do on their own to protect against this attack. The SSLv2 procedure had been weakened deliberately since at the time of its development, the US government needed to attempt to restrict the availability of tough encryption standards to other countries.Prof Matthew Green from Johns Hopkins University had blogged that the problem is while clients such as web browsers have done away with SSLv2, several servers tend to support the protocol.

 In most of the cases, it is the outcome of careless server configuration. In others, the fault lies with inferior obsolete embedded devices which have not seen an update of software in years and possibly never will. A considerable amount of computational force would be needed to mount a successful attack on a website.

 However, researchers have stated that under normal situations, hackers tend to rent the needed capacity from Amazon’s cloud compute division for a sum of $440. Besides this, since several of the servers seem to be in danger to Drown had also been affected by separate bug, a successful attack could be carried out utilising a home computer.

Tuesday, October 6, 2015

Over a billion Android Devices Vulnerable to Latest Stagefright Bug

Stagefright_Bug

Billion plus Android Devices at Risk – Stagefright


According to security experts, over one billion Android devices are considered to be at risk from new vulnerability known as Stagefright 2.0.This vulnerability had been discovered by a team of researcher at Zimperium, which is a mobile security firm and is considered to affect almost all Android devices from the first version in 2008.

 The new bug had been discovered in Google’s mobile operating system that enables attackers to insert malicious code in deviceto retrieve information when a use accesses a particularly crafted MP3 or MP4.The attack is on the vulnerability in MP3 and MP4 video files which once opened tend to remotely execute code. This could comprise of installing malware, get hold of data for identity fraud or to access photos as well as messages.

 Due to the nature of the vulnerability, it would be difficult to tell if a device has been affected. First Stagefright bug is said to leave device susceptible to exploitation with the video sent through MMS that are utilised as an avenue of attack. Since several messaging apps tend to process the videos automatically, there are possibilities of being targeted without being aware of it.

Stagefright 2.0 - Dangerous


Speculations are on that Stagefright 2.0 could also be quitedangerous. Stagefright 2.0 tends to utilise similar avenues in exploiting the weakness, by using MP3 audio of MP4 video files which when opened, the malicious files tends to activate a remote code execution – RCE, providing scope for hackers with the capabilities of remotely executing activities on the device.

This could comprise of media player or messengers besides mining data for identity fraud, installing malware and much more. There are various ways by which a user could be attacked. At first a hacker would try convincing a user to visit a malicious webpage and view music or a video file which would provide the hacker with an opportunity of hacking a user.

 Moreover they could also intercept unencrypted traffic from the device and another server which is known as a man-in-middle attack for the purpose of inserting the malicious code in the file which is to get transferred.

Susceptibility is in Processing of Metadata in Files


According to Zimperium in a blog post recently has mentioned that `the susceptibility is in the processing of metadata in the files and hence only viewing a song or a video would help to activate the issue’. Zimperium had also notified the Android Security Team of the problem. Google had mentioned in Nexus Security Bulletin that `vulnerability in media-server would enable an attacker during media file and data processing of a specially crafted file to cause memory corruption and probably remote code execution as the media server process.

The issue is considered as Critical severity due to the possibility of remote code execution as the privileged media-server service. The media-server service has access to audio and video streams together with access to privileges which are normally not accessible to third party apps. Attackers at this point of time are still assumed and users are not yet subjected to the bug.

Google has informed that the vulnerability handled in its monthly security and a fix is likely to be issued in its monthly security update for Android in October with patches for other phones in the pipeline. Besides this Google has also made provision for patches to LG, HTC, Huawei, Samsung and Sony wherein the companies would probably roll out over the next month.

Monday, September 7, 2015

Chinese iPhone Users Hit by 'KeyRaider' Malware

Keyraider
iPhone had commanded a safe and sound to be true a secure history in its eight years of history. It happens to be the most secure smartphone till now. Most of the people resort to jailbreak the iPhone in order to download mobile apps from other online play stores. This seriously limits the security level by removing the system security features, which are made available on the iPhone by Apple. A malicious software had been successful in stealing a wide number of login names and passwords from more than 225,000 Apple accounts in China.

A security firm finds a rogue malware in iPhone devices

A security firm named Palto Alto Networks was investigating the suspicious activity found a wide number of Apple devices. During the investigation, it came across a malicious software family, which was specifically targeting the Jailbroken Apple iPhones devices for some time.

This malicious software is being KeyRaider and it has affected a large number of iPhone users in China along with 17 other nations.

How KeyRaider affected the iPhone users?

Once an iPhone user downloads and install the malware which remains hidden in the packages of codes and it offers a number of tweaks to the iPhone’s operating system. The Keyraider is designed in s such a way wherein it can easily intercept the user’s iTune’s login details and then store the same data on a remote server.

After stealing the user’s iTunes payment information and other details, attackers use it to install paid apps on other iOS devices. Palo Alto Networks had even found a separate app, which allows the users to install paid apps from the Apple app store of cost and till now this app has been downloaded more than 20,000 times. The payment from this free app is being done by the KeyRaider’s victims.

How serious is this attack?

For most of the iPhone users KeyRaider is not a big issue as long as they install only those apps, which are approved by the Apple’s app store. It should be noted that most of the iPhones are not Jailbroken but users who had already jailbroken their devices should certainly worry about the KeyRaider as it can easily steal their lognames and passwords and other things.

People who had already suffered from the damage of KeyRaider will find themselves being charged for someone else’s stolen iPhones apps. The security firm had even stated that in some cases it found evidence wherein malware was used in locking up the phone and asking for ransom.
Beware of third-party app stores
Apple devices are third most popular brand in China after the Huawei and Xiamoi as per the reports by IDC. Apple app store has a wide number security checks in place, which helps in thwarting the malicious apps from listing in the store and helps in safeguarding the iPhone users. But the third party app store doesn’t offer similar kind of security checks and controls in place which results in the distribution of malicious software.

Tuesday, January 20, 2015

Apple Laptops Vulnerable To Virus That 'Can’t Be Removed


Thunderstrike
Thunderstrike – Malicious Code in Boot ROM 

Security researcher has discovered a way to install malicious code on a small chip built in Apple laptop which would resist any attempt in removal of it and even replacing the entire hard disk will not be capable of deleting it.

 The attack named, `Thunderstrike’ installs the malicious code in the Boot ROM of the system through the Thunderbolt port. Thunderstrike is undetectable and would need an attacker to get access to a machine for a few moments and since it is new, no security software would be on the lookout for it. Trammel Hudson working for New York hedge fund Two Sigma Investments noted the discovery when his employer asked him to check into the security regarding Apple laptops.

He wrote a comment in an annotated version of a talk given at the 31C3 conference stating that they were considering deploying MacBook and was asked to use his reverse engineering experience to look into the reports of rootkits on the Mac. The first step he took was in dismantling one of the laptops in order to gain access to the boot ROM which is a small chip containing the code that enables the computer to operate when switched on, before the main operating system is loaded.

Bootkit – Difficult to Delete

The malicious code could be hidden in this ROM and unlike other normal virus residing on the hard disk, this particular one cannot be deleted which is known as bootkit. The code could be used to do anything, an attacker would desire, from covertly probing the user to leaking sensitive data that is available on the machine.

 Researchers, though earlier have observed that modifying the contents of the ROM in Apple laptops causes the computer being completely unusable and as security measures, one should look for any changes and shut down if they come across anything. Hudson was of the opinion that these security measures could always seem to be `doomed to fail’ or `futile’ since anyone getting access to the contents of the ROM could also get access to the code which checks the ROM for changes.

On the contrary, he states that there should be some unchangeable hardware chip which could perform these checks. It was also observed that the attack could be done without the need of physically taking the machine apart in order to get the chip, which can be done by using the Thunderbolt port and theoretically any device, a monitor, printer or hard disk could be utilised in stalling malicious code by plugging it in some simple steps.

Partial Fix - By Apple

Hudson informed that Apple is planning a `partial fix’, as a firmware update would stop the ROM from being overwritten with malicious code in certain situations, though not all, like when a machine is being rebooted with a malicious Thunderbolt device plugged in. He had approached the company regarding the flaw in 2013.

His suggestion to prevent the attack is to overwrite the ROM with their own code which would disable any remote attacks through the Thunderbolt port and then paint over the screws on the laptop with nail varnish to detect any unauthorised physical access to the ROM. This measure however is time consuming since it is out of reach to all but only to the most advanced security experts.




Friday, November 7, 2014

Apple Malware Affects Chinese Users


Malware
New Type of Malware - WireLurker

A new type of malware has been discovered by Palo Alto Networks which can infect Apple desktop and mobile operating systems, highlighting the increasing attacks on iPhones as well as Mac computers.

The malware tends to target Mac computers through a third party store before it can copy itself to iOS devices and researchers warn that the malware steals information and is capable of installing other damaging apps.

`WireLurker’ as it is called, is unlike anything that is seen with regards to Apple iOS and OS X malware, according to Ryan Olson, Intelligence director of Palo Alto Network and `the technique in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best known desktop and mobile platforms’.

 It also has the potential to transfer from an Apple Mac computer to mobile devices with the use of a USB cord on regular, non-jail broken iOS devices and hop from infected Macs to iPhone.

Attackers – Chinese

Recent statement from Palo Alto Networks report that it has seen indication that the attackers were Chinese and the malware originated from Chinese third party apps store and seemed to affect users in the country.

As per the security firm, the malware can steal a variety of information from mobile devices, it infects and regularly request updates from the attacker’s control server. The company states that it is under active development and its creator’s final goal is not known.

It was first noticed by Palo Alto Networks in June when a developer Tencent a Chinese firm, realised that there were suspicious files and processes occurring on his Mac and iPhone and on further inquiries it was revealed that a total of 467 Mac programs listed on the Maiyadi App Store had been compromised to be included in the malware where they were downloaded 356,104 times till 16th October.

The software that was infected was popular games inclusive of Angry Birds, Pro Evolution Soccer 2014, The Sims 3 and Battlefield – Bad Company 2.

Communicates with Command & Control Server

The malware spreads via infected apps that are uploaded to the apps store which in turn were downloaded on Mac computers. Once the malware gets on the Mac, it communicates with a command and control server to check if there is a need to update its code, waiting till an iPhone, iPad or iPod is connected.

If an iOS device is connected, the malware checks it was jail-broken which is a process utilized by some in order to remove some of Apple’s restrictions and if jai-broken, WireLurker then backs up the device’s apps to the Mac, and repackages them with malware, installing the infected versions back on the iOS machine.

If it is not jail-broken, in the case of most of the iOS devices, WireLurker takes advantage of the technique which has been created by Apple to enable businesses to install special software on their employee’s tablets and handsets.

 To reduce the risk of attack, Palo Alto Network have suggested the following: not to download Mac app from third party stores, not to jailbreak iOS devices, not to accept request for new `enterprise provisioning profile’, unless it comes from an authorised party for instance the employer’s IT department, not to connect the iOS device to unreliable computers and accessories to either copy information or charge the machines.

Tuesday, August 26, 2014

5 ways to increase security and privacy of your iPhone, iPad and Mac

Apple products are known for not just their simple yet awe inspiring designs but also the hardware mechanism that makes them such useful devices. The Apple product owners have from little to no reasons to complain and have been fully satisfied as far as the product performance is concerned. However, with the number of users increasing exponentially, it is only a matter of time when someone will be able to hack into the Fort Knox of devices. This is the reason why you as an end user should pay greater attention to the security of your iPhone, iPad and Mac.

Even though Apple makes its products more and more convenient with each upgrade, it is the responsibility of the end user to ensure its complete safety and maintain its privacy. Depending upon the sensitivity of the data on your device, you can toggle the settings on your phone and monitor the security arrangements. The idea is not make the phone so impenetrable that even the user gets nightmares while trying to get inside their device. However, the security and privacy tips will only make sure that breaking into your phone or device is extremely unattractive to the thieves or pranksters who can be dissuaded from their antics by just looking at the layered security.

Use a reasonably strong Pass Code 

The latest iPhone 5S has a biometric system which is unbeatable when it comes to identifying its true owner. However, for any other devices, the owners can use reasonably tough pass codes to unlock their phones. They should be hard to guess but not something you can’t easily memorize. iPhone 5S users can also use stronger pass codes rather than using the biometric unlocking system for added security.

Turn off Personal Notifications on the locked screen

While it is very simple to quickly gaze at notifications on the home screen, it can also be very unsafe if your phone is in the hands of anyone other than you. Your pass code lock will defeat the whole purpose if people can read your personal notifications even when the phone or the device is locked. It is better to turn off the notifications on your home screen when the screen is locked so that no one but you can read your private messages.

Go for 2-tiered security layer

This might seem a little over the top to add to layers of security on your Apple device. However, considering the sensitivity of the data we have on our phones these days, it seems like a very small level of security. All it takes is add another layer of password on the apps to get the added security. You can make your device twice as strong by just introducing another level of pass code.

Keep your web browsing private

If you do not wish your web browsing history to be tracked or recorded, you can use the private browsing feature of safari. You can also enable the private browsing from the bookmarks, tabs etc which makes it easier and more convenient. Also, if you are on the network that you do not trust and are using the browsing for personal and sensitive information then you can also gain access to the VPN service that will keep your data private. Needless to mention that with all the browsing that happens on internet enabled devices, you must also secure your devices with a reliable piece of antivirus software like Bitdefender Antivirus for Mac that will deter any hacker from trying to hack into your device.

Delete the Web History Data

If you have not used private browsing by Safari and now want to remove the data from your device, you also have the option of wiping your device clean and start afresh.