Stagefright Security patch leaves more than 950 million Android devices vulnerable hacked by a text- CVE-2015-3824

Stagefright_vulnerability

Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824) The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to […]

Share Button

Chevrolet Corvette can be hacked by using a text message via tracking dongle( insurance dongle)

2016-Chevrolet-Corvette-hacked

  Researchers from University of California, San Diego have demonstrated to hack Corvette by sending specially crafted SMS messages to a tracking dongle plugged to the car’s OBD-II (On-Board Diagnostics port). In a youtube video ( below) demonstrating the exploit, the researchers operated the windshield wipers,  applied and deactivated the brakes at lower speeds. ( Dongle is a […]

Share Button

Android serialization vulnerability (CVE-2015-3825) gives super user status to a underprivileged user

Android-vulnerability

IBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825.  This basically means Android versions 4.3 and newer are vulnerable to this vulnerability. An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super […]

Share Button

Android’s Certifi-Gate remote access securit vulnerability exploited in the wild – Checkpoint

Android-PC_malware

Last week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain  privileged access rights, even if your device is not rooted . The vulnerability is in the authorization […]

Share Button

Android Bug can trap your phone to Endless Reboot – CVE-2015-3823

Android McAfee

Researchers from McAfee have discovered a new vulnerability that can allow an attacker to perform DoS attack on Android media-server program. When the malicious app is set to restart, this can trap the Android device in a loop making the device unusable. This can drain all the battery as well. This affects Android 4.0.1 Jelly […]

Share Button

United Airlines got hacked and lost millions of travelers information

Pic Courtesy : Arun Hegde

As per United Airlines, a group of hackers from China were responsible targeting United Airlines network and stealing  customer information. United Airlines experienced a cyber attack on its network during the month of June as per Bloomberg reports, citing sources familiar with this matter. “The hackers who stole data on tens of millions of U.S. insurance […]

Share Button

Remote Code Execution vulnerability on Google store allows Hackers to remotely install malware apps on your Android Device

Android-PC_malware

Researchers from Metaspolit have discovered a major flow on devices running Android 4.3 (Jelly Bean) & prior versions that no longer receive official security updates from Android security team for WebView. Webview is one of core component for Google store. Attackers can easily install the malware app and perform malicious actions. Due to a lack […]

Share Button

Adware found in Google play Apps infects Milions of Android Users

Android-PC_malware

Malware on Android is not new anymore but this time adware has taken over Google play with approx 10 million  downloads. Avast researchers have identified three apps that might have millions of downloads. The  apps identified are “Durak card game app”, “IQ Test” app and “Russian History” app from three different developers performing the same […]

Share Button

Fake Instagram Desktop app offers Image Viewer

Instagram

With the advent of Instagram’s popularity, an entirely new opportunity for hackers and creators of malware has arisen. A popular fad among Instagram’s users is to use outside developer’s software in order to view and save photos off of the image site. Instagram has now surpassed Twitter in number of users, which means that there […]

Share Button

1.3 million customers have their personal data stolen – Orange telecom company hacked again

Orange-sign

The French phone company Orange has been the victim of a hack that risks the personal information of 1.3 million customers. That’s 1.3 million people’s names, phone numbers, e-mails, dates of birth, and more accessed by cyber criminals. Perhaps most shocking is the fact that this hasn’t happened once– but twice this year. Orange was […]

Share Button
Prev 1 2 3 4 5 6 7 8 9 10 Next

Stagefright Security patch leaves more than 950 million Android devices vulnerable hacked by a text- CVE-2015-3824

Stagefright_vulnerability

Pic from Exodus

Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text

The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824)

The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to 5.1 version are vulnerable which is estimated around 950 millions around the world.

Exodus Intelligence security researcher Mr.Jordan Gruskovnjak analysed the patch from Google and still found that the patch did not address the issues completely. This was later discussed during Blackhat and Defcon which gave more of an attention.

On the exodus blog, they further state that “We notified Google of the issue on August 7th but have not had a reply to our query regarding their release of an updated fix. Due to this, as well as the following facts, we have decided to notify the public of our findings here on the Exodus Intelligence blog. “ Details available here

The firm notified Google 120 days ago but Google doesn’t seem to have taken this seriously which leaves the entire eco system of Android vulnerable. Till we have communication from Google uses are left in the dark.

Video Demo is available below

Share Button

Chevrolet Corvette can be hacked by using a text message via tracking dongle( insurance dongle)

2016-Chevrolet-Corvette-hacked

2016-Chevrolet-Corvette-hacked. PIC form metroweekly.com

 

Researchers from University of California, San Diego have demonstrated to hack Corvette by sending specially crafted SMS messages to a tracking dongle plugged to the car’s OBD-II (On-Board Diagnostics port). In a youtube video ( below) demonstrating the exploit, the researchers operated the windshield wipers,  applied and deactivated the brakes at lower speeds.

( Dongle is a small device also called as a telematic control unit which is lately used by insurance companies to track user driving behavior. 

We acquired some of these things, reverse engineered them, and along the way found that they had a whole bunch of security deficiencies,” says Stefan Savage, the University of California at San Diego computer security professor who led the project.

This technique was used wirelessly  hack into any of thousands of vehicles through a tiny commercial device: A 2-inch-square gadget that’s designed to be plugged into cars’ and trucks’ dashboards and used by insurance firms and trucking fleets to monitor vehicles’ location, speed and efficiency. – weird reports

“TCUs can be divided into those sold and integrated by the OEM itself (e.g., such as GM’s On-Star, Ford’s Sync, etc.) and those that serve the aftermarket (e.g., Progressive Snapshot’s, Automatic Lab’s Automatic, Delphi’s Connect, etc.),” the researchers explained in a paper.

The researchers primarily  concentrated on one particular device, made by French company Mobile Devices and used in the US by a numerous insurance and transportation companies to track and monitor vehicles.

Video Displays the actual hack

Currently lot of insurance companies provide the dongle and promise to provide discount based on  driving behavior. Without right security in place those dongles can cause serious damages to the user if right preventative measures are not taken to secure the dongle. Hence customers must stay away from such dongles.

Share Button

Android serialization vulnerability (CVE-2015-3825) gives super user status to a underprivileged user

Android-vulnerabilityIBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825.  This basically means Android versions 4.3 and newer are vulnerable to this vulnerability.

An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super app/user and help the attacker to own the device,” said Or Peles, security researcher at IBM’s X-Force application security research team.”

Security experts have demonstrated that the vulnerability can be used to replace legitimate apps installed on the targeted Android device with malicious apps, steal data from installed applications, change the SELinux policy and, in some cases, load malicious kernel modules.The flaw in OpenSSLX509Certificate class in Android can be exploited by an app to compromise the system_server process – and gain powerful system-level access on the device.”

A document about this vulnerability is available here

IBM Demo for this vulnerability

 

Share Button

Android’s Certifi-Gate remote access securit vulnerability exploited in the wild – Checkpoint

android_malware_bootkitLast week Check Point discovered Certifi-Gate-based vulnerability which could take complete control of Android devices. This serious security vulnerability has made millions of Android devices vulnerable and are open in the wild.The mRTS plugin allows malicious applications to gain  privileged access rights, even if your device is not rooted .

The vulnerability is in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugins.  Many Android manufacturers pre install mRST on their phones to help users for team viewer.

Google kind of washed its hands and this is what was told by Google spokesman. “We want to thank the researcher for identifying the issue and flagging it for us. The issue they’ve detailed pertains to customizations OEMs make to Android devices and they are providing updates which resolve the issue.”

Bashan, researcher from Checkpoint said that it’s possible for an app that exploits the vulnerability to get through the Google Play verification service because the app can look perfectly legit while its associated plugin could lead to the device being compromised.

Checkpoint has provided a detailed report and a scanner to verify http://www.checkpoint.com/resources/certifigate/

How to prevent from this vulnerability ?

Checkpoint has an app to detect if an Android device is vulnerable to Cert-Gate vulnerability.

Full demo from The Hacker News on youtube below

Share Button

Android Bug can trap your phone to Endless Reboot – CVE-2015-3823

Android McAfeeResearchers from McAfee have discovered a new vulnerability that can allow an attacker to perform DoS attack on Android media-server program. When the malicious app is set to restart, this can trap the Android device in a loop making the device unusable. This can drain all the battery as well.

This affects Android 4.0.1 Jelly Bean to 5.1.1.Lollipop. As per the reports more than 89% of the Android users are impacted by this attack. As per McAfee “One can render devices silent while the other, Stagefright, can be used to install malware through a multimedia message.”

Hackers can trigger the flaw causing an Android powered device to endless Reboot, also in this case the bug resides in the ‘mediaserver’ built-in program like the Stagefright flaw.

McAfee further explains :

“To get inside the device, attackers lure Android device owners to either install a malicious app or go to a malicious site that contains a malformed media file, which ends up in one of the following:

1. Once the malformed .MKV file is introduced into mediaserver via the app, the function will fall into an endless loop beyond the user’s control. The whole system will have to slow down until the system reboots or the battery is drained.
2. If the user is lured to a malicious site with the .MKV file, the mediaserver function will also enter an endless loop and experience the same issues once the user hits “Play.”
The vulnerability is caused by an integer overflow in parsing .MKV files, which causes the device to fall into an endless loop when reading video frames. ”

http://blog.trendmicro.com/trendlabs-security-intelligence/android-mediaserver-bug-traps-phones-in-endless-reboots/

http://blog.trendmicro.com/trendlabs-security-intelligence/android-mediaserver-bug-traps-phones-in-endless-reboots/

http://blog.trendmicro.com/trendlabs-security-intelligence/android-mediaserver-bug-traps-phones-in-endless-reboots/

Share Button

United Airlines got hacked and lost millions of travelers information

Pic Courtesy : Arun Hegde

Pic Courtesy : Arun Hegde

As per United Airlines, a group of hackers from China were responsible targeting United Airlines network and stealing  customer information. United Airlines experienced a cyber attack on its network during the month of June as per Bloomberg reports, citing sources familiar with this matter. “The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time” — United Airlines.

The information includes customer information  like geo location , legal names and address of customers. With Anthem breach it may be easier to line both the hacks which can help determining military passengers. – said UA

Even Bloomberg suspected that the recent security-clearance records from OPM combined with insurance records from Anthem and travel records from United Airlines could be used to target American defense. Although purpose of the breach is not yet known and no significant evidence has been found from any of the investig

Video :

Share Button

Remote Code Execution vulnerability on Google store allows Hackers to remotely install malware apps on your Android Device

Android-PC_malwareResearchers from Metaspolit have discovered a major flow on devices running Android 4.3 (Jelly Bean) & prior versions that no longer receive official security updates from Android security team for WebView. Webview is one of core component for Google store. Attackers can easily install the malware app and perform malicious actions.

Due to a lack of complete coverage for X-Frame-Options (XFO) support on Google’s Play Store web application domain, a malicious user can leverage either a Cross-Site Scripting (XSS) vulnerability in a particular area of the Google Play Store web application, or a Universal XSS (UXSS) targeting affected browsers, to remotely install and launch the main intent of an arbitrary Play Store provided Android package (APK).”

Hence anyone who also installed aftermarket browsers are susceptible for this attack.In the pool of vulnerable versions, users who are habitually signed into Google services, such as Gmail or YouTube or others are at huge risk.

Metaspolit further states that ” The Metasploit module combines two vulnerabilities to achieve remote code execution on affected Android devices. First, the module exploits a Universal Cross-Site Scripting (UXSS) vulnerability present in versions of Android’s open source stock browser (the AOSP Browser) as well as some other browsers, prior to 4.4 (KitKat). Second, the Google Play store’s web interface fails to enforce a X-Frame-Options: DENY header on some error pages, and therefore, can be targeted for script injection. As a result, this leads to remote code execution through Google Play’s remote installation feature, as any application available on the Google Play store can be installed and launched on the user’s device.”

 

Share Button

Adware found in Google play Apps infects Milions of Android Users

Android-malwareMalware on Android is not new anymore but this time adware has taken over Google play with approx 10 million  downloads. Avast researchers have identified three apps that might have millions of downloads. The  apps identified are “Durak card game app”, “IQ Test” app and “Russian History” app from three different developers performing the same adware installation.

Durak card game app alone has 5 to 10 million installs, and the combination of all the three apps have more than 15 Million installs, according to the data on Google Play Store.

 The scareware tricks the user to install app  with a warning message “WARNING!! YOUR DEVICE IS INFECTED”
Once this app is installed on users android phone, the app display adware(ads) disguised as warning messages to end users when they use their Android smartphones, as per the Avast blog blog post .

When you install Durak, it seems to be a completely normal and well working gaming app,” says Avast researcher Filip Chytry. “This was the same for the other apps, which included an IQ test and a history app. This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device.

The researcher saw different kinds of behavior and one of them was prominent. After  30 days users saw sudden increase in ads frequency appearing on infected android smartphone.  Every time when a user unlocked their device they would see the ads which often said their phone is infected or needs a update. If the user choose to approve the message then users were either signed up for premium SMS or install apps to collect user information.

 Surprisingly some ads even pointed to legitimate security websites or Google play which was hinting of social engineering. Either case the malicious app was one of its kind and combined of all 3 apps there were approx 15 million downloads out of which Durak had around 10 million.
Share Button

Fake Instagram Desktop app offers Image Viewer

InstagramWith the advent of Instagram’s popularity, an entirely new opportunity for hackers and creators of malware has arisen.

A popular fad among Instagram’s users is to use outside developer’s software in order to view and save photos off of the image site. Instagram has now surpassed Twitter in number of users, which means that there are more people out there vulnerable to these schemes than ever before. How do these Potentially Unwanted Programs– or PUPs, as they’re called in tech jargon– work, and how do you avoid getting duped by them?

“The bundle” is never a good deal.

Much like how some telecom companies offer bundle deals with a lot of hidden baggage and fees, bundling software is the number one way for these potentially unwanted programs to find their way onto unassuming consumer’s computers and devices.

Basically, you may see a bit of software that looks cool– and when you download it, it comes with other programs cleverly hidden in the installation. Sometimes, these are shown in the install wizard if there is one– but only as very small check boxes with limited descriptions that can easily be missed if you’re in a hurry and happen to be the trigger happy type when it comes to the “next” button. Usually, there will be a check box and a mention of some “great” software that has been included (free of charge!) that’s in smaller text than everything else on the screen in wizard. More often than not though, these things will be attached and installed without giving you the courtesy of a choice in the matter.

Discretion isn’t always enough.

Sometimes, these malicious programs simply come with a neat-sounding name with Instagram in it and no other frills. They are disguised as these image viewing and image saving/downloading apps and programs. Everything about these Potentially Unwanted Programs is geared towards one thing: tricking users into downloading and running them. Even worse is the fact that some of these programs can be even more potentially dangerous to you and your information than the typical phishing websites out there. The harmful programs detected have ranged from just plain annoying to trojans and more harmful malware.

In the end, the best thing to do is try to use your best judgment when downloading these types of programs. Also, make sure you have a good, up-to-date anti malware program installed on your machine. If you do decide to download and use one of these types of programs, make sure that you keep an eye out for those sneaky extra programs that might be included in an installation; slow down and read everything in the install wizard carefully, and if it mentions installing something extra that isn’t the program you wanted, make sure you uncheck that box!

bundled_instagram

 

 

 

 

 

 

 

 

 

 

Here are some of the programs out there that the people at antimalwarebytes found to contain PUPs that carried harmful software in the form of trojans and malware:

  • File name: instagramdownloader-1.0.0.0.exe
  • SHA256: d6495ffb6a0c388ae4d5b81c16ef4bdaee4604491b21d857d0955378336d4c84
  • Detected as: PUP.Optional.OpenCandy (13/51)
  • File name: instagramdownloader-1.0.0.0.exe
  • SHA256: d6495ffb6a0c388ae4d5b81c16ef4bdaee4604491b21d857d0955378336d4c84
  • Detected as: PUP.Optional.OpenCandy (9/51)
  • File name: free-instagram-downloader-230-32-bits.exe
  • SHA256: d65fd9b672bfc1093df20f0b9a7c6f812426c7b45085d04137d07b4a794830ba
  • Detected as: PUP.Optional.InstallCore.A (12/52)
  • File name: Setup_Instagram_Hacker.exe
  • SHA256: ba2211beec48e3ea3e56b2e6374901133829c9451edb17a013cf0e3dadc4b37b
  • Detected as: Trojan.Hacktool.Agent (7/52)
  • File name: instagram-downloader-20-32-bits.exe
  • SHA256: 7a855afccb23dedbb722b322d960b70ff63aa1c4dcdacf7c8c65a6f60748c829
  • Detected as: PUP.Optional.InstallCore (12/51)
  • File name: Instagram_Downloader-2.3.0.exe
  • SHA256: 31538a48a02049d75facecec8d0ba028cbbe0e8e6918dab61346e7cdf926f62f
  • Detected as: PUP.Optional.OpenCandy (13/51)

Sources:

http://blog.malwarebytes.org/security-threat/2014/05/more-pups-sighted-using-instagram-as-lure/

http://www.tomsguide.com/us/fake-instagram-pups,news-18748.html

Share Button

1.3 million customers have their personal data stolen – Orange telecom company hacked again

Orange-sign

The French phone company Orange has been the victim of a hack that risks the personal information of 1.3 million customers. That’s 1.3 million people’s names, phone numbers, e-mails, dates of birth, and more accessed by cyber criminals. Perhaps most shocking is the fact that this hasn’t happened once– but twice this year. Orange was aware of the breach on April 18th, but waited until May to inform the customer base; and to make sure that the security failures used by the hackers were cleared up and fixed.

The first security breach was announced to the public in early February. In this attack, the hackers were able to access the “My Account” section of over 800,000 Orange customers in order to lift information.

Now, things like e-mails and phone numbers aren’t as sensitive as other types of information that could have been taken (such as credit card numbers and payment information– yikes!), but this type of information can still be used to harm the people it has been stolen from. This type of data can be sold on the underground market, and it can be used to orchestrate precision targeted phishing attacks. The stolen data can make it much easier for hackers to fake e-mails, making them appear as though they have come from the officials at Orange in order to mine even more sensitive information from the people whose data has been compromised.

Of course the telecommunication company says that security is one of its biggest concerns. For the CEO, Stéphane Richard, this must be especially embarrassing. Just last October, the company released a blog post about their dedication to information security. More than once, the CEO has made it clear that he has a very serious stance on this and yet as we can see, the holes were definitely there.

All of this news comes on the heels of other data breaches with some large U.S. companies as well, such as the mega retailer Target and Michael’s craft stores, begging the question: How can companies better foresee and patch up these holes in their defense before the cyber criminals find the holes for them?

Sources:Orange official blog-

http://live.orange.com/en/exclu-leweb-stephane-richard-proteger-les-donnees-de-nos-utilisateurs-cest-capital/

http://live.orange.com/en/wf13-vie-privee-numerique-comment-proteger-son-identite-en-ligne/

Share Button
Page 1 of 13123456»10...Last »

Monthly Newsletter

MobileSecurity Threat email subscription