Looking back at October 2015

Jan Kopriva — Wed, 11 Nov 2015 21:14:53 +0100

October was named European Month of Cyber Security and because of that, many events intended to raise cyber security awareness (such as Security Fest in Prague) were held during the 30 day period. Unfortunately, October has seen just as many new developments on the proverbial “dark side” of cyber security.
One of these was a widely followed theft of personal data (including credit card numbers) of up to four milion customers of a British telecommunication service provider TalkTalk. Russian hacker group has claimed responsibility for the attack, however the end of the month has seen arrest of a small number of young men in Great Britain in connection with the theft.
The Stagefright vulnerability in the Android operating system has seen a new development with the discovery of a new vulnerability dubbed Stagefright 2.0. The vulnerability is due to a fault in a code used for accessing multimedia files and enables a potential attacker to execute arbitrary code on the affected device. According to some sources, the vulnerability might affect up to one bilion devices. Google has already published a patch for Stagefright 2.0, however since an update can not be provided for all Android-based devices, the vulnerability might provide to be an interesting vector of attack in the future.
A good final topic for “Looking back” dedicated to European Cyber Security Month might be the discovery of a new “malware” named Linux.Wifatch. It spreads by usual network vectors to vulnerable devices running Linux operating system and changes their configuration in a way which makes them harder for other malware to attack. The interesting point is that Wifatch performed no malicious actions on infected devices, as is documented by an interview with its authors.

Looking back at August 2015

Jan Kopriva — Tue, 08 Sep 2015 17:06:42 +0100

One of the most important information related to cyber security pertains to August release of a patch for the Stagefright vulnerability, to which almost all versions of the Android OS from versions 2.2 to version 5.1 are vulnerable. The existence of Stagefright had been made public at the end of July and it is estimated that vulnerable device number in hundreds of millions. The vulnerability enables the attacker to cause arbitrary code execution by sending a specially crafted MMS. The released patch has unfortunately been shown to be incomplete, the result of which is that even updated devices are still vulnerable.
Another interesting vulnerability which also affects a mobile platform (in this case iOS) is called Ins0mnia. The vulnerability enables malicious applications to circumvent OS security controls and run in the background without users knowledge (and – for example – collect sensitive information). Ins0mnia affects even non-jailbroken devices and has been patched in the iOS 8.4.1 update.
One further August news story has been connected to Apple products – creation of the Thunderstrike 2.0 proof-of-concept worm which is able to infect firmware of Macs. Given the location of infected memory, it is highly problematic to detect the infection from the OS and removal of the worm requires firmware to be re-flashed.
Another newly discovered (however 18 years old) attack vector also exploits vulnerability connected to computer hardware. A vulnerability in Intel x86 processors enables an attacker to install rootkit into memory location used by SMM (System Management Mode – a privileged mode used outside of normal OS execution).
One final interesting news comes from the Czech Republic and concerns signing of a sectoral agreement about cyber security education between commercial and governmental entities.

Android on Untrusted Network

Looking back at October 2015

Looking back at August 2015