Tag Archive for: crash

The jig is up: Flipper Zero can no longer crash iPhones running iOS 17.2

/in


flipper zero ios 17.2

December could very well be security month at Apple with the launch of Stolen Device Protection, the shuttering of Beeper Mini, and now, the stealthy fix to a Bluetooth exploit that has been wreaking havoc for iPhone and iPad users since its discovery in September.

Flipper Zero is no match for iOS 17.2

First pointed out by ZDNet, 9to5Mac can confirm that Apple has finally implemented safeguards in iOS 17.2 to prevent Flipper Zero devices from sending nearby iPhones and iPads into never-ending denial of service (DoS) loops.

Out of the box, Flipper Zero is a pretty harmless pen-testing tool. However, since the device is open source, it can be modified with third-party firmware (in this case, Xtreme) that provides a Bluetooth Low Energy (BLE) spam app.

Using a flaw in the BLE pairing sequence, the app can send nearby devices an overwhelming amount of Bluetooth connection notifications, causing them to freeze up and reboot. It’s a process that takes about five minutes, or what I can imagine feels like an eternity for an unsuspecting victim.

With a radio range of about 50 meters (~164 feet), threat actors have reportedly used malicious Flipper Zero devices to pull off undetected DoS attacks on trains, coffee shops, and concert venues.

flipper zero iphone ios 17 bluetooth exploit attack
Flipper Zero device running Xtreme third-party firmware imitating an AirPods pairing request

What could iOS 17.2’s new safeguards be? When running a Flipper Zero against my own devices, I’ve found a few pesky popups still appear before completely stopping. This could point to a new send advertising packets (ADV) request timeout Apple has implemented. However, we may never know.

To update your iPhone or iPad to iOS 17.2, head to Settings > tap General > Software Update.

FTC: We use income earning auto affiliate links. More.

Source…

This Cheap Hacking Device Can Crash Your iPhone With Pop-Ups

/in


As the Israel-Hamas war continues, with Israeli troops moving into the Gaza Strip and encircling Gaza City, one piece of technology is having an outsized impact on how we see and understand the war. Messaging app Telegram, which has a history of lax moderation, has been used by Hamas to share gruesome images and videos. The information has then spread to other social networks and millions more eyeballs. Sources tell WIRED that Telegram has been weaponized to spread horrific propaganda.

Microsoft has had a hard few months when it comes to the company’s own security, with Chinese-backed hackers stealing its cryptographic signing key, continued issues with Microsoft Exchange Servers, and its customers being impacted by failings. The company has now unveiled a plan to deal with the ever-growing range of threats. It’s the Secure Future Initiative, which plans, among multiple elements, to use AI-driven tools, improve its software development, and shorten its response time to vulnerabilities.

Also this week, we’ve looked at the privacy practices of Bluesky, Mastodon, and Meta’s Threads as all of the social media platforms jostle for space in a world where X, formerly known as Twitter, continues to implode. And things aren’t exactly great with this next generation of social media. With November arriving, we now have a detailed breakdown of the security vulnerabilities and patches issued last month. Microsoft, Google, Apple, and enterprise firms Cisco, VMWare, and Citrix all fixed major security flaws in October.

And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

The Flipper Zero is a versatile hacking tool designed for security researchers. The pocket-size pen-testing device can intercept and replay all kinds of wireless signals—including NFC, infrared, RFID, Bluetooth, and Wi-Fi. That means it’s possible to read microchips and inspect signals being admitted from devices. Slightly more nefariously, we’ve found it can easily clone building-entry cards and read credit card details through people’s clothes.

Over the last few weeks, the Flipper Zero, which…

Source…

Microsoft Reveals How a Crash Dump Led to a Major Security Breach

/in


Sep 07, 2023THNCyber Attack / Email Hacking

Microsoft on Wednesday revealed that a China-based threat actor known as Storm-0558 acquired the inactive consumer signing key to forge tokens and access Outlook by compromising an engineer’s corporate account.

This enabled the adversary to access a debugging environment that contained information pertaining to a crash of the consumer signing system and steal the key. The system crash took place in April 2021.

“A consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (‘crash dump’),” the Microsoft Security Response Center (MSRC) said in a post-mortem report.

“The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump. The key material’s presence in the crash dump was not detected by our systems.”

The Windows maker said the crash dump was moved to a debugging environment on the internet-connected corporate network, from where Storm-0558 is suspected to have acquired the key after infiltrating the engineer’s corporate account.

Cybersecurity

It’s not currently not known if this is the exact mechanism that was adopted by the threat actor since Microsoft noted it does not have logs that offer concrete proof of the exfiltration due to its log retention policies.

Microsoft’s report further alludes to spear-phishing and the deployment of token-stealing malware, but it did not elaborate on the modus operandi of how the engineer’s account was breached in the first place, if other corporate accounts were hacked, and when it became aware of the compromise.

That said, the latest development offers insight into a series of cascading security mishaps that culminated in the signing key ending up in the hands of a skilled actor with a “high degree of technical tradecraft and operational security.”

Storm-0558 is the moniker assigned by Microsoft to a hacking group that has been linked to the breach of approximately 25 organizations using the consumer signing key and obtaining unauthorized access to Outlook Web Access (OWA) and Outlook.com.

The zero-day issue was blamed on a validation error that allowed the key to be…

Source…

Researchers ‘Accidentally’ Crash KmsdBot Cryptocurrency Mining Botnet Network

/in


Cryptocurrency Mining Botnet Network

An ongoing analysis into an up-and-coming cryptocurrency mining botnet known as KmsdBot has led to it being accidentally taken down.

KmsdBot, as christened by the Akamai Security Intelligence Response Team (SIRT), came to light mid-November 2022 for its ability to brute-force systems with weak SSH credentials.

The botnet strikes both Windows and Linux devices spanning a wide range of microarchitectures with the primary goal of deploying mining software and corralling the compromised hosts into a DDoS bot.

CyberSecurity

Some of the major targets included gaming firms, technology companies, and luxury car manufacturers.

Akamai researcher Larry W. Cashdollar, in a new update, explained how commands sent to the bot to understand its functionality in a controlled environment inadvertently neutralized the malware.

Cryptocurrency Mining Botnet Network

“Interestingly, after one single improperly formatted command, the bot stopped sending commands,” Cashdollar said. “It’s not every day you come across a botnet that the threat actors themselves crash their own handiwork.”

This, in turn, was made possible due to the lack of an error-checking mechanism built into the source code to validate the received commands.

Specifically, an instruction issued without a space between the target website and the port caused the entire Go binary running on the infected machine to crash and stop interacting with its command-and-control server, effectively killing the botnet.

The fact that KmsdBot doesn’t have a persistence mechanism also means that the malware operator will have to re-infect the machines again and re-build the infrastructure from scratch.

“This botnet has been going after some very large luxury brands and gaming companies, and yet, with one failed command it cannot continue,” Cashdollar concluded. “This is a strong example of the fickle nature of technology and how even the exploiter can be exploited by it.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Source…


[the_ad_group id="27628"]