Tag Archive for: explained

A ‘hacking campaign’ against Android phones, explained

/in


Amnesty International revealed this week that its Security Lab has uncovered a “sophisticated hacking campaign by a mercenary spyware company.” They say it has been running “since at least 2020” and takes aim at Android smartphones with a number of “zero-day” security vulnerabilities. (A “zero day” vulnerability is an exploit that is previously undiscovered and unmitigated.) 

Amnesty International disclosed the details of the campaign to Google’s Threat Analysis Group, so it—as well as other affected companies, including Samsung—have since been able to release the necessary security patches for their devices. 

Amnesty International’s Security Lab is responsible for monitoring and investigating companies and governments that employ cyber-surveillance technologies to threaten human rights defenders, journalists, and civil society. It was instrumental in uncovering the extent to which NSO Group’s Pegasus Spyware was used by governments around the world

While the Security Lab continues to investigate this latest spyware campaign, Amnesty International is not revealing the company it has implicated (though Google suggests it’s Variston, a group it discovered in 2022). Either way, Amnesty International claims that the attack has “all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks.”

As part of the spyware campaign, Google’s Threat Analysis Group discovered that Samsung users in the United Arab Emirates were being targeted with one-time links sent over SMS. If they opened the link in the default Samsung Internet Browser, a “fully featured Android spyware suite” that was capable of decrypting and capturing data from various chat services and browser applications would get installed on their phone. 

The exploit relied on a chain of multiple zero-day and discovered but unpatched vulnerabilities, which reflects badly on Samsung. A fix was released for one of the unpatched vulnerabilities in January 2022 and for the other in August 2022. Google contends that if Samsung had released the security updates,…

Source…

What Are Botnets? Botnet Attacks Explained

/in


Botnets (derived from “robot networks”) are networks of computers or devices that have been compromised by malware and are under the control of a remote attacker (often called a botmaster or bot herder).

Bad actors can launch malicious attacks like distributed denial-of-service (DDoS), credential theft, service disruption, spam campaigns, or click fraud, or use botnets to gain unauthorized access to critical systems. Many of these could crash or cripple an organization’s IT infrastructure.

How do botnet attacks work?

A botnet attack is activated when a malicious actor takes control of multiple computers (zombie devices or bots) in a network and infects them with malware. These bots become a network of enslaved computers. The bot herder (or bot master) uses them to launch attacks on enterprise networks, such as sending spam, stealing sensitive data, or even crashing websites.

The bot herder uses a command-and-control (C&C) server to communicate with the zombie or bot computers—the infected computers that make up the botnet—and issue commands, allowing the attacker to coordinate the actions of the botnet and direct its resources toward a specific target.

Command-and-control servers in botnet attacks

There are two types of C&C servers: centralized and decentralized. Both are susceptible to botnet attacks, but the approach is different.

Centralized: Client-server model

On a centralized C&C server, the bot herder and bots are connected to the same central hub for communication and commands. The bot herder issues commands to the bots, and they respond by sending back information or executing the commands. 

This makes the C&C server a single point of failure, which can be taken down by law enforcement or security researchers.

Decentralized: Peer-to-peer (P2P) model

This model requires each infected device to communicate directly with other bots, and the bot herder can issue commands to the entire botnet or specific bots through a single bot. 

This type of C&C server has no single point of failure, making it more difficult for defenders to shut down.

Stages of building a botnet

There are three stages of building a botnet: prepare…

Source…

What Is Flipper Zero? The Hacker Tool Going Viral on TikTok, Explained

/in


Across the US, countless buildings, from government offices to your next hotel room door, are protected by RFID-controlled locks. On a recent trip to my office, I passed nearly 20 of these keyless entry systems, which are among the most pervasive in the world. But a playful palm-sized gadget with a Tamagotchi-like interface can likely thwart the locks on many of these doors. 

The $200 device is called Flipper Zero, and it’s a portable pen-testing tool designed for hackers of all levels of technical expertise. The tool is smaller than a phone, easily concealable, and is stuffed with a range of radios and sensors that allow you to intercept and replay signals from keyless entry systems, Internet of Things sensors, garage doors, NFC cards, and virtually any other device that communicates wirelessly in short ranges. For example, in just seconds, I used the Flipper Zero to seamlessly clone the signal of an office RFID badge tucked safely inside my wallet.

If you had only heard about Flipper Zero through TikTok, where the tool has gone viral, you might think that it was a toy that could make ATMs spit out money, cars unlock themselves, and gas spill out of pumps for free. I spent the last week testing one to determine whether the world was as vulnerable to Flipper Zero as social media made it out to be. What I found was mixed: Many of the most dramatic videos posted to TikTok are likely staged—most modern wireless devices are not susceptible to simple replay attacks—but the Flipper Zero is still undeniably powerful, giving aspiring hackers and seasoned pen-testers a convenient new tool to probe the security of the world’s most ubiquitous wireless devices. 

In reviews, people liken Flipper Zero to a Swiss Army knife for physical penetration testing. But in my week testing Flipper Zero, it felt more like a blacklight—something I could literally hold up to a device that would reveal information, invisible to the human eye, about how it worked, what data it was emitting, and how often it was doing so. 

Here’s a brief list of some things I’ve learned with the help of Flipper Zero this week: Some animal microchips will tell you the body temperature of your pet. My neighbor’s…

Source…

EXPLAINED: How to store your crypto safely and avoid hacks  

/in


In light of the various hacks and liquidations of crypto exchanges and Decentralise Finance (DeFi) platforms, experts advise crypto investors to not keep their crypto funds in any such places. But what other options do investors have? 

Well, investors have not just one, but several other options, based on their requirements. But let us first understand why it is not safe to store your crypto in the aforementioned places. 

Why should you not store your crypto on an exchange or on any DeFi platform? 

It is advisable to not store one’s crypto holdings on any centralised platform like exchanges or DeFi platforms. It is because the custody of the funds is with the platform itself and not the investor. Moreover, these platforms are prone to hacks.  

In the recent past, DeFi platforms, like the Celsius Network, 3 Arrows Capital, Voyager Digital, Vauld, and other faced financial strains because of which investors’ funds became inaccessible. And hence investors are advised to store their cryptos in different types of crypto wallets. 

But what are crypto wallets? 

Crypto wallets are pieces of hardware or software used to store your crypto assets. Every crypto wallet has an identity, which comprises a pair of private keys and public keys.  

What are public and private keys and what do they do? 

Public and private keys provide an alphanumeric identifier for your crypto wallet, which is called, your wallet address. 

What does a crypto wallet address do? 

The crypto wallet address specifies where the crypto tokens can be sent on the blockchain network. The private keys of a crypto wallet are never supposed to be disclosed. The public key is disclosed to sender of cryptos to identify the address. 

Crypto wallets can be divided into groups  

a) Based on how frequently they are connected to the internet and  

b) Based on their technology. 

Based on internet connectivity, they are divided into two categories 

1. Hot Wallets 

Hot wallets are regularly connected to the internet. They are more user-friendly but less secure since they are frequently connected to the Internet. Hot wallets are usually utilised for daily transactions. They offer immediate access to the…

Source…