Tag Archive for: expose

Peloton Bugs Expose Enterprise Networks to IoT Attacks

/in


People could potentially lose more than just pounds by using a Peloton treadmill, as the Internet-connected fitness equipment also can leak sensitive data or pose as an initial-access pathway through an attack that compromises any of three key attack vectors, a researcher has found.

Researchers from Check Point Software took a deep dive into the popular Peloton Tread equipment and found that attackers can enter the system — which is essentially an Internet of Things (IoT) device — via the OS, applications, or by exploiting APIs to load various malware.

Hacking a Peloton Tread through any of these points could lead to the exposure not only of a user’s personal data, but attackers could also leverage the machine’s connectivity to move laterally to a corporate network to mount a ransomware or other type of high-level attacks, the researchers revealed in a blog post published this week.

“As fitness enthusiasts embrace the convenience and connectivity of these advanced workout machines, it becomes imperative to explore their potential vulnerabilities,” according to the post, attributed to Check Point’s Augusto Morales, technology lead for threat solutions; Shlomi Feldman, product management, Quantum IoT Protect & SD-WAN; and Mitch Muro, product marketing manager, Quantum IoT Protect & Quantum Spark.

The Peloton fitness brand is perhaps best known for its stationary bicycle and related application, which saw an explosive surge in popularity during the COVID-19 pandemic. The company also offers Peloton Tread, a companion treadmill device that operates on the Android OS, which was the focus of the researchers’ investigation.

Researchers had also identified a previous flaw in the Peloton system which could have allowed attackers to remotely spy on victims through an open unauthenticated API. Indeed, its mere existence as an IoT device exposes the home fitness gear to the same vulnerabilities that any Internet-exposed device faces, and the potential risks to users that go along with them.

Check Point alerted Peloton of the flaws the researchers discovered. The company assessed them and ultimately determined that physical access to the device was required for exploitation, Peloton said in a…

Source…

Microsoft & NSA expose Chinese-sponsored Volt Typhoon hacking group

/in


Published: 2023-05-26T12:29:45

  ❘   Updated: 2023-05-26T12:29:51

A hacker group named Volt Typhoon has been exposed by the NSA and Microsoft, as they issue a new cybersecurity warning around its actions online.

Microsoft and the NSA have published a security bulletin detailing how a hacking group, Volt Typhoon, managed to work its way into “critical infrastructure organizations in the United States”. Outside of the concern surrounding the hacks, Microsoft has stated that they are “a state-sponsored actor based in China”.

Volt Typhoon have been active since 2021, having struck Guam and the United States previously. Previous attacks have seen everything from transportation, construction, and education sectors of the US’ infrastructure attacked since they appeared on the scene.

Article continues after ad

Microsoft details hacking group’s techniques for hitting infrastructure

Microsoft logo next to a statue of AthenaMicrosoft / Pexels

The theorized idea behind the hack attempts appears to be the disruption of “critical communications infrastructure”. If a crisis were to occur in the future, could potentially put communication in jeopardy between the US and Asia.

A key point of entry that Microsoft has pinpointed as an issue is Fortinet FortiGuard devices. These devices are vital parts of security on networks in industries. Once Volt Typhoon has harvested credentials, it blasts the network trying to find a way into the network through SOHO (small home and home office) network devices, like home routers.

Article continues after ad

Once it has found access to the network, Microsoft says that Volt Typhoon can “expose HTTP or SSH management interfaces to the internet”. Breaking that down, it just allows external users to issue commands as if they were on the PC. Of course, the user themselves can prevent this, and have been advised to close off access.

Subscribe to our newsletter for the latest updates on Esports, Gaming and more.

An interesting thing to note about Volt Typhoon’s activity is that Microsoft says they rarely use malware in their attacks. Instead, once they’ve gained enough access, they use anything from basic to advanced command line instructions…

Source…

Netgear Routers’ Flaws Expose Users to Malware, Remote Attacks, and Surveillance

/in


May 12, 2023Ravie LakshmananNetwork Security / Malware

Netgear

As many as five security flaws have been disclosed in Netgear RAX30 routers that could be chained to bypass authentication and achieve remote code execution.

“Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections, and redirect traffic to malicious websites or inject malware into network traffic,” Claroty security researcher Uri Katz said in a report.

Additionally, a network-adjacent threat actor could also weaponize the flaws to access and control networked smart devices like security cameras, thermostats, smart locks; tamper with router settings, and even use a compromised network to launch attacks against other devices or networks.

Cybersecurity

The list of flaws, which were demonstrated at the Pwn2Own hacking competition held at Toronto in December 2022, is as follows –

  • CVE-2023-27357 (CVSS score: 6.5) – Missing Authentication Information Disclosure Vulnerability
  • CVE-2023-27368 (CVSS score: 8.8) – Stack-based Buffer Overflow Authentication Bypass Vulnerability
  • CVE-2023-27369 (CVSS score: 8.8) – Stack-based Buffer Overflow Authentication Bypass Vulnerability
  • CVE-2023-27370 (CVSS score: 5.7) – Device Configuration Cleartext Storage Information Disclosure Vulnerability
  • CVE-2023-27367 (CVSS score: 8.0) – Command Injection Remote Code Execution Vulnerability
Netgear

A proof-of-concept (PoC) exploit chain illustrated by the industrial cybersecurity firm shows that it’s possible to string the flaws — CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370, and CVE-2023-27367 (in that order) — to extract the device serial number and ultimately obtain root access to it.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

“These five CVEs can be chained together to compromise affected RAX30 routers, the most severe of which enable pre-authentication remote code execution on the device,” Katz noted.

Users of Netgear RAX30 routers are advised to update to firmware version 1.0.10.94 released by the networking company on April 7, 2023, to…

Source…

Hackers expose key vulnerabilities in a Tesla Model 3

/in


As we’ve learned over the past few years, almost anything that connects to the internet, uses Bluetooth or any other wireless protocols, or simply has a computer chip inside can be hacked—and that includes cars. There are just too many potential vulnerabilities across all these surfaces for hackers to exploit, and every time there’s a software update, there is a chance that new ones get introduced even as the old ones are patched out. (Seriously, keep your software up-to-date, though. It’s the best way to stay as secure as possible.)

With that in mind, researchers from French security firm Synacktiv have won $530,000 and a Tesla Model 3 at Pwn2Own Vancouver, a security competition where “white hat” hackers and security researchers can win the devices with previously unknown vulnerabilities (that they discover and exploit)—plus a cash prize.

The team from Synacktiv demonstrated two separate exploits. In the first, they were able to breach the Model 3’s Gateway system, the energy management interface that communicates between Tesla cars and Tesla Powerwalls, in less than two minutes. They used a Time of Check to Time of Use (TOCTOU) attack, a technique that exploits the small time gap between when a computer checks something like a security credential and when it actually uses it, to insert the necessary malicious code. For safety reasons, they weren’t hacking a real Model 3, but they would have been able to open the car’s doors and front hood, even while it was in motion. 

The second exploit allowed the hackers to remotely gain root (or admin) access to the mock Tesla’s infotainment system and from there, to gain control of other subsystems in the car. They used what’s known as a heap overflow vulnerability and an out-of-bounds write error in the Bluetooth chipset to get in. Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative (ZDI), told Dark Reading, “The biggest vulnerability demonstrated this year was definitely the Tesla exploit. They went from what’s essentially an external component, the Bluetooth chipset, to systems deep within the vehicle.” 

According to TechCrunch, Tesla contends that all the…

Source…