Tag Archive for: mobile

CERT-In Issues High-Risk Security Alert On Certain Samsung Mobile Android Versions

/in


SUMMARY

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14

Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system: CERT-In

Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple

The Computer Emergency Response Team (CERT-In), the Centre’s nodal agency dealing with cyber security, has issued a high-risk security alert for four versions of Samsung phones, saying that multiple vulnerabilities have been reported in the products with certain software.

The affected software includes Samsung mobile Android versions 11, 12, 13 and 14.

“Multiple vulnerabilities have been reported in Samsung products which could allow an attacker to bypass implemented security restrictions, access sensitive information and execute arbitrary code on the targeted system,” said CERT-In in its vulnerability note.

These vulnerabilities exist due to issues such as improper access control in Knox features, issues in the facial recognition software, improper authorisation verification vulnerability in AR emoji, improper input validation vulnerability in Smart Clip, and others, said the advisory. 

“Successful exploitation of these vulnerabilities may allow an attacker to trigger heap overflow and stack-based buffer overflow, access device SIM PIN, send broadcast with elevated privilege, read sandbox data of AR emoji, bypass Knox guard lock via changing system time, access arbitrary files, gain access to sensitive information, execute arbitrary code and compromise the targeted system,” it added.

These vulnerabilities are likely to affect a range of Samsung devices, including the Galaxy S23 series, Galaxy Flip 5, and Galaxy Fold 5. 

Meanwhile, Samsung is one of the leading smartphone manufacturers in India, along with companies including Xiaomi, OPPO, OnePlus and Apple. The company has also been bolstering its position as one of the top smartphone manufacturers in the country.

As per a Canalys report, Samsung maintained its top position with…

Source…

Planes dropping out of the sky. Your mobile rendered useless, just like your car. As a Netflix film portrays a nightmare that security experts insist is a very real prospect… How will YOU survive on the day an enemy state switches off the internet?

/in




An oil tanker ploughs into a tourist beach. Planes fall from the sky. Driverless cars run amok. The internet fails and the mobile network dies. Feral instincts take over as people fight for food, water and medicine amid the ruins of civilisation.

That is the nightmare vision depicted in Leave The World Behind, Netflix‘s recent hit film starring Julia Roberts and Ethan Hawke as a couple battling societal breakdown when the technology that underpins civilisation collapses.

It’s fictional, but it touches on deep-seated, real-life fears.

The film is produced by Michelle and Barack Obama‘s company, Higher Ground. The ex-president was closely involved in shaping the plot, which dramatises many of the cyber-security issues on which he was briefed during his eight years in the White House.

For our 21st-century lives are almost entirely dependent on complex technologies that many do not understand — and that can so easily be exploited by our enemies.

Maintaining a car, for example, was previously a job for any competent motorist and their local mechanic. Now our vehicles are computers on wheels, their inner workings a mystery.

A scene from Leave The World Behind. The film is produced by Michelle and Barack Obama’s company, Higher Ground
A nightmare vision of the future is depicted in Leave The World Behind, Netflix’s recent hit film starring Julia Roberts and Ethan Hawke as a couple battling societal breakdown when the technology that underpins civilisation collapses

We used to navigate with paper maps and landmarks. But with his car’s satnav out of action, Ethan Hawke’s character Clay Sandford is unable even to find his way to the nearby town.

Our telephone system used to run on sturdy copper wires, with handsets you could fix with a screwdriver. Now it is a branch of cyberspace.

So, too, is finance. Remember when a credit card’s embossed number left an imprint on a paper slip? Not any more. Our payment system depends wholly on electronic encryption.

What use is cash in the modern world? In the film, with the internet gone, it becomes a prized asset.

If the technologies we rely on break down, many of us will be as helpless as Hawke’s Clay Sandford. ‘I am a useless man,’…

Source…

Russian hackers send emails with malware, taking advantage of national mobile operator Kyivstar’s outage

/in


Russian hackers are taking advantage of the outage at Kyivstar, one of Ukraine’s national mobile operators, to send out emails containing malware to Ukrainians using archive files named “Amount owed by subscriber”, “Request”, “Documents”, etc., the State Service of Special Communications has warned.

Source: State Service of Special Communications and Information Protection of Ukraine (SSSCIP) and the Government Computer Emergency Response Team (CERT-UA)

Quote from SSSCIP: “Hackers persist in exploiting issues that are bothering thousands of Ukrainians to spread malware. This time, experts from CERT-UA, the Governmental Computer Emergency Response Team of Ukraine, have uncovered a massive email campaign with the subject line ‘Amount owed under your Kyivstar contract’ and an attachment named ‘Amount owed by subscriber.zip’.

Ukrainians have received emails regarding ‘Amount owed under your Kyivstar contract’, which contained attachments in the form of an archive named ‘Amount owed by subscriber.zip’ with attached password-protected RAR archives.

Moreover, CERT-UA has detected the spreading of emails with the subject heading ‘Security Service of Ukraine (SSU) request” with an attachment named ‘Documents.zip’. It includes a password-protected RAR archive ‘Request.rar’ followed by an executable file, ‘Request.exe’. As in the previous case, opening the archive and running the file leads to exposure to a RemcosRAT remote access programme.”

Details: The mobile operator Kyivstar experienced a large-scale outage on the morning of 12 December.

The CERT-UA team detected a massive email distribution with the subject line “Amount owed under your Kyivstar contract” and the attachment “Amount owed by subscriber.zip” on 21 December.

The ZIP archive contains a two-part RAR-archive “Amount owed by subscriber.rar”, containing a password-protected archive bearing the same name. The latter includes a document with the macro “Customer debt.doc”.

Once activated, the macro code will download the file “GB.exe” to the computer and run it using the SMB protocol via the file explorer (explorer.exe).

On its part, this file is an SFX archive containing a BATCH script to download the executable file “wsuscr.exe” from…

Source…

Kyivstar restores mobile internet following cyberattack

/in


Kyivstar had managed to restore mobile internet connection throughout the country following a Russian cyberattack, the company announced on Dec. 15.

Ukraine’s leading phone provider was targeted by a massive cyberattack on Dec. 12, which caused internet and network outages across Ukraine, as well as issues with air raid alerts. Monobank, one of Ukraine’s largest banks, also reported a hack the same day.

“Some areas may still experience short-term communication problems. However, our specialists are working on solving them,” the company’s statement read.

Over 95% of mobile communication base stations have become operational again, according to the announcement.

Kyivstar continues working to restore text messaging and access to the mobile application.

“As soon as we know that stabilization measures have been successful and services are working at 100%, we will definitely let you know,” the company said.

According to the Security Service of Ukraine (SBU), a Russian hacker group with ties to Russia’s military intelligence agency claimed responsibility for the attack.

Kyivstar CEO Oleksandr Komarov said that the hackers broke through the company’s cyber security through the compromised account of one of the company’s employees.

Kyivstar is Ukraine’s largest phone services provider, with over 24 million mobile customers and more than 1 million home internet customers as of September this year.

Read also: Massive cyberattack reported on Ukrainian bank, phone operator

We’ve been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.

Source…