Tag Archive for: Researcher

Sensitive info on computers isolated from internet vulnerable to new hacks, researcher says

/in


Computers separated from the internet are vulnerable to new hacks using unconnected smartphones to steal data such as passwords and keystrokes, according to Israeli researcher Mordechai Guri.

Air-gapped computers do not have wireless activity and are used by governments to store classified information and by organizations to manage critical infrastructure such as power and energy systems.

These machines are not impenetrable, however, and Mr. Guri disclosed a new method that uses malicious software to create ultrasonic frequencies on the secure machines that are detectable by smartphones located nearby. Information from the computer is transmitted through the frequency that is collected by the phone and deciphered by a cyberattacker.

“These inaudible frequencies produce tiny mechanical oscillations within the smartphone’s gyroscope, which can be demodulated into binary information,” Mr. Guri wrote in a paper published last week.

Source…

Security Researcher Hacks Starlink With Off-the-Shelf Equipment

/in


Security researcher Lennert Wouters hacked the Starlink satellite constellation with $25 in off-the-shelf equipment. He presented his findings at a computer security conference in Las Vegas.

The security vulnerability involves the widespread deployment of Starlink’s terminals, which connect users to the constellation. SpaceX can manufacture 20,000 Starlink terminals a week and deployed terminals passed the 100,000 mark in August 2021.

Wouters operated a homemade circuit board, also commonly known as a modchip. He could attach it to any Starlink terminal to bypass secure boot protections by interfering with the normal electrical power rails during bootup.

The chip could enable an attacker to gain privileged access to a Starlink terminal, though only if the attacker has physical access to the terminal. The attack does not work remotely and will not affect any of the 2,700 Starlink satellites that are already in orbit. He made the modchip plans available on GitHub to supplement the presentation he made at the computer security conference.

The GitHub description of the circuit board indicates that he expects a recording of the talk to be up soon. It also warns to use the circuit board schematics at one’s own risk. It especially warned that use of the circuit board could do damage to the terminal and disassembling a Starlink terminal could void the warranty.

The plans and description did not include full details of the glitch that Wouters’ customized circuit board could exploit. SpaceX may already be working on a firmware update that fixes the glitch based on the information he provided to claim a bug bounty award. It did already issue a firmware update to disable UART output.

SpaceX operates a bug bounty that anyone who can find a flaw in Starlink’s Internet service may qualify for. In a rare official statement, it complimented Wouters on his findings.

Starlink documentation describes security measures that it already takes, including making each Starlink network device’s unique identification difficult to replicate and reserving the option to disable devices that are used for malicious activity. It also makes it…

Source…

NSF tags FAU researcher for post-quantum cryp

/in


“RINGS: Bringing Post-Quantum Cryptography to Large-Scale NextG Systems.”

image: Florida Atlantic University’s Reza Azarderakhsh, Ph.D., in the College of Engineering and Computer Science, was among 34 investigators nationwide selected by the NSF.
view more 

Credit: Florida Atlantic University

The National Science Foundation (NSF) recently announced a new investment of more than $37 million aimed to develop intelligent, resilient and reliable next generation – of NextG – Networks. NextG promises faster cellular, Wi-Fi and satellite networks, all of which can be used to enhance data streaming, wireless communications, analytics and automation.

Florida Atlantic University’s Reza Azarderakhsh, Ph.D., in the College of Engineering and Computer Science, was among 34 investigators nationwide selected by the NSF. He has received a $1 million grant for his project titled, “RINGS: Bringing Post-Quantum Cryptography to Large-Scale NextG Systems.” FAU is the only institution working on taking post-quantum cryptography to next generation systems. Azarderakhsh is leading the research with collaborators from Florida International University and Marquette University in Wisconsin.

The NSF investment called RINGS, which is short for Resilient and Intelligent Next-Generation Systems, is a public-private partnership that focuses on accelerating research to increase the competitiveness of the United States in NextG networking and computing technologies and ensure the security and resilience of NextG technologies and infrastructure.

The RINGS program is NSF’s single largest effort to date to engage public and private partners to jointly support a research program and includes companies such as Apple, Google and Microsoft and agencies including the U.S. Department of Defense and National Institute of Standards and Technology.

For the NSF, this translates into improved national defense, education, public health and safety,…

Source…

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

/in


Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That’s how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest found and executed there.

Fitzl, a content developer for Offensive Security, says he reread and studied the winning six-exploit chain that the researchers used to hack macOS. One of the exploits in that chain weaponized a privilege escalation bug, which Apple later fixed. But there still was a hole, and he found it: “Although Apple fixed it properly, but still there was an extra function … that basically opened up another vulnerability to be utilized a bit differently than the original one,” Fitzl explains.

Apple’s original fix for the flaw allowed an attacker to change ownership of a directory in macOS. But Fitzl discovered that he could create a new directory on the targeted system, which could allow an attacker to escalate their privileges on macOS. “Although you had to use different techniques to get through to the system, but because you could create an arbitrary directory anywhere on the system, you could elevate your privileges to root,” he says.

It was basically the same logic flaw but in a different piece of the code. Apple has since patched the vulnerability Fitzl found as well.

This week at Black Hat Singapore, Fitzl will share technical details of this and two other vulns he found while drilling down on previous vuln research on macOS during a session entitled “macOS Vulnerabilities Hiding in Plain Sight.”

Apple had not responded to a request for comment as of this posting.

‘Something Is Not Right’
Fitzl says he didn’t actually spot traces of the new flaws linked to previous research until after he reread the research papers. “At some point it hit me that there is something not right. It turned out that there is a vulnerability not like the one initially documented,” he explains of his findings. “That eventually led to me to find or identify new vulnerabilities.”

The other two flaws he found include one that built upon research from Mickey Jin, who…

Source…