Tag Archive for: revealed

Counterfeit Android Devices Revealed to Contain Backdoor Designed to Hack WhatsApp

/in


A team of mobile security researchers has discovered backdoors in the system partition of some budget Android device models that are counterfeit versions of known brand-name models. 

The malware, which the Doctor Web team first discovered in July 2022, was found in at least four different smartphones: ‘P48pro’, ‘radmi note 8’, ‘Note30u’ and ‘Mate40’.

“These incidents are united by the fact that the attacked devices were copycats of famous brand-name models,” Doctor Web wrote. “Moreover, instead of having one of the latest OS versions installed on them with the corresponding information displayed in the device details (for example, Android 10), they had the long outdated 4.4.2 version.”

According to the security researchers, the trojans target arbitrary code execution in the WhatsApp and WhatsApp Business messaging apps and could potentially be used in different attack scenarios.

“Among them is the interception of chats and the theft of the confidential information that could be found in them; this malware can also execute spam campaigns and various scam schemes,” Doctor Web wrote.

From a technical standpoint, the security researchers said their antivirus detected changes in two different system objects.

“To download modules, [the malware] connects to one of several C&C (command-and-control) servers, sending a request with a certain array of technical data about the device. In response, the server sends a list of plugins that the trojan will download, decrypt and run,” Doctor Web explained.

The mobile antivirus provider warned that the new malicious apps could be a member of the Android.FakeUpdates trojan family, often used by malicious actors to infiltrate various system components, including firmware updating software, the default settings app or the component responsible for the system graphical interface. 

“To avoid the risk of becoming a victim of these and other malicious programs, Doctor Web recommends that users purchase mobile devices in official stores and from reputable distributors,” the company added. “Using an anti-virus and installing all available OS updates is also important.”

The advisory comes days after Google…

Source…

How a Saudi woman’s iPhone revealed hacking around the world

/in


WASHINGTON, Feb 17 (Reuters) – A single activist helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies now facing a cascade of legal action and scrutiny in Washington over damaging new allegations that its software was used to hack government officials and dissidents around the world.

It all started with a software glitch on her iPhone.

An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.

Register now for FREE unlimited access to Reuters.com

The discovery on al-Hathloul’s phone last year ignited a storm of legal and government action that has put NSO on the defensive. How the hack was initially uncovered is reported here for the first time.

Al-Hathloul, one of Saudi Arabia’s most prominent activists, is known for helping lead a campaign to end the ban on women drivers in Saudi Arabia. She was released from jail in February 2021 on charges of harming national security. read more

Soon after her release from jail, the activist received an email from Google warning her that state-backed hackers had tried to penetrate her Gmail account. Fearful that her iPhone had been hacked as well, al-Hathloul contacted the Canadian privacy rights group Citizen Lab and asked them to probe her device for evidence, three people close to al-Hathloul told Reuters.

After six months of digging through her iPhone records, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted on her phone had left a copy of the malicious image file, rather than deleting itself, after stealing the messages of its target.

He said the finding, computer code left by the attack, provided direct evidence NSO built the espionage tool.

“It was a game changer,” said Marczak “We caught something that the company thought was uncatchable.”

Bill Marczak poses for a…

Source…

The Biden Administration just revealed its plan to stop the next Colonial Pipeline hack

/in


On Wednesday, President Biden signed a National Security Memorandum that aims to improve national cybersecurity. 





© Provided by Popular Science


It directs the Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) and the Department of Commerce’s National Institute of Standards and Technology (NIST) to collaborate with other agencies to develop cybersecurity performance standards for companies across the US that provide essential services like power, water, and transportation. When systems that control these vital infrastructures malfunction or are interrupted because of an incident such as a ransomware attack, it can jeopardize national security, economic security, as well as public health and safety.

Loading...

Load Error

The memorandum also formally establishes the President’s Industrial Control System Cybersecurity (ICS) Initiative, which is a voluntary, collaborative effort between the federal government and the critical infrastructure community to establish systems that can detect cyberthreats and send timely alerts. The ICS Initiative kicked off in mid-April with an Electricity Subsector pilot, in which the Department of Energy worked with over 150 electricity utilities to plan and deploy cybersecurity tech for their control systems. Officials also gathered a number of utility and pipeline CEOs to brief them on cybersecurity threats. 

The Department of Homeland Security’s Transportation Security Administration (TSA) rolled out a directive earlier this year requiring critical pipeline owners and operators to report cybersecurity incidents as well as have their current practices reviewed by a designated Cybersecurity Coordinator after a major petroleum pipeline was attacked by ransomware in May. 

[Related: How a ransomware attack shut down a major US fuel pipeline]

And last week, the TSA issued a second directive which requires owners and operators of pipelines that transport hazardous liquids and natural gas to instate measures that can protect against ransomware and other cyber attacks. They also require the development of a recovery plan. Owners will also have to review their cybersecurity design every year.

“Recent…

Source…

New behavioral biometrics FIDO certification, developer tool, customer win revealed

/in


digital identity KYC security

Zighra’s behavioral biometrics for decentralized continuous authentication have been certified by the FIDO Alliance, with the company claiming it is the first on-device behavioral biometrics solution confirmed to the FIDO standard.

The combination of AI, biometrics and behavioral analytics provides continuous protection against phishing and fraud in both conventional and zero-trust systems, the company says. The technology is available as a workforce app for secure logical access, and can help organizations comply with GDPR and the California Consumer Privacy Act.

“Now, with FIDO certification, Zighra adds tremendous value to meet the growing contactless-access needs of current and post-COVID work and lifestyles,” says Deepak Dutt, CEO of Zighra. “Our unique, patented solution provides powerful security controls to continuously protect enterprises and users, across devices, all with a seamless experience.”

The USPTO recently granted Zighra a patent for passwordless authentication with its behavioral biometrics.

Incognia launches free Developer Edition

Incognia has made its location-based behavioral biometrics available for free to mobile app developers to help them build its fraud prevention capabilities into fintech and mobile commerce apps.

The Developer Edition of Incognia’s technology provides rapid SDK integration of frictionless fraud prevention, according to the announcement, which works silently in the background to detect compromised devices. The new edition includes thousands of free API requests per month, and mobile apps with larger user bases can move to Incognia’s paid enterprise solution.

“Mobile adoption and contactless payments are fueling the growth of mobile apps that process payments and need fraud detection. Along with growth in mobile app usage is growing demand for frictionless mobile experiences that are also secure. We’re excited to launch our developer offering to allow mobile app developers access to frictionless identity verification and authentication features for mobile users,” comments André Ferraz, founder and CEO of Incognia. “With the free Incognia Developer Edition, companies of any size will be able to…

Source…