Tag Archive for: Technique

Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation’

/in



Stephen Pritchard

23 December 2021 at 15:28 UTC

Updated: 23 December 2021 at 15:43 UTC

Attackers can use connections between wireless chips to steal data or credentials, researchers find

Security shortcomings involving shared on-chip resources for different wireless technologies creates a means to steal data and passwords, security researchers warn

Vulnerabilities in wireless chip designs could allow malicious hackers to steal data and passwords from devices, according to security researchers.

According to the group, from the Technical University of Darmstadt’s Secure Mobile Networking Group (Germany) and the University of Brescia’s CNIT (Italy), attackers could exploit “wireless coexistence” or shared component features on millions of mobile devices.

Wireless devices often use radio components with shared resources, combination chips or System on a Chip (SoC) designs. These SoCs are responsible for multiple radio interfaces, including Bluetooth, WiFi, LTE (4G) and 5G.

But, as the researchers note, these interfaces typically share components, such as memory, and resources including antennae and wireless spectrum. Designers utilize wireless coexistence to allow resource sharing and maximize network performance. In doing so, they create security flaws that are hard, or even impossible, to patch.

“While SoCs are constantly optimized towards energy efficiency, high throughput, and low latency communication, their security has not always been prioritized,” the researchers warn.

Over-the-air exploit

In tests, researchers built a mobile test rig for under $100, and in an over-the-air exploit made use of a Bluetooth connection to obtain network passwords and manipulate traffic on a WiFi chip. Coexistence attacks enable a novel type of lateral privilege escalation across chip boundaries, they state.

The researchers were able to create a proof-of-concept exploitation of shared resources on technologies from Silicon Labs, Broadcomm, and Cypress. The group found nine CVEs, which they disclosed to the chip companies, as well as the Bluetooth SIG and associated manufacturers that use coexistence interfaces.

Catch up on the latest mobile security news and analysis

Attackers can escalate “privileges laterally from one wireless chip or core into another”. And serial…

Source…

REvil Ransomware Group Servers Hit by Hacking Technique It Uses to Compromise Targets

/in


REvil, the ransomware group that hacked into the U.S. Colonial Pipeline this past May, was itself hacked and shut down by a multinational cyber operation, according to an exclusive report from Reuters.



The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies.

© iStock/Getty
The ransomware group REvil has been shutdown by the government using the same technique that it uses to hack into the servers of private companies.

The group was reportedly hacked into using the same technique that brought down the Pipeline.

Loading...

Load Error

Officials from the Federal Bureau of Investigation (FBI) along with the U.S. Cyber Command, worked with a number of different countries to bring down REvil as well as a number of other cybercrime groups.

On a recent internet forum post, one of the leaders of REvil, known only as 0_neday, wrote that “the server was compromised, and they were looking for me.”

“Good luck, everyone; I’m off,” 0_neday continued.

The shutdown by the government used a loophole in the ransomware’s backup system, allowing law enforcement agencies to access REvil’s servers and shut them down.

“REvil…restored the infrastructure from the backups under the assumption that they had not been compromised,” said Oleg Skulkin, an official at the Russian security company Group-IB. “Ironically, the gang’s own favorite tactic of compromising the backups was turned against them.”

Reuters has described REvil as “one of the worst of dozens of ransomware gangs that work with hackers to penetrate and paralyze companies around the world.”

The hacking of the Colonial Pipeline by REvil and another ransomware group, DarkSide, led to massive gasoline shortages and caused President Joe Biden to declare a state of emergency. The pipeline was only restored after Colonial Pipeline Company sent REvil $4.4 million.

REvil made headlines again in July when it hacked into software management company Kaseya, allowing the group to access the personal information of hundreds of the company’s clients.

The White House National Security Council told Reuters that they were “undertaking a whole of government ransomware effort, including disruption of ransomware infrastructure and actors,” but declined to comment specifically on the REvil operation.

Related…

Source…

Chinese threat actor targets Nepal, the Philippines, and Taiwan. New malware delivery technique. New Trojan can livestream victim’s screen.

/in


At a glance.

  • Chinese threat actor targets Nepal, the Philippines, and Taiwan.
  • SideCopy goes after Indian entities.
  • New malware delivery technique.
  • New Trojan can livestream victim’s screen.

Chinese threat actor targets Nepal, the Philippines, and Taiwan.

Recorded Future’s Insikt Group is tracking a suspected Chinese government threat actor that’s “targeting telecommunications, academia, research and development, and government organizations in Nepal, the Philippines, Taiwan, and more historically, Hong Kong.” Specifically, the campaign targeted the Industrial Technology Research Institute (ITRI) in Taiwan, Nepal Telecom, and the Department of Information and Communications Technology in the Philippines. The researchers emphasize the significance of targeting the ITRI:

“In particular, the targeting of the ITRI is notable due to its role as a technology research and development institution that has set up and incubated multiple Taiwanese technology firms. According to the ITRI’s website, the organization is particularly focused on research and development projects related to smart living, quality health, sustainable environment, and technology, many of which map to development priorities under China’s 14th 5-year plan, previously highlighted by Insikt Group as likely areas of future Chinese economic espionage efforts. In recent years, Chinese groups have targeted multiple organizations across Taiwan’s semiconductor industry to obtain source code, software development kits, and chip designs.”

SideCopy goes after Indian entities.

Cisco Talos is watching a campaign by the SideCopy APT targeting Indian government personnel. The threat actor, whose activity resembles that of Transparent Tribe (APT36), has incorporated new custom and commodity malware into its operations:

“Cisco Talos has observed an expansion in the activity of SideCopy malware campaigns, targeting entities in India. In the past, the attackers have used malicious LNK files and documents to distribute their staple C#-based RAT. We are calling this malware “CetaRAT.” SideCopy also relies heavily on the use of Allakore RAT, a publicly available Delphi-based RAT. “Recent activity from the group, however, signals a boost in…

Source…

Watch Hacker Breaks Down Hacking Scenes From Movies & TV | Technique Critique

/in


[piano music]

Keeps rewriting itself to counter my commands.

This has something to do with computers.

Hack ’em all.

Hi, I’m Samy Kamkar.

[Narrator] Samy is the co-founder of OpenPath Security

and a computer hacker.

I’m back to talk about more hacking scenes

in TV shows and movies.

Breaking into a government system, The X-Files.

This has something to do with computers, the internet.

Actually the ARPANET.

You can access it through the internet.

I want to believe, but this clip isn’t too realistic.

ARPANET is essentially what the internet came from.

DARPA, the U.S. government agency created ARPANET

and that bubbled into the internet

and became publicly available.

When the X-Files came out,

ARPANET was no longer in existence.

Isn’t there something you could-

I mean how do you say it, hack into?

I’m sorry, I think this is the end of the line.

How you say, that’s what she says.

She says, How you say, hack.

[Samy laughs]

How do you say it, hack into.

But How you say is what you say in other languages

when you don’t know.

Right?

[computer beeps]

What did you do?

Oh, it’s a government system,

I know a couple of logging out tricks with VMS version five.

If you’re using a password that you know,

then I don’t really consider that hacking.

[tense music]

[Woman] What is that?

It’s an encrypted file.

[computer beeps]

Why would your three year old have an encrypted file

in a secret defense department database?

Can you decode it?

There’s another issue here

in that they find a file that’s encrypted,

that by itself is not too unrealistic.

They’re showing the file in ASCII format.

Can you print it out for me?

But when you print it out,

that’s going to be useless information.

And that’s because many of the characters

that would be in an encrypted file

are not visible in an ASCII format.

So you end up with things like periods,

which may or may not be a period

or it could be a totally different character or byte.

So your ex-boyfriend is into computers.

I would totally say that.

Wait, your boyfriend’s into computers?

I should meet him.

[Samy laughs]

Locking down a system, Jurassic Park.

[computer beeps]

[tense music]

[computer beeps]

Five, four.

[door hisses]

In this clip, it looks like Newman,

you know who I mean.

Newman!

Is kind of running around,

activating or…

Source…