Tag Archive for: ‘ZeroClick’

Zero-click malware: the emergence of AI worms

/in


We investigate how AI worms operate without user interaction and could spread zero-click malware.

A few weeks after Microsoft admitted that nation-state actors were using its AI and the UN warned that North Korea earned $3B from 58 cyberattacks to fuel its nuclear program, it was revealed that an AI worm had been engineered to infiltrate generative AI ecosystems.

Researchers recently shared with Wired how they developed generative AI worms that could autonomously spread between AI systems. The AI worm, somewhat aptly named Morris II, after the first-ever recorded computer worm, can seamlessly target AI-powered email assistants without the user’s knowledge.

Researchers also showed how the worm could autonomously trigger the AI to release personal data, send spam emails, and replicate itself across the digital ecosystem through crafted prompts hidden inside legitimate communications. Welcome to the convergence of AI and cyber attacks. But what are AI worms, and how do they work?

The evolution of malware: introducing AI worms

Traditional malware requires interaction with unsuspecting users. Typically, this involves tricking their target into clicking a malicious link or downloading an infected file. However, AI worms exploit the functionalities of AI models to propagate themselves without any direct human intervention.

What makes AI worms deadly is that they can autonomously navigate and infiltrate systems without needing users to do anything. The operational framework of AI worms is ingeniously simple yet profoundly effective. These worms can manipulate AI systems into unwittingly executing malicious actions by embedding adversarial self-replicating prompts within AI-generated content. These actions range from extracting sensitive information to disseminating the worm across a network, amplifying the potential for damage.

Zero-click worms in AI: unveiling the hidden threats within genAI

In this pivotal study by Stav Cohen from the Israel Institute of Technology, Ron Bitton from Intuit, and Ben Nassi at Cornell Tech, the researchers revealed the dangers and capabilities of zero-click worms. These revelations illuminated the significant vulnerabilities within the genAI ecosystem….

Source…

Zero-Click Apple Shortcuts Vulnerability Allows Silent Data Theft

/in


A dangerous vulnerability in Apple Shortcuts has surfaced, which could give attackers access to sensitive data across the device without the user being asked to grant permissions.

Apple’s Shortcuts application, designed for macOS and iOS, is aimed at automating tasks. For businesses, it allows users to create macros for executing specific tasks on their devices, and then combine them into workflows for everything from Web automation to smart-factory functions. These can then be shared online through iCloud and other platforms with co-workers and partners.

According to an analysis from Bitdefender out today, the vulnerability (CVE-2024-23204) makes it possible to craft a malicious Shortcuts file that would be able to bypass Apple’s Transparency, Consent, and Control (TCC) security framework, which is supposed to ensure that apps explicitly request permission from the user before accessing certain data or functionalities.

That means that when someone adds a malicious shortcut to their library, it can silently pilfer sensitive data and systems information, without having to get the user to give access permission. In their proof-of-concept (PoC) exploit, Bitdefender researchers were then able to exfiltrate the data in an encrypted image file.

“With Shortcuts being a widely used feature for efficient task management, the vulnerability raises concerns about the inadvertent dissemination of malicious shortcuts through diverse sharing platforms,” the report noted.

The bug is a threat to macOS and iOS devices running versions preceding macOS Sonoma 14.3, iOS 17.3, and iPadOS 17.3, and it is rated 7.5 out of a possible 10 (high) on the Common Vulnerability Scoring System (CVSS) because it can be remotely exploited with no required privileges.

Apple has patched the bug, and “we are urging users to make sure they are running the latest version of the Apple Shortcuts software,” says Bogdan Botezatu, director of threat research and reporting at Bitdefender.

Apple Security Vulnerabilities: Ever More Common

In October, Accenture published a report revealing a tenfold rise in Dark Web threat actors targeting macOS since 2019 — with the trend poised to continue.

The findings coincide with the emergence…

Source…

iPhone Security In The Face Of Zero-Click Exploits

/in


Apu Pavithran is the founder and CEO of Hexnode, an award-winning unified endpoint management platform.

For Apple enthusiasts and business owners alike, the iPhone has been more than a device—it’s a symbol of security and reliability. That doesn’t imply, however, that the iPhone is a veritable Fort Knox. Vulnerabilities popping up occasionally are nothing new. However, a recent pair of zero-day vulnerabilities raise considerable concern. In early September 2023, CitizenLab, a vigilant internet watchdog group, unearthed a zero-click iOS vulnerability that enabled the notorious Pegasus spyware to infiltrate iPhones. This revelation serves as a wake-up call, reminding us that even the seemingly impenetrable can be compromised.

Unraveling The Vulnerability

What’s truly unsettling is that even the most up-to-date iPhone with the latest iOS can fall victim to this attack without any user interaction. Unlike traditional attacks that require some form of user interaction, this exploit can compromise an iPhone without any action from the victim.

The first exploit, CVE-2023-41064, affects Image I/O, a foundation for programs that enable them to read and write different image formats. A buffer overflow issue in Image I/O may be used to build a maliciously created image that causes iOS to execute malicious software. For those unfamiliar, a buffer overflow takes place when a program tries to input more information into a buffer than it can accommodate. This can lead to various issues such as data distortion, program malfunctions or even the activation of harmful code. The second vulnerability, CVE-2023-41061, affects Apple Wallet and can be exploited to trick it into executing malicious code.

At the end of both vulnerabilities lies Pegasus, a potent and sophisticated spyware developed by Israel’s NSO group. Pegasus utilizes the zero-click zero-day vulnerability to inject itself onto iPhones and iPads. Once infiltrated, its capabilities are staggering: It can siphon off texts, emails, media files, contacts and GPS coordinates. Additionally, it can eavesdrop on calls and surreptitiously activate both the microphone and camera.

Marketed under the guise of crime and terrorism…

Source…

Zero-Click iPhone Exploit Drops Spyware on Exiled Russian Journalist

/in


A report this week about Pegasus spyware showing up on an iPhone belonging to award-winning Russian journalist Galina Timchenko has highlighted again the seemingly myriad ways that government and law enforcement agencies appear to have to deliver the odious surveillance tool on target devices.

Timchenko is an exiled Russian investigative journalist and co-founder of Meduza, a Russian- and English-language news site headquartered in Riga, Latvia. On June 22, Apple sent Timchenko a threat notification that warned her that her device is likely the target of a state-sponsored attack. Apple earlier this year rolled out the spyware threat notifications, which are designed specifically to assist users that the company determines are being individually targeted because of what they do.

Targeted for Spying

Meduza’s technical director reached out to the University of Toronto’s Citizen Lab for help understanding what the alert might have been about. Researchers at Citizen Lab, who have earned a reputation over the years for their ability to conduct investigations into incidents of digital espionage, analyzed forensics artifacts from Timchenko’s phone and quickly determined that someone had installed Pegasus on it in February.

Citizen Lab and Access Now, a nonprofit that advocates for human rights in the digital age, collaborated on the investigation of the incident and released two separate reports on it this week.

“We believe the infection could have lasted from days up to weeks after the initial exploitation,” Citizen Lab said. “The infection was conducted via a zero-click exploit, and forensic traces lead us to assess with moderate confidence that it was achieved via the PWNYOURHOME exploit targeting Apple’s HomeKit and iMessage.” Neither Citizen Lab or Access Now attributed the attack to any specific nation-state actor.

PWNYOURHOME is one of three iOS 15 and iOS 16 zero-click exploits that Citizen Lab previously determined NSO Group’s clients to have used in 2022 to drop Pegasus on target iPhones. The two-phase zero-click exploit first targets the HomeKit smart home functionality built into iPhones, and then uses the iMessage process to essentially breach device protections and enable Pegasus…

Source…