Hack Old Iphone This Week in Security: Updates, Leaks, Hacking Old Hardware, and Making New

Total Page:16

File Type:pdf, Size:1020Kb

Hack Old Iphone This Week in Security: Updates, Leaks, Hacking Old Hardware, and Making New hack old iphone This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New. First off, Apple has issued an update for some very old devices. Well, vintage 2013, but that’s a long time in cell-phone years. Fixed are a trio of vulnerabilities, two of which are reported to be exploited in the wild. CVE-2021-30761 and CVE-2021-30762 are both flaws in Webkit, allowing for arbitrary code execution upon visiting a malicious website. The third bug fixed is a very interesting one, CVE-2021-30737, memory corruption in the ASN.1 decoder. ASN.1 is a serialization format, used in a bunch of different crypto and telecom protocols, like the PKCS key exchange protocols. This bug was reported by [xerub], who showed off an attack against locked iPhone immediately after boot. Need to break into an old iPhone? Looks like there’s an exploit for that now. Samsung’s Pre-installed Apps. Or if we were feeling less charitable, we’d call them bloatware. Either way, researchers at Oversecured took a look… and found some problems. First up is Samsung’s Knox Core app, part of their enterprise security system. This core framework file can install other apps, triggered by a world-writable URI. So first problem, anything that can load a file and call a URI can trigger an arbitrary app install. There is a second problem: part of that install process copies the app-to-be-installed to a world-readable location. This means that with a bit of work, any other app can abuse this to read any file this system app can read, and that’s all of them. Up next is the managed provisioning app. This too allows installing apps, but has a built-in verification system, as it was based on Managed Provisioning from the Android Open Source Project (AOSP). Samsung added features, one of which is a flag to disable the verification. Oh, and this one installs apps as system. “Please install my rootkit, Samsung.” “OK” And the last problem we’ll look at is the TelephonyUI app. It exposes a receiver, PhotoringReceiver, which takes two arguments: the URL to download, and the file location to write it to. This function does check that the remote server reports the file to be an image or video, but this is trivial for an attacker to spoof. The result is that an attacker can send an intent, download an arbitrary file, and write it anywhere on the phone as UID 1001, one of the system users. Volkswagen Data Leaks. Volkswagen has just confirmed that someone got access to a database of their potential and actual customers. Their letter states that a “vendor left electronic data unsecured.” Based on previous breaches, this is probably something like an Elsticsearch instance exposed to the Internet. So there’s good and bad news here. The good, if you only made it into their database as a prospective customer, only your name, physical and email addresses, and a phone number are exposed. The bad? If you were an actual customer, that could include driver’s license number, date of birth, and SSN. Watch out for targeted fishing using the information, though the more likely scenario is something like unemployment fraud committed using the information. EA Code Stolen. Though when it comes to source code, it’s not really theft, just unauthorized copying. Regardless, an unnamed group claims to be in possession of 780 GB of internal data and source code from EA, and is offering access for a mere $28 million. It’s unclear how the breach happened, but known bugs have been suggested, like the high-profile Microsoft Exchange bug from a few months back. Regardless, the dump includes the full source to FIFA 21 and FrostBite, EA’s engine. The really bad part is the collection of API keys and other secrets that were inevitably a part of the grabbed source. The Data of Three Million Machines. Researchers from NordLocker discovered a really big database of data, which appear to have been collected by a network of trojans. How did that malware wind up on real machines? Mostly through cracked software, it seems. An illegal Photoshop download, a Windows crack, and a handful of games. So think long and hard before you’re tempted to fire up you favorite torrent client, you might just be inviting malware in. The malware did quite a bit while it was active, too. It took a screenshot, as well as a webcam capture. Uploaded files from the user’s folders, captured and sent along passwords and cookies, and more. The whole trove of data seems to be 1.2 terabytes worth. Yikes. Apple vs The EU? If you haven’t noticed, a growing collection of people, companies, and now nations are taking issue with Apple’s walled garden approach to smartphone software. The ongoing litigation from Epic over the Fortnight game and the app store has perhaps the highest profile. But the European Union, thanks to their proposed Digital Markets Act (DMA), might soon enter the fray. This legislation aims to limit the power a digital gatekeeper can exercise over a market. Tim Cook recently gave his thoughts on the idea — not entirely positive. The biggest issue? The DMA would force Apple to allow app sideloading. The official response is that sideloading would “destroy the security of the iPhone.” Now let’s chat about that for a moment. Is it a bit iffy to install apps on your device that haven’t been vetted through the official app store? Sure. If you aren’t careful, you’re likely to install apps with malware, and not have a Google or Apple working to detect and automatically remove the malicious app. On the other hand, it seems just a bit over-the-top to say that this would destroy the iPhone’s security. There have been plenty of vulnerabilities found in the last couple years that can compromise the device from a simple page visit. Not to mention malicious apps that have made it into the store. Allowing you to install any application you wanted would break Apple’s stranglehold on the iOS app store. What this would mean, is that Apple would out on a whole lot of revenue from apps like Fortnight, who would be willing to build their own app store. So what do you think? Is this really the big security problem that Apple says it is, or are they just being protective of their walled garden and the benefits thereof? Hacking a Router. Sometimes, exploits aren’t notable for how serious they are, but for how educational the write-up is. Firmly in that category is this story of getting a remote shell on an ancient Linksys WRT54GL. Quick note, the “L” there stands for Linux, and this particular router exists because the WRT54G was the grand-daddy of custom router firmware. A request for GPL code for the original router led a few hackers to put together their own firmware images, and DD-WRT and OpenWRT were both born out of the efforts. Router revisions happen rapidly, and soon the WRT54G had switched to VxWorks, and cut the flash in half, making support just about impossible for the custom firmwares. Enough customers complained, that Linksys re-released the older version as the WRT54GL. History aside, [Elon Gliksberg] had one of the old routers, and decided to try to break in. Scan the ports with nmap , nothing interesting. The web interface? There is a diagnostic page that can send pings, so it probably runs a linux commands on the backend, so it’s worth trying something like ping 192.168.1.1; echo hello; That endpoint was sufficiently sanitized that it wasn’t a viable attack. A bit of decompiling did lead to one call of system() that could be abused, though. That call was in the post-upgrade logic, to restore the user-interface language. Set the language to some shellcode, and you get execution. From there, it was just the task of getting the reverse shell compiled for that specific device, and using the built-in wget to fetch it. So here’s the irony: this vulnerability is launched as part of uploading firmware, and this device is just about the most widely supported target for custom firmware in the world. You can install your own Linux image on it with the same access this hack requires. Irony aside, the value here is waking through the process, which is well written out, and full of tips for trying to find your own exploit. The WiFi Wart! A couple weeks ago, we covered a nifty new project, the WiFi Wart. Well [Walker] is still at it, and has an update on his progress. There’s good news, like finishing the design of the first prototype boards, sourcing the components, and actually assembling a trio of the test boards. Then there was some bad news, like discovering the hard way that the Low Dropout Regulator (LDO) he ordered was a 3.3 V component, instead of the needed 2.5 V. That’s one board with dead components, and time spent waiting on the replacement parts. Such is the way of things, when building new hardware. We’ll keep you up to date with this promising project, as updates are available. 6 thoughts on “ This Week In Security: Updates, Leaks, Hacking Old Hardware, And Making New ” The right answer for what apple should be doing here is obvious. Have a physical “switch” which must be moved to enable such sideloading.
Recommended publications
  • Varemerketidende-Nr35-2021.Pdf
    . nr 35/21 - 2021.08.30 NO årgang 111 ISSN 1503-4925 Norsk varemerketidende er en publikasjon som inneholder kunngjøringer innenfor varemerkeområdet BESØKSADRESSE Sandakerveien 64 POSTADRESSE Postboks 4863 Nydalen 0422 Oslo E-POST [email protected] TELEFON +47 22 38 73 00 8.00-15.45 innholdsfortegnelse og inid-koder 2021.08.30 - 35/21 Innholdsfortegnelse: Etterlysning ............................................................................................................................................................ 3 Registrerte varemerker ......................................................................................................................................... 4 Internasjonale varemerkeregistreringer ............................................................................................................ 43 Ansvarsmerker .................................................................................................................................................. 141 Innsigelser .......................................................................................................................................................... 142 Avgjørelser fra Klagenemnda........................................................................................................................... 143 Begrensing i varefortegnelsen for internasjonale varemerkeregistreringer ............................................... 146 Begrensing av varer eller tjenester for nasjonale registreringer ................................................................
    [Show full text]
  • Safeguarding the Online Presence of LGBTIQ Refugees
    Safeguarding the Online Presence of LGBTIQ Refugees Team Members: Brett Foster Jenna Galli Matthew O’Donnell Alexander Puhalski Advisors: Fabio Carrera Daniel DiMassa Sponsored By: May 13th, 2021 [email protected] https://sites.google.com/view/be21-oram/ This report represents the work of WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review. For more information about the projects program at WPI, please see http://www.wpi.edu/academics/ugradstudies/project-learning.html Abstract This project aided the Organization for Refuge, Asylum, and Migration (ORAM), located in Berlin, Germany, in developing safe practices used to sustain a web-based tool that assists LGBTIQ asylum seekers. We proposed changes for ORAM’s web application and produced a guide that ORAM can use to educate refugees and asylum seekers on protecting their digital data. We also conducted interviews with experts in cybersecurity, data storage, or IT to identify security measures and services for ORAM to safely collect and store refugees’ data. ORAM can use these recommendations to serve itself and its clients. i Executive Summary The total number of displaced people worldwide has almost doubled over the past decade from 43.3 million people in 2009 to 79.5 million in 2019—the largest number ever recorded (UNHCR, 2020a). Over 30 million of these refugees have been forced to leave their country of origin and are displaced abroad. Though many of these refugees are forced out due to conflicts and wars in their countries, others flee due to persecution.
    [Show full text]
  • Technology Reseller
    THE MAGAZINE & ONLINE CHANNEL RESOURCE FOR VARS, IT RESELLERS & IT SUPPORT PROVIDERS www.technologyreseller.co.uk v22 · 2019 Growing Together Partner-first culture drives rapid growth at Virtual1 Q&A MOBILE VIEW FROM Jamie Farrelly bigs up Veritas COMPUTING THE CHANNEL Technologies’ June product Dynabook branding marks new James Doggart, CEO of mega-launch chapter for 30-year-old start-up Cloud Technology Solutions PAGE 30 PAGE 38 PAGE 40 Article TiTLE 2 01732 759725 MK6160 Nimans Cisco Smash Press Ads TechReseller.indd 1 10/04/2019 13:41 ISSN 2632-9301 (Print) ISSN 2632-931X (Online) COMMENT technologyreseller.co.uk v22 · 2019 Comment 04 What’s New An interesting column from Brother UK MD Phil Jones The month’s best new on page 18, in which he lists some of the advice he products and services would give his younger self. These nuggets of wisdom, 07 Distributor News based on his experience in the IT industry, would have Midwich Group opens been valuable at any point in the last 30 years, but Bracknell showroom seem particularly pertinent today. His advice to seek 12 Reseller News and take note of feedback, however challenging it New financial backer for 24 Communications 33 SD-WAN might be, and to be aware of one’s own prejudices, ASL Group The go-to company for New Masergy market ‘decision pathways’ and blind spots strikes me as being UCC analysis highly relevant now that more and more businesses are 26 UCaaS 36 Computing embracing teamwork and collaboration in the pursuit of The opportunity in Meet ‘the most exciting agility and innovation.
    [Show full text]
  • Data Confidentiality and Integrity in Cloud Storage Environment
    Data Confidentiality and Integrity in Cloud Storage Environment Essohanam DJEKI1, Carlyna BONDIOMBOUY2, and Jules DEGILA3 1 Institut de Mathmatiques et de Sciences Physiques, Porto-Novo, Benin [email protected] 2 Centre d’Excellence Africain - Science Mathmatiques et Applications, Benin [email protected] 3 Institut de Mathmatiques et de Sciences Physiques, Porto-Novo, Benin [email protected] Abstract. Cloud services have seen a considerable increase in recent times, as the cloud allows users to outsource their data and IT resources. Storing and backing up data in the cloud has become increasingly popular. However, data security is an increasing concern. With the number of attacks on the cloud and data leakage, users are worried about their data security in the cloud. Several works dealt with data security in the cloud, but most of these solutions largely depend on providers. They do not provide users the control of the security of their data. To deal with data security concerns, we proposed a solution called EnCrypt Cloud that allows users to encryptcheck the integrity of their files, check their files' integrity, and check their files' integrity before uploading and storing it the cloud storage. We used the encryption technique (AES 256) to ensure the confidentiality of the data. To verify the data's integrity, we used the SHA 256 hash function with a two- level integrity check. Performance analysis of the AES encryption algorithm was performed to compare execution time memory usage during the encryption and decryption process. It should be noted that decryption consumes more resources than encryption. Keywords: data confidentiality, data integrity, cloud storage, data encryption, cloud security issues, EnCrypt Cloud.
    [Show full text]
  • Meet Nordlocker: Powerful Encryption Tool for Your Files
    Meet NordLocker: Powerful Encryption Tool for Your Files Creators of NordVPN Announce Launch of New Cybersecurity Product November 12, 2019. NordVPN, the world’s most advanced VPN service provider, is proud to announce the launch of its latest cybersecurity product — NordLocker. The new digital tool secures all types of files stored on your computer or in the cloud with end-to-end encryption. “Our mission is to combine the best usability practices with the highest encryption standards. NordLocker is not cloud storage. We believe it’s better. Think of it as middleware that adds a security layer to your data. NordLocker never stores your files anywhere. Instead, it lets you maintain the flexibility of keeping them wherever you’re used to, only securely,” says Ruby Gonzalez, Head of Communications at NordVPN. NordLocker is perfect for both personal use and handling work-related data. If someone gets access to your computer or other storage without permission, you don’t want your private files, such as photos, videos, music, notes, etc. to be peeked at or stolen. With NordLocker, what others see on your computer is secure, folder-like “lockers,” which hold your encrypted files and can only be accessed with your master password. The tool is especially handy for protecting your most sensitive data, including finances, IDs, and work files. On the other hand, NordLocker is a must for companies that store financial, legal, or medical records of their clients or deal with any other confidential information. In case of a breach, the encrypted data remains ultra-safe and private. That’s because NordLocker’s cryptosystem uses the most advanced ciphers and principles, featuring Argon2, AES256, ECC (with XChaCha20, EdDSA, and Poly1305), and other creations of modern cryptography.
    [Show full text]
  • Potpourri Topics from Recent Issues of the Ask Woody Newsletter
    Potpourri Topics from recent issues of the Ask Woody Newsletter (a weekly email newsletter about Windows computers and software, and related issues, from askwoody.com) Compiled by Gary Patrick Lexington Computer & Technology Group 4/22/2020 Table of Contents Topic 1) The “Ask Woody” Newsletter has resumed a free edition: Once a week, a subset of the Ask Woody Plus paid newsletter: - likely three articles a week out of four-to-six in the Plus edition. - a sample copy is at: https://www.askwoody.com/askwoody-newsletter-alerts/welcome-to-the-askwoody-free-newsletter/ This issue has an article “Is a Chromebook right for you,” within the objectives of the newsletter to provide user help for Windows 7, 8, and operating systems alternatives to Windows 7 and 8, as well as the primary coverage of Windows 10 and applications. A link to sign up for the free edition is https://cdn.forms-content.sg-form.com/fadcab1b-6abe-11ea-9648-2a7e788be8da A bonus is free access to the “Forums” section of Readers’ comments and blogs - examples are: 1) “Setting up a Standard User Account in Windows 10,” and 2) Reader Discussion about Backup Imaging Software. Go to slide #29 for web links. One can search the Forums by any keyword(s). Topic 2) Is your cloud-stored data there forever? (beginning with slide #3) Including a survey of Encryption Software (But there is an unanswered question whether adding encryption now can really overwrite and hide data already stored earlier in the Cloud unencrypted - very likely not). Topic 3) Updates to the Ask Woody Ultimate Utilities List (beginning in slide #21) 2 When you delete data stored in your “Cloud” account - - is your deleted data really gone? (by Fred Langa, Ask Woody Plus Newsletter, Issue 17.10.0, March 9, 2020.) Most Windows users know that clicking "delete" does not actually erase local files; it merely modifies an index table.
    [Show full text]
  • Through the Web, Darkly Through the Web, Darkly
    Through the Web, Darkly Through the Web, Darkly © Copyright 2020 William von Hagen. All Rights Reserved. All opinions expressed in this document are the opinions of the author, except where explicitly attributed to someone else. They are just that - opinions. Free thought and speech are still legal, aren't they? Released on Amazon and as donation-ware. If you didn't get this on Amazon and liked any part(s) of this document or found it to be useful, please make a small donation via PayPal to <[email protected]> or in Bitcoin to 35DnXM3Fg9zvirbraGmUGecLy7EPZiBWsT. Thanks! Comments welcome. Updates will be ongoing. Any errors are accidental. Please report them to [email protected] [mailto:[email protected]] to ensure that this document is corrected. Heads up! The cover illustration is a public domain photograph of the skull of St. Wenceslaus [https://commons.wikimedia.org/wiki/ File:St_Wenceslas_skull.jpg]. Merry Xmas, reader! ISBN-13: 978-0-578-56194-3 Version 20200526-002 This legend may not be removed from this document by any party. That would be just plain wrong. Through the Web, Darkly Table of Contents Table of Contents About this book .............................................................................................................. xi 1. Overview ...................................................................................................................... 1 1.1. Cast of hackers ................................................................................................... 2 1.2. Differentiating between privacy
    [Show full text]