Topic security

Computrace backdoor exposes millions of PCs

Anonymous Coward
in security on (#9RJV)
Security researchers have discovered millions of PCs have Computrace software enabled. This software is enabled in the BIOS by default. It allows for a Windows PC to be taken over remotely. Computrace does not enforce encryption when it communicates and it does not verify the identity of the remote server from which it receives commands. Most users are not even aware that this software is installed and enabled in their BIOS.

Nearly every PC has an anti-theft product called Computrace embedded in its BIOS PCI Optional ROM or its unified extensible firmware interface (UEFI). Computrace (aka. Lojack for Laptops) is a legitimate, trusted application developed by Absolute Software. However, it often runs without user-consent, persistently activates itself at system boot, and can be exploited to perform various attacks and to take complete control of an affected machine.

Security researcher controlled passenger jet via inflight entertainment system

in security on (#96BP)
story imageChris Roberts, a security researcher with One World Labs, who has been issuing warnings about vulnerabilities in inflight entertainment systems for years, told the FBI agent during an interview in February that he had hacked the in-flight entertainment system on an airplane and overwrote code on the plane’s Thrust Management Computer while aboard the flight. “He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights,” FBI Special Agent Mark Hurley wrote in his warrant application. “He also stated that he used Vortex software after comprising/exploiting or ‘hacking’ the airplane’s networks. He used the software to monitor traffic from the cockpit system.”

“We believe Roberts had the ability and the willingness to use the equipment then with him to access or attempt to access the (inflight entertainment system) and possibly the flight control systems on any aircraft equipped with an (inflight entertainment system) and it would endanger the public safety to allow him to leave the Syracuse airport that evening with that equipment,” sates the warrant application. Roberts has not yet been charged with any crime. The allegations contained in the search warrant application have not been proven in court.

Shortly after the incident with Roberts, Wired reported that the TSA and the F.B.I. issued a bulletin to airlines to be on the lookout for passengers showing signs they may be trying to hack into an airplane’s Wi-Fi or inflight entertainment system. Wired also reported that the U.S. Government Accountability Office issued a report warning that electronic systems on some planes may be vulnerable to hacking.

Keyless entry fobs result in rash of vehicle thefts

in security on (#8TR4)
story imageAs vehicles become more technologically advanced, thieves are becoming technologically savvy, too. Cars with a hands-free key fobs typically unlock a car within about 30 centimeters. But across the USA, thieves have begun using a device called a power amplifier to help unlock cars. The amplifier, which can cost less than $20 over the Internet — takes the signal from the car and projects it as far as 100 meters, so your car can find your key fob in your purse, pocket or the table where you dump your stuff when you come in the door.

In Toronto, Los Angeles, Long Beach, New York, Springfield, and more cities, police have reported a spike in thefts from Toyota and Lexus SUVs, Priuses, and more vehicles, all parked in owners' driveways with no signs of damage. As more people buy cars with these no-push key fobs, what's the solution to stopping this type of break-in? "Use a microwave" or wrap your keys in aluminum foil. The heavy metal cages block the signal. It's another case of convenience becoming a two-edged sword.

Crack any Master Lock combination lock in eight tries or less

in security on (#853A)
There's a vulnerability in Master Lock branded combination padlocks that allows anyone to learn the combination in eight or fewer tries, a process that requires less than two minutes and a minimal amount of skill to carry out.

The exploit involves lifting up a locked shackle with one hand while turning the combination dial. Before the dial reaches 11, there will be three points where the dial will resist being turned anymore. The three positions are then input to a web page that streamlines the exploit. The page responds with the first digit of the combination and two possible digits for the last digit. By testing which of the possible last digits has more "give," an attacker can quickly figure out which one is correct. By eliminating the false digit from the Web form, the page will automatically populate the eight possible numbers for the second digit of the combination.

It's by no means the only way to break the security of a popular padlock. It comes a few years after Master Lock engineers developed new padlocks that resisted a popular form of attacks using shims made from soft drink cans.

UK's rail signal upgrades 'could be hacked to cause crashes'

in security on (#7WD7)
A hi-tech signalling system that will eventually control all of Britain's trains could potentially be hacked to cause a serious crash, according to a scientist who advises the government. Network Rail, which is in charge of the upgrade, acknowledges the threat. "We know that the risk [of a cyber-attack] will increase as we continue to roll out digital technology across the network," a spokesman told the BBC.

"Certain ministers know this is absolutely possible and they are worried about it. Safeguards are going in, in secret, but it's always possible to get around them." He added that part of the reason that transport systems had not already been hacked as frequently as financial institutions and media organisations was that much of the technology involved was currently too old to be vulnerable. All of that will change in the coming years, as aircraft, cars and trains become progressively more computerised and connected, he said.

WiFi on airplanes: good. Zero-day vulns on aircraft: bad

in security on (#7NYM)
story imageAnyone who spends significant time on aircraft probably agrees that internet access at 30,000 feet is pretty cool. But only if the internet access system isn't stupidly tethered to other aircraft systems of critical importance.
Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)

— Chris Roberts (@Sidragon1) April 15, 2015
The tweet was a joke laced with sarcasm. Roberts is a veteran of the vulnerability disclosure wars, having tried for years to get Boeing and Airbus to heed warnings about security issues with their passenger communications systems. His tweet about the Engine Indicator Crew Alert System, or EICAS, was a reference to research he’d done years ago on vulnerabilities in inflight infotainment networks, vulnerabilities that could allow an attacker to access cabin controls and deploy a plane’s oxygen masks.

It was the wrong message to send. The Feds were waiting when Roberts landed in Syracuse.
Chris Roberts may be pushing buttons on purpose here, but as a security researcher, he's asking the right question about the corporate culture of disclosing and patching vulnerabilities. And the airline industry as a whole has some maturing to do with regard to this well-worn topic.

Ransomware Decryptor - NHTCU & Kaspersky Lab

Anonymous Coward
in security on (#79WG)
Police departments across the United States are easy targets for hackers who infect their computers, encrypt their documents and give them a deadline to make a payment to decrypt their data. Over the weekend, some Maine police agencies reported having to pay ransom to hackers in order to keep their files. In Tewksbury, Massachusetts the police chief said he paid a $500 bounty to get back the department's data.

The National High Tech Crime Unit (NHTCU) of the Netherlands’ police, the Netherlands’ National Prosecutors Office and Kaspersky Lab have been working together to fight the CoinVault ransomware campaign. They have been able to obtain data that can help you to decrypt the files being held hostage on your PC, providing both decryption keys and the decryption application. For more information see this how-to. Note that new keys will be added in the future:

Chrome, Firefox, Internet Explorer, Safari, Flash Player: all hacked

in security on (#5G4H)
So much for browser security. Researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins. The Pwn2Own contest takes place every year at the CanSecWest security conference in Vancouver, Canada, and is sponsored by Hewlett-Packard’s Zero Day Initiative program. The contest pits researchers against the latest 64-bit versions of the top four browsers in order to demonstrate Web-based attacks that can execute rogue code on underlying systems.

The final count for vulnerabilities exploited this year stands as follows: five flaws in the Windows OS, four in Internet Explorer 11, three each in Mozilla Firefox, Adobe Reader, and Flash Player, two in Apple Safari and one in Google Chrome. All bugs were reported to the affected vendors after the contest, as part of the competition’s rules.

Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Anonymous Coward
in security on (#5BPA)


We demonstrate the extraction of secret decryption keys from laptop computers, by nonintrusively measuring electromagnetic emanations for a few seconds from a distance of 50 cm. The attack can be executed using cheap and readily-available equipment: a consumer-grade radio receiver or a Software Defined Radio USB dongle. The setup is compact and can operate untethered; it can be easily concealed, e.g., inside pita bread. Common laptops, and popular implementations of RSA and ElGamal encryptions, are vulnerable to this attack, including those that implement the decryption using modern exponentiation algorithms such as sliding-window, or even its side-channel resistant variant, fixed-window (m-ary) exponentiation.

We successfully extracted keys from laptops of various models running GnuPG (popular open source encryption software, implementing the OpenPGP standard), within a few seconds. The attack sends a few carefully-crafted ciphertexts, and when these are decrypted by the target computer, they trigger the occurrence of specially-structured values inside the decryption software. These special values cause observable fluctuations in the electromagnetic field surrounding the laptop, in a way that depends on the pattern of key bits (specifically, the key-bits window in the exponentiation routine). The secret key can be deduced from these fluctuations, through signal processing and cryptanalysis."


Cryptology ePrint Archive: Report 2015/170

"Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation

Daniel Genkin and Lev Pachmanov and Itamar Pipman and Eran Tromer
Abstract: We present new side-channel attacks on RSA and ElGamal implementations that use the popular sliding-window or fixed-window (m-ary) modular exponentiation algorithms. The attacks can extract decryption keys using a very low measurement bandwidth (a frequency band of less than 100 kHz around a carrier under 2 MHz) even when attacking multi-GHz CPUs.

We demonstrate the attacks' feasibility by extracting keys from GnuPG, in a few seconds, using a nonintrusive measurement of electromagnetic emanations from laptop computers. The measurement equipment is cheap and compact, uses readily-available components (a Software Defined Radio USB dongle or a consumer-grade radio receiver), and can operate untethered while concealed, e.g., inside pita bread.

The attacks use a few non-adaptive chosen ciphertexts, crafted so that whenever the decryption routine encounters particular bit patterns in the secret key, intermediate values occur with a special structure that causes observable fluctuations in the electromagnetic field. Through suitable signal processing and cryptanalysis, the bit patterns and eventually the whole secret key are recovered.

Category / Keywords: side channel, electromagnetic analysis, RSA, ElGamal

Date: received 27 Feb 2015, last revised 3 Mar 2015

Contact author: tromer at cs tau ac il"


Has The Antivirus Industry Gone Mad?!

Anonymous Coward
in security on (#4KQB)
"We have seen a concerning trend that is about to spiral out of control: Potentially Unwanted Programs (PUPs) are further on the rise. What’s even more concerning is how they are spreading. After big vendors as Oracle (Java) and Microsoft (Bing and Skype) started bundling, now antivirus vendors have joined the game. We did research on some of the most popular PUP practices among the freeware antivirus vendors, and the results are quite disturbing.

PUPs want to get on your computer to make money off of you"