Category Archives: Technology

More IoT insecurity: This Blu-ray disc pwns PCs and DVD players

For more than a decade, malicious hackers have used booby-trapped USB sticks to infect would-be victims, in rare cases to spread virulent, self-replicating malware on air-gapped computers inside a uranium enrichment plant. Now, a security researcher says he has found a way to build malicious Blu-ray discs that could do much the same thing—without any outward signs that an attack was underway.

Stephen Tomkinson, a security consultant at NCC Group, said he has devised a proof-of-concept exploit that allows a Blu-ray disc to compromise both a PC running Microsoft Windows and most standalone Blu-ray players. He spoke about the exploit on Friday at the Securi-Tay conference at the Abertay University in Dundee, Scotland, during a keynote titled “Abusing Blu-ray players.”

“By combining different vulnerabilities in Blu-ray players, we have built a single disc which will detect the type of player it’s being played on and launch a platform-specific executable from the disc before continuing on to play the disc’s video to avoid raising suspicion,” Tomkinson wrote in an accompanying blog post. “These executables could be used by an attacker to provide a tunnel into the target network or to exfiltrate sensitive files, for example.”

Read 4 remaining paragraphs | Comments

Drone Maker to Add No-Fly Firmware to Prevent Future White House Buzzing

In the wake of a National Geospatial-Intelligence Agency employee’s late-night drunken mischief with a DJi Phantom 2 consumer quadrocopter drone over White House airspace, President Barack Obama called for new laws to govern the use of unmanned aerial vehicles. Meanwhile, the company that manufactured the drone used in the ill-fated flight has announced that it will issue a mandatory upgrade to the firmware for its Phantom 2 line of products to make sure that customers comply with the FAA’s no-fly zone around DC.

In a press release issued this morning, DJI announced that the firmware update “will help users comply with the FAA’s Notice to Airmen (NOTAM) 0/8326, which restricts unmanned flight around the Washington, DC metropolitan area.The updated firmware (V3.10) will be released in the coming days and adds a No-Fly Zone centered on downtown Washington, DC and extends for a 25 kilometer (15.5 mile) radius in all directions. Phantom pilots in this area will not be able to take off from or fly into this airspace.”

DJI’s Phantom 2 drones already have firmware settings that prevent them from being flown near airports and other places where officials have set restrictions on flight. According to the company’s statement, DJI is also continuing to update the no-fly zone list for future firmware releases to prevent flights in other sensitive areas—and to prevent drones from being flown across national borders.

Read 4 remaining paragraphs | Comments

Drunken Spy Satellite Agency Employee Crashed Drone on White House Lawn

The curious incident of the drone in the night-time has been made a bit less mysterious today, as the Secret Service revealed new details into their investigation—including a confession by the pilot himself. According to the Secret Service, an unnamed employee of the National Geospatial Intelligence Agency (NGA) claimed responsibility for crashing a remote-controlled quadrocopter into a tree on the grounds of the White House.

The yet-unnamed employee reported the incident to his superiors at NGA. He claimed to have been drinking at an apartment near the White House when he decided early Monday morning to fly a friend’s new DJI Phantom drone. He claimed that he then lost control of the drone. Soon after the drone slipped unnoticed over the White House fence, it was spotted flying low over the grounds before it crashed into a tree.

The White House has a radar system to detect incoming aerial threats, but it did not detect the drone, which has the radar cross-section of a large bird at best. According to The New York Times, the Secret Service has been studying ways for the past few years to develop a defense against small drones, which could conceivably carry small explosives or other threats.

Read 1 remaining paragraphs | Comments

Apple Releases OS X 10.10.2 with a Pile of Security, Privacy, and Wi-Fi Fixes

Apple has just released the final build of OS X 10.10.2, the second major update for OS X Yosemite since its release. Version 10.10.1, published just a month after Yosemite’s release, focused mostly on quick fixes for the new OS’ most noticeable problems. Apple has been issuing betas for 10.10.2 since November, though, and a longer testing period usually implies that there are more extensive fixes.

First up, the new release is supposed to fix more of the Wi-Fi problems that some users have been experiencing since Yosemite’s launch. 10.10.1 also included Wi-Fi fixes, though it apparently didn’t resolve the problems for all. The new update will also address “an issue that may cause webpages to load slowly” and improve general stability in Safari, all of which should go a long way toward improving Yosemite’s network and Internet performance.

Several privacy and security problems that we’ve reported on have been resolved in 10.10.2, as well. Though Apple will still share limited search and location information with Microsoft to enable Spotlight’s Bing-powered Web searching feature, the company has fixed a bug that caused Spotlight to “load remote e-mail content” even when the setting was disabled in Mail.app itself. Our original report describes why this is a problem:

Read 3 remaining paragraphs | Comments

Playing NSA, Hardware Hackers Build USB Cable That Can Attack

Just over a year ago, Jacob Appelbaum and Der Spiegel revealed pages from the National Security Agency’s ANT catalog, a sort of “wish book” for spies that listed technology that could be used to exploit the computer and network hardware of targets for espionage. One of those tools was a USB cable with embedded hardware called Cottonmouth-I—a cable that can turn the computer’s USB connections into a remote wiretap or even a remote control.

Cottonmouth-I is the sort of man-in-the-middle attack that hackers dream of. Built into keyboard or accessory cables, it allows an attacker to implant and communicate with malware even on a computer that’s “airgapped”—completely off a network. And its hardware all fit neatly into a USB plug. Because of the sophistication of the hardware, the advertised price for Cottonmouth-I was over $1 million per lot of 50—meaning each single device cost $20,000.

But soon, you’ll be able to make one in your basement for less than $20 in parts, plus a little bit of solder. At Shmoocon in Washington, DC, this past weekend, Michael Ossman, a wireless security researcher and founder of Great Scott Gadgets, and a contributor to the NSA Playset–a set of projects seeking to duplicate in open source the capabilities in the NSA’s toolbox, showed off his progress on TURNIPSCHOOL, a man-in-the-middle USB cable project under development that fits a USB hub-on-a-chip and a microprocessor with a built-in radio onto a circuit board that fits into a molded USB plug.

Read 5 remaining paragraphs | Comments

Wireless Device in Two Million Cars Wide Open to Hacking

An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.

US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008. The dongle tracks users’ driving to help determine if they qualify for lower rates. According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen’s 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.

“Anything on the bus can talk to anything [else] on the bus,” Thuen was quoted as saying in an article from Dark Reading. “You could do a cellular man-in-the-middle attack” assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.

Read 1 remaining paragraphs | Comments

A Hacked DDoS-on-demand Site Offers a Look into Mind of “Booter” Users

A leaked database from a hacked denial-of-service site has provided some insight into what sorts of targets individuals will pay to knock offline for a few dollars or bitcoin. And it’s safe to say that a significant percentage of them are not the brightest stars in the sky. To get an idea of who would use such a service and for what purposes, Ars analyzed the data from a recently hacked DDoS for hire site: LizardSquad’s LizardStresser.

“Booter” or “stresser” sites offer users the ability to pay for distributed denial of service attacks against a target, and these sites promise to try to disguise the nature of the attack with the fig leaf of being legitimate load testing sites. That wasn’t so much the case with LizardStresser, the botnet-for-hire set up by the distributed denial of service crew known as LizardSquad. The group used its Christmas week DDoS attacks on Microsoft’s Xbox Live network and Sony’s Playstation Network as a form of advertising for the new service.

Since then, attacks on gamers have made up a significant percentage of the LizardStresser’s workload. While more than half of the attacks launched by customers of the service have been against Web servers, a significant portion have targeted individuals or small community gaming servers—including Minecraft servers.

Read 12 remaining paragraphs | Comments

US (Sort of) Points to “Smoking Gun” Linking North Korea to Sony Hack

Citing anonymous sources in and close to the US government, The New York Times reports that the fingering of North Korea as responsible for the attack on the network of Sony Pictures Entertainment was through evidence gathered by National Security Agency surveillance. This includes software taps into networks associated with North Korea’s network warfare and espionage unit, Bureau 121, among others. The actual evidence, however, will likely never see the light of day because of the highly classified nature of how it was obtained.

David Sanger and Martin Fackler of the Times report that the NSA started to ramp up efforts to penetrate North Korea’s networks in 2010 to monitor the growth of Bureau 121 and the rest of the country’s “computer network exploitation” capabilities:

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified NSA operation.

The NSA’s Tailored Access Office, according to the report, “drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers, and penetrated directly into the North with the help of South Korea and other American allies.” According to NSA documents released by Der Spiegel, some of South Korea’s initial assistance was not voluntary—the NSA secretly exploited South Korea’s existing hacks of North Korea to gain intelligence information. But despite the level of access they gained, according to an unnamed investigator into the Sony Pictures attack, the NSA and other US agencies “couldn’t really understand the severity” of the attack that would be launched against Sony when they began on November 24.

Read on Ars Technica | Comments