Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones.
In a paper titled "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers this week described malware they have developed for re-configuring a headphone jack from a line-out configuration to a line-in jack, thereby enabling connected headphones to work as microphones.
The exploit works with most off-the-shelf headphones and even when the computer doesn’t have a connected microphone or has a microphone that has been disabled, according to the researchers. more Spoiler Alert: It ain't easy to do, or likely to happen to you. ~Kevin
Researchers at the Ben-Gurion University of the Negev (BGU) Cyber Security Research Center have discovered that virtually any cellphone infected with a malicious code can use GSM phone frequencies to steal critical information from infected “air-gapped” computers.
Air-gapped computers are isolated -- separated both logically and physically from public networks -- ostensibly so they cannot be hacked over the Internet or within company networks.
Led by BGU Ph.D. student Mordechai Guri, the research team discovered how to turn an ordinary air-gapped computer into a cellular transmitting antenna using software that modifies the CPU firmware. GSMem malicious software uses the electromagnetic waves from phones to receive and exfiltrate small bits of data, such as security keys and passwords...
This is the third threat the BGU cyber team has uncovered related to what are supposed to be secure, air-gapped computers. Last year, the researchers created a method called Air-Hopper, which utilizes FM waves for data exfiltration. Another research initiative, BitWhisper, demonstrated a covert bi-directional communication channel between two close-by air-gapped computers using heat to communicate. more
Electronic cigarette manufacturers may have highlighted its numerous benefits to let you lead a healthy, stress-free life.
What they certainly did not highlight was that the device can be used for malware distribution as well...
To avoid such risks, it is advised to disable data pins on the USB and keep only cable charge to prevent any information exchange between the devices it connects.
Alternatively, use a USB Condom, a gadget that connects to USB and makes data pins ineffective. (more)
The FBI and police in several countries have arrested more than 100
people and conducted hundreds of searches in recent days in a global
crackdown on hackers linked to the malicious software called
Blackshades, two law enforcement officials told CNN.
The years-long investigation is targeting one of the most popular tools
used by cybercriminals. The malware sells for as little as $40 and can
be used to hijack computers remotely and turn on webcams, access hard
drives and capture keystrokes to steal passwords without the victim's
knowledge, CNN Justice Reporter Evan Perez and CNN Justice Producer
Shimon Prokupecz report.
People familiar with the investigation say U.S. prosecutors are expected to announce more details today. (more)
According to The New York Times, anti-spyware apps don't work very well. The reason... Most "spyware detection" apps only scan for known spyware. New and well hidden spyware goes unnoticed, and detecting baseband eavesdropping (very serious) isn't even considered.
SPYWARN™ IS DIFFERENT (patent pending) SpyWarn™ 2.0 is a new and unique forensic methodology. It provides the functionality to detect all active spyware by monitoring what the infection is doing, and... ALL spyware is doing something.
Plus, SpyWarn™ 2.0 detects both spyware and baseband eavesdropping in real-time.
Not just spyware detection... This forensic app also contains an eBook version of, "Is My Cell Phone Bugged?" at no extra charge. This informative eBook is about regaining your overall communications privacy, and keeping snoops out of your life. A forensic examination by a specialist generally costs between $200.00 - $300.00 per inspection, and the end result is not as informative as SpyWarn™. SpyWarn™ 2.0 is priced to help everyone, only $2.99.
Don't wait until you have a spyware problem. Get SpyWarn™ on your phone now. Start conducting benchmark tests and saving them to SpyWarn's History file. When you do get a spyware infection it will be very apparent. Privacy Policy - We are serious about privacy. Only you get to see the data SpyWarn™ collects; it never leaves your phone.
100% Satisfaction Guarantee Try SpyWarn™ for 7 days. If you are not satisfied with its performance, tell me why so I can improve it, and I will refund the full purchase price to you. You keep the app and eBook. If SpyWarn™ helps you, help others regain their privacy by writing a positive review on Google Play. Thank you, Kevin D. Murray CPP, CISM, CFE, MPSC and The SpyWarn™ Team
Until Sunday night, the top new paid app on the Google Play store was a complete scam. Google Inc. quickly removed “Virus Shield” from the Google Play store, but not before thousands of people downloaded the fake anti-malware app, exposing a major flaw in the open strategy Google has taken with its mobile app marketplace.
"Virus Shield" claimed that it protected Android smartphone users from viruses, malware and spyware, and that it even improved the speed of phones. It touted its minimal impact on battery life and its additional functionality as an ad blocker. At only $3.99, "Virus Shield" sounded like a pretty good deal to the tens of thousands of people who downloaded it in less than two weeks. Virus Shield downloads Google Play Store (screenshot by Android Police)
Those 10,000 people even seemed to enjoy "Virus Shield," as the app maintained a 4.7-star rating from about 1,700 users. Another 2,607 users recommended it on the Google Play store, helping “Virus Shield” get ranked as the No. 1 new paid app and third overall top paid app. (more) Coming soon to Google Play, something that really works.
DON'T CLICK, it might be the old double extension trick.
Although this photo does NOT contain a virus, others might. Many Windows computers will display emailed CuteKitty.jpg.exe – an executable program – as CuteKitty.jpg – which seems harmless.
When you click, you might be shown a cute kitty... while a virus is loading in the background.
Tip 1 - Don't click on stuff if you don't know where it has been. Tip 2 - If you want to click anyway, open Windows search; enter "folder options"; select Folder Options; View tab, uncheck "Hide extensions for known file types." Check for the double extension trick.
A spyware app developed by two researchers has shown that Google Glass can
be used to secretly take photos of whatever a Glass wearer is looking
at without their knowledge - making the Glass user the one whose privacy
and security is potentially compromised. (more) Security researchers said they have uncovered bugs in Google's Android
operating system that could allow malicious apps to send vulnerable
devices into a spiral of endlessly looping crashes and possibly delete
all data stored on them. (more)
Stingray is a US law enforcement spoof cell tower used to track the location of mobile phones. Snoopy is a project conducted by London-based Sensepost Research Labs that does similar and much more with any WIFI-enabled device. Now Snoopy has gone airborne – mounted on a drone it can hover above a target area and trick mobile devices into connecting: a form of flying man-in-the-middle attack... The drones collect the devices' probe requests, which could be looking for networks that the user has recently connected to, and mimic them. "If your device is probing for 'Starbucks', we'll pretend to be Starbucks, and your device will connect." Once that connection is made, Snoopy can listen in. (more)
A new bot with the name Zorenium has landed in the criminal underground, with the ability to target Apple iOS devices like iPhone and iPad. It's not widely known, nor is it widely detectable...
The analysis suggests that Apple devices must be jail-broken to be vulnerable, which makes sense given Apple’s tight control over the iOS ecosystem—there’s a reason after all that virtually all mobile malware targets Android. (more)
A new Android malware toolkit called Dendroid is being offered for sale by its creators, and at least one of the malicious APKs created with it has managed to fool Google Play's Bouncer... The malicious APKs can purportedly intercept, block, and send out SMSes; record ongoing phone calls; take pictures, record video and audio by using the device's camera and microphone; download pictures the device owner has already made, as well as his or her browser history and bookmarks; and extract saved login credentials and passwords for a variety of accounts.
"Dendroid also comes bundled with a universal 'binder application.' This is a point-and-click tool that a customer can use to inject (or bind) Dendroid into any innocent target application that they choose with minimal effort," the researchers added. "This means that all a wannabee malware author needs in order to start pumping out infected applications is to choose a carrier app, download it and then let Dendroid’s toolkit take care of the rest." Sold for $300 (in crypto currencies), the toolkit comes with a warranty that the malware created with it will remain undetected. The researchers have discovered one app created with Dendroid that managed to get included and offered on Google Play by leveraging anti-emulation detection code that fools Google Play's Bouncer, the automated app scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device. The app has since been removed from the market. (more) Why this is important... It means that any jerk with $300 and some computer skills can turn any other app into your worst nightmare. BTW, it can be detected. q.v. SpyWarn™ — coming soon.
Chinese cybercriminals are increasingly targeting mobile users as they develop ever more sophisticated hacking tools, according to new research from security firm Trend Micro.
Its Mobile Cybercriminal Underground Market report revealed that Chinese hackers are using a variety of in-depth malware and malicious code programs to target users both at home and in the West, with mobile malware kits available to buy from as little as 100 yuan (around £10) on the black market.
“The barriers to launching cybercriminal operations are less in number than ever,” the report stated. “Toolkits are becoming more available and cheaper; some are even offered free of charge.” (more)
Android phones and tablets from four different manufacturers are arriving with malware “pre-installed” – a bogus version of Netflix which sends password and credit card information to Russia, according to app security specialist Marble Security.
David Jevans, CTO and founder of the company said that he was alerted to the problem by a company testing his product, software to help organizations manage mobile devices, after it repeatedly flagged Netflix as malicious, according to PC World’s report.
Jevans’ team analysed the app, and found that it was bogus, using tools including one that analyzed the app’s network traffic for signs of communication with known malicious servers. Jevans says, “This isn’t the real Netflix. You’ve got one that has been tampered with, and is sending passwords and credit card information to Russia.” (more)
Security researchers have designed a stealthy eavesdropping attack that sounds like it's straight out of a James Bond movie. It starts with a booby-trapped document that compromises an unpatched laser printer, which in turn converts a popular Internet phone into a covert bugging device.
The proof-of-concept attack exploits currently unpatched vulnerabilities in the Avaya one-X 9608, a popular model of phone that uses the Internet rather than a standard phone line to make and receive calls. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, declined to provide many details on the vulnerabilities until users have had time to install a patch that Avaya is expected to release soon. He did say the weaknesses allow devices on the same local network to remotely execute code that causes the device to surreptitiously record all sounds within earshot and transmit them to a server controlled by attackers. He demonstrated a similar bugging vulnerability last year in competing Internet phones designed by Cisco Systems, which has since patched the underlying bugs...
The compromise begins with a booby-trapped document that when printed executes malicious code on certain models of HP LaserJet printers that have not been patched against a critical vulnerability. Once compromised, the printers connect to attack servers, creating a means for outside hackers to bypass corporate firewalls. The attackers then use the printers as a proxy to enumerate and connect to other devices in the corporate network.
Once an Avaya 9608 phone is discovered, the attackers can inject code into it that infects its firmware. The compromise, which survives reboots, activates the phone's microphone without turning on any lights or otherwise giving any indication that anything is amiss. The infected phones can be set up to record conversations only after attacker-chosen keywords are detected. Recorded conversations can be sent through a corporate network onto the open Internet, but the malware also has a secondary method for exfiltration that bypasses any devices that block suspicious network traffic. In the event that such devices are detected, the malware can turn a phone's circuit board into a radio transmitter that sends the recorded conversations to a receiver that's anywhere from several inches to 50 feet away, depending on environmental variables.
The larger point is that bugs in electronics firmware are notoriously easy to exploit, as a smallsampleofrecentstoriesshows. Even if a target isn't using the phones or printers featured in the demonstration, chances are good that the target is using some constellation of devices that are susceptible to remote hijacking. And besides, many organizations fail to apply firmware updates, so even if a patch has been released, there's a good chance that it will never get installed on many vulnerable devices. (more)
Security Director Alert: Make sure software patching is a priority on the IT department's list. Start with this list for HP printers.
Researchers have uncovered a sophisticated cyber spying operation that has been alive since at least 2007 and uses techniques and code that surpass any nation-state spyware previously spotted in the wild.
The attack, dubbed “The Mask” by the researchers at Kaspersky Lab in Russia who discovered it, targeted government agencies and diplomatic offices and embassies, before it was dismantled last month. It also targeted companies in the oil, gas and energy industries as well as research organizations and activists. Kaspersky uncovered at least 380 victims in more than two dozen countries, with the majority of the targets in Morocco and Brazil.
The attack — possibly from a Spanish-speaking country — used sophisticated malware, rootkit methods and a bootkit to hide and maintain persistence on infected machines. The attackers sought not only to steal documents, but to steal encryption keys, data about a target’s VPN configurations, and Adobe signing keys, which would give the attackers the ability to sign .PDF documents as if they were the owner of the key. (more)
So-called "smart TVs" have hit the marketplace, essentially turning TVs into computers that let watchers search for videos, install applications or interact with ads. But that connectivity may be a two-way street, as manufacturer LG investigates claims that its line of smart TVs is collecting data on its customers.
According to an LG corporate video, "LG Smart Ad analyses users' favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men or alluring cosmetics and fragrances to women."
But what happens when your online behavior trends just a bit naughtier than clothes or cosmetics? Meghan Lopez talks to RT web producer Andrew Blake about spying smart TVs and other trending tech topics in this week's Tech Report. (more) In other news... LG has admitted it continued collecting data on viewing habits even after users had activated a privacy setting designed to prevent it.
The TV manufacturer has apologized to its customers and said it would issue an update to correct the problem. (more)
Latin America is experiencing tremendous growth—unfortunately the growth in question relates to cyberattacks. “If you look at Peru, you see 28 times as much malware in 2012 as in 2011; Mexico about 16 times; Brazil about 12 times; Chile about 10; and Argentina about seven times,” said Andrew Lee, CEO of ESET. These tremendous growth rates are expected to continue in the coming years, Lee noted.
Tom Kellermann, vice president of cybersecurity at Trend Micro, a network security solutions company. He discussed a report that Trend Micro released jointly with OAS called Latin American and Caribbean Cybersecurity Trends and Government Responses.
Kellermann noted that while organized crime groups, such as narco-traffickers, have embraced cybercrime, the governments of Latin American countries haven’t been able to keep up in terms of defending against this type of crime. “Only two out of five countries have an effective cybercrime law, let alone effective law enforcement to hunt [cyberattackers],” he said. (more)
For every scare, there is an inventor with an answer... via int3.cc...
Have you ever plugged your phone into a strange USB port because you really needed a charge and thought: "Gee who could be stealing my data?." We all have needs and sometimes you just need to charge your phone. "Any port in a storm." as the saying goes. Well now you can be a bit safer. "USB Condoms" prevent accidental data exchange when your device is plugged in to another device with a USB cable. USB Condoms achieve this by cutting off the data pins in the USB cable and allowing only the power pins to connect through.Thus, these "USB Condoms" prevent attacks like "juice jacking".
Use USB-Condoms to: * Charge your phone on your work computer without worrying... * Use charging stations in public without worrying...
If you're going to run around plugging your phone into strange USB ports, at least be safe about it. ;-) (more)
Chinese-speaking individuals visiting the website for the Central Tibetan Administration are being targeted with a Java exploit that installs advanced malware on their machines.
According to researchers at security firm Kaspersky Lab, the official site for the Tibetan government-in-exile, led by the Dalai Lama, was seeded with a backdoor that takes advantage of a vulnerability in Java, CVE-2012-4681, which was fixed by Oracle roughly a year ago.
The incident bears the signature of a watering hole attack, in which espionage malware is planted on a legitimate site, and then the attackers wait for their desired victims to visit and take the bait. (more)
In a paper titled "SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit," the researchers this week described malware they have developed for re-configuring a headphone jack from a line-out configuration to a line-in jack, thereby enabling connected headphones to work as microphones.
.png)
