Showing posts with label Hacking. Show all posts
Showing posts with label Hacking. Show all posts

Wednesday, August 3, 2016

Beware ! Advertisers are Tracking you via Mobile Battery Status



Is my smartphone battery leaking details about me?


Unfortunately, YES!


Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report.


In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.


The latest threat is much worse.


Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone's battery status has already been used to track users across different websites.


The issue is due to the Battery Status API (application programming interface).


How Does Battery Status API Help Advertisers Track You?


The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year.


The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites.


However, researchers warned last year about the API’s potential threat that could turn your battery level into a "fingerprintable" tracking identifier.

The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.


Now, the last year's research has grown into a proper threat.



Advertisers Are Tracking You via your Battery Status


One of those researchers named Lukasz Olejnik has published a blog post this week, saying that companies are currently leveraging the potential of this battery status information.

"Some companies may be analyzing the possibility of monetising the access to battery levels," he writes. "When a battery is running low, people might be prone to some - otherwise different - decisions. In such circumstances, users will agree to pay more for a service."
Olejnik underlined the latest research by Engelhard and Narayanan, who discovered two tracking scripts of shady code running on the Internet at large scale, which take advantage of battery status API and currently tracking users.


The duo explains that they observed the behavior of two actual scripts and suggested the companies and other entities are perhaps leveraging this technique for their own purposes.

"These features are combined with other identifying features used to fingerprint a device," the researchers write in their paper titled, "Online Tracking: A 1-million-site measurement and analysis."
For in-depth information, you can head on to the research paper [PDF].


Here's come the worst part of this attack:


There's hardly any way to mitigate against this attack. Nothing works: Deleting browser cookies or using VPNs and AdBlockers will not solve your problem.


The only option is to plug your smartphone into the mains.

"Some companies may be analyzing the possibility of monetising the access to battery levels," Olejnik writes.
Over two months ago, Uber's head of economic research Keith Chen said the company had been monitoring the battery life of its users, as it knows users are more likely to pay a much higher price to hire a cab when their phone's battery is close to dying.

Tuesday, July 26, 2016

Edward Snowden Designed IPHONE case to Detect and Block Wireless Snooping




We just cannot imagine our lives without smartphones, even for a short while, and NSA whistleblowerEdward Snowden had not owned a smartphone since 2013 when he began leaking NSA documents that exposed the government's global surveillance program.


Snowden fears that cellular signals of the smartphone could be used to locate him, but now, to combat this, he has designed an iPhone case that would detect and fight against government snooping.

With help from renowned hardware hacker Andrew "Bunnie" Huang, Snowden has devised the design, which they refer to as an "Introspection Engine," that would keep journalists, activists, and human rights workers from being tracked by their own devices leaking their location details.


"This work aims to give journalists the tools to know when their smartphones are tracking or disclosing their location when the devices are supposed to be in airplane mode," Huang and Snowden wrote in a blog post published Thursday. "We propose to accomplish this via direct introspection of signals controlling the phone’s radio hardware."



For now, the design is aimed only at iPhone 6 models, but the duo hopes to create specifications for a large number of devices.


Snowden, together with Huang, presented on Thursday at the MIT Media Lab the design for a case-like add-on device that could modify an iPhone, allowing you to monitor various radio signals inside the phone to confirm they're not transmitting data when they’re meant to be off.



Here’s How the Introspection Engine Works:


Once built, the hardware case will be a separate minicomputer - work independent from your phone - made up entirely of open source hardware, containing its own battery and a small mono-color screen to provide a real-time status of your phone.


The case will have tiny probe wires to attach to a modified iPhone that physically wires into the phone’s antennas used by its radios, including cellular connectivity, GPS, Bluetooth, and Wi-Fi, through the SIM card slot.

The Introspection Engine will then be able to monitor radio transmissions and alert users to any unauthorized output signals it isn't supposed to.


In addition to alerting users, the case will even be able to shut down all radio signals on a phone to prevent governments as well as hackers from finding your location.


Since this case is designed to be independent of your phone, it would prevent your device from malware that activates radios without your knowledge.

"Malware packages, peddled by hackers at a price accessible to private individuals, can activate radios without any indication from the user interface," the duo wrote. "Trusting a phone that has been hacked to go into airplane mode is like trusting a drunk person to judge if they are sober enough to drive."

Instead, Snowden and Huang suggest the beauty of using external hardware as a shield is that it would not be affected if malware has infected your phone. "The core principle is simple: if the reporter expects radios to be off, alert the user when they are turned on," they added.


The Introspection Engine’s mission is to warn users when malware or technical glitches are causing your phone to rat out your location.


However, the hardware case is still nothing more than a design for now.


Supported by the Freedom of the Press Foundation, Snowden and Huang are hoping to build a real-world prototype device over the next year in the hopes of making the case available to journalists as soon as possible.

Wednesday, July 13, 2016

Warning - Millions of Xiaomi Phones Vulnerable, Remote Hacking



Millions of Xiaomi smartphones are vulnerable to a dangerous remote code execution (RCE) vulnerability that could grant attackers complete control of handsets.


The vulnerability, now patched, exists in MIUI – Xiaomi's own implementation of the Android operating system – in versions prior to MIUI Global Stable 7.2 which is based on Android 6.0.


The flaw, discovered by IBM X-Force researcher David Kaplan, potentially allows attackers with privileged network access, such as cafe Wi-Fi, to install malware remotely on the affected devices and fully compromise them.


Researchers found some apps in the analytics package in MIUI, which can be abused to provide malicious ROM updates remotely through a man-in-the-middle attack.


"The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android 'system' user," researchers say.

Researchers say they discovered vulnerable analytics packages in at least four default apps provided by Xiaomi in its MIUI distributions, one of those apps being the default browser app.


The flaw allows an attacker to inject a JSON response to force an update by replacing the link and MD5 hash with a malicious Android application package containing malicious code, which is executed at the system level.



Since there is not any cryptographic verification of the update code, the analytics package (com.xiaomi.analytics) will replace itself with "the attacker-supplied version via Android's DexClassLoader mechanism."


In order words, the analytics package neither uses HTTPS to query an update server for updates, nor it downloads the package over HTTPS, thus allowing attackers to modify the updates.


The custom ROM ships on devices manufactured by developer Xiaomi – World's third largest smartphone maker with over 70 Million devices shipped just last year alone – and is also ported to over 340 different handsets including Nexus, Samsung, and HTC.


Since the company has patched the flaw and released a over-the-air update, users are strongly recommended to update their firmware to version 7.2 as soon as possible in order to ensure they are not vulnerable to this issue that plagues Millions of Xiaomi devices.

Monday, February 22, 2016

Just Opening a MS WORD file can HACK every file on your System


If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.

So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.

Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.

Microsoft MACROS are Back


It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'

This is where the point to appreciate hacker's sheer brilliance of tactics.


Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."

Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

How Does Locky Work?



Once a user opens a malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file and found the content scrambled and a popup that states "enable macros".

Here comes the bad part:
  • Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
  • This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.
Locky ransomware affects nearly all file formats and encrypts all the files and replace the filename with .locky extension.

Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.

Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.

One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files


The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.

A researcher named Kevin Beaumont along with Larry Abrahms of BleepingComputer initiallydiscovered the existence of Locky encrypted virus.

To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.
"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.

One hour of infection Statistics:



Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia.

Wednesday, February 10, 2016

Facebook Hacking Tool that can hack YOURS account



Yes, you heard me right.

A newly discovered Facebook hacking tool actually has the capability to hack Facebook account, but YOURS, and not the one you desire to hack.

How to Hack Facebook account? How to Hack my Girlfriends Facebook account? My boyfriend is cheating on me, How do I hack his Facebook Account?

These are the queries that most of the Internet users search on Google.

But Beware! If you come across any Facebook hacking tool that promises you to help you hack your friends Facebook accounts, you may end up downloading a hacking tool that could hack you, instead of them.





Dubbed Remtasu, the tool is marketing itself as a Facebook hacking tool but actually is aWindows-based Trojan that has accelerated globally over the past year, and has now capability to disguise itself as an app for accessing people's Facebook account credentials.

The tool contains a Keylogger that can capture all your keystrokes and store them in a file that is subsequently sent to the attacker's server.

The malicious Facebook hacking tool is exploiting "the constant desire of a lot of users to take control of accounts from this well-known social network," according to a Monday blog post by IT security company ESET.

How Remtasu Works:


The malicious tool is delivered via direct download websites.

Once a user visits one of these websites, the dangerous Win32/Remtasu.Y malware automatically gets downloaded and executed on victim's machine and hide itself among other files.

Remtasu has capability to:
  • Open and obtain information from the clipboard.
  • Capture keystrokes.
  • Store all the data in a file which is subsequently sent to an FTP server.

    The worst part is yet to come:


    The malware remains on the infected computer even when the victim reboots their system or attempts to find the malware threat in the list of active processes.

    "In this case, the malware replicates itself, saving the copy in a folder that it also creates within the system32 folder," reads the post. "The new InstallDir folder remains hidden inside the system files, making it difficult for users to access."

    Most affected parts of the world include Colombia, Turkey, Thailand and elsewhere. In past, Remtasu was distributed through malicious files attached to phishing emails purporting to be from legitimate government or businesses organisations.