Tag Archives: hackers

Webcams: The modern rear-view mirror

This year the new TV series, “Scream,” was released. Not bad, but in my humble opinion, it has the same problem that a lot of movies have: it has a powerful beginning but deflates and loses strength gradually until the end. The question is, why am I talking about TV in a malware- and AV-related blog?

The post Webcams: The modern rear-view mirror appeared first on Avira Blog.

Government and misuse of technology are most feared by Americans

Americans don’t trust that technology will be kept out of the hands of bad guys.

Forget about zombies, vampires, and ghosts. Americans don’t fear things that go bump-in-the-night as much as they do their own government. The annual Survey of Fear conducted by Chapman University asked Americans about their level of fear in 88 different topics ranging from crime, the government, disasters, personal anxieties, technology, and others.  The majority of Americans said that they are “afraid” or “very afraid” of the corruption of government officials.

Hacker stealing password

One of American’s greatest fears is government-sponsored spying

The misuse of technology, financial crime, and privacy-related issues took up half of the Top 10 fears of 2015. After two years of high-profile data breaches and the revelations of government spying from the Edward Snowden leaks, it’s not too surprising. Here’s the list:

  • Corruption of government officials (58.0%)
  • Cyber-terrorism (44.8%)
  • Corporate tracking of personal information (44.6%)
  • Terrorist attacks (44.4%)
  • Government tracking of personal information (41.4%)
  • Bio-warfare (40.9%)
  • Identity theft (39.6%)
  • Economic collapse (39.2%)
  • Running out of money in the future (37.4%)
  • Credit card fraud (36.9%)

From this survey, it’s apparent that Americans’ awareness and concern about guarding their personal privacy is growing. An interesting topic that was further down the list is “Technology I don’t understand,” feared by 19% of Americans surveyed. At least that is something that individuals can control – just watch some videos or read this blog and you will learn about technology and how you can minimize your risks of these other things happening to you. For example, here’s how to secure your Facebook login and protect your personal privacy and identity.

Facebook announces government spying alert

The fears of government spying don’t go unwarranted. Facebook has reason to believe that it’s an important issue “because these types of attacks tend to be more advanced and dangerous than others.” These are the words of Facebook’s Chief Security Officer, Alex Stamos, in a recent announcement telling if the social media network suspects that a user is being targeted by government-sponsored hackers, they will issue an alert advising them to “take the actions necessary to secure all of their online accounts” such as “rebuild or replace these systems [your computer or mobile device] if possible.”

FB govt intruder warning


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

Dridex malware crippled by the FBI

On Tuesday, October 13, The United States Department of Justice announced that they had taken down and seized multiple command-and-control (C&C) servers that were part of a network used by the Dridex trojan to upload stolen information and distribute malware.

U.S. Attorney Hickton said, “Through a technical disruption and criminal indictment we have struck a blow to one of the most pernicious malware threats in the world.”

Dridex, also known as ‘Bugat’ and ‘Cridex’, is a malicious trojan used by criminals to steal bank login credentials from an infected PC, in order to gain access to a victim’s bank account—it’s been quite successful too, with losses in the UK estimated at £20 million and in the US at $10 million.

Dridex is commonly distributed in the form of a phishing email, and often contains an infected Word doc attachment. When a victim opens the Word document they unknowingly infect their PC, thereby allowing attackers to eavesdrop on their computer’s activity and automate the theft of data.

Head of Operations at the National Crime Agency’s National Cyber Crime Unit (NCCU), Mike Hulett, said: “This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes. Our investigation is ongoing and we expect further arrests to be made.”

While the FBI and other international agencies continue their investigations, UK’s National Crime Agency (NCA) is still warning UK internet users to be aware of and protect themselves against Dridex.

Even though the distribution network has been crippled, the actual malware still exists and can be used by other criminals.

Mike Hulett goes on to provide sound advice for everyone, “We urge all internet users to take action and update your operating system. Ensure you have up to date security software and think twice before clicking on links or attachments in unsolicited emails”.

If you don’t already have a suitable antivirus solution in place, we recommend you install one today. Download our award-winning AVG Protection for your PC to help prevent malware and viruses.

 


If you or anybody you know has been affected by cybercrime fraud you can report it to:

US
Federal Bureau of Investigation, Internet Crime Complaints Center
http://www.ic3.gov/default.aspx

UK
ActionFruad – National Fraud & Cyber Crime Reporting Centre
http://www.actionfraud.police.uk

AUS
ACORN – Australian Cybercrime Online Reporting Network
https://report.acorn.gov.au

Apple removes malicious apps from App Store

Apple slow internet

image via TechInsider

While the rest of us were soaking up the last of the season’s sunshine, Apple researchers spent the weekend removing hundreds of malicious apps for iPhone and iPad from the iOS App Store.

The recent exploit on Apple has shown us that even Apple’s system can be compromised quite easily,” said Avast security researcher Filip Chytry. “While this time nothing significant happened, it is a reminder that having everything under an Apple system could potentially make a system vulnerable.”

The malware seems to have been focused on Chinese users. Chinese media reported more than 300 apps including the popular instant messaging service WeChat, Uber-like taxi hailing program Didi Kuaidi, banks, airlines, and a popular music service were infected.

The malicious software programs got by Apple’s strict review process in an ingenious way. Hackers targeted legitimate app developers by uploading a fake version of Xcode, Apple’s development software used to create apps for iOS and OS X, to a Chinese server. It’s a large file, and reportedly quite slow to download from Apple’s U.S. servers, so to save time, unwitting Chinese developers bypassed the U.S. server and got their development tools from the faster Chinese server. Once their apps were completed, the malicious code traveled Trojan-horse style to the App Store.

“If hackers are able to exploit one entry point, they are able to attack all of the other iOS devices – and the fact that Apple doesn’t have a big variety of products makes it easier,” said Chytry.

Apps built using the counterfeit tool could allow the attackers to steal personal data, but there have been no reports of data theft from this attack.

“Regarding this specific vulnerability, consumers shouldn’t worry too much, as sandboxing is a regular part of the iOS system,” said Chytry.

A sandbox is a set of fine-grained controls that limit the app’s access to files, preferences, network resources, hardware, etc.

“As part of the sandboxing process, the system installs each app in its own sandbox directory, which acts as the home for the app and its data. So malware authors cannot easily access sensitive data within other apps,” said Chytry.

In a statement Apple said, “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Physical safety is becoming digital security

Imagine rows of people hunched over soldering irons, carefully crafting systems designed to hack wireless devices and networks. Welcome to Defcon 23, a mash-up of talks, small vendor displays and hands-on hacking challenges/competitions dedicated to all things security—and how to break through it.

While browsing through booths of physical hacking paraphernalia, I ran across lock-picking tools from Toool. Scattered across the table were lock-picking sets as well as heaps of sample locks, so you could refine your technique.

lockpick

Picking analog locks is a lot of fun, but I would have expected to see more digital hacking tools, for electronic door locks for example. At AVG we’ve been studying how physical security systems are evolving to become more digital and the security challenges that emerge from this evolution.

Your home door lock will become digital soon (here are some examples), and those skilled with wireless hacking will replace those with lock-picking expertise. Your digital lock will have more functionality than your old analog one. For example, it will probably have a camera, and allow you to let the plumber in even though you are at the office.  It is easy to imagine the incremental security concerns that this opens up. While it may take years for this to occur, but it’s not too speculative to imagine that houses with high-value contents will become digital faster than others and provide an attractive target for theft.

Digitizing old technologies, like the door-lock, is just another part of the IoT trend. Next year at Defcon we might see an analog+digital hacking kit, combining lock picks and hacker hardware to open your door. This is something we’re keeping a close eye on as we also develop tools that help monitor and manage your security.

Mr. Robot Review: v1ew-s0urce.flv

This week’s episode was pretty intense — although not so many hacks took place, this week focused on meaningful development of the show’s characters. The episode opened with a flashback to when Elliot and Shayla met; we now know where he got his fish and that he is the reason Shayla got involved with Vera. Then we move onto Angela, who has gone forward with her plan to get justice for her mom’s death, but she isn’t the only one on a mission. Tyrell continued in his fight to become CTO of E Corp – going a little too far (even for his own comfort) during his private time with Sharon, the wife of the newly-appointed E Corp CTO.

Despite the fact that there were no major hacks, there were a few interesting scenes I sat down to talk about with my colleague, Filip Chytry, security researcher at Avast.

via: USA Networks

Minute 10:30: Gideon tries to talk to Elliot about his grieving over Shayla. Elliot recalls how he got into web design by ripping off sites he liked by copying their source code and then modifying that code. He then wonders what it would be like if there were a “view source” option for people. We then see people in the AllSafe office walking around with signs around their necks that say things like “I love feet” or “I got a nose job”.

Stefanie: This scene with people walking around with their “source code” amused me. Do you think it would be a good idea if we could see people’s source code as easily as we can view website source codes? And I have to ask, what would your source code be Filip?

Filip: There is a saying, “some things are better left unsaid” and in this case I would say, “some things are better left unknown”. As we saw in the scene, some people’s source code is a little too private to be seen by the world and in the digital age,we share enough of our private lives that there is no need to go that far. As for my source code… I would rather not say, but I think it would involve sports, chocolate, or cars.

Stefanie: Do hackers ever leave clues or messages in their code?

Filip: Yes, they occasionally do! My colleague Jan analyzed Android malware, XBot, at the beginning of the year. In the code, the malware author left a clear and rather unpleasant message for antivirus companies. We guessed that he was a little bitter about us blocking his masterpieces.

Minute 25:40: Darlene is summoned for a meeting with Cisco. He is upset that she hacked him to contact White Rose from the Dark Army using his handle.

Stefanie: Darlene is such a rebel! Can you help me understand how she ended up communicating with the Dark Army using Cisco’s handle?

Filip: She hacked his router. She probably figured out which router he was using and exploited a vulnerability to get into the router. Today’s router security situation is similar to PCs in the 1990s — new router vulnerabilities are discovered every day. From there, she got ahold of his IP address by looking at his router’s past communication. Getting into the channel, which I am guessing is either a forum or chat, using his handle depends on how hidden the channel is, and if the “Dark Army” is involved, I am guessing this wasn’t very simple.

Stefanie: Wow! Routers are the center point of households nowadays, with Internet-connected devices all connecting to the router itself. What can people do to protect themselves?

Filip: It’s simple, really — they can use Avast’s Home Network Security scanner! Home Network Security exposes weak or default passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. Home Network Security provides guidelines explaining how to fix vulnerabilities to make sure your network is fully protected…something Cisco (Darlene’s ex boyfriend on Mr. Robot, not the router manufacturer!) should consider doing. ;)

Minute 38:05: Darlene goes to meet with fellow FSociety member, Trenton, to convince her to re-join the cause. Trenton asks Darlene if she has ever thought about which part of the FSociety scheme motivates her. Trenton then describes what she thinks motivates the other members: momentary anarchy, palling around, and fame.

Stefanie: What do you think motivates hackers?

Filip: Back in the day, hackers used be motivated by fame – hacking for the sake of proving something can be hacked –but the game has since changed. Hackers are now more motivated by financial gain and steal money from accounts, hold data hostage for ransom or steal customer data from major corporations to sell on the black market of the Internet. The days of famous hackers are basically over because nowadays, hackers want their identities to remain anonymous in order to keep committing cybercrime.  

What did you think of the episode? Let us know in the comments below!

 

Computer-aided sniper rifles the latest things controlled by hackers

via Wired

via Wired

For those of you keeping track, you can add high-tech sniper rifles to the growing list of Things That Can be Hacked. The vulnerability that allowed two security researchers to break into the computer guidance system of a sniper rifle is the same that allows hackers to access baby monitors and home routers. Simply put, the default Wi-Fi password, which was locked by the manufacturer, allowed anyone within range to connect. The typical range is up to 150 feet (46 m) indoors and 300 feet (92 m) outdoors.

In advance of the Black Hat conference this month, security researchers Runa Sandvik and Michael Auger, have demonstrated that they can hack TrackingPoint precision-guided firearms.

The TrackingPoint rifles can make a sharpshooter out of a novice. This is thanks to the computer-aided sensors including gyroscopes and accelerometers which take into account all the factors that a sniper scout would look for; wind, speed of the target, distance, snipers orientation, ammunition caliber, even curvature of the earth.

I asked Steve Ashe, a veteran of Desert Storm and Desert Shield, who collaborated closely with the sniper team what he thought about such technology. “Trained scouts and snipers must master a set of physical and mental skills that is beyond the reach of most people. This type of rifle can never replace that. Besides being crack shooters, they are in excellent physical condition, able to do complicated calculations in their heads and have mastered field craft such as land navigation, stalking and range estimation.”

One of the features of the TrackingPoint rifle is the ability to video stream your shot and share the view from the scope to another device connected via Wi-Fi. It’s this connection to Wi-Fi that turned out to be the weak point. The gun’s network has a default password that cannot be changed.

Steve Ashe

Desert Storm veteran Steve Ashe with sniper rifle that can’t be hacked.

Sandvik and Auger told Wired magazine that they developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit its software. They demonstrated that making a change in one of the variables listed above could cause the rifle to miss its intended target, disable the scope’s computer making it a useless piece of weight, or prevent the gun from firing. The TrackingPoint rifle has a range of up to a mile.

“A trained sniper is constantly making adjustments for these things. Of course, one thing they are always looking for is to shot further with more knockdown power,” said Ashe.

The good news is that hackers cannot make the gun fire by itself – that still requires a real finger pulling the trigger.

I asked Steve if the possibility of analog hacks existed. “Snipers always have their guns, and they hold onto their ammunition. But they have to sleep.” He said that snipers press their own bullets so they would be sure of the weight, but it’s possible, albeit improbable, that someone could tamper with it. Another hack would be to shave the firing pin, but again, highly improbable.

Speculation about the implications of Sandvik’s and Auger’s hack are pretty obvious. With military and law enforcement applications, having a third party control the trajectory of your bullet or brick your gun could cause a mission to go awry. Graduates of the US Army Sniper School are expected to achieve 90% of their first round hits at 600 meters, so with those kind of statistics, the question becomes why do they even need it?

“The computer assisted sniper rifle, has not yet made its way into the military or law enforcement units, even though they are testing it. But you gotta understand, things move slowly in the military. The Marines haven’t updated their sniper rifles in 14 years. Doesn’t look like something like this will become a threat,” said Ashe.

Thankfully, only about 1,000 of the TrackingPoint firearms have been sold and the company is reportedly not shipping any rifles currently.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

Can hackers get under the hood of your car?

Driving under the influence of alcohol or texting while driving is still a bigger risk to your safety on the road, but the hacking experiments conducted on technology-heavy cars might be an indicator of break-downs to come.

Security researchers have proven that modern cars can be hacked.

Security researchers have proven that modern cars can be hacked.

Two security engineers proved that a car is not just a transportation device to get from point A to point B, but a vulnerable combination of individual software systems that can be hacked.

Back in 2013, Charlie Miller and Chris Valasek hacked a 2010 Ford Escape and a Toyota Prius. The two researchers demonstrated the ability to send commands from their laptop that did things like jerk the steering wheel, give false readings on the speedometer and odometer, sound the horn continuously, and slam on the brakes while going down the road.

They have done it again, this time with a 2014 Jeep Grand Cherokee.

When the hackers first did their experiment, they hardwired their MacBook directly into the vehicle. This year, they’ve gone wireless, breaking into a few of the 50 vulnerable attack points available to them.

Wired reporter Andy Greenberg acted as Miller and Valasek’s crash test dummy, as he did in the original demonstration. As he was driving the Jeep Cherokee at 70 mph down the interstate, the two hackers sat miles away in Miller’s basement and bombarded Greenberg with multiple attention diverting events at once. The air conditioner blasted cold air, the radio station changed and played at full volume, the windshield wipers came on and blinded his view with wiper fluid.

But it wasn’t only distracting annoyances that the hackers threw at Greenberg. The scary part started when they remotely cut the transmission. Remember, at the time he was driving down the interstate at 70 mph. The Jeep quickly lost speed and slowed to a snail-like crawl. On a busy interstate with zooming cars and an 18-wheeler closing in, you can imagine the fright that Greenberg felt.

Cybersecurity in the auto industry

At the Center for Automotive Research conference this year, it was acknowledged that almost every automaker in the U.S. has a connected “telematics” service, like GM’s OnStar, Ford SYNC, Chrysler’s Uconnect, and BMW Assist. The panelists said that these services are the first point of attack for hackers, and can be used as a springboard to gain access to the owner’s personal data. Because connected vehicles include easy access to smartphone and onboard apps, the driver’s credit cards, bank accounts, or other financial information could be accessed through the cloud. It’s also possible to access location data, vehicle locator, travel direction, and cell phone number.

The security risks presented by Miller and Valasek in 2013 got the attention of U.S. Senators Edward Markey and Richard Blumenthal. This past Tuesday they introduced legislation that would establish federal standards to secure our cars and protect drivers privacy.

 Do drivers need to worry about their vehicle getting hacked?

Drivers don’t need to get worried yet. Besides thieves opening car doors with wireless hacks as we described in Mr. Robot Review: da3m0ns.mp4, only one malicious car hacking attack has been documented. In February 2010, a disgruntled employee hacked a fleet with more than 100 cars in Austin, Texas. He infiltrated their web-based vehicle-immobilization systems and essentially “bricked” their vehicles and caused the horns to blast uncontrollably.

How to protect your car from being hacked

  • Think of your vehicle not as a simple car anymore, but a sophisticated device like your mobile phone. Familiarize yourself with the new electronic control units. These days that includes the lighting system, the engine and transmission, steering and braking, vehicle access system, and airbags.
  • Apply updates and patches when your car manufacturer issues them. For example, Chrysler just notified owners of vehicles with the Uconnect feature that a software update is available.
  • If you use services like OnStar, GM’s auto security & information service, don’t leave your documents or password in the car for a thief to find.
  • If you use your car as a Wi-Fi hotspot, use a strong password to protect it.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

 

 

Patches from Adobe, Oracle, and Microsoft released

Avast Software Updater helps you apply software updates.

Earlier this week, we told our readers about the three Flash Player zero-day vulnerabilities that were found in stolen files that were leaked from the Hacking Team. We advised Avast users to disable Flash until the bugs are fixed.

It doesn’t look good for Flash. Because of the continuing security problems facing the 20-year old platform, Google and Mozilla each announced this week that their Web browsers will eventually be dropping default support for Adobe Flash, and Facebook’s new security chief wants to kill Flash. For now you can still use it, but the reports of it’s death are not greatly exaggerated…

Adobe has released security patches for Windows, Mac OS X, and Linux. Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version. Users of Internet Explorer 10 and 11 for Windows 8.x will be automatically updated to the latest version.

Another Hacking Team zero-day vulnerability was discovered in Microsoft’s Internet Explorer. Microsoft released a total of 14 security bulletins, 4 ‘critical’ and the remainder ‘important’ in their July Security Bulletin.

And finally, Oracle released a security update to fix the Java zero-day exploit reportedly used to attack military and defense contractors from the U.S. and spy on NATO members. The Critical Patch Update Advisory also includes 193 new security updates; 99 of which could be exploited by remote attackers.

Avast Software Updater can help you with most software updates. To find it, open your Avast user interface. Click Scan on the left side, then choose Scan for outdated software. You an then decide how to proceed.

Avast Software Updater shows you an overview of all your outdated software applications

Avast Software Updater shows you an overview of all your outdated software applications

Follow Avast on FacebookTwitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.