Tag Archives: Hacking

Will computer viruses be able to infect humans in the future?

A few years ago a customer phoned urgently to ask if the virus detected on their computer could infect him or his family. It was hard not to smile. For every tech guy this question sounds ridiculous and with a basic understanding of computer viruses it is clear that this fear is without any reason.

The post Will computer viruses be able to infect humans in the future? appeared first on Avira Blog.

2016: The Year of Spying Microwaves and Hijacked Cars

The security stakes only seem to be rising when it comes to the threats that affect us as modern-day consumers.

What behavior could a smart appliance reveal about you?

What behavior could a smart appliance reveal about you?

Over the past year, we have seen a list of notable mobile threats that put people’s privacy at risk. Previously unseen vulnerabilities surfaced, such as Certifi-gate and Stagefright, both of which can be exploited to spy on users. Certifi-gate put approximately 50 percent of Android users at risk, and Stagefright made nearly 1 billion Android devices vulnerable to spyware. In 2015, for the first time, cybercriminals were able to attack users on a vast level.

Another mobile threat on the rise in 2015 was mobile ransomware, using asymmetric cryptography, making it nearly impossible to recover the encrypted data on a smartphone. The most common mobile threats in 2015 were adware — often apps disguised as fun gaming apps that provide little value and spam users with ads. We believe that 2016 will be the year in which we see threats moving from smartphones to smart homes — and beyond.

Total number of attacks on Android devices that Avast has detected in 2015

Total number of attacks on Android devices that Avast has detected in 2015

 

2016: Internet-connected devices will spell out your life to anyone who’s curious

In 2015, society has gotten a taste of what the future might look like with the rise of Internet-connected devices. While we’ve now become accustomed to our smartphones, the possibilities for both users and hackers are growing exponentially when it comes to gadgets and systems that comprise the budding Internet of Things (IoT).

We often forget about many of the devices that, in reality, fit into the “smart” category. Smart devices and gadgets can include anything from thermostats to microwaves, smart locks to smoke detectors to children’s toys. Since we make use of these gadgets in our daily tasks and endeavors, an attack on their security could result in dire threats to our privacy and security.

Smart devices, such as household appliances, cars and wearables are basically our life companions. Unlike a smartphone, which holds information about our communications, contacts, photos and videos, smart devices reveal more specific information about our behavior, such as our driving, fitness, and cooking habits, or our children’s learning behavior.

This provides optimal opportunities for hackers to target personal data, including information collected by wearable, Internet-connected devices. What’s more, this data can be used by governments for law enforcement purposes and for businesses, like insurance companies, to restrict payments or medical procedures from people who may have previously made unwise financial or health-related decisions. This year, we could see the first country enact a law that would give certain industries authorization to exploit consumer data through information collected by smart devices.

Ransomware that could turn your devices against you

We already know how dangerous ransomware can be — this aggressive malware family locks individuals out of their devices and renders them useless, leaving users with little choice other than to pay a specified amount of money demanded by hackers in order to regain access to their device. On a smartphone, a factory reset helps to remove the ransomware, and if the user has conducted a backup, the harm is minor. However, if and when ransomware makes its way into the IoT sphere, we must be prepared in order to prevent our own devices from being manipulated and turning against us.

But 2016 could be the year when we witness our first serious car hack. This year, Land Rover has recalled 65,000 cars from the market because of a software bug that could lead to car theft. Taking this point a step further, imagine if your car’s software actually locked you out of your primary mode of transportation. What lengths would you go to if your personal security system locked you out of your own home? There’s a good chance that these issues will need to be dealt with as we move into the heyday of IoT.

Kids’ safety: toys that put children’s privacy at risk

Now, people should think twice before buying their children the newest trinket that they see in the window — while seemingly harmless, children’s toys can be wolves in sheep’s clothing when it comes to security. This can be seen in the recent VTech scandal, around the toy manufacturer of network-enabled learning toys that stored email addresses, physical addresses, passwords, as well as names and birth dates of more than 6 million children without proper protection measures. Another example is the Internet-connected Hello Barbie doll that was vulnerable to hackers who could spy on children talking to their dolls.

These two examples could be the start of an uprising in hacks in 2016 that jeopardize kids’ privacy. No longer are parents the only ones taking photos of their children — with smart kids’ devices storing photo and video footage, leaked files could easily make their way into the wrong hands. These files are then sent to servers, and often, it remains unclear what happens to these files, how they are secured and whether or not they are shared with third parties.

Children’s toys even have the ability to potentially affect a child’s success later in life — if schools choose to examine data supplied and exploited by Internet-connected educational toys, admittance processes could change, resulting in children’s lives being directly affected.

New year, new threats on the horizon

When it comes to dealing with security threats in 2016, the rule of thumb is this: Consumers should always stay one large step ahead of their smart devices. As these gadgets continue to obtain more capabilities and gather more of our information, it’s important that we retain our common sense when managing our security and personal privacy. Making use of security solutions on both computers and mobile devices is a reliable way to ensure that consumers remain in control of what belongs to them. While staying protected, we can confidently look forward to what’s in store as the new year continues to unfold.

 

Mr. Robot was our favorite show of 2015

Back in May, I pulled my new copy of Entertainment Weekly out of the mailbox and flipped through it quickly, as I usually do before sitting down to read the whole thing. An article about an unusual premier of a new TV show called Mr. Robot caught my eye. The cyberthriller’s pilot episode was set to make its debut online and through alternative viewing services like Xfinity On Demand, iTunes, Amazon Instant Video, XBOX, and Google Play almost a month earlier than its USA Network television debut on June 24.

USA Network's Mr. Robot tops all the 'Best TV show of 2015' lists

Mr. Robot tops all the ‘Best TV show of 2015′ lists

The next Monday morning, I shared the news about the show with my colleagues, and we all vowed to watch the new drama about a cybersecurity expert who joins an underground hacker group, as soon as we could. We hoped it would be a more realistic version of the security issues we face today than CSI: Cyber or any number of Hollywood movies. We even contemplated having a weekly viewing party with Avast Virus Lab researchers and getting their comments live, a la Mystery Science Theater 3000, if the show was good.

A twist in the plot

The very next day after the initial discussion, one of my colleagues, and regular blog writer, Stefanie Smith, received an email from a Mr. Robot production staff member asking if we would be interested in having an Avast antivirus product make an appearance on one of the upcoming episodes. At the time, a few weeks before the pilot episode even aired, this was a difficult call – but our decision to be a part of the show, even for a brief moment, proved to be the right one.

Mr. Robot has consistently been named one of 2015’s best TV shows, and it received Golden Globe nominations for Best Series, Best Actor for Rami Malek, and Best Supporting Actor for Christian Slater.

We didn’t watch it together with the Virus Lab guys, but every week after the show, we got their expert opinions about the hacks depicted on Mr. Robot. Here’s some of our favorite moments from season one:

1.     Avast guest stars on Mr. Robot

Mr_Robot_03The show’s protagonist, Elliot, attempts to hack into a prison’s network, and fellow hacker, Darlene, helps him by uploading an exploit onto USB sticks. She drops the sticks on the ground, and a police officer picks one up and foolishly inserts it into his work PC. The idea was to inject a customized payload to compromise and gain access to the prison’s network – and then BAM! Avast detects the exploit!

2.     Operation Meltdown

@whoisMrRobot

via USA Network

Elliot wants to control the Steel Mountain secure data facility’s climate control system to overheat it, thus melting ECorp’s tape-based backup. He uses a complicated gateway-impersonating MiTM (man in the middle) attack, ‘Raspberry Pi’, to accomplish his goal. He eventually connects Raspberry Pi to Steel Mountain’s heating and cooling systems. This 3xpl0its.wmv plot is reminiscent of the point of entry in the real-world Target attack.

3.     “People make the best exploits”

via USA Network

via USA Network

One of cybercrooks most successful methods is social engineering; psychological techniques used to exploit human weaknesses. Throughout the show’s episodes we saw examples of this technique. Even among the more sophisticated hacks, these are the ones that freaked us out the most.

Hackers want your personal information

Elliot uses a password-cracking tool many times on the show. On one occasion, he wants to hack his therapist’s new boyfriend, Michael. He calls Michael pretending to be from his bank’s fraud department, confirming his address and asking him security questions to verify his account: What is his favorite baseball team? His pet’s name? Using the information he gathered combined with a dictionary brute force attack, which systematically checks all possible passwords until the correct one is found, Elliot hacks Michael’s account.

Hackers want to steal company data

In episode d3bug.mkv, one of Elliot’s colleagues, Ollie, received a music CD from a fake rapper that turns out to have malware on it. The infection that resulted gave ‘The Dark Army’ access to Ollie’s laptop webcam which was used to spy on him and his girlfriend, Angela. The hacker tells Ollie he has photos of Angela, and even Angela’s and her dad’s banking information and social security number. He threatens to blackmail Ollie if he does not spread the malware within his employer, Allsafe’s, systems.

 

4.     Mobile devices are vulnerable

via USA Network

via USA Network

ECorp baddie, Tyrell, uses a backdoor to get into assistant Anwar’s Android device to install an app that could allow remote access. It’s not strictly necessary to root the phone – just gaining physical access to the phone is all he needed. In this episode, Tyrell used an SD card with an application called RooterFrame to gain access, but the actual Android APK is Framaroot.

Elliot needs to remove a hacked server in episode wh1ter0se.m4v, but has to do it by creating an Allsafe service ticket. This request requires his boss, Gideon, to send the ticket, and he uses two-factor authentication to receive a temporary, second code sent to his phone. Elliot asks Darlene to send Gideon’s phone hundreds of MMS files to drain the battery, forcing him to charge it- and leave it in his office unattended. Elliot takes physical possession of the device, gets the security token and logs into Gideon’s account to submit a request to take down the server.

5.     Real-life physical hacks

Elliot picks the bathroom lock. He explains that “the lock-pick is every hacker’s favorite sport. Unlike virtual systems, when you break it you can feel it.”

Avast was the only roadblock that Elliot ran into that he couldn’t beat. You can protect your own PCs, Android devices, and Macs with Avast Antivirus products. Our flagship product, Avast Free Antivirus, was chosen as PCMag’s Editors’ Choice 2016 for the best free antivirus. Visit the Avast website to check out all our security software.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.