Friday, October 30, 2015

20 things that can go terribly wrong when you ask the wrong peer for security advice

Millions of people every year fall victim to scams, hackers, and malware. You’ve heard it all before, right? Instead of lecturing you about the importance of security software with a lengthy essay, we decided to take the issue to the public. We hand-picked 20 of your peers and this is what they had to say on the matter:


A great-great-grand mother



A search engine



A good friend



A doctor



A neighbor



An email provider



A straight-forward-guy



A master chef



An architect



A security guard



A lonely person



An entertainer



A freeware addict



A patriot



A politician



A journalist



A surveillance firm



The big guys



A true believer



Dave



Have more? Let us have it!



Related Posts:


  • Vulnerabilities in Oracle Java Cloud Publicly Disclosed

  • Is it ethical to sell zero day exploits?

  • Top 10 senior citizen scams that affect the whole family

  • Antivirus, Anti-Malware, Anti-PUP? What is Emsisoft really?

  • When a surveillance state hacking firm gets hacked




20 things that can go terribly wrong when you ask the wrong peer for security advice

Wednesday, October 28, 2015

The strange case of malware that protects your PC

What if some secret, Internet vigilante was protecting PCs from threats? In a shroud of mystery, he would type out code in the middle of the night, a dark hoodie pulled over his face…


And load malware onto your router.


It may seem like the plot of a high-stakes thriller novel, but it’s a real-life scenario (minus, perhaps, the hoodie). The Internet security firm Symantec has reported code, named Wifatch, that attacks home routers. The twist?


Wifatch actively protects its victims from other forms of malware.


What is Wifatch?


Wifatch is a piece of code that connects routers to a peer-to-peer network of similarly infected devices. If that doesn’t sound familiar, review our post on botnet to learn about how an infection like this can turn your PC into a zombie.


The original detector of the code was an independent security researcher, L00t_myself, who noticed it on his own home router. Symantec has been following Wifatch for a while now, noting the following about the sophisticated code:


  • It is written in the Perl programming language

  • It targets following architectures: ARM (83%), MIPS (10%), and SH4 (7%)

  • It connects infected devices to a peer-to-peer network

What’s especially odd is that router infections are generally secured for pretty evil reasons. But Wifatch hasn’t delivered any kind of payload…at least, not yet.


So far, it seems, Wifatch is actually protecting systems against malware.


Wifatch is…protecting you?


Wifatch is using this botnet of infected routers to distribute threat updates and remedy malware infections, instead of issuing DDoS attacks like you would expect.


What’s more, Symantec reports that the malware is trying to harden the infected devices. It even tells owners when to change passwords or update firmware. In a sense, Wifatch is fighting fire with fire – or malware with malware.


messagewifatch

Wifatch seems suspiciously helpful. Source: Symantec



But the plot thickens. The creator of Wifatch reached out to Symantec, and was subsequently interviewed for their blog. He admits that while he has no malicious intentions, Wifatch could have an exploitable bug or someone could steal the key.



Can I trust you to not do evil things with my devices?


Yes, but that is of no help – somebody could steal the key, no matter how well I protect it. More likely, there is a bug in the code that allows access to anybody.



So ultimately, even if the creator of the code has good intentions, your PC is at risk for a malicious payload as a result of Wifatch.


The bottom line


While Wifatch is very interesting malware, it isn’t one you should be trying to contract. The reality is, a secure PC wouldn’t have Wifatch to begin with. You wouldn’t like it if a superhero was hiding in your house all the time just in case someone broke in. It’s still an invasion of your privacy, so Wifatch is ultimately malware.


Remember to have a secure anti-malware program and to create complex passwords. As the creator of Wifatch himself said:



Linux.Wifatch doesn’t use elaborate backdoors or 0day exploits to hack devices. It basically just uses telnet and a few other protocols and tries a few really dumb or default passwords (our favourite is “password”). These passwords are well-known – anybody can do that, without having to steal any secret key.


Basically it only infects devices that are not protected at all in the first place!



Have a great, vigilante-free day!









  • Related Posts:


    • Firmware Vulnerabilities Discovered on Linksys and ASUS…

    • Exploit kit attacks DNS settings of over 50 different router

    • NetUSB hack puts Millions of home users at risk

    • IRC botnets have evolved to steal passwords and avoid…

    • Hacker group LizardSquad used home routers to attack Xbox…




    The strange case of malware that protects your PC

Wednesday, October 21, 2015

What’s the deal with protection vs cleaning?

Ever wonder why you need to have protection when you can just use a removal tool if you get a virus? This video aims to help you realize the importance of real-time protection through several examples and demonstrations.


Malware is dangerous – don’t forget that it can permanently destroy or encrypt your files. If you read our previous article on cleaning vs protection, you know how important it is to stop malware in its tracks. Luckily, our video producer Leo walks you through how Emsisoft Anti-Malware can prevent infection in the first place. It’s a great way to recap this importatn topic and see protection in action.



Have a great, infection-free day!



Related Posts:


  • Innovations to Emsisoft Anti-Malware 8.1

  • Cleaning vs. Protection – Why you shouldn’t rely

  • Warning: File Encrypting Ransomware, Now on Android

  • CryptoWall Malvertisments on Yahoo, AOL, Match.com and More

  • Emsisoft Runs 4 month Malware Protection Marathon at…




What’s the deal with protection vs cleaning?

Tuesday, October 6, 2015

Why every Android user should take the Stagefright leak very seriously

A vulnerability in Android called Stagefright was exposed at the 2015 Black Hat conference in early August. You may have heard of it, if only because the media frenzy that followed claimed that hundreds of millions of phones could be hacked with a single text – but is any of that true? If that were the case, surely Google, the developer of the popular operating system, would have fixed it by now…right?


(image: pocket-lint.com)

(image: pocket-lint.com)



 


What is Stagefright and why should you care?


You may have grown accustomed to all of the vulnerabilities, bug and alerts out there in technology land. You’re calm because you know that ultimately there will be a patch to fix it, right?


Unfortunately, it’s not so simple with the Stagefright leak. Think of a doomsday film where a deadly asteroid is about to strike Earth, and there’s no way for scientists to divert it with their fancy technology. That’s basically what’s going on – the Stagefright bug, due to the nature of the Android world, isn’t likely to be addressed any time soon. If things don’t change, it’s only a matter of time before an exploit strikes and brings chaos to an unthinkable number of devices.


So, yes, it is possible that you could receive a strange video text, not even open it, and some cyber criminal halfway around the world could start spying on you through your video camera. But that’s only one possibility.


If a hacker gets into your device through the Stagefright vulnerability, he could gain access to your address book, apps, message history, personal emails, and all the information tied to your Google account. This means that every bit of information tied to your Google account – from Gmail to Google Drive – is up for grabs: financial information, browsing history, personal messages and classified work documents…


It’s imperative you understand that your phone isn’t the only thing at risk. Your whole digital life is at risk.


How does Android work, exactly?


To understand the Stagefright vulnerability properly, it’s important to look at the Android architecture. Android is very modular operating system, so things run in separate processes. This is in part thanks to the Dalvik virtual machine, which is the component in most Android phones (it has been replaced entirely by Android runtime in Android 5.0) that allows each app to run separately and independent of the Linux kernel. This keeps apps from detrimentally interfering with each other or with the operating system.


android_appsThis means program processes rely on IPC or inter-process communications to work together. This is known as application sandboxing (or application containerization), and one of the alleged advantages of this is that keeping applications isolated improves overall security.


Stagefright is what processes media in Android’s MediaServer, written primarily in C++. It handles all video and audio files, and provides playback facilities. It also extracts metadata for the Gallery (like thumbnails or dimensions of a video).


How Stagefright reaches you


So it might be fair to assume that since the programs on your phone are sandboxed, most aspects of the system are safe from a single vulnerability. But while the compartmentalized nature of Android is supposed to keep programs from interfering, MediaServer is a very privileged service that has access to audio, bluetooth, camera, internet, and more. What’s worse, many phone manufacturers have given the Stagefright component system permissions on their devices, which is only a step below root access.


In layman’s terms: a hacker could gain access to your entire device.


An attacker only needs your phone number to conduct a successful hack. He or she could remotely execute code through a video sent via MMS. It would require no action on your part, as Android phones are set to preload videos. The attacker can even delete the message after sending it, leaving you with little more than a mysterious notification.


If that doesn’t sound horrifying enough, that isn’t the worst of it. The reality is, that’s just one way that the vulnerability can be exploited. It’s up to the hackers of the world to discover the rest.


Who figured this out?


Joshua J. Drake, an Android security expert, is the man behind the research. He is the Senior Director of Platform Research at Zimperium Enterprise Mobile Security, and the Author of “Android Hacker’s Handbook”. He’s also the founder of the #droidsec research group, an Android-focused research community.


With the support of Zimperium and Optiv, Drake conducted this security research, using his “droid army” – a collection of 51 Android devices. You can learn more about how he conducted his research in his presentation at the Black Hat conference in Las Vegas.


A fragmented Android world


Android is one of the world’s most popular operating systems and it has a unique story. The rate of development is incredibly fast, but that development doesn’t come without a price. Since original equipment manufacturers and carriers are able to adapt the operating system due to its open source nature, this leads to a number of iterations that have unique update and patching needs – over 24,000 models currently exist in the Android ecosystem.


The biggest problem with this vulnerability, as Ars Technica writer Ron Amadeo points out, is that original equipment manufacturers have been able to adapt the Android code to work with their devices. This creates a dilemma where an unthinkable amount of patches would have to be made in order to successfully protect the majority of Android phones out there, and no single company, team, or entity is responsible for getting this issue under control. Because updates will focus on newer phones, and many patches will be dependent upon a myriad of manufacturers and carriers to distribute them, it is possible that millions to hundreds of millions of devices will remain vulnerable indefinitely.


What’s being done?


Google, as well as number of manufacturers and carriers have responded with patches for the following devices.


Zimperium has also launched its ZHA Alliance to address the issue of communication between relevant manufacturers and carriers on the issue. As Zimperium so aptly stated, “According to our understanding of the Android ecosystem, security issues reported to Google are only shared with active partners”.


Zimperium has also released an app known as the Stagefright Detection app, which can help you identify if your phone is actually affected by the vulnerability.


So what’s the problem?


You might think that since the patches are rolling out, there shouldn’t be any further problems. Surely the patches will trickle down to older phones, and Zimperium will help facilitate that communication between Google, carriers, and manufacturers


Even if that is the case and the majority of phones get patched up, there may be an issue with the effectiveness of Google’s first patch. Security researcher Jordan Gruskovnjak at Exodus Intelligence has reported that the initial patch released by Google was inadequate. The Exodus team was able to craft an MP4 that could bypass the patch. They even claim that Zimperium’s Stagefright Detection app will green-light your patched phone, even though it’s still vulnerable.


Google has responded to the situation, asserting in a statement to The Verge, “We’ve already sent the fix to our partners to protect users, and Nexus 4/5/6/7/9/10 and Nexus Player will get the OTA update in the September monthly security update”.


If that wasn’t bad enough, Rob Miller from MWR Labs has found another vulnerability that can bypass the sandbox mechanism. Originally reported back in March, it seems that Google has yet to release a relevant patch. Researchers at Trend Micro have claimed to have also found a vulnerability, this time in Android MediaServer, which they reported to Google back in June (Google published a fix in early August).


The reality is, even if Google’s next patch is effective it doesn’t address the full story. The Stagefright media circus simply revealed a can of worms that opened long ago – Android has some major security flaws, and the broken chain of distributors and manufacturers makes it nearly impossible to rectify.


What you can do


If you have an Android phone with version 2.2 or higher, it may seem that there isn’t much left in your control. But we encourage you to do all you can to take security into your own hands.


While it’s true that there are limits to your autonomy in the face of all of the vulnerabilities your phone could be riddled with, there are several steps you can take to make your experience on Android safer. Even if you don’t have an Android phone, you can use these tips and apply them to your own smartphone experience.


Change your settings


It’s important to acknowledge that while Zimperium illustrated an exploit through MMS and that’s what the media has held onto, this is just an example of how the vulnerability can be exploited, so disabling auto-retrieval will not necessarily protect you from all possible hacks. Joshua J. Drake himself said at the Black Hat conference that the Stagefright bug is exposed via multiple attack vectors.


With that being said, the MMS attack has been receiving a lot of attention, and it’s possible that cyber criminals are getting ideas. So it’s best to deactivate auto-retrieval as it preloads videos and messages for you. Here is how to disable the auto-retrieval feature on the most common messaging applications:


Google Hangout


Open the app and select Settings by tapping the three horizontal lines in the top left corner. Click the Settings wheel and then select SMS. Uncheck Auto-retrieve MMS.


hangout_zimperium

Source: Zimperium



WhatsApp


Select Settings by clicking the three dots icon, and then select Chat Settings. Tap Media auto-download and go to the When connected on Wi-Fi. Deselect videos, and then do the same under the When using mobile data option.



whatsapp_en2whatsapp_en5whatsapp_en1


cleaning-px


Google Messenger


Touch the three vertical dot icon in the upper right corner. Select Settings and then Advanced. Then deselect Auto-retrieve.


Messanger_Lookout3

Source: Lookout



Messanger_Lookout4


 


 


 


 


 


 


 


 


 


 


 


 


 


Messages


Navigate to More and select Settings, then More settings. Click Multimedia messages and then slide the Auto retrieve toggle to the left.


samsung_zimperium1

Source: Zimperium



samsung_zimperium-730x643

Source: Zimperium



Even after deactivating auto-retrieval, be wary of manually loading an MMS from an unknown source, and if you want to be extra safe, don’t load one from friends or family either. They can unknowingly put you at risk if their phone is compromised.


Your consumer choices


While most normal people don’t have the resources to buy the latest and greatest model of every device, it’s important to consider the likelihood that future devices will be more secure than current models. Additionally, important security patches and updates generally won’t be released to devices that can’t support newer versions of Android.


Remember to educate yourself on the operating systems and programs you use, and vigilantly update to newer versions if possible. For example, the Mozilla Firefox browser was also affected by the Stagefright vulnerability, but the issue has been rectified since version 38.


Make your voice heard


Just because the mainstream media has dropped the issue as of late doesn’t mean the Stagefright bug doesn’t affect millions of people around the globe. Voice your own concerns and demand that your carrier keep you updated on the issue.


Make noise on your social media channels and tag Google, your carrier, and your manufacturer in your posts. Forward articles related to the Stagefright issue to your Android-using loved ones.


Switch your operating system


This is an option for more experienced users and not a recommendation for most people. Still, it is an option and should be discussed with more regularity. If your inclined to try this option, consider using firmware with a regularly updated ROM, such as CyanogenMod.


You will need to root your phone, and if you do this you will most likely lose your warranty with your manufacturer. Also be aware that this move will not make you 100% clear of the Stagefright vulnerability or other bugs. The advantage is that you have an Android device, but the hassle of waiting on manufacturers and carriers to adapt patches is removed, and you can receive updates more immediately.


As the months go by, we can only hope that there is a real solution to this issue. Remember to stay informed about security updates, subscribe to newsletters, and follow security blogs. Talk to your friends and family, and assert your rights to privacy and safety as a consumer. While developments in technology move at an impressive rate, there’s no point in having all of these fancy devices if we’re moving towards a digital Armageddon. Remember, safety is just as important as progress.


Have a great, exploit-free day!



Related Posts:


  • Alert! Default Browser app on 75% of Androids is vulnerable

  • ALERT: Fake ID Lets Malware Impersonate Legit Android Apps

  • The end of FREAK: Massive SSL vulnerability finally patched

  • Installer hijack vulnerability threatens almost half of all…

  • Ransomware hacks Android’s front-facing camera to take




Why every Android user should take the Stagefright leak very seriously