Category Archives: security

Vulnerability in Linksys and Cisco routers

This is a not a good week for network equipment manufacturers.

First, it was discovered that over 25000 Linksys Smart Wifi routers are vulnerable for sensitive information disclosure flaws.

Using data provided by BinaryEdge, our scans have found 25,617 Linksys Smart Wi-Fi routers are currently leaking sensitive information to the public internet, including:

  • MAC address of every device that’s ever connected to it (full historical record, not just active devices)
  • Device name (such as “TROY-PC” or “Mat’s MacBook Pro”)
  • Operating system (such as “Windows 7” or “Android”)

In some cases additional metadata is logged such as device type, manufacturer, model number, and description – as seen in the example below.

The picture is worst for even Cisco, which embedded a default SSH keypair in all of its 9000 series devices. Basically this means that anyone (who knows the IPv6 address and keypair) can SSH into a vulnerable device and take over it completely. It is so serious that some have described it as a backdoor.

RIDL and Fallout: MDS attacks

After the spectacle of Spectre and Meltdown last year, we now have more vulnerabilities that attacks the CPU to leak confidential data. The new vulnerabilities are called RIDL and Fallout – not quite as catchy as Spectre and Meltdown – and it belongs to a class of attacks called MDS (Microarchitectural Data Sampling) attacks.

There are exploit demos that show the attacker retrieving the contents of hashed passwords in /etc/shadow, which he/she can crack offline after that. Another demo shows an attack being carried out using Javascript/WebAssembly. Essentially this means that if you visit a web page that contains attack code it can read information from other processes it is not meant to.

Our attacks can leak confidential data across arbitrary security boundaries in real-world settings (cloud, browsers, etc.).

Source: RIDL and Fallout: MDS attacks

Security lapse exposed a Chinese smart city surveillance system | TechCrunch

Yet another case of unsecured database in the public cloud. That in itself is unfortunately not uncommon. What is eyebrow-raising however, is the type of content that it stores.

The database processed various facial details, such as if a person’s eyes or mouth are open, if they’re wearing sunglasses, or a mask — common during periods of heavy smog — and if a person is smiling or even has a beard.The database also contained a subject’s approximate age as well as an “attractive” score, according to the database fields.

Source: Security lapse exposed a Chinese smart city surveillance system | TechCrunch

Remote Code Execution on most Dell computers

First it was Lenovo and Asus, now Dell has fallen as well. Goes to show that 1) you should uninstall crapware that comes pre-bundled with your Windows machine 2) writing secure software is hard.

What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, I’ll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to “proactively check the health of your system’s hardware and software” and which is “preinstalled on most of all new Dell devices”.

Source: Remote Code Execution on most Dell computers

CARBANAK Week Part One: A Rare Occurrence « CARBANAK Week Part One: A Rare Occurrence

Wow, the source code of one of the most prolific backdoor tools – CARBANAK – is now available on Github. FireEye has a series of articles dedicated to the analysis of this complex tool, starting with this one.

We kick off CARBANAK Week with the first post in our four-part blog series.

Source: CARBANAK Week Part One: A Rare Occurrence « CARBANAK Week Part One: A Rare Occurrence

Researchers Find Google Play Store Apps Were Actually Government Malware

Say what you may about Apple’s infamous app-approval process. But Google Play Store’s permissive approach is what allows such apps to exists.

Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android’s Play Store. And they appear to have uncovered a case of lawful intercept gone wrong.

Source: Researchers Find Google Play Store Apps Were Actually Government Malware

Donated devices are doxing your data, says new research

This is a common and recurring problem due to lack of awareness and the difficulty of securing data. Think twice before you donate your old devices. At least make an attempt to erase or remove the storage device before doing so.

If you are concern with data compliance, you may refer to
NIST SP 800-88r1 – Guidelines for Media Sanitization. For the rest of us, try to adopt security best practices such as:

  • Full disk encryption
  • Use of dedicated software to wipe, especially those from the manufacturer
  • Physical destruction

In the space of six months, one security researcher found thousands of files from dozens of computers, phones and flash drives — most of which contained personal information. All the researcher did was scour the second-hand stores for donated and refurbished tech. New research published by security firm Rapid7 revealed how problematic discarded technology can […]

Source: Donated devices are doxing your data, says new research

Serious Chrome zero-day – Google says update “right this minute”

Writing secure software is impossibly hard. Even with all the resources that the Chrome team has and focus on security that they are famous for, vulnerabilities can still exists and may be exploited for nefarious purpose.

When a security expert on the Chrome team says, “update your Chrome installs… like right this minute” – well, here’s how to check!

Source: Serious Chrome zero-day – Google says update “right this minute”

Govt. to access home devices in security survey – News – NHK WORLD – English

Free vulnerability scan by the government for Japan netizens.

Can’t say it’s a bad idea, if it’s well-managed. The fact is there are a lot of devices out there which have default credentials or unpatched vulnerabilities. These devices usually end up being exploited by threat actors for personal gains. Ability to identify vulnerable devices is a necessary first step towards mitigating potential cyber incidents.

Japan will attempt to access Internet-connected devices in homes and offices to find their vulnerabilities. The first-of-its-kind survey is aimed at beefing up cyber-security.

Source: Govt. to access home devices in security survey – News – NHK WORLD – English

Android Security Bulletin — February 2019  |  Android Open Source Project

This is a serious one. A vulnerability exists on Android that will allow the phone to be hacked simply by viewing a malicious PNG image.

The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Source: Android Security Bulletin — February 2019  |  Android Open Source Project