US Congress Bill Plans to Make Effective Encryption Illegal

In the wake of the FBI’s feud with Apple over bypassing the encryption of San Bernardino shooting suspect Syed Rizwan Farook’s iPhone, the US Congress is proposing a new bill that aims to outlaw effective encryption, what is termed “technical assistance”, requiring any company or entity to build in backdoors to its security systems for law enforcement to exploit.

In a draft of the proposed bill, written by a committee led by Senators Dianne Feinstein (D-California) and Richard Burr (R-North Carolina) and leaked by politics news outlet The Hill, businesses are required to release “information or data” if served with a court order – meaning that they are legally obligated to have access to that data in the first place – or provide law enforcement agencies with “technical assistance as is necessary to obtain such information in an intelligible format or to achieve the purpose of the court order.”

While talk suggests that the leaked draft of the bill is close to its final iteration, its final draft could still change, especially since it does not have the support of President Obama. It is not yet known if this version of the bill has been submitted to Congress.

“While the bill claims that it in no way is designed to force companies to redesign their products, this is a subtle hypocrisy,” Jonathan Zdziarski , a computer forensics and encryption expert, wrote in a blog post. “The reality is that there is no possible way to comply with it without intentionally backdooring the encryption in every product that may be used in the United States.”

“This bill would not only be surrendering America’s cybersecurity but also its tech economy, as foreign competitors would continue to offer—and bad guys would still be able to easily use!–more secure products and services,” Kevin Bankston, Director of the New America Foundation’s Open Technology Institute, told Vice Motherboard. “The fact that this lose-lose proposal is coming from the leaders of our Senate’s intelligence committee, when former heads of the NSA, DHS, the CIA and more are all saying that we are more secure with strong encryption than without it, would be embarrassing if it weren’t so frightening.”

Over Half of Americans Think Apple Should Comply with FBI

Despite Apple’s firm stance against the FBI’s recent requests to unlock a criminal’s iPhone having won them the support of many who believe in digital privacy, a recently published Pew survey reports that the majority of the US public is not on their side. In a phone survey over the weekend, which reached 1000 respondents, Pew researchers reported that 51% of their respondents believed that Apple should comply with the FBI’s demands to unlock the iPhone used by the perpetrator of the San Bernardino attacks as part of their investigation. With 51% in favour of the FBI, this left only 38% of the respondents in support of Apple, with the remaining 11% remaining undecided.

No matter how the sample was split, the numbers were always in the FBI’s favour. The numbers were closest in the 18-29 age group, reaching a 47-43 split in favour of the FBI, meanwhile amongst those 65+, the division hit 54-27 to the FBI. In groups that owned a smart phone, the numbers were closer, and even more so amongst those who own an iPhone themselves, but those with another brand of smart phone swung the numbers even further from the Cupertino tech giant.

Whether this public perception towards Apple could affect their business remains to be seen, it could certainly be a deciding point in the case should opinion swing even further against them. Apple is yet to issue an official response to the FBI’s court orders, however, CEO Tim Cook urged employees to stand firm against the FBI in the case.

Bill Gates Thinks Apple Should Unlock Their iPhone

Apple is currently involved in a heated legal battle with the FBI. The FBI want access to an iPhone, but Apple refused to unlock the phone over concerns that bypassing their own security measures would set a dangerous precedent for information security. Some big names have stepped into the ring, with people like John McAffee offering to hack the iPhone and the White house saying that the request doesn’t amount to a “backdoor”. The next big name to step into the arena is Bill Gates, taking the side of the FBI, not Apple.

In an interview with the financial times, Gates stated that one of the reasons he’s supporting the FBI is because “this is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case”.

This doesn’t mean it’s clear-cut support, with Gates continuing by saying “I hope that we have that debate so that the safeguards are built”. So while Gates believes that Apple should help the FBI in this case, there should be clear-cut rules on when the government can gain access to information and at who can say the information should be accessed.

Tim Cook Urges Apple Employees to Stand Firm Against FBI in Leaked E-Mail

Following Apple’s refusal to bypass the decryption of its iPhones in order to comply with a legal mandate on behalf of the FBI, the company’s CEO Tim Cook has sent an internal e-mail to Apple Employees in the US explaining its defiant position and calling for unity.

The FBI took legal action in order to force Apple to decrypt the iPhone of Syed Rizwan Farook, a suspect in the tragic San Bernardino shootings in December 2015. In order to provide the FBI entry to the phone, Apple would have to create a backdoor into its iOS software, a backdoor that the law enforcement agency “promises” to use only once. Apple has so far refused to comply, citing its users’ security and privacy as paramount.

Now, Cook has written to Apple employees – in an internal e-mail obtained by Buzzfeed – to clarify why the company is resisting the FBI’s attempts to bypass iPhone encryption, and promising to protect the “civil liberties” of millions of Americans:

Email to Apple employees from Apple CEO Tim Cook

Subject:  Thank you for your support

Team,

Last week we asked our customers and people across the United States to join a public dialogue about important issues facing our country. In the week since that letter, I’ve been grateful for the thought and discussion we’ve heard and read, as well as the outpouring of support we’ve received from across America.

As individuals and as a company, we have no tolerance or sympathy for terrorists. When they commit unspeakable acts like the tragic attacks in San Bernardino, we work to help the authorities pursue justice for the victims. And that’s exactly what we did.

This case is about much more than a single phone or a single investigation, so when we received the government’s order we knew we had to speak out. At stake is the data security of hundreds of millions of law-abiding people, and setting a dangerous precedent that threatens everyone’s civil liberties.

As you know, we use encryption to protect our customers — whose data is under siege. We work hard to improve security with every software release because the threats are becoming more frequent and more sophisticated all the time.

Some advocates of the government’s order want us to roll back data protections to iOS 7, which we released in September 2013. Starting with iOS 8, we began encrypting data in a way that not even the iPhone itself can read without the user’s passcode, so if it is lost or stolen, our personal data, conversations, financial and health information are far more secure. We all know that turning back the clock on that progress would be a terrible idea.

Our fellow citizens know it, too. Over the past week I’ve received messages from thousands of people in all 50 states, and the overwhelming majority are writing to voice their strong support. One email was from a 13-year-old app developer who thanked us for standing up for “all future generations.” And a 30-year Army veteran told me, “Like my freedom, I will always consider my privacy as a treasure.”

I’ve also heard from many of you and I am especially grateful for your support.

Many people still have questions about the case and we want to make sure they understand the facts. So today we are posting answers on apple.com/customer-letter/answers/ to provide more information on this issue. I encourage you to read them.

Apple is a uniquely American company. It does not feel right to be on the opposite side of the government in a case centering on the freedoms and liberties that government is meant to protect.

Our country has always been strongest when we come together. We feel the best way forward would be for the government to withdraw its demands under the All Writs Act and, as some in Congress have proposed, form a commission or other panel of experts on intelligence, technology and civil liberties to discuss the implications for law enforcement, national security, privacy and personal freedoms. Apple would gladly participate in such an effort.

People trust Apple to keep their data safe, and that data is an increasingly important part of everyone’s lives. You do an incredible job protecting them with the features we design into our products. Thank you.
Tim

Image courtesy of TechnoBuffalo.

Apple To Fight Government On Creating iPhone Backdoor

We reported earlier that Apple had been ordered to not unlock a phone, something they have constantly stated they could not do, but instead create the means for the government to access it. It would seem Apple were as happy to hear about this as we were and are looking to fight them about creating a backdoor into their iPhones.

In our story so far, Apple are not unknown for facing court trials that have tried to make them unlock an iPhone, even after cases have ended. The latest court case tried to do just that, but instead of asking for a way to the phone, Judge Sheri Pym has used the All Writs Act to demand that Apple creates a backdoor to enable the FBI to unlock the iPhone in a court case. The All Writs Act is an 18th-century piece of legislation which says if the government asks you to jump, you jump.

In Tom Cook’s letter to their customers, he clearly expresses what they are asking for and why he believes it is outrageous that they can do this. Before we see his response though the following extract from the court order shows just what they are requesting.

“Apple’s reasonable technical assistance shall accomplish the following three important functions: (1) it will bypass or disable the auto-erase function whether or not it has been enabled; (2) it will enable the FBI to submit passcodes to the SUBJECT DEVICE for testing electronically via the physical device port, Bluetooth, Wi-Fi, or other protocol available on the SUBJECT and (3) it will ensure that when the FBI submits passcodes to the SUBJECT DEVICE, software running on the device will not purposefully introduce any additional delay between passcode attempts beyond what is incurred by Apple hardware.”

What they end up saying is that Apple will have to remove the passcodes that protect the iPhone, enabling the FBI to try every single passcode possible. This is often known as a “brute force hack”, a method where every possible combination is used in order to try gain access to something, similar to how you could spin the dials on a combination lock to open up your luggage on holiday.

Tom Cook’s understanding of it is that the FBI want them to create a new version of their iOS for the phone, bypassing all their security features when it was installed on to the phone. While they say it will only be used in this one case, Cook explains that this cannot be guaranteed and would only seek to put more iPhones at risk.

With the request essentially being an order it’s being called a “frightful precedent” that a judge could request the removal of key security features. Given their history with hacking, it may come as no surprise that people aren’t too keen to give the keys to the kingdom to government agencies.

GCHQ-Developed Encryption System Has Built-In Backdoor

A security researcher has discovered that a telephone encryption system developed by UK intelligence agency GCHQ contains a backdoor that can be exploited by anyone who has its master key. Steven J. Murdoch, a Royal Society University Research Fellow in the Information Security Research Group of University College, found that the MIKEY-SAKKE protocol, based on the Secure Chorus encryption standard, can be bypassed using the private master key to decrypt and collect call data in bulk.

“The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk,” writes Murdoch, “and an irresistible target for attackers. Also calls which cross different network providers (e.g. between different companies) would be decrypted at a gateway computer, creating another location where calls could be eavesdropped.”

The existence of an encryption form that allows intelligence services to decrypt and access data comes as no surprise since the UK – in the form of both Prime Minister David Cameron and MI5 Director-General Andrew Parker – have declared war on end-to-end encryption as it prevents their mass surveillance efforts.

“GCHQ designs the encryption technology used by government to prevent unauthorised parties having access to classified information,” Murdoch added. “But GCHQ also wants the ability to examine how this encryption technology is used to investigate suspected leaks whether to companies, the press, or foreign intelligence agencies.”

D-Link Wi-Fi Webcam Turned into a Network Backdoor

Vectra Networks researchers today released an article demonstrating how they turned a $30 D-Link Wi-Fi webcam into a backdoor onto its owner’s network. Installing a device like a networked webcam may seem like a riskless action, but when the device can allow hackers to access the same network it becomes far more worrying.

Typically, attacks on Internet of Things devices are considered a waste of time due to their lack of valuable onboard data and lack of resources to manipulate. Vectra showed that should hackers focus on and be able to compromise a device’s flash ROM, they could replace the running code with their own tools such as those to create a backdoor. It doesn’t have to be a remote hack either, with the report stating “Once we have such a flash image, putting it in place could involve ‘updating’ an already deployed device or installing the backdoor onto the device somewhere in the delivery chain – i.e. before it is received and installed by the end customer.”

The first step of the attack on the webcam was to dump the flash memory from the device for analysis. It could then be determined that the ROM contains a u-boot and a Linux kernel and image with software used to update the firmware. With this, the steps used to verify firmware updates could be reverse engineered to allow it to accept a rogue update containing a Linux proxy service while also disabling the ability to reflash in future so the back door could not be removed. With all this in place, the hacker would be able to inject his own attacks into the rest of the network and use it as a pipeline to extract stolen data.

Such a compromise would be incredibly hard to detect by the user as long as the backdoor code did not interfere with the device’s normal operations. Even then, there would be no way for the device to be recovered and would instead have to be disposed of and replaced with a clean one. D-Link is yet to issue a patch for this vulnerability, but it is not expected they will, as a true fix would require specialist chips to verify updates or a Trusted Platform Module.

It is worrying that as we bring so many more tiny networked computers into our homes, they are far more of a risk than they seem. Vulnerabilities in even the smallest network device can compromise the security of an entire network and should not be overlooked.

Juniper Still Hasn’t Removed Backdoor Vulnerability from Its Software

Last month, Juniper Networks – a company that supplies security software to the likes of AT&T, Verizon, NATO, and the US Government – reported that it had found what it described as “unauthorised code” – effectively a backdoor – in its NetScreen firewall software, through which it was possible for a third-party to decrypt data sent through it using an encrypted VPN (Virtual Private Network), and that had existed since at least 2012.

Now, Wired reports that Juniper has fallen silent on the matter, refusing to discuss an insecure encryption algorithm within the software that essentially allowed the backdoor to be inserted. Juniper refuses to explain why Dual_EC, a pseudo-random number generator, was included in NetScreen, or why it still exists within the software even after the backdoor revelation.

Stephen Checkoway, a Computer Science lecturer from the University of Chicago, discovered that Juniper knowingly added the insecure Dual_EC to its software, despite having a more secure ANSI algorithm in place. Dual_EC was added to NetScreen version 6.2.0 in either 2008 or 2009, while the vulnerabilities in Dual_EC were revealed in 2007.

Even more explicably, Juniper then changed the nonce (random number string) size within the algorithm, from 20 bytes to 32 bytes. 32 bytes was the optimal size for exploitation by hackers, according to the data revealed in 2007.

“The more output you see [from the generator], the better [it is to crack the encryption],” Checkoway said. “Anything you see over 30 bytes is very helpful. Anything you see less than 30 bytes makes the attack exponentially harder. So seeing 20 bytes makes the attack basically infeasible. Seeing 28 bytes makes it doable, but it takes an amount of time, maybe hours. Seeing 32 bytes makes it take fractions of a second.”

While it was Juniper that revealed the existence of this backdoor, it seems that it facilitated its creation, and has done nothing to fix it since.

Internet Surveillance Backdoors to be Required in Kazakhstan

While those of us in the UK worry about risks to our internet security posed by the Snooper’s Charter and the calls for removing or weakening encryption in the wake of the recent terrorist attacks, Kazakhstan is one step ahead of the west. After January 1st 2016, every internet capable device in the country will be required to install a “national security certificate”, which will allow the government to gain access to its communications, whether they are encrypted or not. In order to help enforce the requirement, ISPs and network carriers must keep records of users that do and don’t install the certificate code, making it almost impossible to avoid it if you want to access the internet.

There are many risks with implementing such a backdoor on a nationwide level. As well as allowing the government to potentially keep tabs on those who would challenge the current government, the backdoor could also be misused by unscrupulous parties for the own ends, whether it is criminals finding a way to misuse the backdoor to access sensitive date or even opening its citizens up to surveillance or cyber attacks from other nations.

The requirement of using the certificate is shaky too, as while it is designed to work on Windows, Mac OSX, Android and iOS, it has no provision for users of Linux. And there could be problems if the certificate were to be revoked, or become incompatible with future versions of operating systems. Were someone wishing not to play by the rules, they could find ways to encrypt data that the backdoor won’t reveal or spoof their usage of it.

In this day and age, where internet security is a topic of hot debate, it will be interesting to see how well these backdoors work for Kazakhstan or whether they do more harm than good.

ARRIS Cable Modems Have “Backdoor in the Backdoor”

Up to 600,000 ARRIS cable modems could be vulnerable to hacks via a “backdoor in the backdoor”, according to security researcher Bernardo Rodrigues. Rodrigues, who works as a vulnerability tester for the Globo TV network in Brazil, revealed on his blog that he had “found a previously undisclosed backdoor on ARRIS cable modems, affecting many of their devices including [the] TG862A, TG862G, [and] DG860A [models].” After extending his search, Rodrigues found that up to 600,000 ARRIS modems could be affected by the vulnerability.

Using the default username and password of “root” and “arris”, respectively, Rodrigues was able to SSH through a hidden HTTP admin interface, where he found a system-spawned ‘mini_cli’ shell which, given the right password, would allow him into a restricted technician shell. Rodrigues cracked the ARRIS password of the day, which was generated via the last five digits of the modem’s serial number.

Rodrigues even built a Puma5 Toolchain ARMEB to help demonstrate how the backdoor operates, which he has kindly hosted on Github. He has reported how he accessed the “backdoor in the backdoor” to the vendor, which asked that he not reveal the algorithm he used to generate the password of the day. He waited until the issue had been fixed before posting his exposé. It took 65 days for the vulnerability to be corrected.

Dell CEO Says “Post-PC” Era has been Great for PCs

Despite what the folks at Apple are thinking, it looks like there are still plenty of companies that believe the PC market is still pretty vibrant. CEO, founder and owner of Dell, Michael Dell has come out and expressed his confidence in the PC. This is in stark contrast to Apple CEO Tim Cook who said there is no reason to buy PCs anymore.

Despite some doom and gloom about shipments, Dell notes that since Apple first declared the PC “dead” half a decade ago, PC shipments have largely grown. With the continued innovation in both performance and aesthetics, Dell believes that newer PCs are going to be more attractive to consumers than ever. While there are now many devices competing with the PC for consumer’s attention, it just means that PC makers will have to step up their game and face their competition head on.

On a separate note, Dell spoke out against the Snooper’s Charter being contemplated in the UK. On this note, Dell and Cook are on the same page, both adamantly opposed against the surveillance law. Dell noted that backdoors would allow both legitimate and illegitimate access to systems and are fundamentally flawed. Even with many experts and officials already speaking out against the wide range of new powers being granted, the recent events in Paris may yet exert their impact.

WhatsApp’s Promise of True Encryption Proven False

Last year, the Facebook-owned messaging app Whatsapp, in a move applauded by privacy advocates, announced that it would be introducing end-to-end encryption to protect user data from being intercepted in transit, viewable only by sender and receiver. While, strictly speaking, WhatsApp did as it promised – using a system designed by Open Whisper Systems, creator of the Edward Snowden-endorsed messaging app Signal – it turns out that a fatal flaw in the encryption method has left a security hole that can be exploited, researchers from Brno University of Technology in the Czech Republic have discovered [PDF].

The Brno University researchers were able to reverse-engineer WhatsApp’s security protocol, which could give them access to supposedly encrypted messages sent via the app. How did it manage this if end-to-end encryption is really being implemented? While WhatsApp is using what is known as Public Key Encryption, it is using the same public key for every person, meaning that anyone who can decipher the key can access messages sent by any user, and that WhatsApp itself can access sent messages, something it claimed its end-to-end encryption would prevent.

An oversight like using the same public key for every user appears too specific to be accidental. Was WhatsApp presenting the illusion of end-to-end encryption to hide a secret backdoor from its customers? It’s a move that would certainly have the approval of the UK Government.

Tim Cook Tells NSA That Good Guys Shouldn’t Get Backdoors

Apple CEO Tim Cook has spoken out against proposals for backdoors in encrypted systems for intelligence agencies to exploit. Speaking at the Wall Street Journal Digital Live technology conference in Laguna Beach, California, Cook spoke out in support of encryption and posited that any backdoor would never benefit just “the good guys”.

“You can’t have a back door in the software because you can’t have a back door that’s only for the good guys,” Cook told the events audience.

Cook’s speech occurred shortly after NSA Director Admiral Michael Rogers took to the stage to talk about encryption. Rogers, responding to a question regarding his previous statement – “strong encryption is in our nation’s best interest” – as to whether he supported impenetrable encryption, said “That’s not what I said, strong encryption is in our nation’s best interests,” adding, “Security, encryption: good. The ability to generate insights as to criminal behavior and threats to our nation’s security, also good.”

But Cook disputed the idea that privacy and national security were mutually exclusive, saying, “Nobody should have to decide privacy and security. We should be smart enough to do both,” branding any compromise of user privacy as a “cop-out.”

“Both of these things were essential parts of our Constitution. It didn’t say prioritize this one above all of these,” he said. “I mean, these guys were really smart folks and they held all of these things and said all of these are what it means to be an American,” Cook added. “It will become increasingly more important to more and more people over time as they realize that intimate parts of their lives are in the open and being used for all sorts of things.”

Image courtesy of Valery Marchive.

No Encryption-Backdoor For Obama Administration

More and more we are being informed about digital security issues that affect us. From leaders like David Cameron stating he would remove encryption within the UK and even the head of MI5 joining Camerons crusade to remove end-to-end encryption within the UK. Recently we even learnt (courtesy of Edward Snowden yet again) that Microsoft may have even actively helped governments bypass encryption. With all this scary news, it’s about time we had some positive news regarding encryption right? Que FBI director James Comey.

At a congressional panel, James Comey stepped forward and stated that the Obama administration would not ask congress for legislation requiring a backdoor into encryption protected systems. Starting from the beginning, what is an ‘encryption backdoor’?.

Earlier this year it was suggested by several government officials and even company leaders, that in order to avoid practices such as illegally intercepting and gaining access to systems to read your private and confidential details they could instead be given a key. This would give them legal access to the systems, and discussions about this led to the idea of a split key. A key where no one company or government agency would have access to the whole key, therefore requiring the permissions of all the government groups in order to use it.

This is the first time a public spokesmen has come out with any official line going against the idea of encryption backdoors. The question now is will companies and agencies stop asking for them?

Thank you Ars Technica for the information.

Microsoft Outlook Web App Vulnerable to Password Hacking via “Backdoor”

Typical Microsoft, the tech giant has more backdoors than Disneyland and World put together; the latest vulnerability that has been unearthed by researchers is a pretty serious breach and allows an attacker the option to steal e-mail authentication credentials from major organizations.

So what is it this time? The Microsoft Outlook Web Application or OWA in question is an Internet-facing webmail server that is being deployed within private companies and organisations, this then offers the ability to provide internal emailing capabilities. Research and subsequent analyses undertaken by security firm “Cybereason” has discovered a backdoor of sorts in the form of a suspicious DLL file. This file was found to be loaded into the companies OWA server with the aim of siphoning decrypted HTTPS requests.

The clever part of this attack is the innocuous nature of deployment in the form of the file name that was the same as another legitimate file; the only difference was the attack file was unsigned and loaded from another directory. According to Cybereason, the attacker (whoever it might be, mentioning no names) replaced the OWAAUTH.dll file that is used by OWA as part of the authentication mechanism with one that contained a dangerous backdoor.

Thus, this allowed attackers to harvest log in information in plain decrypted text, even more worrying is the discovery of more than “11,000 username and password combinations in a log.txt file in the server’s “C:\” partition. The Log.txt file is believed to have been used by attackers to store all logged data”.

The attackers ensured the backdoor could not be removed by creating an IIS (Microsoft Web Filter) that loaded the malicious OWAAUTH.dll file every time the server was restarted.

Indeed, yep, same old same old then, breaches of passwords is worryingly common in the digital age, there needs to be a radical re think of security infrastructure. I do feel companies are using tech as a cheaper alternative without investing in system protection or even real-time analyses, servers and communication lines are being ignored to the point whereby attackers have free reign over such systems. I wonder as I write this as to what else is being siphoned to individuals and attackers, if I see next the formula for Coke in China own brand cola, then it will make sense.

Thank you cybereason for providing us with this information.

Image courtesy of thehackernews

Simda Botnet Taken Down After Affecting 777,000 PC’s Worldwide

Sidma has been around for the past 6 months, causing pain to PC owners across the world. It infected 128,000 computers each month – a phenomenal rate for a botnet. The bot changed into a new undetectable form every few hours; making it almost impossible to detect with standard antivirus products.It controlled more than 777,000 computers across 190 countries, stealing people’s bank credentials and creating more backdoors to install other malware.

The creators used a variety of methods and utilities to infect targets across the internet. It made use of known vulnerabilities in software including Java, Adobe Flash and Silverlight. The exploits were coded into websites by injecting the code via even more vulnerabilities in their SQL software. Another method called Social Engineering was used, mainly in the form of Spam e-mails.

The US had the most infected machines with around 22% of the botnets infections, closely followed by the UK. Turkey with 5% and Canada and Russia with 4% of the infections.

The bot was surprisingly simple in terms of how it worked. The bot used the computer host file to change where the internet traffic of the infected device went. Normal websites such as Facebook, Google and Twitter’s traffic was being re-directed to servers under control of the hackers. In most cases the infected file remained after antivirus software had removed the infection; this meant that the hackers could still see information being sent to their servers.

The final blow against the creators of the botnet was when the Interpol Global Complex for Innovation co-ordinated  based in Singapore. It involved the FBI, Dutch National High Tech Crime Unit and the Russian Ministry of the interiors crime department. The take down happened all over the globe last Thursday and Friday, resulting in 14 control servers being seized.

If you want to check if you have been infected by the Simda botnet then Kaspersky have a site available here to check.

Thanks to Kaspersky and Artstechnica for this information

Image courtesy of guim.co.uk

New Botnet Composed out of Mac Systems Discovered

The times where Mac users were relatively safe from malicious attacks is long gone. As we all know, no system is secure and everything can be broken, it’s just a matter it being worth the effort. With the ever-growing number of people using Macs and the amount who still believe the old wives’ tale that Macs are safe, this is an obvious target.

The Russian security company Dr.Web has discovered a large and previous unknown botnet composed out of Mac OS X machines. The criminals are taking advantage of a security flaw in the system and effectively gain full control over the target system. From here the malware can attempt to infect more systems or carry out any other command sent by the botnet owners.

One of the interesting things about this piece of malware is that it communicates with its control servers via Reddit. It uses the search function to find comments left the criminals in a Minecraft discussion section, and it’s from there the network will get its commands.

The good news is, you can defend yourself against this. Dr.Web have already added the Mac.BackDoor.iWorm to their database and other security software creators are sure to follow soon. Botnets like these can do a lot of things, where the most common are to send out spam mails and run denial of service attacks. The second part of the good news is that it doesn’t look like the network is being used in any ongoing attacks. But that is of course a thing that could change at any time.

The main part of the infected systems are located in North America, but that isn’t really surprising. This is where the most systems are located, but the botnet is however worldwide and counted over 17.500 infected machines as of last Friday. This is a great reminder to everyone to run security software. It doesn’t matter if you’re using a mobile device or a PC running Mac OS, Linux/Unix or Windows. Everyone can be a target.

Thank you Dr.Web for providing us with these information

Images courtesy of Dr.Web

Experts Find ‘Backdoor’ in iOS Functions that Allows Personal Data Monitoring

A forensic scientists warned people about the fact that Apple has undocumented functions in its iOS operating system which allows people to wirelessly connect and extract pictures, text messages and other sensitive data, without the need of either a password or PIN.

iOS jailbreaker and forensic expert, Jonathan Zdziarski, has apparently revealed the functions at the Hope X conference, where he stated that any device that has ever been paired with the target handset can be used to access the functions. Zdziarski has also stated that he is unsure of Apple engineers enabled the mechanism intentionally in order to make room for easier surveillance by the NSA or law enforcement groups.

The most concerning service of all is the com.apple.mobile.file_relay. It is said to generate a huge amount of data, including account data for email services, Twitter, iClound, a full copy of the address book including deleted entries, the user cache folder, geographic position logs, a complete dump of the user photo album, and many more. All the data is available and accessible without requiring any additional security protocols, such as passwords or PINs.

Zdziarski has also added two other services, the com.apple.pcapd and com.apple.mobile.house_arrest, stating that the latter may have legitimate uses for app developers or support engineers. However, the data generated can be used to spy on users by government agencies or anyone who knows how to access the logs. For example, the pcapd allows people to wirelessly monitor all network traffic traveling into and out of the device, even when the handset is not running in a special developer or support mode. In addition, the house_arrest allows the copying of sensitive files and documents from Twitter, Facebook, and many other applications.

While the services are available and can be read by all, Zdziarski tells that not every hacker out there is out to get your data. He said that only “technically knowledgeable people who have access to a computer, electric charger, or other device that has ever been modified to digitally pair with a targeted iPhone or iPad” can access the data.

Thank you Arstechnica for providing us with this information
Images courtesy of Arstechnica

User Location Shared To Advertisers With The Help Of An Android Flashlight App

People nowadays depend on smartphones in their daily life, whether to check their e-mails, go on social media applications or even pay directly with them. That’s why most of this information is encrypted or it’s done via user discretion. Sometimes though deceptive developers employ backdoors in their seemingly harmless apps to steal user information. That is what GoldenShores Technologies, the developer for Brightest App for Android did to its users, and yes, unfortunately the application had a so-called backdoor in it.

The app transmitted precise user location to third-party advertisers along with a unique device identifier. Thankfully though the US Federal Trade Commission (FTC) has taken action against the developer who has agreed to settle charges.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, director of the FTC bureau of consumer protection, in a statement. The app has over 50 million users.

GoldenShores Technologies will be forced to give a way for users to have more control over how their location and the feature to share it. The strangest part is that the app would have stated the location sharing feature upon installing it. Who would have used such a flashlight application with geo-location sharing features attached to it?

Thank you Chip Loco for providing us with this information
Image courtesy of efinancialcommunications.com

Backdoor In To Selected D-Link Routers Revealed

Internet security is something that we [in a good way] get shoved towards us all the time, however it has been revealed that a number of D-Link routers have a vulnerable back-door gateway built into their firmware that can potentially allow unwanted users from gaining access to the units web management interface and therefore potentially the rest of your network.

Whilst looking through the firmware code for a DIR-100 router, a blogger from /dev/ttySO stumbled across the potentially fatal piece of coding that allows this access to be made. Using a specific string of code and connecting to the router via a wired or wireless connection, the reverse engineered back-door allowed the standard security authentication to be bypassed and full access granted.

To narrow down the vulnerability, only units that run on the DIR-100 firmware are known to be affected, however with many ISPs providing their users with D-Link equipment, both to residential and business customers, the potential for a security breach in the likes of public areas is unthinkable.

After some research it has been calculated that the following units are likely to be affected:

  • DIR-100
  • DI-524
  • DI-524UP
  • DI-604S
  • DI-604UP
  • DI-604+
  • TM-G5240

Additionally, several Planex routers also appear to use the same firmware:

  • BRL-04UR
  • BRL-04CW

Even more worryingly it has been reported that some versions of the DIR-615 may be affected as used by Virgin Mobile, although this has yet to be verified.

Whether or not this back door was supposed to placed within the firmware is yet to be disclosed by D-Link, however I’m sure their firmware coding teams will be hot on the case to ensure that this security breach doesn’t affect the reputation of D-Link in the long run and a major security outbreak runs wild.

Source: /dev/ttySO

Expert Says NSA Have Backdoors Built Into Intel And AMD Processors

In an interesting story covered by the Australian Financial Review it is revealed that experts think the NSA has hardware level backdoors built into Intel and AMD processors. Steve Blank, recognised as one of Silicon Valleys leading experts, says that he would be extremely surprised if the American NSA does not have backdoors built into Intel and AMD chips. His reason is that the NSA finds “hacking” through backdoors significantly more simple than trying to crack encryption. For example trying to crack AES 256 bit encryption would require the power of 10 million suns to crack at the current TDP of processors. Steve Blank therefore claims that because cracking encryption is so infeasible the NSA uses hardware level backdoors instead. Steve Blank said that these suspicions arose when he saw the NSA could access Microsoft emails in their pre-encryption state and so he knew there was another way in.

Edit: Jonathan Brossard personally got into contact with us to inform us that such statements made by the AFR about his opinions and research were indeed misleading and not factually accurate at all. Jonathan Brossard claims that if you read his whitepaper from the Black Hat 2012 conference, which can be found here, it will give a totally different understanding of what he was actually saying as opposed to what the AFR interpreted him as saying. We would like to apologise for passing information onto you from the AFR that was factually inaccurate. Jonathan Brossard stated that:

“The CPU microcode update mechanism is a documented feature which helps Intel and AMD fix CPU bugs. Even if this would be an interesting attack vector, you must break strong asymmetric cryptography before you get to push microcode updates to a CPU. The article from the Australian Financial Review is misleading, and doesn’t bring the slightest proof that Intel or AMD are sharing those cryptographic keys with [the] NSA. I do not personally think [the] NSA is backdooring Intel (or AMDs) CPUs.”

Though after all that there are of course those who will say this is complete nonsense and that the reason it is undetectable is because it does not exist and it is just conspiracy theory. Indeed Intel has denied such speculation.

I myself am not sure what to make of all this but what do you think? Does the NSA have a hardware level backdoor built into every modern Intel and AMD CPU?

Image courtesy of WCCFTech, Information from AFR.com via WCCFTech