Secret Service Agencies Wanted to Put Malware on Your Android Phones

I don’t think it will be a shock to hear about yet another way government agencies try to spy on people, but they are getting bolder day after day it seems. A recently leaked document by Edward Snowden, dubbed IRRITANT HORN, reveals how agencies from the United States, United Kingdom, Canada, New Zealand and Australia wanted to infect your smartphones through Google and Samsung App Stores.

The agencies wanted to use their XKEYSCORE system to trim Internet traffic in order to find smartphone data that goes to and from the Google and Samsung stores. With the latter, they would have performed a man-in-the-middle attack to get your smartphone thinking it was downloading something from the store, but instead it would have downloaded malicious software that would track and record your data.

The document apparently reveals more than just hacking and infecting smartphones. The agencies were also planning to send “selective misinformation” to targeted handsets. This means that the agencies wanted to control and alter more than just a few emails or messages, but rather use the system to control events from underneath the curtain.

Up until now, Google made no comment regarding this matter, while Samsung decided not to comment “at this time”.

Thank you The Intercept for providing us with this information

Craigslist Knocked Offline

Craigslist was knocked offline yesterday (Sunday) and at the time of writing, it still hasn’t come back.

The suspected DNS hijack was previously redirecting visitors to a website called Digital Gangster. The Next Web points out that this site was behind a famous 2009 Twitter hack and another hack which took pictures from Miley Cyrus’ Gmail in 2008.

They also point out the fact that the domain name shortly had its owner changed to “steven wynhoff @LulzClerk” – a name associated to hackings of YouTube accounts and the email account of the supposed creator of Bitcoin, Satoshi Nakamoto.

The site appears to be slowly coming back to life, but still hasn’t fully resumed service.

Source The Next Web 

RickMote Controller App Lets You Rickroll Your Chromecast Neighbors

The Raspberry Pi has proven to be a useful tool for security researchers once again. This time, the Chromecast has been exploited, having found an interesting bug that lets you take control of any TV using the device.

From a techy point of view, the Chromecast uses a ‘deauth’ command that disconnects it from the Wi-Fi network. However, the command has been proven to have a bug. Once the command is initialized, it is said to kick the device off the network and enters a config mode that lets it become a Wi-Fi hotspot. When the Chromecast is in this state, anyone connecting to it can then send any video they like to the TV hosting the Chromecast device.

[youtube]https://www.youtube.com/watch?v=M7nqP8AvXUg[/youtube]

In short, the Chromecast can become a hijackable device that lest anyone connecting to it stream any video they like to it. The bug is said to have been discovered by Dan Petro, a whitehat at security consultancy Bishop Fox. He is said to have used a Raspberry Pi, a couple of Wi-Fi cards and a touchscreen, along with Aircrack to take advantage of the bug. The device is said to take about 30 seconds to connect and take over the network. Once inside, people can then Rickroll their Chromecast friends or neighbors.

Petro has apparently made a blog about his invention as well, helping people build their own and set them on a ‘rolling’ spree. More information about the RickMote and can be found here. Also, below is a video of Petro’s presentation regarding his findings.

[youtube]https://www.youtube.com/watch?v=MZUYYgyUyh8[/youtube]

Thank you Raspberry Pi for providing us with this information

GoZeuS Returns a Month after Authorities Take Measures Against the Malware

Though authorities had taken action against the GoZeuS and CryptoLocker malware which stole hundreds of thousands of banking logins from users and blackmail them for millions of pounds, it seems that the malwares are back. A month after the campaign, online criminals seem to have tried to rebuild the sophisticated software named GameOver ZeuS, having researchers warn that new threats using much of the same code are aimed at UK users.

Reports say that the ‘original strain’ of the malware targeted by authorities around the world, including the NSA and the FBI, has been in a decline since the campaign started. However, it appears that criminals are now re-establishing the GameOver botnets by taking the original code and reworking it to avoid detection, much like a biological virus modifies its genetic code in order to survive medicine administered against it.

A security company by the name of Malcovery has stated that the new trojan based on the GameOver Zeus binary is spreading through spam emails, claiming to be from the NatWest bank, coming with an attached statement in the content. Anyone who opens the ‘statement’ are said to risk infection, since traditional anti-virus software cannot detect the malicious software. Also, the CEO of Heimdal Security, Morten Kjærsgaard, states that the heads of the original GoZeuS will try to use lesser-known strains in order to avoid law enforcement agencies detecting it.

“Until we start to see a more clear movement pattern of these new Zeus variants, which are starting to surface, we can’t say anything definitive about their extent,” said Kjærsgaard. “There is no doubt though, that many small malware variants could pose the same financial problem for end users as one big nasty piece of malware.” he added.

While the GameOver Zeus botnet earned more than $100 million for its creators, more infections are likely to take place given the new strains. In June however, US authorities are said to have named Evgeniy Bogachev, a Russian national, as the main suspect behind the original malware.

Thank you The Guardian for providing us with this information
Image courtesy of The Guardian

Australian Apple Devices Get Hijacked Using ‘Find My iPhone’ Feature

Apple’s Find My iPhone feature is one of the most important features of the company’s security, having the ability to find, lock and even erase and iPhone, iPad, iPod or Mac’s data in case it is stolen or lost. However, what would happen if it would somehow got ‘hijacked’? Some Apple users from Australia might have an idea on that now since their devices were hijacked by a hacker or a group of hackers.

The hacker (or group of hackers), no details confirming the number or identity has been officially confirmed, locked the devices using Apple’s own Find My iPhone feature and held them for ransom having set a PayPal account to transfer the money in order to regain access to the devices.

What is known about the individual(s) is that he/they go by the name of “Oleg Pliss”. The ransom amount varied from $50 to $100 and the instructions were quite clear, to transfer the named amount of money to the PayPal account displayed in the message. Fortunately, users who have set a passcode on their accounts were able to regain access to it quickly due to the fact that nobody can add or change a passcode on a device that already has one.

Less fortunate users however had to deal directly with Apple Support and solve their hijacking problems. The reports indicate that the incident occurred only in Australia, though there are some reports indicating similar issues in New Zealand and the UK.

The exact method of hacking has not yet been confirmed, though it is believed that it has something to do with users recycling the same passwords captured in other internet breaches.

Either way, Apple users have been recommended to change their passwords to a more unique combination or even enable the two-factor authentication and set passcodes on all of their devices.

Thank you Endgadget for providing us with this information
Image courtesy of Endgadget

No Privacy For Chrome Thanks To Speech Recognition Hack

An expert in speech recognition states that Google Chrome users are exposed to various attacks and malware infections that can hijack the computer’s microphone. With this, all conversations in the room can be recorded for extended periods of time.

In order to gain access to the microphone however, users need to click a button to accept and give access to the microphone. Chrome usually notifies the user with a blinking red light in the browser tab and displays a camera icon in the address bar to indicate the given permission(s). As a normal behaviour, once the tab is closed, it should stop recording and drop permissions for any devices used. However, it will do the exact opposite.

[youtube]https://www.youtube.com/watch?v=s5D578JmHdU[/youtube]

As shown in the video above, Google Chrome can be used as the perfect tool for spying on anybody using the speech recognition on “shady” websites and afterwards closing the tab window. There will be no indication whatsoever about the recording feature still being enabled, and your privacy will be non-existent as long as you are still operating the browser. Israeli researcher Tal Ater said, the audio is sent to Google for analysis before being sent to the site that made the request. Once permission has been granted, Chrome can be programmed to begin recording only after certain keywords—say, “Iran” or “National Security Agency” are spoken.

“As long as Chrome is running, the transcripts of anything that is said next to your computer can be recorded by the malicious site—your private phone conversations, meetings, anything within earshot of your computer is compromised,” Ater wrote in an e-mail. “This is a unique vulnerability, as it essentially turns Chrome into an espionage tool with consequences on the physical world.”

Ater has notified Google about the security issue in September, though not even today has the bug been fixed. He wrote to Google once again in November in an attempt to find out what is taking so long to release a patch for the security breach. Their latest statement on the matter was as following:

“The security of our users is a top priority, and this feature was designed with security and privacy in mind. We’ve re-investigated and still believe there is no immediate threat, since a user must first enable speech recognition for each site that requests it. The feature is in compliance with the current W3C standard, and we continue to work on improvements.”

From the statement given, in my opinion, Google displays a lack of interest in patching their security issues, overriding their continuous statements of focusing primarily on user privacy and security. Although it corresponds to the current W3C standards, Google should also consider intermediate and novice users, who most certainly don’t even know how a browser works. If Google was to focus on user privacy, patches and fixes for every security risk should have been issued with the highest priority, even for the low risk glitches and bugs such as this one.

Thank you arstechnica for providing us with this information
Image and video courtesy of arstechnica