ZDNet reports of a new mobile malware campaign that is “gaining access to iPhones by tricking users to download an open-source mobile device management (MDM) software package.”
Once in control, the unidentified hackers can steal various forms of sensitive information from infected devices, including the phone number, serial number, location, contact details, user’s photos, SMS, and Telegram and WhatsApp chat messages. Thirteen users — all in India — have been been compromised in the attacks, which have been detailed by Cisco Talos. Those infected use a range of iPhone models and are running iOS versions ranging from 10.2.1 to 11.2.6. The campaign has been active since August 2015. The attackers take control by using the MDM package, which can give attackers complete control of the device and the ability to install fake versions of real apps.
Two different MDM services are used in the campaign, enabling system-level control of multiple devices from one location and the ability to install, remove and exfiltrate data from apps. One method of stealing data comes via malicious versions of messaging services like Telegram and WhatsApp being pushed onto the compromised device via fake updates. The apps look legitimate to the user, but malicious code sends information — including messages, photos and contacts — to a central command and control server. Deploying these apps requires a side-loading injection technique, which allows for the ability to ask for additional permissions, execute code and steal information from the original application.
The article refers to a multistep process to trick users into adding certificates as trusted. Because if your phone trusts a certificate, you can load developer apps directly onto a phone. In short, you’re basically side-loading an app without having to get past the App Store’s restrictions. This illustrates why you should never do things like install apps from unknown sources or jailbreak an iPhone. Sure you don’t get all the cool apps and tweaks that Android users get, but at least you are safe.
The other thing that I note is that older versions of iOS are mentioned. That kind of implies that if you have an up to date version of iOS, this malware may not work as well if at all. That reinforces the fact that you should always update your device with the latest OS to keep yourself safe.
Health Care Company CarePartners Pwned By Hackers…. And The Hackers Are Speaking Out
Posted in Commentary with tags Hacked on July 17, 2018 by itnerdThis is something that you don’t see everyday. CarePartners which is a health care company that provides home medical care services on behalf of the Ontario government have been pwned by hackers. According to the company, the hackers only got access to a small amount of data.
Now I do admit that companies get pwned by hackers all the time sadly. But what’s unusual about this situation is that the hackers are speaking out:
However, a group claiming responsibility for the breach recently contacted CBC News and provided a sample of the data it claims to have accessed, shedding new light on the extent of the breach.
The sample includes thousands of patient medical records with phone numbers and addresses, dates of birth, and health card numbers, as well as detailed medical histories including past conditions, diagnoses, surgical procedures, care plans and medications for patients across the province.
Another document appears to contain more than 140 active patient credit card numbers and expiry dates, many with security codes.
The attackers claimed the sample was a subset of hundreds of thousands of patient records and related materials in their possession dating back to 2010.
“We requested compensation in exchange for telling them how to fix their security issues and for us to not leak data online,” they told CBC News.
CarePartners did not answer questions about the ransom, and it is not clear if or when the data will be posted online.
For the record, CBC was able to verify that the data they got was on the level. Which isn’t good if you’re CarePartners. Then there’s the fact that the company says that they take protecting data seriously. But the hackers say something entirely different.
The attackers told CBC News in an encrypted message that they discovered vulnerable software on CarePartners’ network that had not been updated in two years “by chance,” and were able to exploit those vulnerabilities and weak passwords to remove hundreds of gigabytes “completely unnoticed.”
#Fail. Clearly CarePartners don’t take the security of data seriously based on that.
Now I get why CarePartners might want to minimize the extent of this. But it’s not a workable strategy long term because in Canada there’s strong privacy laws and this sort of thing does get investigated by Canada’s Privacy Commissioner. So the truth will come out eventually and CarePartners will get smacked pretty hard. Thus if I were them, I would just come clean now and work with everyone from the Privacy Commissioner to law enforcement and security firms to address this.
Leave a comment »