Archive for January 7, 2022

Here’s A Video Of The Fisker Ocean In Action

Posted in Commentary with tags on January 7, 2022 by itnerd

I’ve been writing about Fisker for a while now as they move towards customer delivers later this year. And for something different, here a video of Chairman/CEO Henrik Fisker driving a Fisker Ocean at high speeds in the desert in California. This will give you a good look at the Fisker Ocean from a lot of different angles:

Courtesy: Fisker Inc. Music by Moby.

Also, I’ll give you a heads up about an interview that I did with Henrik Fisker that I am getting ready to post next week. You should stay tuned for that as even though I only had 15 minutes with him, it was a very enlightening 15 minutes.

Yikes! ZLoader Is Back And It Leverages A Vulnerability In Microsoft’s Digital Signature To Do Evil

Posted in Commentary with tags on January 7, 2022 by itnerd

The infamous ZLoader malware has returned. And it’s taking advantage of a vulnerability in the way Microsoft digitally signs a specific file type. Check Point Research has the details:

The malware then exploits Microsoft’s digital signature verification method to inject its payload into a signed system DLL to further evade the system’s defenses. This evidence shows that the Zloader campaign authors put great effort into defense evasion and are still updating their methods on a weekly basis.

And here’s how you get pwned:

The infection starts with the installation of Atera software on the victim’s machine. Atera is a legitimate, enterprise remote monitoring and management software, designed for IT use. Atera can install an agent and assign the endpoint to a specific account using a unique .msi file that includes the owner’s email address. The campaign authors created this installer (b9d403d17c1919ee5ac6f1475b645677a4c03fe9) with a temporary email address: ‘Antik.Corp@mailto.plus’. The file imitates a Java installation, just like in previous Zloader campaigns. As of this moment, the exact distribution method for this file is not fully understood.

Once the agent is installed on the machine, the attacker has full access to the system and is able to upload/download files, run scripts, etc. Atera offers a free 30-day trial for new users, which is enough time for the attacker to stealthily gain initial access. 

In the next phase of the attack, the attackers download and run two malicious files, one of which is designed to disable certain protections in Windows Defender and the other to load the rest of the malware. From there, a script runs an executable file, and that’s where the operators exploit a hole in Microsoft’s signature verification.

All of this is pretty bad. But there is a mitigation……. Sort of:

We recommend that users apply Microsoft’s update for strict Authenticode verification. To do so, paste these lines into Notepad and save the file with .reg extension before running it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config]

“EnableCertPaddingCheck”=”1”

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config]

“EnableCertPaddingCheck”=”1”

We should also note that after applying the fix, some signatures of legitimate benign installers will show up with an invalid signature. In addition, if mshta.exe is not relevant in your environment, you may disable it and mitigate the execution of scripts that are inserted into such files.

So in short, the fix may break other stuff. Thus you should evaluate the risk/reward proposition before implementing this in your environment. Or put another way, you should test the daylights out of this mitigation before you roll it out so that you don’t break anything.

#Fail: Clocks In Older Acura & Honda Cars Knocked Back To 2002 Since The New Year…. And There Is No Fix Incoming

Posted in Commentary with tags , on January 7, 2022 by itnerd

This is really bad from an optics perspective if you’re Honda and Acura. The Register is reporting that owners of older Honda and Acura cars are seeing the dates on the clocks being set to 2002 after New Years day:

With the onset of 2022, Acura and Honda customers began reporting on various online forums that their dashboard display clocks reset to January 1, 2002 when they restarted their vehicles.

A reader wrote in to alert The Register to the problem.

“Since New Year’s Day my Honda CR-V has been unable to tell the time,” the reader said. “When I start the car it just says it is 01:00 and though the time then continues from there, restarting the car resets back to 01:00 again.”

“After a few moments searching I discovered it is a known issue with some Honda models with built-in sat nav. It seems that at midnight they switched from 2021 to 2002! Apparently there is no fix. :(“

You read that correctly. There is no fix. And I confirmed that when I took a quick look at Honda Canada’s Twitter feed:

And The Register had this to add:

Honda representatives, it’s claimed, have acknowledged the clock errors and suggested the bug will resolve itself in seven months, at the end of August.

“We have escalated the NAVI Clock Issue to our Engineering Team and they have informed us that you will experience issues from Jan 2022 thru August 2022 and then it will auto-correct,” a company representative supposedly said in a reply to online complaints. “Please be assured that we will continue to monitor this and will advise you if a fix is available before that time.”

This however is not a statement Honda is willing to officially acknowledge at the moment. A company representative declined to confirm (but did not deny) the above statement as an official response, saying it may have been something a customer service representative said.

Honda, we were told, has not yet issued a formal advisory to owners at this point – in other words there are legal implications that follow from official declarations. In a statement email to The Register, a Honda US spokesperson confirmed the company is investigating the issue but could not provide further detail about the cause of the error.

The optics of this suck for Honda and Acura because waiting until August when things will “auto-correct” itself isn’t a winning strategy. What is a winning strategy is to actually figure out what the bug is and fix it via a software update. Assuming that you can perform a software update on these cars. All I know is this, if I owned one of these cars, I’d be pretty mad. Both with the issue and the response from Honda and Acura. And that would make me much less likely to buy a product from Honda or Acura in the future.

Let’s Update To Roku OS 10.5 To See What Happens…. What Could Go Wrong?

Posted in Commentary with tags on January 7, 2022 by itnerd

During the holidays I posted a story about Roku users being irate at upgrading to Roku OS 10.5 and having issues after upgrading to Roku OS 10.5. Specially with HomeKit, AirPlay, among other functionality. Since I am the sort that loves to dive into stuff like this, I decided to dive head first into this by upgrading to Roku OS 10.5, seeing first hand what breaks, and figure out fixes for them. My test subject was this TCL TV which was stuck on Roku OS 9.4. By “stuck” I mean that it didn’t get updates after 9.4. I suspect that’t because I was once on a Roku beta program and was never taken out of it. So I reached out to Roku via their forums and requested that they push the update to me. That finally happened last night and here’s what I found.

After the update was installed, AirPlay and HomeKit functionality broke. In the Home app the TV was listed as “no response” which meant that HomeKit could not talk to it. And attempts to AirPlay from any Mac or iPhone failed. Now there is a reset option that is inside the AirPlay and HomeKit setup screen which should nuke any previous configuration and allow you to set things up again using the Home app. But that didn’t work. Let me explain further. What should happen when you use this reset option is that it erases the previous HomeKit and AirPlay configuration and allow you to re-add the TV using the Home app via a HomeKit barcode. But what actually happens is that the configuration doesn’t appear to reset and the barcode never appears. On top of that, if you exit the HomeKit and AirPlay configuration screen and try to go back into it, that screen will then crash and then dump you back to the Home Screen of the TV.

So in short, updating to 10.5 will break HomeKit and AirPlay.

However I was able to fix this by factory resetting the TV and setting up as it it were a new TV. Which is a pretty invasive method of solving this problem. But while it’s a bit of a pain, it’s really not that bad. Largely because all your Roku channels automatically download to the TV when you do this. From there, I was able to set up HomeKit and AirPlay in a few minutes and everything worked fine. Though one oddity that I noticed was that after setting things up, the TV showed up twice with two different names when I went looking for AirPlay targets. One was the name that I gave it when I set it up. The other was the model number of the TV. I rebooted the TV and this went away.

Now let me get onto my soapbox for a second. Having to do a factory reset to fix AirPlay and HomeKit isn’t cool. This is the sort of thing that should have been caught in testing and either resolved, or a far less invasive solution should to fix this should have been devised so that users don’t have to do a factory reset.

Now that I’m off the soapbox, let me highlight the rest of my testing:

  • I have a PC plugged into the TV via HDMI, and it lost its ability to output audio to the TV. When I investigated, I found that the audio output was switched to the computer and not the HDMI port. That was weird. And multiple reboots of the computer left me unable to replicate the problem.
  • I have a Roku StreamBar that I use as a sound bar for the TV. Prior to this update, when you played a video from one of the Roku channels, volume would start out low and then suddenly increase. Since the update, this does not happen.

My take on this is as follows. Anyone who upgrades (or more accurately is forced to upgrade as Roku controls the upgrade process) to Roku OS 10.5 should be prepared to deal with some issues. Specifically around HomeKit and AirPlay based on my testing. My experience shows that these issues can be overcome with a factory reset. But that may not be everyone’s experience. And to be frank, you shouldn’t have to factory reset hardware after you update the software that runs it. Hopefully future updates don’t have issues like the ones that I described. But in the here and now, Roku users should be prepared for a bit of pain.