Archive for Security

Samsung Galaxy S8 Iris Scanner Security Pwned By Hackers

Posted in Commentary with tags , on May 23, 2017 by itnerd

If you bought a Samsung Galaxy S8 for the security that the iris scanner provided you, then you may have to rethink that decision. Motherboard is reporting that hackers have used a fake iris to bypass the phone’s security:

Despite Samsung stating that a user’s irises are pretty much impossible to copy, a team of hackers has done just that. Using a bare-bones selection of equipment, researchers from the Chaos Computer Club (CCC) show in a video how they managed to bypass the scanner’s protections and unlock the device. “We’ve had iris scanners that could be bypassed using a simple print-out,” Linus Neumann, one of the hackers who appears in the video. The process itself was apparently pretty simple. The hackers took a medium range photo of their subject with a digital camera’s night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.And, that’s it. They’re in.

So, why does this work? Here’s my guess. I am guessing that the S8 is only checking for the pattern of the iris and it has no ability to tell if it is a real eye or not. Thus it is easily pwnable.  If any of this sounds familiar, it should. The facial recognition in the S8 can be fooled in the same manner.  And according to Motherboard, the fingerprint scanner has been pwned too. Samsung hasn’t commented on this, but it will be interesting to see what they do to fix this as this was a key selling feature for the phone.


Hackers Can Pwn Your Computer Via Flaws In Media Players Exploited Via Subtitles

Posted in Commentary with tags on May 23, 2017 by itnerd

This is something that I never figured was possible. Security company Check Point has come out with a blog post that has details about a new type of exploit that leverages flaws in various media players to pwn computers. The vehicle for the pwnage is subtitles in videos:

Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.

There’s also a proof of concept video that you can see here:

Now the four media player apps that are mentioned have mitigations against this threat. But there are likely plenty that are not mentioned that are easily pwnable. Or at least will be pwnable now that this is out in the open and hackers start to figure out how to exploit this. Thus, I have two pieces of advice. First if you use any of the media players mentioned above, then I would say that you should update to the latest version of these players. Second, if you’re running something else, maybe you should switch to one of these four to protect yourself from the threats that are sure to come.

“EternalRocks” Is The Next NSA Inspired Malware That May Make Life Miserable For You

Posted in Commentary with tags on May 23, 2017 by itnerd

Having just got over the ransomware known as “WannaCry” which caused global havoc just over a couple of weeks ago, we now have something new to worry about. Meet “EternalRocks” which like “WannaCry” utilizes exploits found by and acquired from the NSA, but is far more dangerous according to this as it uses seven NSA sourced exploits to the two that “WannaCry” used. Antivirus and security company Symantec already has a write up about this new threat, which means that their products likely have countermeasures for it. Other companies are likely to follow suit as this is a clear and present danger. But at least it’s one that people see coming.


#Fail: Trump Properties Are Easily Pwnable Via Poorly Secured WiFi

Posted in Commentary with tags , on May 18, 2017 by itnerd

Gizmodo is running a story where they test the security at a few properties owned by US President Donald Trump including The Mar-a-Lago Club where he has brought foreign leaders and found that any “half decent hacker” can break into their networks via poorly secured WiFi:

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of the Mar-a-Lago Club in Palm Beach, and pointed a two-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, N.J., with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Va. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

That doesn’t sound good. But you’re likely asking “is this really a big deal?” Well, yes it is. Here’s why:

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.

“Those networks all have to be crawling with foreign intruders, not just [Gizmodo and] ProPublica,” said Dave Aitel, chief executive officer of Immunity, Inc., a digital security company, when we told him what we found.

Seeing as Trump is President, likes to go to these places frequently, take foreign leaders to these places, and likely conduct business that affects the security of the United States, this is a problem. Now, if you also consider that he signed an executive order to force the government to step up its game on the cybersecurity front, maybe he should get his own house in order first as the optics from this are pretty craptastic.

This Cyberattack Makes It Clear That It’s Time For Everyone To Wake Up

Posted in Commentary with tags on May 15, 2017 by itnerd

The title of this story sounds a bit harsh, but I think that this cyberattack where tens of thousands of computers in something like 170 countries are being held hostage is a wake up call for a number of groups.

The first group that needs to wake up is consumers, businesses, and governments. This attack has made it clear that we can no longer afford to ignore the topic cybersecurity. We can no longer assume that just because we have anti-virus installed that we are safe. We need to do things like back up our data which would make ransomeware attacks ineffective. We need to not be tempted to click on links or attachments that come as part of a phishing email. We need to not download anything like software, movies or music from places like BitTorrent and the like. We need to make sure that we’re always running an up to date OS (as NHS who was one of the worst hit organizations was apparently still running Windows XP) and be patching it the second that patches appear (as apparently Microsoft had a patch that was on the streets in March that would have mitigated this attack. But clearly not everyone installed it). Lastly, and I am aiming this squarely at governments and businesses, cybersecurity should no longer be an afterthought from a spending perspective. As evidenced by the events of the past few days, spending the money that you need to defend yourself adequately is not an expense, it’s money well spent.

The other group that needs a wake up call is intelligence agencies like the NSA. I say that because part of this attack came from an bug in Microsoft Windows that the NSA was presumably using as part of their “toolkit” to gather intelligence and did not report to Microsoft. However it found its way into the hands of hackers who weaponized it and here we are witnessing the greatest cyberattack to date. When government agencies like the NSA find bugs like this, they should be obliged to report this to the software or hardware vendor in question. They should not be just left out there so that someone like Wikileaks, a hacker, or a nation state stumbles upon it and decides to use it for evil, or discloses it to the world so that someone else can use it for evil. Had the NSA did the right thing when they discovered this bug, we would likely not be here talking about this attack today.

I am hoping that the events of the last few days serve as a wake up call because clearly the world has been unprepared for this sort of event. And clearly that needs to change given the scope and effects of this cyberattack as the next one will be far worse than this one, and have far more catastrophic effects unless we collectively get our act together and prepare for that cyberattack.

UPDATE YOUR FIRMWARE: Asus RT Series Routers Have Flaws That Allow Web Hijack Exploits

Posted in Commentary with tags , on May 11, 2017 by itnerd

If you have an Asus RT wireless router, then you might want to look at  CVE-2017-5891. It details that RT-AC and RT-N variants using firmware older than version can get pwned via cross-site request forgery exploit. Meaning that if the user has left the default credentials in place for whatever dumb reason, or if an attacker knows the admin password, a malicious webpage can log into the router when visited by the victim and alter settings. Then the router and by extension the network is effectively pwned. Or at least, that’s what could happen as Nightwatch Cybersecurity who are the people who discovered it explained in a post. The fact is that they were not able to exploit this flaw on a consistent basis. But he fact that is exists is reason enough for concern.

Asus has addressed the some of these issues in a March firmware update, but doesn’t consider one of Nightwatch’s other issues with this firmware which is CVE 2017-5892, to be serious enough to warrant a fix. Also include in the updated firmware are fixes for:

  • CVE-2017-6547, a cross-site scripting bug in the routers’ HTTP daemon.
  • CVE-2017-6549, a session hijack vulnerability in the HTTP daemon.
  • CVE-2017-6548, a remote code execution buffer overflow in the routers’ networkmapcommand.

Thus if you have an RT-AC or a RT-N series Asus router, you should upgrade your firmware ASAP.

Did You Download Handbrake For Mac Recently? You May Have Been Pwned.

Posted in Commentary with tags , on May 8, 2017 by itnerd

The developers of open video transcoder app Handbrake have issued a security warning that you might want to pay attention to. Apparently, one of the sites that the developers use to mirror their downloads had the installer for Handbrake replaced so that it contained malware that gives the creator of the malware root-access privileges. Not only that, it steals whatever info is on your keychain. Thus you’ll have to change every password on that keychain. Ditto for any passwords stored by the browser of your choice.

If you downloaded Handbrake between May 2nd and May 6th, you have a 50/50 chance of being pwned by whoever did this. The security warning that I linked to has instructions on how to spot the malware and how to remove it. Thus if this applies to you, I’d take immediate action.