Your smartphone: a new frontier for hackers

[airdog07]

Security researcher Ralf-Philipp Weinmann says he has found a new way to hack into mobile devices - by using a baseband hack that takes advantage of bugs found in the firmware on mobile phone chipsets sold by Qualcomm and Infineon Technologies. Weinmann will demonstrate the hack on both an iPhone and an Android device at this week's Black Hat conference in Washington D.C.

Previously, mobile hacking attempts have involved the phone's operating system or other software, but this one focuses on breaking into a phone's baseband processor, which is the hardware that sends and receives radio signals to cell towers.
Baseband Hacking Details

In an IDG News Service report as well as a report on LinuxInsider, this new hack is described in detail. In short, it's a very technical undertaking which involves setting up a fake cell tower to communicate with the target devices. In past years, that was an impossible task due the costs involved - tens of thousands of dollars. But now, thanks to new open-source software called OpenBTS, anyone can build a tower with $2,000 worth of computer equipment. Mobile carriers are also making the necessary hardware more affordable, too, by providing femtocells to consumers in an effort to broaden their mobile coverage. These femtocells, like AT&T's 3G MicroCell, are even less expensive; AT&T's is just $150.00.

To perform the attack, Weinmann sets up a rogue base transceiver station which is used to send malicious code over the air to the target devices. The code exploits vulnerabilities found in the GSM/3GPP stacks on the phones' baseband processors. Says Weinmann, industry bodies like the GSM Association and the European Telecommunications Standards Institute have not considered the possibility of attacks like this.
Should You Be Concerned?

In addition to the cost of this particular hack - still a bit pricey - the code Weinmann wrote is notable because it involves in-depth knowledge of chipset firmware, something few hackers know much about, says the IDG news report.

Essentially, Weinmann is helping open up a whole new vector for smartphone hacking, an avenue which is just now being explored by a handful of researchers. In August, for example, Chris Paget demonstrated cell tower spoofing at the Defcon hacking conference in Las Vegas, after getting last-minute permission from the U.S. Federal Communications Commission to do so. And in two months time, other researchers will demonstrate more baseband attacking techniques at Vancouver's CanSecWest conference.

In other words, this is still an emerging area for hackers.

It's too early to say what the ramifications are for this new baseband hacking technique, but for now security experts say that the general public shouldn't worry about attacks like this coming in the near future.

According to Sophos security consultant Graham Cluley, "if someone wanted to spy on your mobile phone conversations it would be easier to trick the user into installing an app that spied on them or gain physical access to the mobile to install some spyware code," he said. "I would be surprised if anyone went to all of the effort that this researcher suggests."

[airdog07]

TECHNOLOGY: Your smartphone: a new frontier for hackers
By Jordan Robertson
Las Vegas (AP)

Hackers are out to stymie your smartphone.

Last week, security researchers uncovered yet another strain of malicious software aimed at smartphones that run Google's popular Android operating system. The application not only logs details about incoming and outgoing phone calls, it also records those calls.

That came a month after researchers discovered a security hole in Apple Inc.'s iPhones, which prompted the German government to warn Apple about the urgency of the threat.

Security experts say attacks on smartphones are growing fast and attackers are becoming smarter about developing new techniques.
“We're in the experimental stage of mobile malware where the bad guys are starting to develop their business models,” said Kevin Mahaffey, co-founder of

Lookout Inc., a San Francisco-based maker of mobile security software.
Wrong-doers have infected PCs with malicious software, or malware, for decades. Now, they are fast moving to smartphones as the devices become a vital part of everyday life.

Some 38 percent of American adults now own an iPhone, BlackBerry or other mobile phone that runs the Android, Windows or WebOS operating systems, according to data from Nielsen. That's up from just 6 percent who owned a smartphone in 2007 when the iPhone was released and catalyzed the industry. The smartphone's usefulness, allowing people to organize their digital lives with one device, is also its allure to criminals.

All at once, smartphones have become wallets, email lockboxes, photo albums and Rolodexes. And because owners are directly billed for services bought with smartphones, they open up new angles for financial attacks. The worst programs cause a phone to rack up unwanted service charges, record calls, intercept text messages and even dump emails, photos and other private content directly onto criminals' servers.

Evidence of this hacker invasion is starting to emerge.
Lookout says it now detects thousands of attempted infections each day on mobile phones running its security software. In January, there were just a few hundred detections a day. The number of detections is nearly doubling every few months. As many as 1 million people were hit by mobile malware in the first half of 2011.

“Bad guys go where the money is,” said Charlie Miller, principal research consultant with the Accuvant Inc. security firm, and a prominent hacker of mobile devices. “As more and more people use phones and keep data on phones, and PCs aren't as relevant, the bad guys are going to follow that. The bad guys are smart. They know when it makes sense to switch.”

[airdog07]

M2M offers hackers a new frontier for mischief
There will be an estimated 50 billion embedded mobile devices within 20 years
By John P Mello Jr, CSO
February 11, 2013 05:25 PM ET

CSO - Cybercriminals have a new attack vector that security watchdogs are worried about -- the growing number of devices that routinely use the Internet to function.

Machine-to-machine (M2M) security is closely connected with what's known as "The Internet of Things" and involves a host of devices that use mobile modules to connect to the Internet. There's the vending machine, for example, that communicates with a distributor when supplies get low or the E-ZPass toll-paying system.

"It's not a huge target yet, but it's potentially a huge target," said Lawrence M. Walsh, president and CEO of the 2112 Group, a research and consulting firm in New York City.

"It's projected that there will be 50 billion embedded mobile devices worldwide over the next 15 to 20 years," he noted.

Until now, M2M has dodged the attention of the larger hacker community. It's still difficult to crack the devices because of a lack in intelligence in the networks they're connect to, said Anthony Cox, an associate analyst with Juniper Research in Basingstoke, UK. Cox recently blogged about the prospect of M2M attacks.

That's changing, though, he said. "As systems offer more complete communication from the module to the management platform that looks after these modules, the chance of creating avenues where hacking may be successful will increase," he said in an email.

M2M systems that rely on richer communication already exist, such as those transponders used for automatic toll payments. "There's an M2M device at the toll booth reading your sensor, transmitting the data to another M2M device which is aggregating it and sending it to a server," Walsh explained.

"Is it possible to hack that system to give everybody free tolls for the day or conversely, double everybody's tolls for the day," he asked. "Absolutely."

M2M is used, for instance, in a variety of energy, public utility, transportation and security systems, he said. "You have the potential to disrupt infrastructure, disrupt economic activity and steal money," he said.

"M2M systems have a similar concern to SCADA systems," he said. "SCADA systems were once thought to be impervious to conventional Internet attacks because most of them weren't connected to the Internet and were operating on dedicated operating systems."

"Now, they're not," Walsh continued. "They're integrated with Windows and Linux and they have connections to networks connected to the Internet that makes them vulnerable."

Making matters worse is that M2M devices -- unlike smartphones, tablets and PCs -- have limited power, processing and storage. That could make them harder to secure from hackers.

"Putting active security devices on them is going to challenging," Walsh said. "The security of M2M systems [does] worry me."

Adding to M2M's security problems is an over-reliance on encryption to secure systems, said Tom Kellermann, vice president of Cyber Security for Trend Micro in Cupertino, Calif.
Breaking encryption is less of a problem for M2M networks than compromising credentials that can be used to decode the encrypted security measures that are supposed to protect them.

"We need better ways of protecting private key management," Kellermann said, "but even if that problem were solved, the over-reliance of encryption to solve The Internet of Things security problem is highly problematic.

"Hackers know how to bypass encryption and use that encryption to hide their forensic trails."

[airdog07]

Fortinet: Top 6 threat predictions for 2013
By T.C. Seow

December 13, 2012 — IDG News Service — Network security firm Fortinet has revealed FortiGuard Labs' 2013 threat predictions, highlighting six threats to watch out for next year.

Fortinet's top six security predictions for 2013 are:

1. APTs target individuals through mobile platforms

Advanced persistent threats or APTs are defined by their ability to use sophisticated technology and multiple methods and vectors to reach specific targets to obtain sensitive or classified information. The most recent examples include Stuxnet, Flame and Gauss.

Fortinet predicts that in 2013, APTs will be targeted at the civilian population, which includes CEOs, celebrities and political figures. However, verifying this prediction will be difficult because after attackers get the information they're looking for, they can quietly remove the malware from a target device before the victim realises that an attack has even occurred.

What's more, individuals who do discover they have been victims of an APT will likely not report the attack to the media. Because these attacks will first affect individuals and not directly critical infrastructure, governments or public companies, some types of information being targeted will be different. Attackers will look for information they can leverage for criminal activities such as blackmail; threatening to leak information unless payment is received.

2. Two-factor authentication replaces single password sign on security model

The password-only security model is dead, said Fortinet. Here's why: Easily downloadable tools today can be used to crack a simple four- or five-character password in only a few minutes. Moreover, using new cloud-based password cracking tools, attackers can attempt 300 million different passwords in only 20 minutes at a cost of less than US$20. Criminals can now easily compromise even a strong alphanumeric password with special characters during a typical lunch hour. Stored credentials encrypted in databases (often breached through Web portals and SQL injection), along with wireless security (such as WPA2) will be popular cracking targets using such cloud services.

Next year, we are likely to see an increase in businesses implementing some form of two-factor authentication for their employees and customers, Fortinet's report says. This will consist of a Web-based login that will require a user password along with a secondary password that will either arrive through a user's mobile device or a standalone security token. While it is true the recently discovered botnet Zitmo cracked two-factor authentication on Android devices and RSA's SecurID security token (hacked in 2011), this type of one-two punch is still the most effective method for securing online activities.

3. Exploits to target machine-to-machine (M2M) communications

Machine-to-machine (M2M) communication refers to technologies that allow both wireless and wired systems to communicate with other devices of the same ability. It could be a refrigerator that communicates with a home server to notify a resident that it's time to buy milk and eggs, it could be an airport camera that takes a photo of a person's face and cross-references the image with a database of known terrorists, or it could be a medical device that regulates oxygen to an accident victim and then alerts hospital staff when that person's heart rate drops below a certain threshold.

While the practical technological possibilities of M2M are inspiring as it has the potential to remove human error from so many situations, there are still too many questions surrounding how to best secure it, says Fortinet's report. Next year will see the first instance of M2M hacking that has not been exploited historically, most likely in a platform related to national security such as a weapons development facility. According to the report, this will likely happen by poisoning information streams that transverse the M2M channel--making one machine mishandle the poisoned information, creating a vulnerability and thus allowing an attacker access at this vulnerable point.

4. Exploits circumvent the sandbox

Sandboxing is a practice often employed by security technology to separate running programs and applications so that malicious code cannot transfer from one process (i.e. a document reader) to another (i.e. the operating system). Several vendors including Adobe and Apple have taken this approach and more are likely to follow.

As this technology gets put in place, attackers are naturally going to try to circumvent it. FortiGuard Labs has already seen a few exploits that can break out of virtual machine (VM) and sandboxed environments, such as the Adobe Reader X vulnerability. The most recent sandboxing exploits have either remained in stealth mode (suggesting that the malware code is still currently under development and test) or have actively attempted to circumvent both technologies. Expect to see innovative exploit code that is designed to circumvent sandbox environments specifically used by security appliances and mobile devices, says the report.

5. Cross-platform botnets

In 2012, FortiGuard Labs analysed mobile botnets such as Zitmo and found they have many of the same features and functionality of traditional PC botnets. In 2013, the team predicts that thanks to this feature parity between platforms, we are likely to see new forms of Denial of Service (DoS) attacks that will leverage both PC and mobile devices simultaneously. For example, an infected mobile device and PC will share the same command and control (C&C) server and attack protocol, and act on command at the same time, thus enhancing a botnet empire. What would once be two separate botnets running on the PC and a mobile operating system such as Android will now become one monolithic botnet operating over multiple types of endpoints.

6. Mobile malware growth closes in on laptop and desktop PCs

Malware is being written today for both mobile devices and notebook/laptop PCs. Historically, however, the majority of development efforts have been directed at PCs simply for the fact that there are so many of them in circulation, and PCs have been around a much longer time.

For perspective, FortiGuard Labs researchers currently monitor approximately 50,000 mobile malware samples, as opposed to the millions they are monitoring for the PC. The researchers have already observed a significant increase in mobile malware volume and believe that this skewing is about to change even more dramatically starting next year. This is due to the fact that there are currently more mobile phones on the market than laptop or desktop PCs, and users are abandoning these traditional platforms in favor of newer, smaller tablet devices.

While FortiGuard Labs researchers believe it will still take several more years before the number of malware samples equals what they see on PCs, the team believes accelerated malware growth on mobile devices will happen because malware creators know that securing mobile devices today is currently more complicated than securing traditional PCs.

[airdog07]

Tired of dealing with rogue software, spyware and malware?

Spent too many hours removing unsolicited software?

Worried about clicking unfamiliar Web links?

Introducing Sandboxie

Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie. The animation illustrates that Sandboxie is able to intercept the changes and isolate them within a sandbox, depicted as a yellow rectangle. It also illustrates that grouping the changes together makes it easy to delete all of them at once.

Benefits of the Isolated Sandbox

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.

Download Sandboxie now and give it a try!

Sandboxie - Sandbox software for application isolation and secure Web browsing