BlackHat
Latest
Samsung denies its mobile payment platform is insecure
Every year the Black Hat conference highlights and analyzes security vulnerabilities in common services public awareness and a little infamy. On Sunday, a researcher released a paper criticizing the point-of-service purchasing system Samsung Pay for perceived weakness in its algorithm that could be exploited by hackers. In its security blog, the Korean tech giant refuted the claims, insisting that its math is different than described in the report and therefore still sound.
Apple announces $200,000 bug bounty program
Unlike many of the other major tech companies, Apple has never had a formal bug bounty program or corporate policy for welcoming outsiders who poke holes in their security features. However, as TechCrunch reports today, Apple's head of Security Engineering and Architecture Ivan Krstic announced at Black Hat that his company will now offer cash bounties of up to $200,000 for hackers and researchers who find and report security flaws in Apple products.
Carnegie Mellon may have ratted out Tor users to the FBI
In a story that may become an acid test for internet privacy, the operators of the Tor network have accused Carnegie Mellon University (CMU) of taking up to $1 million to help the FBI bust illegal sites. If the allegations are true, the defendants in question certainly had it coming -- they include the drug market Silk Road 2.0 and a child pornographer. However, Tor director Roger Dingledine questions the university's ethics in the attack. "We think it's unlikely they could have gotten a valid warrant ... [since it] appears to have indiscriminately targeted many users at once," he said.
Researchers can take complete control of Android phones
The wave of security issues with devices, cars and even skateboards continues as Check Point researchers presented a vulnerability at the Black Hat conference that could potentially open millions of Android up to hackers. Dubbed Certifi-gate, the researchers say that vulnerabilities in the OEM (manufacturers of Android devices like Samsung, LG and Sony) implementation of Remote Support allows a third party app's plugins to access a device's screens and actions using an OEMs own signed certificates.
Android fingerprint readers may be easier to hack than Touch ID
There's nothing like a Black Hat Security Conference to leave you feeling exposed and vulnerable. Today's compromise? Fingerprint readers. Security researchers Tao Wei and Yulong Zhang have exposed some pretty significant flaws in the Android fingerprint framework. The duo outlined a couple of different attacks -- including malware that can bypass fingerprint-authenticated payment systems and various backdoor attacks -- but the biggest offender was a "fingerprint sensor spying attack" that could remotely lift prints from affected phones. Researchers found the attack viable on both the HTC One Max and the Samsung Galaxy S5, but not on iPhone or other Touch ID devices.
A chat with Black Hat's unconventional keynote speaker
The most interesting thing about Black Hat 2015 keynote speaker Jennifer Granick isn't her gender -- though she appears against a backdrop of historically male keynotes. It's that Granick is director of civil liberties at the Stanford Center for Internet and Society. She previously held the same position at the Electronic Frontier Foundation -- and is known for defending some of the more notorious criminal hackers around, including Kevin Poulsen, Aaron Swartz, Jerome Heckenkamp and the hackers in the Diebold Election Systems case. Being the keynote speaker at the Black Hat conference means she's about to go front and center with the very organizations and government entities her clients have hacked. Granick is joining a colorful catalog of former keynoters who tend to represent the interests of the international cybersecurity conference's corporate-enterprise and government attendees.
Researchers create a worm that infects Macs silently and permanently
Macs have typically been heralded as the more secure of the two main operating systems. But according to researchers, at the firmware level, that's not necessarily true. Ahead of their 'Thunderstrike 2: Sith Strike' Black Hat presentation, Xeno Kovah, Trammell Hudson and Corey Kallenberg demonstrated to Wired that Macs have some of the same vulnerabilities as their Windows counterparts. The exploit is especially troubling because now a phishing email or click on a link on a malicious site could compromise the computer. This is in addition to the exploit shown last year that was spread by the ROM of infected external drives and accessories like a Thunderbolt to ethernet adapter. These exploits are nearly impossible to detect because security software doesn't scan the firmware and reinstalling the system doesn't remove the problem.
Hackers can crack the self-aiming rifle to change its target
TrackingPoint's computer-augmented rifle sights, better known as the ShotView targeting system, have set off a wave of controversy and debate since they first debuted in 2014. That debate is about to get even hotter now that security researchers Runa Sandvik and Michael Auger have shown Wired a way to break into the rifle and shut it down or, even worse, change the target to the hacker's choosing.
Fiat Chrysler recalls 1.4 million vehicles after remote hack
Fiat Chrysler Automobiles (FCA) will patch 1.4 million US vehicles following the reveal of a hacking method by Wired. The "voluntary safety recall" -- which it seems will come in the form of a USB dongle -- applies to vehicles equipped with 8.4-inch touchscreen in-car-entertainment systems. Affected cars include Jeep Grand Cherokee and Cherokee SUVs, Dodge Ram pickups and many others. If you're concerned your vehicle may be affected, you can see the full list here.
Hurry up and patch your Chrysler against this wireless hack
Last week Chrysler quietly released a software update for its optional Uconnect in-car entertainment system. And while the official purpose was "to improve vehicle electronic security", Wired reports that the patch is really aimed at fixing a terrifying flaw in the system's security. One that could allow hackers to remotely shut down your vehicle at slow speeds or hijack its steering, brakes, and transmission.
'Blackhat' bores, but at least gets hacking right
What is it about hackers that invariably stumps Hollywood? Even when filmmakers get the details right, as Michael Mann does with Blackhat, his moody exploration of cyberterrorism, they often stumble when it comes to making us actually care about what's happening on screen. There are rare counterexamples, like The Social Network, which manages to make the founding of Facebook visually and narratively compelling. But, for the most part, films that center on characters pecking away at keyboards are either campy, like Swordfish, or just plain boring, like The Net. And boy, Blackhat is such a snoozefest that I wish it had the cracked-out verve of seeing Hugh Jackman hack while getting a blowjob with a gun pointed at his head (Swordfish is crazy, folks).
Blackhat trailer promises a hacking thriller, computer screens that beep
Question: What is the title of that movie that revolves around a hacker (or two) caught up in a huge scheme or conspiracy that has something to do with a gargantuan corporation and/or the government? Your choices are: A.) Young-Angelina Jolie starrer Hackers B.) Travolta, Berry and Jackman movie Swordfish C.) Chris Hemsworth's new flick Blackhat D.) All of the above
Researchers crack iPad PINs by tracking the fingers that enter them
What's the easiest way to find out someone's password? Watch them enter it, of course, using the simple hacking technique known as shoulder surfing. Cameras and software have successfully been used by researchers to automate and improve the accuracy of snooping on smartphone users with such observational methods, but they require a direct line-of-sight to work. Now, as Wired reports, a group at the University of Massachusetts Lowell has developed a way to capture iPad passcodes without needing any kind of on-screen cue. A camera is still required, but because the position of the lockscreen keypad is static, their software references finger movement against tablet orientation to estimate the PIN by the way it's entered.
State-sponsored hackers are attacking news outlets on a massive scale
It's not hard to spot instances of state-sponsored hacking against dissidents and terrorism suspects, but it now appears that these attacks frequently target the press -- and more often than you see in the news. Google security engineers report that 21 of the top 25 media outlets worldwide have faced some kind of government-backed hacking attempt, with many of them flying under the radar. In Vietnam, for instance, attackers have tried to discourage coverage of human rights issues by tricking journalists into compromising their PCs. Google argues that awareness is the solution. The more press organizations recognize the online threat, the better they can lock things down and make sure their stories get heard. [Image credit: European Union 2012 - European Parliament, Flickr]
Apple: iOS 7 fixes the nefarious charger hack
Three Georgia Tech hackers demonstrated how to install malware on an iPhone using a custom charger at the Black Hat USA 2013 conference, according to a report in ZDNet. The hack exploits a vulnerability that is present in all shipping versions of iOS, but has been patched in the latest beta version of iOS 7. Billy Lau, Yeongjin Jang and Chengyu Song showed off their malicious "Mactans" charger that was constructed with a BeagleBoard running Linux. Once an iPhone was attached to the charger, an unsuspecting user could type in his passcode to access his phone and kick off a chain of events that would compromise his handset. In the Black Hat demo, custom software running off the BeagleBoard deleted the Facebook app on the phone and replaced it with a fake, malicious app. The Georgia Tech team informed Apple about this vulnerability, but it has not been patched in iOS 6 or older. Apple told Reuters that this vulnerability has been closed in iOS 7 beta 4. "We would like to thank the researchers for their valuable input," Apple spokesman Tom Neumayr told Reuters.
Pwnie Express' Pwn Plug R2 lets you hackproof networks over 4G
Pwnie Express has a knack for stuffing powerful security testing tools into innocuous housings, and this time they're flexing that unique talent with the Pwnie Plug R2. Ars Technica's gotten ahold of the contraption ahead of its debut at the Black Hat conference, and it's boasting a healthy number of upgrades, including 4G service through AT&T and T-Mobile. Security hawks keen on testing network safety will be greeted with a fresh UI, one-click penetration tests and a new OS dubbed Pwnix, which is a custom version of the Debian-based Linux distro Kali. When it comes to hardware, the box packs a 1.2GHz Armada-370 ARM CPU, 1GB of RAM, a 32GB microSDHC card, a pair of gigabit Ethernet ports, a high-gain industrial Bluetooth adapter, two USB slots and a microUSB port. Naturally, the package supports WiFi 802.11 b/g/n and carries a SIM slot. If the $895 asking price doesn't make you flinch -- or you dig daydreaming about hacking for good or evil -- venture to the source for a breakdown of the gear's abilities.
Automotive takeover schemes to be detailed at Defcon hacker conference
It's not like Toyota hasn't already faced its fair share of Prius braking issues, but it appears that even more headaches are headed its way at Defcon this week. Famed white hats Charlie Miller and Chris Valasek are preparing to unleash a 100-page paper at the annual hacker conference in Las Vegas, and notably, hacks that overtake both Toyota and Ford automotive systems will be positioned front and center. The information was gathered as part of a multi-month project that was funded by the US government, so it's important to note that the specifics of the exploits will not be revealed to the masses; they'll be given to the automakers so that they can patch things up before any ill-willed individuals discover it on their own. Using laptops patched into vehicular systems, the two were able to force a Prius to "brake suddenly at 80 miles an hour, jerk its steering wheel, and accelerate the engine," while they were also able to "disable the brakes of a Ford Escape traveling at very slow speeds." Of course, given just how computerized vehicles have become, it's hardly shocking to hear that they're now easier than ever to hack into. And look, if you're really freaked out, you could just invest in Google Glass and walk everywhere.
Some SIM cards can be hacked 'in about two minutes' with a pair of text messages
Every GSM phone needs a SIM card, and you'd think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs -- who found a hole in GSM call encryption several years ago -- has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM's digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data. Apparently, this can all be done "in about two minutes, using a simple personal computer," but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren't affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There's no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you're listening, fine folks at the NSA, tickets are still available.
Daily Update for June 3, 2013
It's the TUAW Daily Update, your source for Apple news in a convenient audio format. You'll get all the top Apple stories of the day in three to five minutes for a quick review of what's happening in the Apple world. You can listen to today's Apple stories by clicking the inline player (requires Flash) or the non-Flash link below. To subscribe to the podcast for daily listening through iTunes, click here. No Flash? Click here to listen. Subscribe via RSS
Modified iPhone charger installs malware
iOS may be susceptible to hacking via a malicious charger says a Black Hat briefing by Billy Lau, Yeongjin Jang and Chengyu Song. This approach uses a charger that looks like a standard charger, but has malicious software on it. When an iOS device is plugged into the charger, an attacker can bypass iOS defense mechanisms and compromise a device within one minute of it being plugged in. The team built a prototype charger using a BeagleBoard and was able to demonstrate how easy it is to build a malicious charger, even on a limited budget. This attack affected any current-generation Apple device running the latest version of iOS and did not require the targeted device to be jailbroken.
