exploit
Latest
Samsung's in-house OS is a security nightmare
Samsung's Tizen platform might give the company the technological independence it wouldn't have if it stuck to outside software like Android, but it's apparently a security disaster. Researcher Amihai Neiderman tells Motherboard he has discovered 40 unpatched vulnerabilities in Samsung's operating system, exposing many of its smartphones, smartwatches and TVs to remote attacks. Reportedly, it's the "worst code" the expert has "ever seen" -- it was designed by a team that had no real understanding of security concepts, and makes mistakes that virtually anyone else would avoid.
Exploit attacks your smart TV through over-the-air signals
Worries that someone could hijack your TV with a broadcast have been present for decades (ever see The Outer Limits?), and it's clear that they're not going away any time soon. Oneconsult security researcher Rafael Scheel has outlined an attack that can control smart TVs by embedding code into digital (specifically, DVB-T) over-the-air broadcasts. The intrusion takes advantage of flaws in a set's web browser to get root-level access and issue virtually any command. You only need to have a transmission powerful enough to reach compatible TVs, and at least one attack will work without revealing that something is wrong.
Nest security cameras can be knocked out via Bluetooth
Your connected security camera might not be as trustworthy a defense as you think. Security researcher Jason Doyle has published details of three vulnerabilities in the Nest Cam, Dropcam and Dropcam Pro that lets an attacker disable their recording over Bluetooth. Two of them, which rely on sending excessively long WiFi data, will trigger a memory overflow that makes the camera crash and reboot. The third exploit tricks the camera into temporarily disconnecting from WiFi by making it try to connect to another network.
WikiLeaks won't share CIA exploits unless companies meet terms
WikiLeaks offered to work with tech companies to patch the CIA's leaked security exploits, but there has been a whole lot of silence ever since. Why? That depends on who you ask. Motherboard sources claim that WikiLeaks "made demands" of the companies before it would hand over necessary details of the vulnerabilities, including a requirement that they promise to issue security patches within 90 days. Potential fixes are reportedly stuck in legal limbo, the tipsters say, as the companies are worried about writing patches based on leaked info, not to mention the origins of the leak. They're worried that Russia might have been responsible for forwarding the info.
'Many' Android exploits in WikiLeaks CIA files are already fixed
Apple isn't the only company scrambling to reassure the public that it has fixed most of the CIA exploits revealed in WikiLeaks' latest disclosure. Google tells CNET it's "confident" that security patches and safeguards already protect you against "many" of the exploits in both Android and the Chrome web browser. The internet giant will also "implement any further necessary protections" for flaws that have yet to be patched.
WikiLeaks offers to work with tech firms to fix CIA exploits
Founder Julian Assange says that WikiLeaks will offer tech companies access to CIA's leaked hacking techniques and code. During a news conference held at The Embassy of Ecuador in London on Thursday, he said that it would allow firms time to "develop fixes" before further details about the techniques are revealed to the public. Assange said the CIA tools could be used to tap into servers, smartphones and even your TV.
Your WD networked drive is vulnerable to remote attacks
If you have one of Western Digital's My Cloud nstorage drives, you might be particularly vulnerable to internet attacks. Exploitee.rs has discovered a number of unpatched security flaws in most My Cloud models that let remote intruders bypass the login, insert their own commands and upload files without permission. In numerous cases, it's a matter of poorly implemented scripts. Also, every command exectued through the web interface has full access to the operating system -- an attacker would have the keys to the kingdom.
Hackers break into Samsung Smartcam again
Samsung's SmartCam has fit into users' DIY surveillance setups for years thanks to its smartphone control and local (non-cloud) storage. But at last August's DEFCON 22 security conference, members of the hacking blog Exploiteers listed exploits for the networked camera that allowed remote camera execution and let them change the administrator's password. Rather than fix it, Samsung ripped out the accessible web interface and forced users to run their SmartCams through the device giant's SmartCloud website. So, like good little hackers, Exploiteers broke into the camera again with a different exploit.
Malware infects computers by hiding in browser ad GIFs
Unless you still use Internet Explorer (and please don't do that), you probably don't have to worry about new malware discovered by Eset researchers. However, the Stegano exploit kit shows how adept hackers have become at slipping infected ads past major networks and then hiding the malware from discovery. It's been operating stealthily for the last two years and specifically targeting corporate payment and banking services.
Tor exploit targeted visitors to a Dark Web child porn site
Word has been circulating of a security exploit being used to compromise Tor Browser users, and we now know who some of the targets are. Motherboard has learned that the JavaScript-based attack was used to target visitors to The GiftBox Exchange, a Dark Web child pornography site. The discovery not only raised alarm bells on the shadier side of the Dark Web (one wiki warned that it was a "NIT," or a network investigative technique used by law enforcement), but led GiftBox to abruptly shut down on November 15th out of fear of police action. You won't find many people shedding a tear over the closure, of course. However, it raises a question: just who's using it?
Malware uses Facebook and LinkedIn images to hijack your PC (updated)
Malware doesn't always have to attack your computer through browser- or OS-based exploits. Sometimes, it's the social networks themselves that can be the problem. Researchers at Check Point have discovered that a variant of known ransomware, Locky, is taking advantage of flaws in the way Facebook and LinkedIn (among others) handle images in its bid to infect your PC. The trick forces your browser to download a maliciously coded image file that hijacks your system the moment you open it. If you do, your files are encrypted until you pay up.
Microsoft patches Google-outed Windows security hole
As promised, Microsoft has issued a fix for the Windows security flaw that Google disclosed before a patch was ready. The update tackles vulnerabilities in numerous versions of Windows (from Vista through Windows 10) that would let an attacker get control of your system through a malicious app. You're already safe if you use Windows 10 Anniversary Update and an up-to-date browser, we'd add -- this is for people who can't or won't move to a newer operating system.
Android's latest update doesn't patch major security flaw
The November Android security update is live and it fixes 15 critical vulnerabilities, but it doesn't patch a major Linux kernel exploit that can give hackers quick and complete access to devices running on Google's OS. Researcher Phil Oester discovered the flaw (CVE-2016-5195) in October, though he believes it's existed since 2007. The exploit is known as "Dirty COW" because of its basis in copy-on-write systems (and maybe because that name is adorable).
Microsoft patch for Google-outed exploit is still a week away
Microsoft is still more than a little upset at Google revealing unpatched Windows security flaws, but it'll at least have a solution in hand in the days ahead. The software giant now plans to issue a patch for affected version of Windows on November 8th. You're in good shape if you use both Windows 10 Anniversary Update and a sufficiently up to date browser (both Chrome and Edge should be safe), but you'll definitely have to be cautious if you can't use one of the known safe browsers or the latest version of Windows.
Google reveals unpatched Windows bug that hackers are exploiting (update)
Google has revealed that it came across previously undiscovered Flash and Windows vulnerabilities in October, and one of them remains unpatched. The tech titan gave both Adobe and Microsoft a heads-up on October 21st -- Adobe issued a fix on October 26th through a Flash update, but Microsoft hasn't released one for its platform yet. The real problem is, according to Google, that unpatched Windows flaw is "being actively exploited."
Teen arrested for sharing exploit that almost brought down 911
An Arizona teen is discovering why you should think very carefully about sharing exploits online: you don't know what people will do with them... or in some cases, that you're sharing the right exploits. Phoenix police have arrested 18-year-old Meetkumar Hitesbhai Desai on computer tampering charges after he publicly posted a version of iOS-based JavaScript attack that he thought would only deliver annoying pop-ups, but actually made bogus 911 calls. In the Phoenix region, there were so many hang-up calls (there were 1,849 link clicks in total) that there was the "potential danger" of emergency phone services going down, the Maricopa County Sheriff's Office says. California and Texas police saw call spikes, too.
Cybersecurity firm offers $1.5 million for iPhone exploits
A previously undisclosed (aka zero-day) exploit can fetch enough money to buy its finder a house. Zerodium, a firm that buys security exploits, has announced that it's paying $1.5 million for one that can be used to take over iPhones and iPads. That's thrice what the company used to offer, though it did up the bounty to $1 million last year for a limited time. While that very much smelled like PR stunt, Zerodium did end up having to pay one group the full amount. Unlike that time, this price bump is permanent. Anyone who's OK with the fact that Zerodium will sell their find to the government and to various corporations can cash in anytime.
Google fixes two serious Android security flaws
Google's mobile security team has definitely been busy cleaning house this week. The company has released an Android update that closes two security holes that could pose a major threat if intruders found a way to exploit them. The first was only designed for "research purposes" and would only have been malicious if modified, Google tells Ars Technica, but it wouldn't have been hard to detect or weaponize.
Hackers temporarily reactivate suspended Twitter accounts
When Twitter takes an offensive account offlinen it usually stays down for good, but a hacking group now claims that it's discovered a way to reactivate and take control over inactive and suspended accounts. A group called "Spain Squad" briefly reactivated banned accounts like @Hitler, @DarkNet, @1337, @Hell and @LizardSquad -- hoping to sell them to users seeking valuable screenames.
Apple patches three zero-day exploits after activist is hacked
Apple has rolled out a patch for three previously unknown zero-day exploits that were used to target the iPhone 6 of Ahmed Mansoor, an award-winning human rights activist based in the United Arab Emirates. Security company Lookout and internet watchdog group Citizen Lab investigated the attack on Mansoor's iPhone and found it to be the product of NSO Group, a "cyber war" organization based in Israel that's responsible for distributing a powerful, government-exclusive spyware product called Pegasus.
