• Tag Archives Hacked
  • Android security loophole lets apps take and upload pics without you knowing

    Google is always keen to downplay the problem of malware on Android, for obvious reasons, but that doesn’t make the underlying threats any less troubling. New threats are being discovered all the time, and as the platform grows – with over 1.5 million Android devices being activated every day – the potential to infect ever more devices grows too.

    It must be said that Google does a pretty decent job when it comes to eliminating malware from its own Play Store – less than 0.1% of apps there contain malicious code, according to F-Secure (pdf) – and efforts such ason-device monitoring have also helped to limit the impact of rogue software. But third-party Android stores fare considerably worse than this; according to Forbes, in one third-party store, a staggering 33% of apps were found to be infected.

    One such threat was documented by security researcher Szymon Sidor this week, who found that by creating an app that exploited a simple loophole in the OS, he was able to get a device to capture photos using its camera, and then upload them to a remote server, without the user having so much as a hint that anything untoward had happened.

    Your phone could be taking photos of you looking like this, without you knowing!

    Sidor said that he had observed numerous apps on Google Play that were capable of taking photos covertly, but each of them required a visible indication of the app’s activity on screen and, critically, for the screen to be switched on. As he wrote on his Snacks For Your Mind blog, he set about trying to see if there was a way to perform the same task, but without that visible indication.

    He succeeded, and he was able to do so by exploiting a simple loophole in Android’s security features. Android requires that, when a photo is being taken, a preview of the image viewfinder must be shown on the screen; it’s a measure to ensure that users know that the camera is engaged and not taking photos or videos of them without their knowledge.

    But Sidor adjusted the code in his testbed app to continue displaying that preview, but only on a single pixel. That makes it completely impossible for a user to be able to see the preview, and therefore none the wiser if an app were to covertly be capturing snaps of them and uploading them elsewhere. The app was also able to capture other details from the device, such as battery level (crucial in helping to avoid detection of the app via its battery drain), and even the current location of the device. Check out the video below:

    Perhaps the most disturbing finding is revealed in this little snippet (emphasis is ours):

    The result was amazing and scary at the same time – the pixel is virtually impossible to spot on Nexus 5 screen (even when you know where to look)! Also it turned out that even if you turn the screen completely off, you can still take photos, as long as the pixel is still there.

    Sidor’s post on his findings is well worth a read – and he also includes a few handy tips on how to protect yourself from the threat of malicious apps on your Android device. He acknowledges that he was not, in fact, the first to discover this flaw, but also adds that he has contacted Google with the details of his own research, in the hope that they will close the loophole with a future security patch.


    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Google DNS servers suffer brief traffic hijack

    Are security measures enabled?

    Traffic to Google’s commonly used public DNS service was rerouted over the weekend, meaning all traffic with Domain Name System resolution queries destined for Google’s servers ended up at a Venezuelan network instead.

    UK telco BT’s Latin America division in Venezuela became the destination for the IP address range used by Google, in a phenomenon known as BGP (border gateway protocol) hijacking, according to monitoring firm BGPmon.

    The rerouting affected networks in that country and Brazil for 22 minutes, BGPMon said.

    Why BT Latin America was able to announce the incorrect traffic routing despite Google’s security measures to protect against hijacking isn’t known. iTnews has put in queries with both BGPMon and BT LATAM.

    BGP traffic hijacking is on the rise, according to internet performance metrics analyst firm Renesys, which last year noted that over a period of two months, around 1500 IP address blocks were rerouted. Several were in Australia.

    Google’s and (IPv6: 2001:4860:4860::8888 and 2001:4860:4860::8844) free public DNS resolvers were set up in 2009 with the aim to provide better performance for queries, as well as improved security.

    They are said to fully support DNSsec security policies and validation, but it is not clear whether the routers for the servers’ network support resource public key infrastructure (RPKI) for BGP.

    These security measures provide route origination authorization objects (ROAs) that specify which autonomous systems can announce routes for certain IP address prefixes

    A query by iTnews at whois.bgpmon.net for the ROA for the network range did not produce any result, suggesting there is no policy in place to prevent BGP hijacking through wrong unauthorized announcements.

    Google’s free and open DNS infrastructure is very popular with users around the world. Last year, Google said its public DNS servers answer 130 to 150 billion queries a day from 70 million unique IP addresses.

    Similar large numbers were seen in a test by Geoff Huston at the Asia-Pacific Network Information Centre (APNIC) using just under 2.5 million clients. That test showed 7.2 percent had queries passed on to authoritative name servers from Google’s DNS service.


    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

  • Hackers behind TARGET data breach are looking for crackers to decrypt Credit card PINs

    I think you haven’t forgotten the massive data breach occurred at TARGET, the third-largest U.S. Retailer during last Christmas Holidays. People shop during Black Friday sales in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S.

    TARGET officially confirmed that the encrypted PINs (personal identification numbers) of payment cards were stolen in the breach, since the stolen pin data were in encrypted form so they were confident that the information was “Safe and Secure”, because PIN cannot be decrypted without the right key.

    The Breach was caused by a malware attack, that allowed the criminals to manipulate Point of Sale (PoS) systems without raising red flags and the card numbers compromised in the breach are now flooding underground forums for sale.

    Possibly a group of Eastern European cyber criminals who specializes in attacks on merchants and Point-of-Sale terminals either attached a physical device to the PoS system to collect card data or they infected the PoS system with malware which sniffed the card data as it passes through a PoS system.

    However, the hackers have all 40 Million payment card details, but the PINs are encrypted with Triple-DES (Data Encryption Standard), which is a highly secure encryption standard used broadly throughout the U.S.

    Recently, The Cyber Intelligence firm IntelCrawler noticed that a group of individuals are discussing in underground hacking forums, attempting to decrypt a 50GB dump of Triple DES (3DES) encrypted PIN numbers believed that it belongs to TARGET breach. They asked for a ‘pro hacker’ to decrypt the information at a fee of $10 per line.

    IntelCrawler also claims that cracking the Triple-DES may be a slow process, but not impossible and vulnerable to brute-force attack using cracking tools i.e. John the Ripper.

    Security researcher, Robert Graham writes a blog post, suggested that hackers can get PINs without decrypting them, because two identical PINs decrypt to the same value.

    For example, let’s say that the hacker shopped at Target before stealing the database. The hacker’s own debit card information will be in the system. Let’s say the hacker’s PIN was 8473. Let’s say that these encrypts to 98hasdHOUa. The hacker now knows that everyone with the encrypted PIN of “98hasdHOUa” has the same pin number as him/her, or “8473”. Since there is only 10,000 combination of PIN numbers, the hacker has now cracked 1000 PIN numbers out of 10 million debit cards stolen. He recommended that TARGET should at least salt the encryption, to make it more difficult for crackers.