close
  • Te chevron_right

    A new ‘Zombieload’ flaw hits Intel’s newest Cascade Lake chips

    news.movim.eu / TechCrunch – Yesterday - 18:00

Time to reset your “days since last major chip vulnerability” counter back to zero.

Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year , but targeting Intel’s latest family of chips, Cascade Lake.

Intel calls the vulnerability Transactional Asynchronous Abort, or TAA. It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.

The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.

Zombieload was discovered by the same researchers who found Meltdown and Spectre , a set of flaws that could be used to pick out secrets — like passwords — from the processor. It was believed later chip architectures, like Cascade Lake, were toughened against speculative execution attacks, while Intel rolled out software patches to reduce the attack surface.

Neither of the other vulnerabilities in the same family as Zombieload — notably Fallout and RIDL — work on Cascade Lake, they added.

But the researchers said that Intel’s efforts to change the chip design in Cascade Lake are “not sufficient” to protect against these kinds of side-channel attacks.

The same researchers warned Intel about the vulnerability in April — as it did with the other flaws they discovered that were patched a month later. Intel took until this month to investigate, the researchers said.

Intel released patches again for its vulnerable chips on Tuesday, acknowledging that its newest chips are vulnerable to the newest Zombieload variant. But the chip making giant recognizes that the mitigations “may not completely prevent the inference of data through a side channel using these techniques.”

The chip maker said there have been “no reports” of real-world exploits of the vulnerabilities.

  • Te chevron_right

    Facebook says a bug caused its iPhone app’s inadvertent camera access

    news.movim.eu / TechCrunch – Yesterday - 17:48

Facebook has faced a barrage of concern over an apparent bug that resulted in the social media giant’s iPhone app exposing the camera as users scroll through their feed.

A tweet over the weekend blew up after Joshua Maddux tweeted a screen recording of the Facebook app on his iPhone. He noticed that the camera would appear behind the Facebook app as he scrolled through his social media feed.

Several users had already spotted the bug earlier in the month. One person called it “a little worrying.”

Some immediately assumed the worst — as you might expect, given the long history of security vulnerabilities , data breaches and inadvertent exposures at Facebook over the past year. Just last week, the company confirmed that some developers had improperly retained access to some Facebook user data for more than a year.

Will Strafach, chief executive at Guardian Firewall , said it looked like a “harmless but creepy looking bug.”

The bug appears to only affect iPhone users running the latest iOS 13 software, and those who have already granted the app access to the camera and microphone. It’s believed the bug relates to the “story” view in the app, which opens the camera for users to take photos.

One workaround is to simply revoke camera and microphone access to the Facebook app in their iOS settings.

Facebook vice president of integrity Guy Rosen tweeted this morning that it “sounds like a bug” and the company was investigating. Only after we published, a spokesperson confirmed to TechCrunch that the issue was in fact a bug.

“We recently discovered that version 244 of the Facebook iOS app would incorrectly launch in landscape mode,” said the spokesperson. “In fixing that issue last week in v246 — launched on November 8th — we inadvertently introduced a bug that caused the app to partially navigate to the camera screen adjacent to News Feed when users tapped on photos.”

“We have seen no evidence of photos or videos being uploaded due to this bug,” the spokesperson added. The bug fix was submitted for Apple’s approval today.

“I guess it does say something when Facebook trust has eroded so badly that it will not get the benefit of the doubt when people see such a bug,” said Strafach.

Updated with Facebook comment.

  • Te chevron_right

    OpenText buys data backup firm Carbonite for $1.42B

    news.movim.eu / TechCrunch – 2 days ago - 14:06

Carbonite has agreed to a $1.42 billion purchase by OpenText, an enterprise information management giant, ending weeks of speculation about the anticipated buyout.

The deal marks a 78% premium on Carbonite’s share price on September 5, when it was first rumored the company was preparing to buy the backup and data recovery company. Carbonite said the board “strongly believes” the deal will return “substantial” cash value to shareholders, said Steve Munford, chairman of Carbonite’s board.

It ends a busy couple of years for Carbonite as the company has moved away from a traditional data backup business to a more proactive, defensive security company.

In February, Carbonite bought endpoint security company Webroot for $618.5 million in an all-cash deal, as the company pushed to protect against emerging threats like ransomware. Only a year earlier, Carbonite bought Mozy for $145 million, a cloud backup service.

Carbonite said at the time of its acquisition by OpenText, the backup company had losses of $14 million on revenues of $125.6 billion, an increase by 62% year-over-year.

Wall Street was expecting average revenues of $131.5 million.

  • Te chevron_right

    A browser bug was enough to hack an Amazon Echo

    news.movim.eu / TechCrunch – 4 days ago - 17:24

Two security researchers have been crowned the top hackers in this year’s Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo.

Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display.

The researchers found that the device uses an older version of Chromium, Google’s open-source browser projects, which had been forked some time during its development. The bug allowed them to take “full control” of the device if connected to a malicious Wi-Fi hotspot, said Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which put on the Pwn2Own contest .

The researchers tested their exploits in a radio-frequency shielding enclosure to prevent any outside interference.

“This patch gap was a common factor in many of the IoT devices compromised during the contest,” Gorenc told TechCrunch.

Amat Cama (left) and Richard Zhu (right), who make up Team Fluoroacetate. (Image: ZDI)

An integer overflow bug happens when a mathematical operation tries to create a number but has no space for it in its memory, causing the number to overflow outside of its allotted memory. That can have security implications for the device.

When reached, Amazon said it was “investigating this research and will be taking appropriate steps to protect our devices based on our investigation,” but did not say what measures it would take to fix the vulnerabilities — or when.

The Echo wasn’t the only internet-connected device at the show. Earlier this year the contest said hackers would have an opportunity to hack into a Facebook Portal, the social media giant’s video calling-enabled smart display. The hackers, however, could not exploit the Portal.

  • Te chevron_right

    Popular Android phones can be tricked into snooping on their owners

    news.movim.eu / TechCrunch – 5 days ago - 18:00

Security researchers have found several popular Android phones can be tricked into snooping on their owners by exploiting a weakness that gives accessories access to the phone’s underlying baseband software.

Attackers can use that access to trick vulnerable phones into giving up their unique identifiers, such as their IMEI and IMSI numbers, downgrade a target’s connection in order to intercept phone calls, forward calls to another phone or block all phone calls and internet access altogether.

The research, shared exclusively with TechCrunch, affects at least 10 popular Android devices, including Google’s Pixel 2, Huawei’s Nexus 6P and Samsung’s Galaxy S8+.

The vulnerabilities are found in the baseband firmware, the software that allows the phone’s modem to communicate with the cell network, such as making phone calls or connecting to the internet. Given its importance, the baseband is typically off-limits from the rest of the device, including its apps, and often come with command blacklisting to prevent non-critical commands from running. But the researchers found that many Android phones inadvertently allow Bluetooth and USB accessories — like headphones and headsets — access to the baseband. By exploiting a vulnerable accessory, an attacker can run commands on a connected Android phone.

“The impact of these attacks ranges from sensitive user information exposure to complete service disruption,” said Syed Rafiul Hussain, one of the co-authors of the paper , in an email to TechCrunch.

Hussain and his colleagues Imtiaz Karim, Fabrizio Cicala and Elisa Bertino at Purdue University and Omar Chowdhury at the University of Iowa are set to present their findings next month.

“The impact of these attacks ranges from sensitive user information exposure to complete service disruption.”
Syed Rafiul Hussain, Purdue University

Baseband firmware use a special language, known as AT commands, which control the device’s cellular functions. These commands can be used to tell the modem which phone number to call. But the researchers found that these commands can be manipulated. The researchers developed a tool, dubbed ATFuzzer , which tries to find potentially problematic AT commands.

In their testing, the researchers discovered 14 commands that could be used to trick the vulnerable Android phones into leaking sensitive device data, and manipulating phone calls.

But not all devices are vulnerable to the same commands or can be manipulated in the same way. The researchers found, for example, that certain commands could trick a Galaxy S8+ phone into leaking its IMEI number, redirect phone calls to another phone and downgrade their cellular connection — all of which can be used to snoop and listen in on phone calls, such as with specialist cellular snooping hardware known as “stingrays.” Other devices were not vulnerable to call manipulation but were susceptible to commands that could be used to block internet connectivity and phone calls.

The vulnerabilities are not difficult to exploit, but require all of the right conditions to be met.

“The attacks can be easily carried out by an adversary with cheap Bluetooth connectors or by setting up a malicious USB charging station,” said Hussain. In other words, it’s possible to manipulate a phone if an accessory is accessible over the internet — such as a computer. Or, if a phone is connected to a Bluetooth device, an attacker has to be in close proximity. (Bluetooth attacks are not difficult, given vulnerabilities in how some devices implement Bluetooth has left some devices more vulnerable to attacks than others.)

“If your smartphone is connected with a headphone or any other Bluetooth device, the attacker can first exploit the inherent vulnerabilities of the Bluetooth connection and then inject those malformed AT commands,” said Hussain.

Samsung recognized the vulnerabilities in some of its devices and is rolling out patches. Neither Huawei nor Google provided comment at the time of writing.

Hussain said that iPhones were not affected by the vulnerabilities.

This research becomes the latest to examine vulnerabilities in baseband firmware. Over the years there have been several papers examining various phones and devices with baseband vulnerabilities. Although these reports are rare, security researchers have long warned that intelligence agencies and hackers alike could be using these flaws to launch silent attacks.

  • Te chevron_right

    DNA testing startup Veritas Genetics confirms data breach

    news.movim.eu / TechCrunch – 6 days ago - 21:13

Veritas Genetics, a DNA testing startup, has said a data breach resulted in unauthorized access of some customer information.

The Danvers, Mass.-based company said its customer-facing portal had “recently” been breached but did not say when. Although the portal did not contain test results or medical information, the company declined to say what information had been stolen — only that a handful of customers were affected.

The company has not issued a public statement, nor has it acknowledge the breach on its website.

Spokesperson Rodrigo Martinez denied there was a data “theft” but provided no evidence for the claim. Its statement did not elaborate on the breach.

Bloomberg first reported the news.

Veritas, whose competitors include 23andMe, Ancestry and MyHeritage, says it can analyze and understand a human genome using an individual’s DNA, allowing customers to understand what health risks they may face in later life or pass on to their children.

Although the stolen data did not include personal health information, it’s likely to further fuel concerns that health startups, particularly companies dealing with sensitive DNA and genome information, can’t protect their users’ data.

Privacy remains an emerging concern in genetics testing after law enforcement have served legal demands against DNA collection and genetics testing companies to help identify suspects in criminal cases. Just this week, it was reported that a “game changer” warrant obtained in Florida allowed one police department to search the full database of GEDmatch, a DNA testing company, which last year was used by police to help catch the notorious Golden State Killer.

Some 26 million consumers have used an at-home genetics testing kit.

Updated with comment from Veritas.

  • Te chevron_right

    California accuses Facebook of ignoring subpoenas in state’s Cambridge Analytica investigation

    news.movim.eu / TechCrunch – 7 days ago - 18:54

California’s attorney general Xavier Becerra has accused Facebook of “continuing to drag its feet” by failing to provide documents to the state’s investigation into Facebook and Cambridge Analytica.

The attorney general said in a court filing Wednesday that Facebook had provided a “patently deficient” response to two sets of subpoenas for the previously undisclosed investigation started more than a year ago. “Facebook has provided no answers for nineteen interrogatories and produced no documents in response to six document requests,” the filing said.

Among the documents sought are communications by executives, including chief executive Mark Zuckerberg and chief operating officer Sheryl Sandberg, and documentation relating to the company’s privacy changes.

The filing said the social media giant was “failing to comply with lawfully issued subpoenas and interrogatories” for what the attorney general says involves “serious allegations of unlawful business practices by one of the richest companies in the world,” referring to Facebook.

Becerra is now asking a court to compel Facebook to produce the documents.

The now-defunct Cambridge Analytica scraped tens of millions of Facebook profiles as part of an effort to help the Trump presidential campaign decide which swing voters to target with election-related advertising. Facebook banned the analytics and voter data firm following the unauthorized scraping. Facebook was later fined $5 billion by the Federal Trade Commission for violating a privacy decree in 2012, which demanded that the company engaged in better privacy protections of its users’ data.

A Facebook spokesperson did not respond to a request for comment.

Developing… more soon.

  • Te chevron_right

    Google enlists mobile security firms to help rid Google Play of bad Android apps

    news.movim.eu / TechCrunch – 7 days ago - 17:25

Google has partnered with mobile security firms ESET, Lookout and Zimperium to combat the scourge of malicious Android apps that sneak into the Google Play app store.

The announcement came Wednesday , with each company confirming their part in the newly created App Defense Alliance. Google said it’s working with the companies to “stop bad apps before they reach users’ devices.”

The search giant has struggled to fight against malicious apps in recent years. Although apps are screened for malware and other malicious components before apps are allowed into Google Play, the search and mobile giant has been accused of not doing enough to weed out malicious apps before they make it to users’ devices.

Google said earlier this year that just 0.04% of all Android apps downloaded from Google Play were considered potentially harmful apps — or about 30 million potentially malicious apps.

Yet, it remains an ongoing problem.

ESET , Lookout , and Zimperium have all contributed to the discovery — and eventual takedown — of hundreds of malicious apps on Google Play in recent years.

But each time Google takes down a suspicious or malicious app from Google Play, the thousands or millions of users with the app installed on their phone remain vulnerable. The apps are not removed from devices, continuing to put users at risk.

By integrating its Google Play Protect technology, which serves as Android’s built-in antimalware engine, with each of its partners’ scanning engines, the collective effort will help to better screen apps before they are approved for users to download.

Google said that knowledge sharing and industry collaboration are “important” to combat rising mobile app threats.