Apple “inadvertently admitted” to iOS backdoor: forensics expert

July 23, 2014 – 5:36 AM

Apple has “inadvertently admitted” to creating a “backdoor” in iOS, according to a new post by a forensics scientist, iOS author and former hacker, who this week created a stir when he posted a presentation laying out his case.

Apple has created “several services and mechanisms” that let Apple — and, potentially, government agencies or malicious third parties — extract lots of personal data from iOS devices, says Jonathan Zdziarski. There is, he says, no way to shut off this data leakage and there is no explicit consent granted by endusers.

He made his case in a talk, “Identifying back doors, attack points, and surveillance mechanisms in iOS devices,” [available in PDF] at the annual HOPE X hackers conference last week in New York City. The talk was based on a paper published in the March issue of “Digital Investigation,” which can be ordered online.

Essentially, Zdziarski says that Apple over time has deliberately added several “undocumented high-value forensic services” in iOS, along with “suspicious design omissions…that make collection easier.” The result is these services can copy a wide range of a user’s personal data, and bypass Apple’s backup encryption. That gives Apple, and potentially government agencies, such as the National Security Agency, or just bad people intent on exploiting these service, the ability to extract personal data without the user knowing this is happening.

Source:
http://www.pcadvisor.co.uk/news/security/3532138/apple-inadvertently-admitted-to-ios-backdoor-forensics-expert/?olo=rss

EFF releases Firefox, Chrome plugin to stop online tracking

July 22, 2014 – 7:04 PM

The Electronic Frontier Foundation (EFF) has released a beta version of Privacy Badger, a browser extension for Firefox and Chrome that detects and blocks online advertising and other embedded content that tracks you without your permission.

Privacy Badger was launched in an alpha version less than three months ago, and already more than 150,000 users have installed the extension. Monday’s beta release includes a feature that automatically limits the tracking function of social media widgets, like the Facebook “Like” button, replacing them with a stand-in version that allows you to “like” something but prevents the social media tool from tracking your reading habits.

“Widgets that say ‘Like this page on Facebook’ or ‘Tweet this’ often allow those companies to see what webpages you are visiting, even if you never click the widget’s button,” said EFF Technology Projects Director Peter Eckersley. “The Privacy Badger alpha would detect that, and block those widgets outright. But now Privacy Badger’s beta version has gotten smarter: it can block the tracking while still giving you the option to see and click on those buttons if you so choose.”

EFF created Privacy Badger to fight intrusive and objectionable practices in the online advertising industry. Merely visiting a website with certain kinds of embedded images, scripts, or advertising can open the door to a third-party tracker, which can then collect a record of the page you are visiting and merge that with a database of what you did beforehand and afterward. If Privacy Badger spots a tracker following you without your permission, it will either block all content from that tracker or screen out the tracking cookies.

Source:
http://www.net-security.org/secworld.php?id=17152

Angler Exploit Kit delivers Tor-using Critroni ransomware

July 22, 2014 – 5:03 PM

Following an international takedown of Cryptolocker, new ransomware identified by Microsoft as Critroni.A has been gaining momentum since making a June appearance in underground marketplaces, according to a security researcher going by the name Kafeine.

The malware – which is marketed as CTB-Locker (Curve-Tor-Bitcoin Locker) and costs $3,000 per month – uses Elliptic Curve Diffie-Hellman encryption and its command-and-control is hidden on the Tor network, Fedor Sinitsyn, a senior malware analyst at Kaspersky Lab who is investigating the ransomware, told Threatpost.

Critroni is being served up in the wild by the Angler Exploit Kit, according to Kafeine. Once it claims a victim, the ransomware provides ample instructions on how to send the Bitcoin ransom. The Bitcoin ransom can be specified by the attacker, as can the extensions of files that are encrypted.

Source:
http://www.scmagazine.com/angler-exploit-kit-delivers-tor-using-critroni-ransomware/article/362227/

Beware Keyloggers at Hotel Business Centers

July 14, 2014 – 4:51 AM

The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests.

A DHS/Secret Service advisory dated July 10, 2014. In a non-public advisory distributed to companies in the hospitality industry on July 10, the Secret Service and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) warned that a task force in Texas recently arrested suspects who have compromised computers within several major hotel business centers in the Dallas/Fort Worth areas.

“In some cases, the suspects used stolen credit cards to register as guests of the hotels; the actors would then access publicly available computers in the hotel business center, log into their Gmail accounts and execute malicious key logging software,” the advisory reads.

“The keylogger malware captured the keys struck by other hotel guests that used the business center computers, subsequently sending the information via email to the malicious actors’ email accounts,” the warning continues. “The suspects were able to obtain large amounts of information including other guests personally identifiable information (PII), log in credentials to bank, retirement and personal webmail accounts, as well as other sensitive data flowing through the business center’s computers.”

Source:
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/

Gmail users on iOS at risk of data interception

July 11, 2014 – 7:22 AM

Apple users accessing Gmail on mobile devices could be at risk of having their data intercepted, a mobile security company said Thursday.

The reason is Google has not yet implemented a security technology that would prevent attackers from viewing and modifying encrypted communications exchanged with the Web giant, wrote Avi Bashan, chief information security officer for Lacoon Mobile Security, based in Israel and the U.S.

Websites use digital certificates to encrypt data traffic using the SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols. But in some instances, those certificates can be spoofed by attackers, allowing them to observe and decrypt the traffic.

That threat can be eliminated through certificate “pinning,” which involves hard coding the details for the legitimate digital certificate into an application.

Unlike for Android, Google doesn’t do this for iOS, which means an attacker could execute a man-in-the-middle attack and read encrypted communications, Bashan wrote. Google acknowledged the problem after being notified by Lacoon on Feb. 24, but the problem has not been fixed, he wrote.

Source:
http://www.pcadvisor.co.uk/news/security/3530133/gmail-users-on-ios-at-risk-of-data-interception/?olo=rss