Social Icons

Showing posts with label data breach. Show all posts
Showing posts with label data breach. Show all posts

Saturday, September 12, 2015

vCard Vulnerability : WhatsApp

1.     WhatsApp,the exceedingly renowned application that has actually swung around the way we all chat, talk, share and do so many things has so many PROs but over this small period of time since its inception it has also been the quarry of cyber criminals. With a user base as strong as 900 million active users in Apr 2015,any vulnerability in the architecture cosmos is destined to be a remunerative lure for any cyber criminal. A recent vulnerability in the form of simply sharing a vCard with other user discovered by Check Point security researcher Kasif Dekel has come to the fore. It involves simply sharing the seemingly guileless vCard with the victim and as the victim clicks the vCard, his task his over since rest will be done in the background by the malicious code terra incognita to the user. This vCard actually exists as an executable file and gets into action the moment it gets clicked by the user in the application. 
 
 

RESOLVED by update from WhatsApp 

2.   WhatsApp affirmed and recognized the security egress and have released the fix in all versions greater than 0.1.4481 and blockaded that especial lineament. 

How it Happens? 

3.   To activate the code, Kasif Dekel ascertained an attacker could just inject the command to the name attribute of the vCard file, separated by the ‘&’ character. When executed, it will attempt to run all lines in the files, including controlled injection line. Once such a contact is made, all an attacker has to do is share it via the normal WhatsApp client. 

What made the application Vulnerable? 

4.    WhatsApp Web allows users to view any type of media or attachment that can be sent or viewed by the mobile platform/application. This includes images, videos, audio files, locations and contact cards.Thus the default action runs for the vCard for running the code whilst being understood as sharing the contact details. 
 
What can it do ?
 
Once the code is activated,it is bound to take complete control over the target machine and will definitely monitor the user’s activities and use the target machine to spread malicious malwares and viruses ahead.

Timelines by CHECKPOINT on the vulnerability 
 
    August 21, 2015 – Vulnerability disclosed to the WhatsApp security team.
    August 23, 2015 – First response received.
    August 27, 2015 – WhatsApp rolls out fixed web clients (v0.1.4481)
    September 8, 2015 – Public disclosure 

Thanks CHECKPOINT

Monday, May 04, 2015

Hardware Trojans : Do we have a Solution or Clue to resolve?

1.    IT Security is an ever interesting field and those passionate about this field will always find surplus to read about so many happening things in the field.In the already chaotic environs of Cyber Security there comes another GIGANTIC issue...by the name of HARDWARE TROJANS and I use this word Gigantic not just to reflect my reaction on the subject...but for any first time reader on the subject this will be a huge issue in times to come and is already in for majors.The issue is yet unattended because no one has clue where to detect,how to detect and what to do to resolve?

2.   Electronic systems have proliferated over the past few decades to the point that most aspects of daily life are aided or affected by the automation, control, monitoring, or computational power provided by Integrated Circuits (ICs). The ability to trust these ICs to perform their specified operation (and only their specified operation) has always been a security concern and has recently become a more active topic of research. Without trust in these ICs, the systems they support cannot necessarily be trusted to perform as specified and may even be susceptible to attack by a malicious adversary.A new disruptive threat has surfaced over the past five years  , a hardware-based security threat known as the Hardware Trojan.Hardware Trojans are intentional,malicious modifications to electronic circuitry designed to disrupt operation or compromise security including circuitry added into Integrated Circuits (ICs). These ICs underpin the information infrastructure of many critical sectors including the financial, military, and industrial sectors.Consequently, hardware trojans pose a security risk to organisations due to the broad attack surface and specific organisations’ reliance on ICT infrastructure. Hardware trojans can be difficult to prevent and even more difficult to detect. Most of the current security protection mechanisms implicitly trust the hardware, allowing hardware trojans to bypass software or firmware security measures .Hardware trojans inserted during fabrication or design stages can become widely dispersed within an organisation and pose a systemic threat.

3.   Hardware Trojans are usually composed of a Trigger and a Payload.The trigger is the activation mechanism and the payload generates the effect. Prior to triggering, a hardware trojan lies dormant without interfering with the operation of any electronics.The trigger mechanism for our network hardware trojan is based on a communication channel in network packet timing, while the payload is an adjustable degradation level of the ethernet channel through noise injection into the ethernet controller’s clock.
4.  The ease with which Hardware Trojans can make their way into modern ICs and electronic designs is concerning. Modifications to hardware can occur at any stage during the design and manufacturing process, including the specification, design, verification and manufacturing stages. Hardware Trojans may even be retro-fitted to existing ICs post manufacture.

5.   With above as a preview it makes any one wonder upto what extents would one require to go for a 100 % secure IT attribute.Imagine the risk stake this would put on a typical country who is entirely dependent on global vendors for its own Defence and Consumer goods....or for that matter even developing countries would feel the pinch....no clue as to where to start from...or even if a frame work is desired to setup a standard for controlling this menace it would be prudent to only get dependent off shores since in most of the cases expertise would not exist only.......

Thanks to these two papers for giving me an over view on the subject.

Hardware Trojans – A Systemic Threat by John Shield, Bradley Hopkins, Mark Beaumont, Chris North

Hardware Trojans – Prevention, Detection,Countermeasures by Mark Beaumont, Bradley Hopkins and Tristan Newby

Sunday, February 15, 2015

ANTHEM INC Data Breach : What is it all about?

1.   January 29, 2015,has gone down to record one of the greatest data breaches in the history of breaches and will be long a case study for students to learn of how it all happened.This particular breach relates to  Anthem Inc,the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, that discovered that cyber attackers executed a sophisticated attack to gain unauthorized access to its IT system and obtained personal information relating to consumers who were or are currently covered by Anthem.It is believed that this suspicious activity may have occurred over a course of several weeks beginning December, 2014.

2.    Anthem disclosed that it potentially got stolen over 37.5 million records that contain personally identifiable information from its servers. According to The New York Times about 80 million company records were hacked, and there is fear that the stolen data will be used for identity theft

3.  This post brings out few key points of what ever has been discovered and revealed till now...

-   The compromised information contained names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses and employment information, including income data.

- Till now credit card ,banking information,financial,medical information  compromise has not been validated.

-   As per site...“With nearly 80 million people served by its affiliated companies including more than 37.5 million enrolled in its family of health plans, Anthem is one of the nation’s leading health benefits companies.”....shows the quantifed prone customers effected likely...and thats huge....

-   Once the attack was discovered, the company immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.

-   Analysis of open source information on the cyber criminal infrastructure likely used to siphon 80 million Social Security numbers and other sensitive data from health insurance giant.

-   Less than 6 months ago a similar breach effected CHS(Community Health Systems, Inc.) of 4.5 million patient records that was attributed to “highly sophisticated malware”.

-   The Company and its forensic expert believe the attacker was an “Advanced Persistent Threat” group originating from China who used highly sophisticated malware and technology to attack the Anthem Inc Company'’s systems. 

-   According to the Associated Press, the attackers who targeted and exfiltrated more than 80 million customer records from Anthem Inc, were able to commandeer the credentials of at least five different employees.  We know from Anthem themselves that at least one admin account was compromised, as the admin himself noticed his credentials being used to query their data warehouse.


HOW IT COULD HAVE HAPPENED?

"Looking at job postings and employee LinkedIn profiles it appears that the data warehouse in use at Anthem was TeraData. By doing some quick searches on LinkedIn I was able to find more than 100 matches for TeraData in profiles of current employees at Anthem, including, CXOs, system architects and DBAs. Discovering these employees emails is trivial and would be the first step attackers could take to identify who to target for spear-phishing campaigns.

Once they are able to compromise a few high level employee systems through a phishing campaign either through malware attachments or through a browser exploit, gaining access to a user’s database credentials would be trivial. This would be where the “sophisticated malware” that is being reported would be utilized, if the malware was designed specifically for this attack it would evade most anti-virus products.

What may be a key weakness here is that it appears there were no additional authentication mechanisms in place, only a login/password or key, with administrative level access to the entire data warehouse. Anthem’s primary security sin may not have been the lack of encryption, but instead improper access controls. Although it appears the user data was not encrypted, in Anthem’s defense if the attackers had admin level credentials encryption would have been moot anyway.

I should note that TeraData provides quite a few security controls, including encryption, as well as additional data masking features, even specifically called out for protecting Social Security Numbers and related data. So odds are the actual vulnerability here is not in the software, operating system or hardware, but how the system and access controls were configured based on business and operational requirements."


Source : http://www.tripwire.com/state-of-security/incident-detection/how-the-anthem-breach-could-have-happened/
Another set of possibilities vide The Hacker News THN Post refers at http://thehackernews.com/2015/02/anthem-data-breach.html
Powered By Blogger