Cyber Security Training from QA

Cyber Pulse: Edition 27

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


10 August 2018

Security flaws let hackers hit in-flight and at sea WiFi

Multiple deployed satellite communications (SATCOM) products have security flaws, according to IOActive researcher Ruben Santamarta, who will present research in the field Wednesday at the cybersecurity conference Black Hat.The systems are used in everything from airplane in-flight WiFi and entertainment systems to communications on ships. Santamarta found vulnerable systems in both. Hacking an in-flight WiFi system can't crash a plane — that's a different system. But think about the damage a hacker could cause to an airline by sending an alert to in-flight entertainment systems to prepare for a crash landing. While IOActive had presented on security problems in device software, it hadn't previously checked the prevalence of the flaws in the real world. In 2014, those scenarios were theoretical. After four years, we’ve proved they are real. Santamarta also discovered ways a hacked system could be weaponized to exert harmful radio frequency broadcasts. The 2014 presentation found a bevy of problems in SATCOM, including flawed protocols, poor encryption and hard coded passwords. IOActive found accessible systems in NATO conflict zones, where SATCOM is used for sending communications to a remote region. Those systems include at least one major airline carrier being kept secret until the presentation. The firm found some systems at sea that had been infected in malware, although it was unclear whether that was a targeted attack.

Flaw in WhatsApp leaves opening for hackers

Researchers at an Israeli cybersecurity firm said on Wednesday they had found a flaw in WhatsApp that could allow hackers to modify and send fake messages in the popular social messaging app. CheckPoint said the vulnerability gives a hacker the possibility "to intercept and manipulate messages sent by those in a group or private conversation" as well as "create and spread misinformation". The report of the flaw comes as the Facebook-owned is coming under increasing scrutiny as a means of spreading misinformation due to its popularity and convenience for forwarding messages to groups. Last month, the app announced limits of forwarding messages following threats by the Indian government to take action after more than 20 people were butchered by crazed mobs after being accused of child kidnapping and other crimes in viral messages circulated wildly on WhatsApp. WhatsApp said in a statement: "We carefully reviewed this issue and it's the equivalent of altering an email to make it look like something a person never wrote." However, WhatsApps said: "This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp." The app noted it recently placed a limit on forwarding content, added a label to forwarded messages, and made a series of changes to group chats in order to tackle the challenge of misinformation. Founded in 2009 and purchased by Facebook in 2014, WhatsApp said that at the beginning of the year it had more than 1.5 billion users who exchanged 65 billion messages per day.

Researchers Find Serious Security Flaw In Samsung Galaxy S7 Phones

Samsung smartphone used by millions around the world is reportedly susceptible to a potentially devastating security flaw. The Samsung Galaxy S7, which is the phone of choice for around 30 million people around the world, can be hacked using the infamous “Meltdown” vulnerability, Reuters reported. A group of researchers from Graz Technical University in Styria, Austria, were apparently able to exploit the hack on the Galaxy S7, which originally launched in 2016. Samsung, for its part, said it had updated the Galaxy S7’s software twice in 2018 to increase security against Meltdown. The first came in January and the second came in July. “Samsung takes security very seriously and our products and services are designed with security as a priority,” Samsung told Reuters in a statement. Meltdown, and a counterpart security exploit called Spectre, have prompted hardware manufacturers to issue security updates to their devices in recent months. In simple terms, Meltdown and Spectre are worrisome because they theoretically allow hackers to get right into a device’s central processing unit (or CPU) and see any data stores in the device, according to PC World. What makes the two exploits such a concern for the tech world is that they can affect basically any device on the market. They can affect devices with Intel or AMD processors, which power a majority of personal computers and phones. Even Macs are not safe. The easiest way to keep data secure is to make sure every device is properly updated to the latest version, as device makers have scrambled to patch those holes throughout 2018. The good news for Galaxy S7 owners is that nobody has reported any Meltdown hacks on that particular phone outside of the Graz research team conducting tests. In fact, there have been no confirmed Meltdown or Spectre attacks.

Snapchat Source Code Leaked

Hackers obtained some source code for the popular messaging application Snapchat and made it public on GitHub, claiming that they were ignored by the app’s developer. The source code appears to be for the frontend of Snapchat for iOS. The company behind Snapchat, Snap Inc., has confirmed that the code is genuine by getting GitHub to remove it using a DMCA (Digital Millennium Copyright Act) request. When users file a DMCA request with GitHub, they are instructed to provide a detailed description of the original copyrighted work that has allegedly been infringed. In this section, a Snap representative wrote, “Snapchat source code. It was leaked and a user has put it in this GitHub repo. There is no URL to point to because Snap Inc. doesn't publish it publicly.” Snapchat told several news websites that the leak is a result of an iOS update made in May that exposed a “small amount” of its source code. The issue has been addressed and the company says the incident has not compromised its application and had no impact on the Snapchat community. Messages posted on Twitter by the individuals who appear to be behind the source code leak suggest that they are expecting some sort of “reward” from Snapchat. It’s not uncommon for researchers who find vulnerabilities to quarrel with vendors over the impact or severity of a bug. However, Snapchat appears to be the target of an extortion attempt considering that the hackers say they will continue posting the code. While Snap says the code posted online has been removed, at least two forks (i.e. copies) exist on GitHub and they suggest that the code has been online since May 24. A few hours before this article was published, the original hackers also re-uploaded the code to GitHub. Snapchat does have an official bug bounty program powered by HackerOne and the company has been known to award significant rewards for critical vulnerabilities. Last year, two researchers earned a total of $20,000 for finding exposed Jenkins instances that allowed arbitrary code execution and provided access to sensitive data.

Emma’s Diary fined £140,000 for selling personal information for political campaigning

The Information Commissioner’s Office (ICO) has fined Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, £140,000 for illegally collecting and selling personal information belonging to more than one million people. The data broking company, which provides advice on pregnancy and childcare, sold the information to Experian Marketing Services, a branch of the credit reference agency, specifically for use by the Labour Party. Experian then created a database which the party used to profile the new mums in the run up to the 2017 General Election. The Labour Party was then able to send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children’s centres. The ICO investigation found that Emma’s Diary’s privacy policy did not disclose that the personal information given would be used for political marketing or by political parties. This is a breach of the Data Protection Act 1998.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Useful links

Cyber Pulse: Edition 26

Cyber Pulse: Edition 25

Cyber Pulse: Edition 24

Cyber Pulse: Edition 23

Cyber Pulse: Edition 22

Cyber Pulse: Edition 21

Cyber Pulse: Edition 20

Cyber Pulse: Edition 19

Cyber Pulse: Edition 18

Cyber Pulse: Edition 17

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.