close

Internet Security

Internet Security

Researchers See Rowhammer based Exploits Still Possible in Android

Researchers See Rowhammer based Exploits Still Possible in Android

Rowhmmer-Based threat: a new threat for Phones

With Technology you get threats of hacking and exploiting too. It is just a one for one thing, no system is completely free form bugs, threats of hacking or other compromise of data. When one threat is removed another crops up in its place and the same goes for this one too. An upgraded version of rowhammer has been discovered called RAMpage.

This new version of rowhammer takes advantage of the data in a phone and gives malicious applications full control of a device’s data. On a normal basis no two apps can take data from one and another without the user’s permission but in this case that rule does not apply.

More about Rowhammer variant:

As mentioned earlier apps cannot get access to data that is present on other apps without permission but in this rowhammer case, bad apps use a rampage exploit to get access to information stored in other apps on the device such as your passwords and other personal information that is supposed to be confidential.

Researchers are beginning to call this new version of rowhammer, rampage and for good reason too. This exploit involves ramming memory pages in order to gain temporary access to data.

Rampage stems from Rowhammer which is not an exploit in and of itself. Rowhammer was basically a hardware problem where by an issue of the hardware used to affect a computer’s RAM. It was first discovered by researchers in 2015.

What really is Rowhammer?

Rowhammer is an unconscious side-effect that affects a system’s dynamic random access memory or DRAM for short. It causes the memory cells to leak charges and interact between themselves.

The name comes from the exploit which involves hammering at a row of memory cells to get an electromagnetic interference from adjacent rows thus gaining access to data that was not previously intended.

When the memory rows are hammered a thousand times a second, the bits flip making 0s 1s and vice versa.

What Action was taken regarding Rowhammer:

Google acted on this problem by making changes to ION memory manager which is a universal memory management system which Google added to android. The changes made to ION restricted access to physical contiguous kernel memory.

Coming back to Rampage:

Rampage involves someone exploiting ION by using a write and refresh request on the device’s RAM to flip a bit in a nearby memory row. This then allows an app to gain access to other data in other apps.

What devices are affected?

Android devices shipped with LPDDR2, LPDDR3,LPPDR4 memory are susceptible to the Rampage exploit.

What steps are taken to take control of the Rampage situation?

Researchers at VrijeUniversiteit in Amsterdam are working closely with Google to come out with a solution to rowhammer’s variant- Rampage.

According to Google they are working with the researchers and believe that this problem won’t affect the majority of their users but in spite of that, are determined to protect the users that are affected by the issue.

read more
AppsInternet SecurityTechnology News

Can Keep Data Fresh for Wireless Networks With New Algorithm

Can Keep Data Fresh for Wireless Networks With New Algorithm

Keeping Data Fresh with new form of Wireless Networks

Today’s day and age requires information to be transferred not only fast but also that the data should be the most current or the most freshest that is out there and often this does not happen. In order to avoid overloading wireless networks every bit of data does not get transferred on time and that means what you end up viewing may not be the most- freshest or most updated data that is out there.

It is not the question of how fast data can be transmitted in the wireless networks but that the data being transmitted over wireless networks do not get transmitted as often meaning that you are not seeing the most current version of data that is there. Take for example a car and it’s sensors, now it does not take much time for the sensors within the car to transmit data to a central processor but the age of that data will not only depend on the speed at which that data is being transmitted across channels but also on the frequency with which that data is being sent by the sensors.

How to keep information fresh on a wireless networks?

The question then arises as to how to increase the frequency of data being transferred to a central processing unit without completely overwhelming the network?

Engineers at MIT seem to have come up with an answer to this question. At present researchers at MIT say that they can apply their system to a simple wireless networks but hope that in the future they will be able to apply their findings to a much complex wireless network.

The process of keeping data fresh in a wireless networks:

In the course of their research, engineers at MIT made a simple network consisting of a central control station that would receive information from multiple nodes or in their case drones.

Using the assumption that only one node or drone could transmit data at any given time, researchers then began to decide which drone should send data at which time.

This question was answered by the team coming up with an algorithm, which calculated an index for each node, which in turn took into account factors such as the age of data, the reliability of the channel relaying information and the overall importance of that node in the wireless networks.

Nodes that are more reliable and faster are given a higher index as compared to nodes of lesser reliability and which are slower. But the index assigned to each node is not a fixed factor, this index keeps on changing and at any given time the node with the highest index relays data first.

The research team calculated a bound rate- the average age of information in a wireless network, which is the least time that has ever been achieved by any of the wireless networks elsewhere.

The researchers found that their data came very close to this bound rate and gave the freshest data possible as compared to any wireless networks that is out there.

read more
Internet Security

Spectre Next Generation Flaws: Eight New Spectre Variants Affecting Intel Chips

Spectre Next Generation Flaws: Eight New Spectre Variants Affecting Intel Chips

Spectre Next Generation Flaws could potentially affect your CPU

After Spectre and Meltdown bugs shook the computing world, there are new reports saying that bugs originating from the same, could also affect CPUs. This new type of bug is come to be known as Spectre next generation flaws. Researchers have recently found bugs that resemble the spectre and meltdown bugs, which could potentially affect CPUs.

Meltdown and Spectre bugs reveal the details of CPUs either by crossing over hardware or by tricking applications on the computer into giving vital information. Researchers have recently found that a new strain of these bugs could also affect CPUs. It is unsure as of now whether any hackers have taken advantage of these flaws or not.

More about Spectre Next Generation Flaws:

Researchers found a total of 8 flaws of spectre next generation that could affect CPUs. There are also reports that ARM chips could be affected. As of now no company is willing to give any details until a patch for the spectre next generation bug is found.

The researchers who discovered the spectre next generation flaws are working under responsible disclosure requirements in which they contact companies vulnerable to the spectre next generation Flaws and agree to delay their findings until a suitable patch is discovered to fix the spectre next generation issue.

Google Project Zero, the team that initially discovered the spectre and meltdown flaws have also discovered one of the spectre next generation flaws and have gone on a 90- day embargo on releasing any details to the public. This 90- day embargo will end on May 7th.

Companies reaction to the Spectre next Generation Flaws:

Intel is saying that they are working closely with customers, partners, chip makers and researchers to mitigate any issues that are discovered on their chips. The company believes in full disclosure with all parties concerned and they believe with the sharing of this information only can they better solve the problem.

AMD said it was aware of the spectre next generation flaws and that the media were reporting on the issue, other than this they declined further comment. Google and ARM have not yet commented on the spectre next generation issue.

As of now,no further details regarding the spectre next generation flaws have come to light and that everything is kept under wraps, but the research team that initially discovered the spectre and meltdown flaws said that additional flaws of the same variety could also arise and that they too would require patches.

The Patches and Updates for the spectre next generation flaws:

Companies are racing against time to come up with a patch for the spectre next generation flaw;this may begin a seemingly endless cycle of updates and patches that could also result in stability and performance issues in computers.

As of now there are no reports on hackers using the spectre and meltdown bugs to their advantage, but similar ways of hacking have become a hot topic when it comes to research and it could also mean that hackers are just biding their time until they come up with a new form of attack.

read more
Internet Security

Apple Is Struggling To Stop A Skeleton Key Hack On Home Wi-Fi

Apple Is Struggling To Stop A Skeleton Key Hack On Home Wi-Fi

New Skeleton Key Hack with Apple iOS?

Nothing on the net is free from the threat of hacking. Even with the best of security and the best of hardware and software that is out there, you aren’t completely free from getting hacked, the same goes with Apple’s products too. The Cupertino company is known for their tech and the quality that goes behind all their products but are they free from the threat of hacking or are they too susceptible to a crisis that affects literally the whole net? The answer is yes, they too can be hacked and a recent threat these days seems to be with regards to a skeleton key.

Apple has invested a lot in cyber security and expertise but is that enough? Some threats seem to be so difficult to manage that even with millions of dollars spent on them and a lot of time invested into removing those threats, they are still not fully eradicated. One such threat uses a skeleton key. The basics of this threat is that the hack exploits the trust of iOS devices in IoT devices for example connected toasters or smart TV’s.

How does the skeleton key hack work?

Discovered by founder of Lab Mouse Security, this skeleton key hack works much like this, a hacker would first have to gain access to anIoT device available on the internet and exposed to outsiders, such as a smart toaster. Again doing this, as stated by the founder is no difficult feat as IoT devices are known not to have strong security on them.

For the skeleton hack to work, these IoT devices would have to have an MFi chip- which is a chip that Apple designs that it then lends out to other manufacturers to get their devices hooked up to iOS products. Once the hackers have taken control of the IoT devices they can then exploit the trust of iOS products and get them to hand over private network keys.

Once the hacker gets on to the IoT device and has access to the MFi chip, they can then pose as any smart device and then exploit the iOS device and get them to hand over private network security keys and there is also no way for Apple to actually verify whether they are giving the network security details to a smart device or a hacker manipulating device. So unknowingly the iOS device does this without knowing about the hack.

The next element to this hack is that after the network security details are given then the hacker can use them to join the network and then it becomes useful for further attacks.

This MFi chip then becomes the skeleton key to get access to one’s private network keys.

Will the Skeleton Key Hack work:

As said by the founder of Lab Mouse Security, this skeleton key hack is not only possible on paper but is also completely possible in real life too, but that is not to say that hackers will use this technique. There are other simpler methods out there than the skeleton key hack that targets the Wi- Fi router directly and it is probable that hackers would prefer this hack than the skeleton key one.

read more
InternetInternet Security

Everything You Need to Know About HTTP/2?

Everything You Need to Know About HTTP/2?

Hypertext Transfer Protocol – HTTP/2

To get an understanding of HTTP/2, one needs to have a fast and apparent conception regarding protocol considering the context the Hypertext Transfer Protocol – HTTP.  It is said to be a mechanism utilised by Internet browsers to demand information from the web server which tends to display the pages on the screen of the device which is utilised.

HTTP/2 is considered to be an auxiliary in expressing HTTP on the wire though is not a ground-up alteration of the protocol.  The methods of HTTP, status code and semantics tends to be equal and the same should be possible to use APIs as HTTP/1 x for representing the protocol.

Emphasis of the protocol is based on performance, end-user perceived latency, server resource usage and network. The main objective is to enable the use of an individual link from browsers to a Website.   HTTP/2 earlier known as HTTP/2.0 is said to be a main revision of the HTTP network protocol which is utilised by the World Wide Webresulting from the former new SPDY protocol.

This had been established by Google. The working group http is, of Hypertext Transfer Protocol, wherein `bis’ is considered as `second’ of the Internet engineering Task force.  HTTP/2 is considered to be the first latest version of HTTP as HTTP1.1 standardized in RFC 2068 in 1997.

Applications – Quicker/Simpler/Strong

HTTP/2 is inclined to make our applications quicker, simpler as well as strong.  Moreover it also tends to open various completely new options for optimizing our applications and enhance performance.

The main purpose of HTTP/2 is to reduce latency by permitting full request and response, multiplexing, reduces protocol overhead through well-organized density of HTTP header fields. It also adds to the support for request prioritization and server push and in order to implement these essentials, there is a huge supporting cast of the other protocol augmentations like new flow control, upgrade mechanisms, error handling.

However these are said to be the most important features which all web developers need to comprehend and leverage in their applications. The application semantics of HTTP in any way is not modified by HTTP/2.

All the essential concepts like HTTP methods, URIs, status codes as well as header fields tend to stay in place.  On the contrary HTTP/2 is said to modify how the data gets formatted and transported between the server and the client.  Here both are inclined to handle the complete process and hides the overall complexity from our application within the fresh framing layer.

HTTP/2 Enhanced Performance/Accessibility of New Abilities

The consequence is that all the prevailing applications can be delivered without modification. HTTP/2 has introduced a new binary framing layer to accomplish the performance goals set by the HTTP Working Group, which is not backward compatible with previous HTTP/1.x servers and clients, therefore the main protocol version augmentation to HTTP/2.

Unless one is executing a web server or a custom client by functioning with raw TCP sockets, the difference will not be noticed and all the new and low level framing will be performed by the client and server on behalf of the user.  The only noticeable difference observed would be the enhanced performance together with the accessibility of new abilities such as request prioritization, server push and flow control.

read more
GadgetsInternet Security

How to Stop Hackers from Using Find my Device to Lock Your Gadget With Ransomware

How to Stop Hackers from Using Find my Device  to Lock Your Gadget With Ransomware

Most companies still work to unlock their computers. Experts detect more than 2,000 cyber attacks against companies from 64 countries using Find My Device option.

Dozens of companies are still working to free their computers, blocked by the data hijacking virus. Some have capitulated and have chosen to pay the pirates, who ask for 300 dollars (264 euros) in bitcoin to release the equipment. The hacker’s address to get the revenue in this crypto-currency has received at least 45 transactions and the equivalent of more than 9,000 euros, according to Blockchain, the platform that supports bitcoin. Information indicating that cybercriminals can not actually unlock stolen data because their email account has been blocked helps to ensure that no payments are being made. Ok, what if your iPhone being hacked by the same cybercriminals who have spread Ransomware.

Although features like “find my iPhone” have helped slow down cell phone thefts, they also provide a new avenue of attack for hackers.

The security feature is now being used by hackers to block the hardware of some Apple users, and blackmail them to pay a ransom, or ransomware, for their devices to be unlocked.

Originally introduced by Apple in 2010, the “Find My Device” service allows users to use the GPS location to find exactly where their iPhone, iPad or Mac is. “Lost Mode” allows users to lock their device remotely, prevent a thief from having access to personal information. But unfortunately, that means that if a cyber hacker steals somebody’s login information, he can use it to ask for redemption to regain access to the device.

The rescue message is displayed on the lock screen itself, often with an address from an account to deposit Bitcoin. In most of the cases, the hacker may demand 0.01 Bitcoin to unlock the device, or about $ 50 dollars.

As in all cases of ransomware, the Find My Device general advice is not to pay for blackmail, as this only encourages hackers to continue with their practice. The best option would be to contact Apple directly to help solve the problem.

Although this is still not a widespread problem, there have been several recent reports from users who find their systems blocked without warning. Macmyth.com claims that it is derived from hacks of third-party services, coupled with the old problem of password reuse. That has led to the blocking of some Apple devices.

It also highlights the fact that one of the key issues with Apple’s Find My Device service is that it does not require two authentication factors. That is understandable considering that an Apple user may have only one device of that brand, and therefore, its use would not be possible if it loses it. But that problem could be solved in the style of Google, which offers a backup on secondary devices for these cases.

Even if you have not been affected by this latest attack, regardless of the brand of your device, it is important to use secure passwords, unique login credentials, and two-factor authentication whenever possible. Although that does not guarantee that you can not be hacked, it makes it more complicated to do so, which is often enough to avoid problems.

read more
Internet Security

Combination of Features Produces New Android Vulnerability

Combination of Features Produces New Android Vulnerability

Cloak and Dagger: Current Android Vulnerability in Mobile Phones

Security researchers has found a serious android vulnerability that can steal any password with Android features. The real bad thing: banking trojan use the method long ago.

Two app rights of the Android operating system can be misused to build a universal keylogger, which reads everything the user of the device taps into the keyboard. In addition, an attacker can use it to give a malicious app unlimited rights. This android vulnerability attacks have revealed several security researchers at universities in UC Santa Barbara and Georgia Tech in the US. They gave android vulnerability the name Cloak & Dagger. The gaps are still open, but Google now prevents apps that they use to be loaded into the Play Store. In addition, Android O (the next version of the operating system) will close the gaps.

Researchers at the Georgia Institute of Technology have discovered how good Android features can be used for malicious android vulnerability on smartphone users. Both SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE are the security gaps. The former allows you to display important messages about the current app’s current output, which is used to help visually impaired users, Criminal attackers can, however, as the security researchers show, abuse both functions in harmless apps: In several videos, they perform as they lurk in the background with their android vulnerability “Cloak and Dagger” method (night-and-fog-action) Track passwords, and secretly install applications with malicious code and full access rights.

The Android Vulnerability Problem:

Each app can use both functions without having to request special privileges. Attackers can now set harmless apps – such as “sweet cat videos” – in the playstore, which displays invisible buttons via a banking app, with which password entries are recorded or when playing a video loads malicious programs from the Internet and secretly with full rights equip. Worse: This behavior is part of Android’s user guide, so there is no security hole that could be easily closed by a patch. Google’s automated testing of new apps lets many such wolves in the sheep fur. In fact, the security portal The Hacker News has already reported on several banking trojans in the Playstore, which also work with this android vulnerability “Cloak and Dagger” methods.

How Can You Protect Yourself From Android Vulnerability?

Currently, there is no complete protection against this android vulnerability! You should pay particular attention to installing apps only from trusted manufacturers, and you should also set up a protection program on your smartphone. In addition, at least Android 6 can minimize the risk of android vulnerability by allowing you to turn off notifications or allow apps to be used: Go to Settings, then Apps, Gear icon, Show other Apps, now Apps With permission and there for all apps except the absolutely necessary (such as trustworthy calendar, alarm clock). The rest will be done by Google: First, the Android vendor has to check the apps in the Playstore more intensively, secondly, to prevent the abuse of SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE. The latter is still working for the upcoming Android 8, which is to put now common android vulnerability the craft by new security functions. Whether this current android vulnerability Cloak and Dagger on the current Android versions ever completely stopped.

read more
Internet Security

How should I Protect My Windows PC From Malware and Viruses?

How should I Protect My Windows PC From Malware and Viruses?

Anti-virus programs have been around for 20 years and are an essential part of any Windows setup. However, Windows changed and so did its threats. A third-party AV program is no longer crucial and few of them may be harmful.  Needs do vary as some people are more prone to accidents and some are not so sensitive to malware and threats. Some surf parts of the internet that is quire risky and some have the need to protect and secure their valuable information. All of these factors need to be taken into account. A Windows user who is aware of the risks can maybe survive without any anti-virus software altogether. However, users who are less knowledgeable can get their PCs infected by malware even if they have given their system ample protection.

Threats from Malware

Many of the major AV products came into the picture because of many viruses that were developed by amateurs. This is no longer the case as today’s malware is developed by professionals to make some money out of it. Their deliver viruses through emails and websites and want their malware to be hidden and undetectable. Their interest lies in collecting financial details and passwords etc. and this is where ransomware steps in. They hold important and valuable information of users such as personal files and photos, financial data, etc., as hostage and demand for a ransom against it, recently in the form of Bitcoin which has become a secure way to collect cash. The best way of defence against this is to create a backup of all the important data offline.

Coding and screening

When most of the major AV products started out, Windows and its key browsers were not that secure. However, this is no longer the current scenario. In 2002, Trustworthy Computing Initiative or TCi was launched by Microsoft co-founder Bill Gates as an initiative in making security the company’s top priority. Therefore, there was a significant drop in Windows PC infection rates due to modified designs and development of software Microsoft used as a result of TCI training and methodologies. Windows 10 now has a vast arrangement of security and technologies that help mitigate threat to such an extent that the main threats come from Oracle Java and some Adobe software which are all third-party programs.

A huge improvement has been made in the security of web browsers, Google’s Chrome and Microsoft’s Edge in particular. Chrome is secured and has security systems that protect the background operating system from attacks that are web-based. Security improvements have come from systems that allow safe browsing by blacklisting websites that contain malware. Google Safe Browsing is now present n Firefox, Chrome, Apple’s Safari and Vivaldi while there is a built-in SafeScreen filter in Windows 10. If you are apprehensive about a certain website, it can be checked manually at Google’s website. Windows 10 users are well protected as long as their softwares are updated. Updating browsers and other third-party softwares also contribute towards securing a system and this can be done by using Patch My PC, Kaspersky Software Updater or Flexera’s Personal Software Inspector (PSI).

Problem of Anti-Virus Softwares

Anti-virus companies initially started out as protection for susceptible operating systems and browser codes but they have reached a point where weak anti-virus softwares are more harmful than helpful. Usually, programmers won’t acknowledge these problems because they require the AV supplier’s assistance when AV disrupts or crashes their software. At the same time, they cannot tell users to disable their AV as they will be held responsible if something negative happens. This leaves just one solution which includes Microsoft Defender since there is ample data showing that it’s the only suitable AV and browser makers don’t have any reservations about it. Windows Defender may not be the best in protecting systems from malware but at the same time is the least damage.

Strategy for Security against malware

It is a misconception that running an anti-virus program will provide protection against malware.  To secure your system against malware certain steps need to be taken.

First, Windows 10 needs to be run with Windows Defender and cloud-based heuristics, the SmartScreen filter and basic telemetry, which is extensively security related, all need to be turned on. Setting up PCs this way will prevent probably malware problems for months.

Second, Windows should be run as a standard user instead of an administrator which most people do. Linux and MacOs users have already started this practice. 99% of threats and attacks are eliminated by running as a standard user.

Bash for network engineers helps the network engineers to learn thoroughly the Bash shell programming which takes Linux up a notch, including awk/nawk/gawk, sed, grep/egrep

Third, Windows and all of the PC’s software should be kept up to date. Mostly a malware takes advantage of security loop holes that have been previously patched, sometimes a long time ago. For higher levels of security, it is advisable to run Google Chrome or a Chromium-based browser such as Vivaldi for instance.

Fourth, always make sure that all your personal and important data has been backed up at a reliable place. FreeFileSync can be used to copy data folders to n external hard drive on a daily basis which in turn can be backed up to a second external hard disk. Another reliable option are Blu-rays as they are immune to ransomware and malware.

Fifth, periodic scans should be made to check if the anti-virus on your system has skipped something. Microsoft has MSRT or Malicious Software Removal Tool which is to be used before installing any significant updates. Many AV firms including Trend Micro, ESET, Bitdefender and F-Secure provide free online scanners too.

Sixth, note that Windows 10 allows refresh, reset and recovery facilities. If this option is not used, one must be prepared to wipe the hard drive clean and reinstall Windows 10 from the basics. Instructions are provided from Microsoft and all the preferences and authentication are stored in your Microsoft account online. Any apps that were downloaded will be reinstalled by the Windows Store. It is extensively easy to get back to where you left off.

Choosing an Anti-Virus

Users are more prone to attack if they are not on Windows 10. However, there are many free anti-virus programs available that are highly recommended such as Avira or Bitdefender. The best paid anti-virus option would be Kaspersky but Trend Micro is also worth considering. While selecting an AV program, factors need to be taken into consideration such as special features, the user interface, impact on the system’s performance, if it hampers any other software’s performance, the speed with which it scans, etc. There are a minimum of a dozen suitable options, so that one can made an informed choice.

read more