Friends don't let friends perform unattended updates ... or Bitlocker be broken

Subject: General Tech | November 30, 2016 - 02:10 PM |
Tagged: bitlocker, microsoft, windows 10, security, hack

Is Bitlocker cramping your voyeuristic cravings and preventing you from snooping on your loved ones or strangers?  Assuming you do not instead seek medical help for your problem, all you need to do is wait for Windows to perform a version update and for the user to get bored and walk away.  Hop onto their machine and press SHIFT+F10 to get a command prompt which will be running at root privileges and take advantage of the fact that Windows disables Bitlocker while installing an updated version of Windows.  This will not work for all updates, it needs to be a major OS update such as the move to Anniversary Edition which changes the version of Windows installed on the machine.

Microsoft is working on a fix, in the meantime sticking with Windows Long Term Service Branch or slighly modifying how updates are pushed via WSUS or SCCM will ensure this vulnerability cannot be leveraged.  You can also take the simple measure of sticking around when major updates occur.  Pop over to Slashdot for more information.

windows-10-update-stuck-at-32.jpg

"This [update procedure] has a feature for troubleshooting that allows you to press SHIFT + F10 to get a Command Prompt," Laiho writes on his blog. "The real issue here is the Elevation of Privilege that takes a non-admin to SYSTEM (the root of Windows) even on a BitLocker (Microsoft's hard disk encryption) protected machine." Laiho informed Microsoft of the issue and the company is apparently working on a fix."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Tesla stores your Owner Authentication token in plain text ... which leads to a bad Ashton Kutcher movie

Subject: General Tech | November 25, 2016 - 12:52 PM |
Tagged: Android, Malware, hack, tesla, security

You might expect better from Tesla and Elon Musk but apparently you would be dissappointed as the OAuth token in your cars mobile app is stored in plain text.  The token is used to control your Tesla and is generated when you enter in your username and password.  It is good for 90 days, after which it requires you to log in again so a new token can be created.  Unfortunately, since that token is stored as plain text, someone who gains access to your Android phone can use that token to open your cars doors, start the engine and drive away.  Getting an Android user to install a malicious app which would allow someone to take over their device has proven depressingly easy.  Comments on Slashdot suggest it is unreasonable to blame Tesla for security issues in your devices OS, which is hard to argue; on the other hand it is impossible for Telsa to defend choosing to store your OAuth in plain text.

images.jpg

"By leveraging security flaws in the Tesla Android app, an attacker can steal Tesla cars. The only hard part is tricking Tesla owners into installing an Android app on their phones, which isn't that difficult according to a demo video from Norwegian firm Promon. This malicious app can use many of the freely available Android rooting exploits to take over the user's phone, steal the OAuth token from the Tesla app and the user's login credentials."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Have tape over your webcam? Might want to fill your headphones with wax as well!

Subject: General Tech | November 24, 2016 - 12:35 PM |
Tagged: security, hack, audio, Realtec

Security researchers have discovered a way to flip an output channel on onboard Realtec audio into an input channel, thus turning your headphones into an unpowered microphone.  The ability of a speaker or headphone to be used as a microphone is not news to anyone who has played around with headphones or input jacks, but it is possible some readers had deprived childhoods and have never tried this.  While you cannot mitigate this vulnerability permanently you could certainly notice it as your headphones would no longer play audio if the port is configured as input. 

Drop by Slashdot a link, and if you have never tried this out before you really should find an old pair of headphones and experiment with ports as well as snipping off one side of a pair of earbuds.  One supposes iPhone 7 users need not worry.

main-qimg-6c2713171e56fb4f0dda88717a6faae7-c.jpg

"In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room. It essentially "retasks" the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. This isn't a driver fix, either."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Touchless jackpotting, making ATM's disgorge their contents remotely

Subject: General Tech | November 23, 2016 - 12:50 PM |
Tagged: hack, bank, atm, security, cobalt

Imagine walking down the street, only to notice an ATM spewing money out of its slots and into a bag held by a shady looking character; but not in a video game.  In at least 14 countries including Russia, the UK, the Netherlands and Malaysia, hackers are using a program dubbed Cobalt to conduct remote logical attacks on ATMs.  These attacks cause the ATM to empty itself, into the waiting hands of an accomplice who only needs to show up at the appropriate time.  As the attacks are conducted remotely the mule may have only the slightest connection to the hackers that compromised the banking system which makes them very hard to catch.  The Inquirer has links to more information on Cobalt, unfortunately they do not have any details on fortunate times or locations to be present at.

ATM-hack.jpg

"HACKERS HAVE MANAGED to hack cash machines so that they do what everyone who has ever used one has wanted them to do, which is just spit out cash like it was going out of fashion."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Let's hack some lightbulbs; HueHueHue

Subject: General Tech | November 9, 2016 - 01:10 PM |
Tagged: hack, iot, phillips, hue

If you were hoping to drive someone a wee bit crazy by remote controlling their light bulbs you have probably missed your opportunity as Phillips have patched the vulnerability.  This is a good thing as it was a very impressive flaw.  Security researchers figured out a vulnerability in the ZigBee system used to control Phillips Hue smart light bulbs and they did not need to be anywhere near the lights to do so.  They used a drone from over 1000 feet away to break into the system to cause the lights to flash and even worse, they were able to ensure that the bulb would no longer accept firmware updates which made their modifications permanent.  Unpatched systems could be leveraged to turn all the lights off permanently, or to start an unexpected disco light show if you wanted to be creative.  You can pop by Slashdot for a bit more information on the way this was carried out.

046677426354-IMS-en_US.jpg

"Researchers were able to take control of some Philips Hue lights using a drone. Based on an exploit for the ZigBee Light Link Touchlink system, white hat hackers were able to remotely control the Hue lights via drone and cause them to blink S-O-S in Morse code. The drone carried out the attack from more than a thousand feet away."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Know someone who uses the Johnson & Johnson Animas OneTouch Ping insulin pump?

Subject: General Tech | October 5, 2016 - 12:43 PM |
Tagged: security, hack, iot

The good news about this hack is that you would need good timing and physical proximity to the wireless remote which instructs the pump to administer insulin; the bad news is that this is all that is needed and it could result in the death or hospitalization of the target.  The vulnerability stems from the usual problem, the transmission between the remote and pump is done in the clear letting anyone who is looking retrieve serial numbers and codes.  With that information you can then trigger a dose to be delivered or quite feasibly change the default amount of dosage the pump delivers, as was done previous with a different model.

IoT security as it applies to fridges and toasters is one thing; medical devices quite another.  News of unauthorized access to pacemakers and other drug delivery systems which could result in death is not uncommon, yet companies continue to produce insecure systems.  Adding even simply encryption to transmissions as well as firmware based dosage sizes should be trivial after the release of a product and even easier before it is released.  Keep this in mind when you are seeking medical care, choosing devices which are less likely to kill you because of shoddy security makes sense.  You can pop by Slashdot for links to some stories or wade into the comments if you so desire.

1.1.2.1_Ping.jpg

"Johnson and Johnson has revealed that its JJ Animas OneTouch Ping insulin pump is vulnerable to hackers, who could potentially force the device to overdose diabetic patients -- however, it declares that the risk of this happening is very low."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

T-Mobile now offers truly unlimited data, whether they like it or not

Subject: General Tech | September 15, 2016 - 12:43 PM |
Tagged: t-mobile, hack, net neutrality

This probably won't last long, so try it out now if you want or just laugh at the way telco providers completely ignore net neutrality while the debate rages on in courts and government.  It seems that T-Mobile does not count any data used in a speed test against your monthly bill, likely because customers on limited data might become quite irate at a T-Mobile tech blowing through their monthly data.  A bright young kid has found a way to take advantage of this, he discovered any media sent from any folder labelled "/speedtest" will not count against monthly data limits and set up a proxy to allow anyone take advantage of this feature. 

Drop by Slashdot for more information as well as their usual reasoned and well thought our discussion below the story, which may or may not contain numerous other ways to circumvent providers attempts at hiding the ways they circumvent their own billing for data usage.

shutterstock_14375-e1354902628300-300x182.jpg

"Ajit writes that he then created a proxy server that allows users to access any site with this method. All a T-Mobile user has to do is go to this page and input any URL they want to visit. "Just like that, I now had access to data throughout the T-Mobile network without maintaining any sort of formal payments or contract," Ajit wrote on Medium. "Just my phone's radios talking to the network's radios, free of any artificial shackles."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Hacking Android into an iPhone; sort of

Subject: General Tech | June 8, 2016 - 01:44 PM |
Tagged: hack, iphone, Android

It is more of a bootloader, in that a custom 3D printed iPhone case hides a device based around  LG Nexus 5 which plugs into the iPhone and allows you to launch Marshmallow 6.0.1 on your iPhone.  Once you unplug the lighting cable connection between the iPhone and the case your phone reverts to iOS, thus avoiding having to flash the protected innards of the phone.  The interface is described as somewhat laggy but it has a functional USB port, HDMI out and room for a microSD card.  This is the same fellow who managed to get Win95 running on an Apple Watch so we may read more about his rule breaking modifications at The Inquirer.

iphone-android-case-580x358.jpeg

"ANDROID RUNNING on an iPhone? Really? It's true. Sort of. The latest episode in our ongoing series of things running on other things is a doozy, the Holy Grail."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Hacks in Spaaaaace!

Subject: General Tech | October 15, 2015 - 12:31 PM |
Tagged: hack, nasa, skylab

Figuring out and successfully executing a hardware hack is fun in and of itself, not to mention that you end up with a working device at the end but for the pinnacle of this craft you should check out this article at Hack a Day.  NASA has pulled off some very inspired hardware hacks in the most inhospitable place for humans imaginable, with serious repercussions if the kludges don't work.  Skylab was launched unmanned but before the crew was even prepping for launch numerous problems began to plague the space station, including an internal temperature of 77C.  These issues needed a workable solution in place before humans could set foot in the station, preferably ones that could be enacted remotely without any humans on the spot.  That is only one of the examples in the article, check out the other examples of ingenuity under extreme pressure by clicking that link.

18nnv3o8lkdqcjpg.jpg

"From the repairs to fix the blinded Hubble Space Telescope to the dodgy cooling system and other fixes on the International Space Station, both manned and unmanned spaceflight can be looked at as a series of hacks and repairs."

Here is some more Tech News from around the web:

Tech Talk

Source: Hack a Day

PINs and Patterns are preferable after this Android 5 issue

Subject: General Tech | September 16, 2015 - 12:49 PM |
Tagged: hack, smartphone, Android, security

You can see in the video that The Register linked to that this particular vulnerability is neither quick nor elegant but it is most certainly effective.  By entering an extremely long string of digits into the password field, accomplished with multiple copies and pastes, while the camera app is active you can cause the lock screen application to crash on all but the newest version of Android 5.  Unfortunately the effect of that crash is to drop you onto the phones home screen, thus allowing complete access to the phone.  If you are running a version of Android 5 you should consider switching to a PIN or pattern unlock, at least for the time being.

sk.jpg

"If you've got an Android 5 smartphone with anything but the very latest version of Lollipop on it, it's best to use a PIN or pattern to secure your lock-screen – because there's a trivial bypass for its password protection."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register