3G And 4G Modems Pose Security Threats

Researchers Nikita Tarakanov and Oleg Kupreev analyzed the security of 3G/4G USB modems obtained from Russian operators for the past several months. Their findings were presented Thursday at the Black Hat Europe 2013 security conference in Amsterdam.

Most 3G/4G modems used in Russia, Europe, and probably elsewhere in the world, are made by Chinese hardware manufacturers Huawei and ZTE, and are branded with the mobile operators’ logos and trademarks, Tarakanov said. Because of this, even if the research was done primarily on Huawei modems from Russian operators, the results should be relevant in other parts of the world as well, he said.

Tarakanov said that they weren’t able to test baseband attacks against the Qualcomm chips found inside the modems because it’s illegal in Russia to operate your own GSM base station if you’re not an intelligence agency or a telecom operator. “We’ll probably have to move to another country for a few months to do it,” he said.

There’s still a lot to investigate in terms of the hardware’s security. For example, the SoC (system on a chip) used in many modems has Bluetooth capability that is disabled from the firmware, but it might be possible to enable it, the researcher said.

For now, the researchers tested the software preloaded on the modems and found multiple ways to attack it or to use it in attacks.

For one, it’s easy to make an image of the USB modem’s file system, modify it and write it on the modem again. There’s a tool available from Huawei to do modem backup and restore, but there are also free tools that support modems from other manufacturers, Tarakanov said.

Malware running on the computer could detect the model and version of the active 3G modem and could write an image with malicious customizations to it using such tools. That modem would then compromise any computer it’s used on.

The researchers also found a possible mass attack vector. Once installed on a computer, the modem application — at least the one from Huawei — checks periodically for updates from a single server, Tarakanov said. Software branded for a specific operator searchers for updates in a server directory specific to that operator.

An attacker who manages to compromise this update server, can launch mass attacks against users from many operators, Tarakanov said. Huawei 3G modems from several different Russian operators used the same server, but there might be other update servers for other countries, he said.

Research in this area is just at the beginning and there’s more to investigate, Tarakanov said. Someone has to do it because many new laptops come with 3G/4G modems directly built in and people should know if they’re a security threat.

Source

Does 4G Pose A Security Threat?

Could 4G Networks give way for more high-risk mobile security implications; Symantec is warning of such a wave of threats.

“We could see a move to the sort of threats that we already see on the wireless and fixed connected network,” John said. “Malware that you usually have on fixed networks, like botnets.

“There aren’t many botnets on mobile devices because the bandwidth’s not there to support it, once you go on to 4G [hackers] could start infecting systems.”

To ensure that enterprises avoid these these security threats, John advised that businesses need to be on their toes more than ever, look closely at everything that’s coming into the network, and not trust anything.

“Companies need to make sure that where traditionally it’s been a firewall with a perimeter with everything in a timeline environment,” John said. “What they need to look at is ‘what are my employees doing’, ‘what information is being shared’ and ‘how do we ensure our information is being protected no matter where it may be’, whether its mobile device, across networks or sitting in a cloud service.”

“This is a change we are going through, but 4G is going to push the need for that change even more so,” she added.

According to John, 4G will also be detrimental to businesses in the way it will add a greater burden for them to ensure that cloud services and mobility – what she calls “two of the biggest security challenges for enterprises and their employees” – are up to scratch.

Source…

Good Technology Updates Security

Good Technology today announced two updates to its mobile security software products across IOS, Android and Windows Phone devices.

Powering mobile security for major enterprises such as Barclays, Sainsbury’s and LOCOG, Good Technology claims the releases are the first of a kind for the industry and address security threats linked to the bring your own device (BYOD) procedures being used in most big companies.

The first update announced by the firm is the addition of what it calls “Appkinetics” to its Good Dynamics line, which aims to solve the problem of secure private corporate data leakage.

“Good’s patented AppKinetics technology builds on the company’s proven ‘containerization’ security model to enable business apps from Good, its Good Dynamics partner independent software vendors (ISV), and internal enterprise developers,” the firm said in a statement.

“This is to securely exchange information within and between applications and create seamless multi-app workflows without compromising security or employees’ privacy and personal experience.”

The firm’s second update is the addition of eight new partnered apps to its Good Dynamics ecosystem covering the areas of business intelligence, collaboration, document editing, document printing, file storage/content management, remote desktop management and mobile application development platforms (MADPs).

This update allows developers to integrate the Good Dynamics technology into apps so that companies can create secure end-to-end workflows of protected, mobile applications to drive business processes.

Good Technology’s EMEA GM Andy Jacques explained, “If you download the standard consumer document editing application you can copy and paste from that from that app into another app.”

He continued, “If you were to open a piece of corporate mission critical data you can copy and paste that and put it onto Hotmail for example.”

Source…

Security Threats Are Real, Stay Safe

Due to the constant barrage of high profile data network intrusions (e.g, LinkedIn, Nissan, Global Payment Systems, VeriSign and Subway), many firms have rightly started to focus their efforts on better securing their infrastructure. But are the efforts enough to sufficiently ward off eager cybercriminals who are deploying far more sophisticated methods to infiltrate business networks? Having solid Security Controls in place would go far in addressing most companies concerns to mitigate RISK.  Do you know if your IDS/IPS is working properly?

According to a survey conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations’ computers had been breached at least once by hackers over the past 12 months. Unfortunately for the remaining 10%, it only is only a matter of time before they are breached too. Do you think your organization’s valuable information is secure? When was the last time your firm completed an Internal/External Vulnerability Assessment?

Larger companies have established Business Continuity Plans (BCP) or Data Recovery Plans (DRP) in place to address the fall-out from unauthorized network intrusions. Additionally, they are financially more capable of absorbing the costs and have more resources at their disposal to pursue the offenders. Thanks to The Syber Group, smaller firms are not without data security options. Staying ahead of the security game can mean the difference between keeping your business moving forward or being stuck trying to recover from the devastation caused by unauthorized hacking attacks, providing breach notifications mandated by law or trying to regain customer’s goodwill and restoring the reputation of your organization.

TSG

Apple Has A Hole In MAC OS X

Apple has failed to fix a bug in its Mac OS X operating system that allows processes to bypass the sandbox protection in place.

The flaw was discovered by Anibal Sacco and Matias Eissler from Core Security Technologies. They let Apple know about the problem on 20 September, and while Apple acknowledged their submission, it said that it did not see any security threat, forcing the Core Security Technologies team to publish the report to the public this month.

The problem appears to be with the use of Apple events in several default profiles, including the no-network and no-internet ones. When Apple events are dispatched a process can escape the sandbox, which could be exploited by hackers.

The vulnerability could lead to a compromised application restricted by the use of the no-network profile gaining access to network resources through the use of Apple events to execute other applications that are not restricted by the sandbox, making it a significant security threat.

Only the more recent versions of Mac OS X are vulnerable to this bug, including 10.5.x, 10.6.x, and 10.7.x. Those using 10.4.x are safe from the exploit.

Source…

Apple Website Is Ripe For Hacking

According to the Ethical Hacking group YGN, Apple’s website for developers is virtually wide open and gives the opportunity for hackers to introduce malware such asphishing attacks to gain access to subscriber’s vital personal information.

One group known as Networkworld identified three holes on Apple’s website that arbitrary URL redirects, cross-site scripting and HTTP response splitting. That said, these holes could allow hackers to arbitrarily redirect to other websites and make phishing attacks against developers login credentials more successful.

Read More…..

Apple Admits To Security Issues

Apple has finally acknowledge and has promised an update for Mac OS X that will find and remove the MacDefender fake security software, and warn uninfected users when they download the infectious program.

The announcement — part of a new support document that the company posted late Tuesday — was the company’s first public recognition of the threat posed by what security experts call “scareware” or “rogueware.”

Apple has taken criticism for not publicly responding to the MacDefender threat.

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” Apple said in the document. “The update will also help protect users by providing an explicit warning if they download this malware.”

Apple also outlined steps that users with infected Macs can take to remove the scareware.

Andrew Storms, director of security operations with nCircle Security, was surprised that Apple said it would embed a malware cleaning tool in Mac OS X.

Read More……

EBS Coming To Your Smartphone

In the event of local and/or nationwide disasters, wireless carriers will soon begin alerting the public by sending emergency SMS text messages to mobile phones.

AT&T, Sprint, T-Mobile and Verizon Wireless have all agreed to a participate in this new Emergency Broadcast System alert method. It  will initially be rolled  out in New York and Washington, D.C., later this year, and nationwide next year, in April at the earliest.

The emergency text messages will cover public safety threats, Amber Alerts for missing children, and messages from the president, the New York Times reports. Messages will be free for customers, who can opt out of them all except the presidential messages.

We don’t expect the alerts to be frequent,” Julius Genachowski, chairman of the Federal Communications Commission, told the Times. “They will be reserved for when they are truly needed, for tornadoes or for disasters like 9/11.”

Genachowski said the emergency texts will look different from ordinary messages, making them more difficult for hackers to infiltrate or fake. They’ll probably appear directly on the screen, along with a special vibration or other signal. No word on how closely they’ll resemble the tone and color bars of the current Emergency Broadcast System for televisions, or whether users can expect “this is a test” messages on a regular basis.

Read More…..

Facebook’s Users Info Was Leaked

Facebook users’ personal information could have been accidentally leaked to third parties, in particular advertisers, over the past several years, Symantec Corp said in one of its blog postings.

Third-parties would have had access to personal information such as profiles, photographs and chat, and could have had the ability to post messages, the security software company stated.

“We estimate that as of April 2011, close to 100,000 applications were enabling this leakage,” the blog post said.

” … Over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,” posing a security threat, the blog post said.

The third-parties may not have realized their ability to access the information, it said.

Facebook, the world’s largest social networking website, was notified of this issue and confirmed the leakage, the blog post said.

It said Facebook has taken steps to resolve the issue.

“Unfortunately, their (Symantec’s) resulting report has a few inaccuracies. Specifically, we have conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties,” Facebook spokeswoman Malorie Lucich said in a statement.

Read More…

Hackers Go After WordPress

Next Page »