Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Devices. Show all posts

Researchers Unveil Sound-Based Attack: Swipe Sounds Used to Recreate Fingerprints

 

A group of researchers from China and the US has introduced an intriguing new method for compromising biometric security systems. Their study, titled "PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound," presents a novel side-channel attack aimed at the sophisticated Automatic Fingerprint Identification System (AFIS). 

This attack exploits the sound produced by a user's finger swiping across a touchscreen to extract fingerprint pattern details. Through testing, the researchers claim success rates of attacking "up to 27.9% of partial fingerprints and 9.3% of complete fingerprints within five attempts at the highest security FAR [False Acceptance Rate] setting of 0.01%." This research marks the first instance of utilizing swiping sounds to deduce fingerprint information.

Fingerprint biometric security measures are prevalent and widely trusted, with projections suggesting the fingerprint authentication market could reach nearly $100 billion by 2032. However, with growing awareness of potential fingerprint theft, individuals and organizations are becoming more cautious about exposing their fingerprints, even in photographs.

In the absence of direct access to fingerprints or detailed finger images, attackers have found a new avenue for obtaining fingerprint data to bolster dictionary attacks like MasterPrint and DeepMasterPrint. The PrintListener study reveals that "finger-swiping friction sounds can be captured by attackers online with a high possibility," using common communication apps such as Discord, Skype, WeChat, and FaceTime. By exploiting these sounds, the researchers developed PrintListener, a sophisticated attack method.

PrintListener overcomes significant challenges, including capturing faint friction sounds, separating fingerprint influences from other user characteristics, and advancing from primary to secondary fingerprint features. The researchers achieved this through the development of algorithms for sound localization, feature extraction, and statistical analysis.

Through extensive real-world experiments, PrintListener demonstrates remarkable success rates in compromising fingerprint security, surpassing unassisted dictionary attacks. This research underscores the importance of addressing emerging threats to biometric authentication systems and developing robust countermeasures to safeguard sensitive data.

Is Your Android Device Tracking You? Understanding its Monitoring Methods

 

In general discussions about how Android phones might collect location and personal data, the focus often falls on third-party apps rather than Google's built-in apps. This awareness has grown due to numerous apps gathering significant information about users, leading to concerns, especially when targeted ads start appearing. The worry persists about whether apps, despite OS permissions, eavesdrop on private in-person conversations, a concern even addressed by Instagram's head in a 2019 CBS News interview.

However, attention to third-party apps tends to overshadow the fact that Android and its integrated apps track users extensively. While much of this tracking aligns with user preferences, it results in a substantial accumulation of sensitive personal data on phones. Even for those trusting Google with their information, understanding the collected data and its usage remains crucial, especially considering the limited options available to opt out of this data collection.

For instance, a lesser-known feature involves Google Assistant's ability to identify a parked car and send a notification regarding its location. This functionality, primarily guesswork, varies in accuracy and isn't widely publicized by Google, reflecting how tech companies leverage personal data for results that might raise concerns about potential eavesdropping.

The ways Android phones track users were highlighted in an October 2021 Kaspersky blog post referencing a study by researchers from the University of Edinburgh and Trinity College. While seemingly innocuous, the compilation of installed apps, when coupled with other personal data, can reveal intimate details about users, such as their religion or mental health status. This fusion of app presence with location data exposes highly personal information through AI-based assumptions.

Another focal point was the extensive collection of unique identifiers by Google and OEMs, tying users to specific handsets. While standard data collection aids app troubleshooting, these unique identifiers, including Google Advertising IDs, device serial numbers, and SIM card details, can potentially associate users even after phone number changes, factory resets, or ROM installations.

The study also emphasized the potential invasiveness of data collection methods, such as Xiaomi uploading app window histories and Huawei's keyboard logging app usage. Details like call durations and keyboard activity could lead to inferences about users' activities and health, reflecting the extensive and often unnoticed data collection practices by smartphones, as highlighted by Trinity College's Prof. Doug Leith.

Remote Work and the Cloud Create Various Endpoint Security Challenges

At the recent Syxsense Synergy event, cybersecurity experts delved into the ever-evolving challenges faced by security and endpoint management. With the increasing complexity of cloud technologies, advancements in the Internet of Things, and the widespread adoption of remote work, the landscape of cybersecurity has become more intricate than ever before. 

These experts shed light on the pressing issues surrounding this field. Based on a survey conducted by the Enterprise Strategy Group (ESG), it has been discovered that the average user presently possesses approximately seven devices for both personal and office use. 

Moreover, the ESG survey revealed a notable connection between the number of security and endpoint management tools employed within an enterprise and the frequency of breaches experienced. Among the organizations surveyed, 6% utilized fewer than five tools, while 27% employed 5 to 10 tools. 33% of organizations employed 11 to 15 tools, whereas the remaining organizations implemented more than 15 tools to manage their security and endpoints. 

Understand the concept of Endpoints and why their security is important while working remotely?

Endpoints encompass various physical devices that establish connections with computer networks, facilitating the exchange of information. These devices span a wide range, including mobile devices, desktop computers, virtual machines, embedded devices, and servers. 

Additionally, endpoints extend to Internet-of-Things (IoT) devices such as cameras, lighting systems, refrigerators, security systems, smart speakers, and thermostats. When a device establishes a network connection, the transmission of information between the device, such as a laptop, and the network can be linked to a conversation taking place between two individuals over a phone call. 

Endpoints are attractive targets for cybercriminals due to their vulnerability and their role as gateways to corporate data. As the workforce becomes more distributed, protecting endpoints has become increasingly challenging. Small businesses are particularly vulnerable, as they can serve as entry points for criminals to target larger organizations, often lacking robust cybersecurity defenses. 

Data breaches are financially devastating for enterprises, with the global average cost being $4.24 million and $9.05 million in the United States. Remote work-related breaches incur an additional average cost of $1.05 million. The majority of breach costs are attributed to lost business, including customer turnover, revenue loss from system downtime, and the expenses of rebuilding reputation and acquiring new customers. 

With the increasing mobility of workforces, organizations face a range of endpoint security risks. These common threats include: 

Phishing: A form of social engineering attack that manipulates individuals into divulging sensitive information. 

Ransomware: Malicious software that encrypts a victim's data and demands a ransom for its release.

Device loss: Leading to data breaches and potential regulatory penalties, lost or stolen devices pose significant risks to organizations. 

Outdated patches: Failure to apply timely software updates leaves systems vulnerable, enabling exploitation by malicious actors. 

Malware ads (malvertising): Online advertisements are used as a medium to distribute malware and compromise systems. 

Drive-by downloads: Automated downloads of software onto devices without the user's knowledge or consent. 

According to Ashley Leonard, Syxsense founder, and CEO, the biggest reason behind increasing challenges related to endpoint security is lack of training. “If people are not properly trained and grooved in on their endpoint and security tools, you are going to find devices and systems misconfigured, not maintained properly, and with critical patches undeployed. Training is vital, but it is much easier to train people on a single tool,” he further added.

Here’s List of the World’s Riskiest Connected Devices

 

IoT devices ranging from video conferencing systems to IP cameras are among the five riskiest IoT devices connected to networks, according to research highlighted by Forescout's cybersecurity research arm, Vedere Labs. 

In their recent research, the company identified recurring themes, showcasing the increasing attack surface as more devices are connected to enterprise networks, as well as how threat actors are able to leverage these devices to achieve their goals. 

“IP cameras, VoIP and video-conferencing systems are the riskiest IoT devices because they are commonly exposed on the internet, and there is a long history of threat actor activity targeting them,” The Forescout report said.

With the addition of IoMT in healthcare, the attack surface now includes IT, IoT, and OT in almost every organisation. Organizations must be aware of dangerous devices in all categories. Forescout recommends that companies implement automated controls and that they do not rely on siloed security in the IT network, OT network, or for specific types of IoT devices.

This latest study updates the company's findings from 2020, in which networking equipment, VoIP, IP cameras, and programmable logic controllers (PLCs) were listed as the riskiest devices across IT, IoT, OT, and IoMT in 2022.

New entrants, such as hypervisors and human-machine interfaces (HMIs), however, are indicative of trends such as critical vulnerabilities and increased OT connectivity.

Vedere Labs examined device data in Forescout's Device Cloud between January 1 and April 30. The anonymized data comes from Forescout customer deployments and contains information on nearly 19 million devices, which the company claims are growing on a daily basis.

A device's overall risk was calculated based on three factors: configuration, function, and behaviour. Vedered Labs calculated averages per device type after measuring the risk of each individual device to determine which are the riskiest.

7-year Android Malware Campaign Targeted Uyghurs: Report

 

A long-running surveillance and espionage campaign targeting one of China's largest ethnic minority groups has been revealed by researchers. Palo Alto Networks discovered the "Scarlet Mimic" group in 2016, which was initially spotted targeting Uyghur and Tibetan rights activists. 

Although the Chinese government has long oppressed and spied on these and other minority groups in the country, no direct attribution of this group's activities to Beijing is currently available. Check Point explained in a new report this week that Scarlet Mimic's mobile malware dates back to 2015. 

“The malware is relatively unsophisticated from a technical standpoint. However, its capabilities allow the attackers to easily steal sensitive data from the infected devices, even perform calls or send an SMS and track their location in real-time,” said Check Point.

“This makes it a powerful and dangerous surveillance tool. This tool also allows audio recording of incoming and outgoing calls, as well as surround recording.”

It has since identified 20 variants of the MobileOrder Android spyware, the most recent of which was discovered in mid-August of this year.

“The malware is relatively unsophisticated from a technical standpoint. However, its capabilities allow the attackers to easily steal sensitive data from the infected devices, even perform calls or send an SMS and track their location in real-time,” said Check Point.

“This makes it a powerful and dangerous surveillance tool. This tool also allows audio recording of incoming and outgoing calls, as well as surround recording.”

The malware is thought to be hidden in applications with Uyghur-language titles and disguised as PDF documents, photos, or audio. According to Check Point, it is spread through social engineering rather than being made available on the Google Play Store.

“When the victim opens the decoy content, the malware begins to perform extensive surveillance actions in the background. These include stealing sensitive data such as the device information, SMS messages, the device location, and files stored on the device,” the report continued.

“The malware is also capable of actively executing commands to run a remote shell, take photos, perform calls, manipulate the SMS, call logs and local files, and record the surround sound.”

Check Point advised anyone who might be a victim of this campaign to install anti-malware software on their device, use a VPN, and avoid clicking on suspicious links.

"Scarlet Mimic seems to be a politically motivated group. In the past, there have been reports from other researchers that it could be linked to China,” the vendor concluded.

“If true, it would make these surveillance operations part of a much wider issue, as this minority group has reportedly been on the receiving end of attacks for many years.”

This week, Beijing is on the defensive at the United Nations after a long-awaited report from the UN Human Rights Office confirmed evidence of serious human rights violations against Uyghur and other ethnic minority groups in Xinjiang.

Researchers Discovered Counterfeit Phones with Backdoor to Hack WhatsApp Accounts

 

Budget Android device models that are replicas of popular smartphone brands are infected with numerous trojans devised to target the WhatsApp and WhatsApp Business messaging apps. Doctor Web discovered the malware in the system partitions of at least four different smartphones in July 2022: P48pro, redmi note 8, Note30u, and Mate40. 

The cybersecurity firm said in a report published, "These incidents are united by the fact that the attacked devices were copycats of famous brand-name models. Moreover, instead of having one of the latest OS versions installed on them with the corresponding information displayed in the device details (for example, Android 10), they had the long outdated 4.4.2 version."

The tampering specifically affects two files, "/system/lib/libcutils.so" and "/system/lib/libmtd.so," which have been modified in such a way that when the libcutils.so system library is used by any app, it activates the execution of a trojan embedded in libmtd.so. If the apps that use the libraries are WhatsApp and WhatsApp Business, libmtd.so launches a third backdoor whose primary function is to download and install additional plugins from a remote location.

The researchers stated, "The danger of the discovered backdoors and the modules they download is that they operate in such a way that they actually become part of the targeted apps. As a result, they gain access to the attacked apps' files and can read chats, send spam, intercept and listen to phone calls, and execute other malicious actions, depending on the functionality of the downloaded modules."

Libmtd.so is configured to start a local server that enables connections from a remote or local client via the "mysh" console if the app using the libraries turns out to be wpa supplicant - a system daemon used to manage network connections.

Potential Risks

Based on the discovery of another trojan embedded in the system application responsible for over-the-air (OTA) firmware updates, Doctor Web hypothesised that the system partition implants could be part of the FakeUpdates (aka SocGholish) malware family.

The malicious app, on the other hand, is designed to exfiltrate detailed metadata concerning the infected device as well as download and install other software without the user's knowledge using Lua scripts.

Over 1,900 Signal User Data Exposed

 

The attacker involved in the latest Twilio data leak may have obtained phone numbers and SMS registration codes for 1,900 Signal users.

“Among the 1,900 phone numbers, the attacker explicitly searched for three numbers, and we’ve received a report from one of those three users that their account was re-registered,” the Signal team shared on Monday.

Twilio offers phone number verification services (through SMS) to Signal. Earlier this month, several Twilio employees were duped into receiving SMS messages that seemed to be from the company's IT department. The attacker gained access to information pertaining to 125 Twilio client accounts, including Signal's.

“During the window when an attacker had access to Twilio’s customer support systems it was possible for them to attempt to register the phone numbers they accessed to another device using the SMS verification code,” the Signal team explained.

As previously stated, the attacker was able to re-register at least one of the three numbers they specifically sought for.

“All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected,” the team noted. That’s because that data is stored on the users’ device and Signal has no access to or copy of it. “And this information certainly is not available to Twilio, or via the access temporarily gained by Twilio’s attackers,” the team added.

Unfortunately, if the attacker was successful in re-registering an account, they might impersonate the user by sending and receiving Signal communications from that phone number.

Signal is immediately contacting potentially affected users of this vulnerability through SMS. The business has unregistered Signal on all devices that these 1,900 users are now using (or that an attacker has registered for them) and is requesting that they re-register Signal with their phone number on their preferred device.

Furthermore, they are advising them to enable registration lock (Signal Settings (profile) > Account > Registration Lock) for their account, which is a function that aids in the prevention of this sort of fraud.

The attacker was able to obtain either the phone numbers of 1,900 registered Signal users or the SMS verification code they used to register with Signal as a result of this.

“The kind of telecom attack suffered by Twilio is a vulnerability that Signal developed features like registration lock and Signal PINs to protect against. We strongly encourage users to enable the registration lock. While we don’t have the ability to directly fix the issues affecting the telecom ecosystem, we will be working with Twilio and potentially other providers to tighten up their security where it matters for our users,” the team concluded.