Philips Smart TVs vulnerable to Screen Hijack and Cookie Theft

Previous articles on The Hacker News have highlighted that How Internet of Things (IoT) opens your home to cyber threats.

Recently the security researchers from vulnerability research firm ReVuln published a video demonstration shows that Philips Smart TV is prone to cyber attacks by hackers.

According to the researchers, some versions of Philips Smart TV with latest firmware update are wide open to hackers and also vulnerable to cookie theft.

The fault is in a feature called Miracast, that allows TVs to act as a WiFi access point with a hard-coded password ‘Miracast,’ and allows devices nearby within the range to connect the device for receiving the screen output.

“The main problem is that Miracast uses a fixed password, doesn't show a PIN number to insert and, moreover, doesn't ask permission to allow the incoming connection,” Luigi Auriemma, CEO and security researcher at ReVuln, told SCMagazine.

The vulnerability allows an attacker within the device’s WiFi range to access its various features. The potential attacker can:

* Access the TV's configuration files

* Access files stored on USB devices attached to the TV

* Replace the image on screen with video or images of its choice

* Control the TVs via an external remote control application

* Steal website authentication cookies from the TV's browser

“So basically you just connect directly to the TV via WiFi, without restrictions. Miracas is enabled by default and the password cannot be changed.” Luigi said.

More Details:

http://vimeo.com/90138302

The Researchers tested the flaw on Philips 55PFL6008S TV, but believe that many 2013 models are also affected because of the same firmware installed.

However, such attacks are not possible to happen in the wild, but if your neighbor is enough smart and knows your WiFi password, then either you should change your password to stronger one or turn off the Miracast feature on your Philips Smart TV.

Philip says, "Our experts are looking into this and are working on a fix. In the meantime, we recommend customers to switch off their Miracast function of the TV to avoid any vulnerability."

25 Million 'NAVER' Accounts Breached using Stolen Data

A 31-year-old South Korean has been recently accused by the police for the allegation of infiltrating and hacking the accounts of 25 million users of Naver, one of the popular search portal in South Korea.

On Wednesday, the Asian National Police Agency revealed that the suspect purchased the private information of 25 million users, including names, residential numbers, Internet IDs and passwords from a Korean-Chinese, back in August last year, Korea Herald reported.

The suspect surnamed 'Seo', supposedly used the purchased information to hack into the accounts of Naver users and sent out spam messages and other ‘illicit emails’ to the account holders. He had made an illegal profit of some 160 million won ($148,000) using this, according to the report.

Also a hacker surnamed 'Hong', has been arrested by the police who was suspected to develop the hacking program that automatically enter users’ IDs and passwords, which was apparently used by 'Seo' to sign-in to the Naver users' accounts.

The police have charged three accomplices of Seo without detention and enhancing their investigation to 86 others who are suspected to buy the computer programs made by Hong.

On this issue, a Naver official stressed that Naver was not at fault regarding the incident, rather the personal information of the users are ready to purchase from the black market of the Korea. So, the data are not abused by the internal sources, rather it is very easy for the people having a hand on users’ sensitive information.

He added “the best preventive measure for now would be for users to change their passwords on a regular basis so that even if someone should access their accounts the impact would be minimal.”

He might be right at this point, as earlier this month, 20 Million Credit Cards in South Korea were stolen in the country of 50 million population, which is approx 40% Population of the country who were affected by the Data breach.

Also In 2012, two South Korean hackers were arrested for data from 8.7 million customers in the nation's second-biggest mobile operator.

Snoopy Drone Can Attack your Smartphones

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and now these hovering drones are ready to hack your Smartphones.

London-based Sensepoint security researchers have developed a drone called 'Snoopy' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported.

The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections.

Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use 'Wireless Evil Twin Attack' to hack Smartphones.

More details:

https://www.youtube.com/watch?v=SWt484AC4E8

Once connected, Snoopy Drone can access your WiFi enabled Smartphones, allowing the attacker to remotely capture login credentials, personal data, and more.

Snoopy is self-powered and extremely mobile and researchers have successfully stolen Amazon, PayPal, and Yahoo credentials while testing it out in the skies of London.

The collection of metadata, including Wireless Network Names and Device IDs is not illegal, but intercepting personal data would likely violate wiretapping and identity theft laws.

If the technology got in the hands of criminals, there are all kinds of things they could do. Researchers said they have no malicious intent in developing Snoopy Drone, they are demonstrating the technology to highlight how vulnerable Smartphone users can be.

WiFi hacking is very simple to execute and are becoming far more common these days. If you are concerned about such attacks, just turn off that automatic WiFi network-finding feature.

CASH… CASH… Hacking ATM Machines with just a Text Message

Hack Defense
CASH… CASH… Hacking ATM Machines with just a Text Message.....

As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million ATM machines are run on it. Microsoft's decision to withdraw support for Windows XP poses critical security threat to the economic infrastructure worldwide.

MORE REASONS TO UPGRADE
Security researchers at Antivirus firm Symantec claimed that hackers can exploit a weakness in Windows XP based ATMs, that allow them to withdraw cash simply by sending an SMS to compromised ATMs.

HARDWIRED Malware for ATMs
According to researchers - In 2013, they detected a malware named Backdoor.Ploutus, installed on ATMs in Mexico, which is designed to rob a certain type of standalone ATM with just the text messages.

To install the malware into ATMs machines, hacker must connect the ATM to a mobile phone via USB tethering and then to initiate a shared Internet connection, which then can be used to send specific SMS commands to the phone attached or hardwired inside the ATM.

"Since the phone is connected to the ATM through the USB port, the phone also draws power from the connection, which charges the phone battery. As a result, the phone will remain powered up indefinitely."

HOW-TO HACK ATMs
• Connect a mobile phone to the machine with a USB cable and install Ploutus Malware.
• The attacker sends two SMS messages to the mobile phone inside the ATM.
o SMS 1 contains a valid activation ID to activate the malware
o SMS 2 contains a valid dispense command to get the money out
• Mobile attached inside the ATM detects valid incoming SMS messages and forwards them to the ATM as a TCP or UDP packet.
• Network packet monitor (NPM) module coded in the malware receives the TCP/UDP packet and if it contains a valid command, it will execute Ploutus
• Amount for Cash withdrawal is pre-configured inside the malware
• Finally, the hacker can collect cash from the hacked ATM machine.
Researchers have detected few more advanced variants of this malware, some attempts to steal customer card and PIN data, while others attempt man-in-the-middle attacks.

This malware is now spreading to other countries, so you are recommended to pay extra attention and remain cautious while using an ATM.

Banks to Pay Microsoft Millions of Dollars for extended Windows XP Support

Despite so many warnings from Microsoft and Cyber Security Experts, Windows XP is still being used by a number of Government organizations, Financial institutions as well as big Corporations all around the world.

If we look at the statistics then almost 30% of computers you will find that still run Windows XP, including banks, airline companies, and other huge enterprises, the count in real is likely to be even higher than the estimated.

But If you stick with Windows XP after April 8 2014, you might be at a great risk as XP will take its last breath officially on that day and will die! This fact poses danger to its users as they will be exposed to all kinds of treats. Almost thirteen years after it was 'first released' i.e. April 8 when the Redmond, Washington-headquartered Corporation will stop support for its longest running and most successful OS, Windows XP.

Continue using Windows XP after April 8, it will serve you as a Dead Zombie, because Microsoft will no longer support its own Operating System. So, the bugs and Security vulnerabilities will go forever unpatched. 

It’s difficult to believe that around 95% of the 420,000 bank’s ATMs in the USA, the country which is known for the world’s largest National Cyber Security Division, also run on Windows XP, but after the deadline if a serious security flaw or vulnerability is found in Windows XP, the banks on their own will defend against the increasingly high-tech cyber criminals.

Since there is almost 29% of the desktop market share worldwide running the older version of Windows; So, a malware of epic scale could be fabricated if a suitable zero-day vulnerability was found and it’s beyond your reach that what damage and destruction, cyber criminals might cause with such exploits.

As currently 95 percent of banks’ ATMs run XP which is around 2.2 million machines worldwide. So, it’s difficult to upgrade it all to Windows 7 by the April deadline, therefore the banks have arranged or are in the process of arranging extended support for Windows XP from Microsoft.

It is estimated that for British banks alone, the cost of extending support for Windows XP would be around £50 to £60 million.

"There are certainly large enterprise customers who haven't finished their migrations yet and are purchasing custom support," a spokesman for Microsoft told a Reuters.

But, you are strongly advised to upgrade your system or if your friends or family members are still running the older version, help them upgrade to Windows 7/8 as soon as possible.

Hacking Facebook User 'Access Token' with Man-in-the-Middle Attack

Facebook has several security measures to protect users' account, such as a user "access token" is granted to the Facebook application (like Candy Crush Saga, Lexulous Word Game), when the user authorizes it, it provides temporary and secure access to Facebook APIs.

To make this possible, users have to 'allow or accept' the application request so that an app can access your account information with the required permissions.

The Access Token stores information about permissions that have been granted as well as information about when the token will expire and which app generated it. Approved Facebook apps can publish or delete content on your behalf using the access tokens, rather than your Facebook password.
Access tokens are pretty sensitive, because anyone who knows the access token of a user can access the user's data and can perform any actions on behalf of the user, till the token is valid.

In Past years, Many Security Researchers reported various Oauth vulnerabilities to the Facebook Security team, but if the app traffic is not encrypted, you are not protected from the man-in-the middle attack and the attacker could steal your private information, using 'access token'.
Thus, access token is enough to allow a hacker to do all that the app authorized to do. The vulnerability is not new, it has already been known for a year, but Facebook is still vulnerable to hackers and surveillance specialized agencies like the NSA.

The Facebook Security team has acknowledged the vulnerability claimed by Ahmed Elsobky, a penetration tester from Egypt, "We'd actually received an earlier report from another researcher regarding this same issue. In response to that report, we've been working on limiting this behavior when it comes to our official apps, since they're pre-authorized. For other apps, unfortunately, fully preventing this would mean requiring any site integrating with Facebook to use HTTPS, which simply isn't practical for right now."

Facebook apps must be protected from man-in-the middle attacks, and this can be done effectively by using HTTPS to encrypt any traffic that contains sensitive information or authentication credentials.

If You are a Facebook app developer, you should never send an 'access token' over unencrypted channels and Facebook users should only trust the encrypted apps and use "HTTPS Everywhere" Browser Extension for automated security.

HTTPS can leak your Personal details to Attackers

  

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by adopting encrypted communications, i.e. SSL enabled websites, over the Internet, they’ll be secure.

People do care of their privacy and many have already changed some of their online habits, like by using HTTPS instead of HTTP while they are surfing the Internet. However, HTTPS may be secured to run an online store or the eCommerce Web site, but it fails as a privacy tool.
 

The US researchers have found a traffic analysis of ten widely used HTTPS-secured Web sites “exposing personal details, including medical conditions, financial and legal affairs and sexual orientation".
 

The UC Berkeley researchers Brad Miller, A. D. Joseph and J. D. Tygar and Intel Labs' researchers, Ling Huang, together in "I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis’ (PDF), showed that HTTPS, which is a protocol to transfer encrypted data over the Web, may also be vulnerable to traffic analysis.
 

Due to similarities with the Bag-of-Words approach to document classification, the researchers refer their analysis as Bag-of-Gaussians (BoG).
 

"Our attack applies clustering techniques to identify patterns in traffic. We then use a Gaussian distribution to determine similarity to each cluster and map traffic samples into a fixed width representation compatible with a wide range of machine learning techniques,” say the researchers."
 

They also mentioned that, "all capable adversaries must have at least two abilities." i.e. The attacker must be able to visit the same web pages as the victim, allowing the attacker to identify patterns in encrypted traffic indicative of different web pages and "The adversary must also be able to observe victim traffic, allowing the adversary to match observed traffic with previously learned patterns" they said.

The Test analysis carried out in the study includes health care services, legal services, banking and finance, Netflix and YouTube as well. The traffic analysis attack covered 6,000 individual pages on the ten Web sites and identified individual pages in the same websites with 89% accuracy in associating users with the pages they viewed.

Snowden mentioned previously, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it" So, the technique allows Government agencies to target HTTPS traffic to mine metadata from ISP Snooping, Employee Monitoring, and which they could use for Surveillance and Censorship purpose.