Tuesday, 29 April 2014

Skype leaves Sensitive User Data Unencrypted Locally On Computers




An application should always encrypt users' sensitive data, either it is local or stored on company servers, but still many popular services failed to provide fully secured solutions to their users.

Cristian Dinu (DrOptix) and Dragoş Gaftoneanu, Romanian programmers at Hackyard Security Group, a private community dedicated to IT security research approaches 'The Hacker News' editorial and claimed that the Microsoft owned most popular free voice calling service Skype leaves its local database unencrypted, that puts users' sensitive information at risk.

All Skype-to-Skype voice, video, file transfers and instant messages are encrypted. Though, Skype's local database is also supposed to be encrypted because it is sensitive enough, but Dragoş found that Skype leaves users’ full name, birthday, phone numbers, country, city and even full chat conversations unencrypted on the systems’ hard drive in a known location without any encryption or password.

Skype is a free online service that allows users to communicate with peers by voice using a microphone, video by using a webcam, and instant messaging over the Internet. Due to its worldwide popularity it was acquired by Microsoft Corporation on May 2011 for US$8.5 billion.

UNENCRYPTED SKYPE ACCOUNT LOCAL DATABASE

Dragoş claimed that private information of skype users is stored in such a way that anyone with access to the device can see the private chats, usernames, phone number etc and use them for any purpose. 



Unencrypted data is obviously a loophole for cyber criminals and the Skype's unencrypted database also displays users’ location information such as country and city, which could be considered a jackpot for unsavory hackers.

While chatting with his friend 'Cristian Dinu' on Skype, Dragoş noticed a folder in his Linux home directory that contains a database file, called main.db, created by the Skype software.

In Linux: /home/user/.Skype/skypename/
In Mac OS X: /Users/user/Library/Application Support/Skype/skypeuser
In Windows : C:\Users\Username\AppData\Roaming\Skype\skype.id

Using SQLite utility, Dragoş connected to the unencrypted Skype database and found Skype user account related information in plaintext under different tables.

The Account table contains the basic information of the user such as skypename, fullname, birthday, country, city, mobile phone numbers, emails from Accounts, etc. 

Another Table labeled 'CallMembers' stores the information about when and whom user called. The 'Contacts' table stores the user’s friend list along with skypename, fullname, and some interesting columns, such as birthday, country, city and phone_mobile.

The most surprising table came out to be the 'Messages' Table that stores the users' chat conversations in complete plain text format. Even some tables regarding video calls and SMSes sent also reveals users’ personal data.

A flaw in the popular voice calling and messaging service may have left its Millions of users vulnerable to the attackers by storing the data in such a way that anyone can read it. The users’ details are kept inside one of Skype's database files buried within the file system, but anyone could see it if they had access to users' device and knew where to look.

It is quite easy to steal the history files and with the help of some special software one can view all the history without your Skype password.

The researcher tested this on the Linux based operating system but later it was found that the application makes the same files on every operating system.

Dragos advised users to remove the content of main.db every time they close Skype application and also provided a Linux based script to remove main.db automatically, which users just need to make it run on every startup. Users are advised to store their Skype profile files on the encrypted volume or in the encrypted container.

This is an example of poor software development practices. Microsoft should take proactive steps to ensure the privacy of users data.

Monday, 21 April 2014

Routers TCP 32764 Backdoor Vulnerability Secretly Re-Activated Again


   At the beginning of this year, we reported about the secret backdoor ‘TCP 32764’ discovered in several routers including, Linksys, Netgear, Cisco and Diamond that allowed an attacker to send commands to the vulnerable routers at TCP port 32764 from a command-line shell without being authenticated as the administrator.

The Reverse-engineer from France Eloi Vanderbeken, who discovered this backdoor has found that although the flaw has been patched in the latest firmware release, but SerComm has added the same backdoor again in another way.

To verify the released patch, recently he downloaded the patched firmware version 1.1.0.55 of Netgear DGN1000 and unpacked it using binwalk tool. He found that the file ‘scfgmgr’ which contains the backdoor is still present there with a new option “-l”, that limits it only for a local socket interprocess communication (Unix domain socket), or only for the processes running on the same device.

On further investigation via reverse engineering the binaries, he found another mysterious tool called ‘ft_tool’ with “-f”option that could re-activates the TCP backdoor.

In his illustrated report (shown below), he explained that ‘ft_tool’ actually open a raw socket, that listens incoming packages and attackers on the local network can reactivate the backdoor at TCP port 32764 by sending the following specific packets:

 -->    EtherType parameter should be equal to ‘0x8888’.
 --> Payload should contains MD5 hash of the value DGN1000                            (45d1bb339b07a6618b2114dbc0d7783e).
 -->    The package type should be 0x201.

So, an attacker can reactivate the TCP 32764 backdoor in order to execute the shell commands on the vulnerable SerComm routers even after installing the patched version.

Now question rises, why the routers manufacturers are adding intentional backdoors again and again?? May be the reason behind to be a helping hand for the U.S. intelligence agency NSA.

Currently there is no patch available for newly discovered backdoor. If you want to check your wireless router for this backdoor, you can download Proof-of-Concept (PoC) exploit released by the researcher from here or follow the below given steps manually:

    -->  Use 'binwalk -e' to extract the file system
    -->  Search for 'ft_tool' or grep -r 'scfgmgr -f
    -->  Use IDA to confirm.

Thursday, 10 April 2014

Securing Passwords with Bcrypt Hashing Function



Passwords are the first line of defense against cyber criminals. It is the most vital secret of every activity we do over the internet and also a final check to get into any of your user account, whether it is your bank account, email account, shopping cart account or any other account you have.

We all know storing passwords in clear text in your database is ridiculous. Many desktop applications and almost every web service including, blogs, forums eventually need to store a collection of user data and the passwords, that has to be stored using a hashing algorithm.

Cryptographic hash algorithms MD5, SHA1, SHA256, SHA512, SHA-3 are general purpose hash functions, designed to calculate a digest of huge amounts of data in as short a time as possible. Hashing is the greatest way for protecting passwords and considered to be pretty safe for ensuring the integrity of data or password.

The benefit of hashing is that if someone steals the database with hashed passwords, they only make off with the hashes and not the actual plaintext passwords. But why do we always hear about passwords being cracked? There are some weaknesses in cryptographic hash algorithm that allows an attacker to calculate the original value of a hashed password, as explained below:

PROBLEMS WITH CRYPTOGRAPHIC HASH ALGORITHM

Brute Force attack: 
Hashes can’t be reversed, so instead of reversing the hash of the password, an attacker can simply keep trying different inputs until he does not find the right now that generates the same hash value, called brute force attack.

General-purpose hash function designed for speed,because they are often used to calculate checksum values for large data sets and files, to check for data integrity. Using a modern computer one can crack a 16 Character Strong password in less than an hour, thanks to GPU.

Hash Collision attack:
Hash functions have infinite input length and a predefined output length, so there is inevitably going to be the possibility of two different inputs that produce the same output hash. MD5, SHA1, SHA2 are vulnerable to Hash Collision Attack i.e. two input strings of a hash function that produce the same hash result.

Salting your password may foil dictionary attacks, but an attacker can still use a wordlist to crack the hashes. So, what exactly could be a good for securing your passwords with hashing?

BCrypt, IT's SLOW AND STRONG AS HELL
To overcome such issues, we need algorithms which can make the brute force attacks slower and minimize the impact. Such algorithms are PBKDF2 and BCrypt, both of these algorithms use a technique called Key Stretching.

Bcrypt is an adaptive hash function based on the Blowfish symmetric block cipher cryptographic algorithm and introduces a work factor (also known as security factor), which allows you to determine how expensive the hash function will be.

This work factor value determines how slow the hash function will be, means different work factor will generate different hash values in different time span, which makes it extremely resistant to brute force attacks. When computers become faster next year we can increase the work factor to balance it out i.e. to make the attack slower.

This hashing algorithm is implemented in a number programming languages like PHP, Java, Ruby, C#, C etc. If you are a PHP developer, you can simply use the crypt() function with a Blowfish required salt.

<?php
// Generate a password using a random salt 
password_hash($password, PASSWORD_BCRYPT);
// Generate a password with a known salt
password_hash($password, PASSWORD_BCRYPT, array("salt" => $salt));
// This will cause crypt to generate a bcrypt hash
$salt = '$2y$10$' . mcrypt_create_iv(22);
$salted_password = crypt($password, $salt)

This method of hashing passwords is solid enough for most web applications that stores users’ passwords and other sensitive data.

Monday, 7 April 2014

Android Forensics: How To Bypass The Android Phone Pattern Lock

Introduction

Android is an open source operating system based on the Linux kernel, initially developed by Android Inc., which Google bought in 2005. Initially, Android was developed to support touch screen devices like smartphones. These devices support different types of screen locks, like swipe lock, PIN lock, pattern lock, gesture lock, facial lock, etc.

Swipe lock unlocks the screen just by swiping a defined area on the screen with your fingertips. PIN lock is when you enter a correct pin, the screen will be unlocked. Pattern lock unlocks the screen when the user creates a pattern by joining nine circles on the screen, which is already saved on your system. This article is only based on the pattern locking system and does not cover biometric locking systems available on the phones.

Understanding Android Pattern Locks


Patterns are nothing but the path traced by the fingers on the nine circles with the number starting from 1 to 9 from top-left corner to the right bottom corner as shown in the figure above. If we select a pattern 1478, the pattern would look as shown in Figure 2.




This pattern is saved with a 20-byte SHA-1 Hash. So the SHA-1 hash for 1478 will be “06CF96F30A7283FF7258FCEF5CF587ED51156C37” which is stored in a file named gesture.key in /data/system folder in Android’s internal memory.

The Catch

The catch to change the pattern is replace this file with a known pattern gesture.key file.

Prerequisite

1. Debugging mode should be enabled.
2. Android adb (Android Debugger Bridge) tool.
3. AVD (Android Virtual Device) Manager Tool.
4. Device USB Cable
5. Device whose password needed to be changed

Methodology

Step 1

Start an AVD (Android Virtual Device), and create a pattern in the AVD. Open a command prompt. Execute the following command to check whether the AVD has been connected to the debugger or not.

1. adb devices

The output of the command should look as shown in Figure 3. If you see the name of your emulator on the screen, then your device is perfectly connected.



Step 2

Now pull out the gesture.key file from the AVD. For this execute the command that is mentioned below. This file is located in /data/system.

1. adb pull /data/system/gesture.key gesture.key

The gesture.key file will be pulled to your current working directory. Here the syntax of command is adb pull.  Here my current working directory is my home folder. So the gesture.key file will be pulled out in my local file system in my home directory.

The output of the command is as shown n Figure 4.



Step 3

Now connect the other device, whose password is to be changed and close the AVD. For my example I will be using the same AVD. So now my password in my AVD is 1478 according to the pattern cell numbers. Figure 5 illustrates the pattern.



In next step, it will be shown how to change the pattern of new device to a known pattern from the previous AVD which was 1236. Figure 6 illustrates the new pattern.



Step 4

Now to change the password with a known pattern, we will push our known pattern file to the new device. The command for pushing a file into an android system is shown below. This file has to be pushed into /data/system of the new device.

adb push gesture.key /data/system/gesture.key
The gesture.key file will be pushed into the Android’s file system replacing the previous file. So now android will be having a new gesture file which contains a known password, and when we use this pattern to unlock the screen, the screen will be unlocked. The syntax for pushing a file into an Android system is adb push .

The output of the command is shown in Figure 7.



Now this changes the pattern of the new device with a known pattern. Figure 8 illustrates the known pattern unlock.



Limitations

The device should be rooted
The device should have USB debugging mode enabled

Reference
You can also look for the SHA-1 Hash values of the gesture key and match it with the database to find out the pattern lock combination.

http://www.android-forensics.com/tools/AndroidGestureSHA1.rar (25 MB)



Sunday, 6 April 2014

Beware of Zeus Banking Trojan Signed With Valid Digital Signature



A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.

Every Windows PC in the world is set to accept software "signed" with Microsoft's digital certificates of authenticity, an extremely sensitive cryptography seal.

Cyber Criminals somehow managed to hack valid Microsoft digital certificate, used it to trick users and admins into trusting the file. Since the executable is digitally signed by the Microsoft developer no antivirus tool could find it as malicious.

Digitally signed malware received a lot of media attention last year. Reportedly, more than 200,000 unique malware binaries were discovered in past two years signed with valid digital signatures.
A Comodo User submitted a sample of the malicious software that attempts to trick user by masquerading itself as file of Internet Explorer and having a valid signature issued to “isonet ag”.



On execution, the malicious file get installed without any antivirus detection and also tried to download rootkit components from:

--> lovestogarden.com/images/general/TARGT.tpl
--> villaveronica.it/images/general/TARGT.tpl

Zeus is one of the oldest families of financial malware, but this new highly sophisticated variant of Zeus Trojan blessed with legitimate way to bypass security checks and launching attacks to obtain the Banking login credentials of victims and committing financial frauds.

The Comodo Team found over 200 unique hits for new variant of this Zeus distributed over mass computers via infected web pages or phishing mail attacks.

JUST BEHIND YOUR WEB BROWSER

Typically, Zeus malware triggers a Man-In-Browser (MitB) attack and allows the hacker to establish a remote session in order to intercept the actions performed by the victim.

"If the attack victim goes to an online banking site to perform a transaction, such as transferring funds, they see everything as occurring normally. The payment information they keyed will display as expected, but behind the scenes the hackers will alter the transaction and send it to another account with possibly a larger amount." researchers explained.

There are three components of Zeus to launch an attack:

Downloader: Once the malware will get installed via online vulnerability or as an attachment in a phishing email, it will download the rootkit and malware component of the attack.

Malware:It is a stealer that will steal valuable user data, login credentials, credit card info, etc.

Rootkit: This component will hide the installed malware via protecting it from detection and removal. The rootkit is installed by decrypting the downloaded file into the “Boot Bus Extender” so that it gets loads prior to any driver and this makes it hard to remove as well.

To protect malicious components and auto-run entries from being deleted by antivirus software 'After decrypting downloaded payload, the rootkit is installed within “Boot Bus Extender” to make sure it loads before other drivers.' researchers explained.

HOW TO KICK ZEUS ASS

We have noticed an increase in this trend of signed malware. Windows users are recommended to Install a best Internet Security Tool and Configure the firewall to maximize the security of their computer system. Don’t open the links sent to you in mails from unknown sources.