Category Archives: Cell Phone (iPhone, Android, windows mobile)

About GriftHorse Malware (30th Sep 2021)

Preface: Large portion of smartphone will not installed antivirus software. Even though it is installed. The antivirus vendor similar doing racing campaign with cyber criminals. Nowadays, vendor established malware sinkhole to find zero day vulnerability and existing cyber attack. If cyber criminals relies on software design limitation hiding itself on phone. Perhaps sinkhole not easy to figure it is a malicious acclivities. Therefore certain amount of personal data will be go to unknown area.

Ref: Sinkholes are most often used to seize control of botnets by interrupting the DNS names of the botnet that is used by the malware.

Background: Headline News (Bleepingcomputer) report today that there is a malware nickname GriftHorse. It did the infiltration to Android and causes hundred of million smartphones become a victims. According to the article by Bleepingcomputer expert. A mobile security solution firm (Zimperium) observe malware (GriftHorse) exploiting the software flexibility of Apache Cordova. And hunting over 10 million victims globally.

Details: The Trojans are developed using the mobile application development framework named Apache Cordova, Zimperium said. They uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing. Before you read the details of the article. Perhaps you can quickly read the attached picture to understand that there are many ways to exploits Apache Cordova feature to sniff the data on the endpoint.

Ref: Cordova wraps your HTML/JavaScript app into a native container which can access the device functions of several platforms. Apache Cordova is an open source framework that enables web developers to use their HTML, CSS, and JavaScript content to create a native application for a variety of mobile platforms.

Reference article, please refer to the link:

Bleepingcomputer – https://www.bleepingcomputer.com/news/security/new-android-malware-steals-millions-after-infecting-10m-phones/

Zimperium – https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/

Reduce e-waste and achieve environmental protection: ​outdated iphone models – Security updates (14-06-2021)

Preface: To protect the safety of customers, Apple will not disclose, discuss or confirm security issues until the investigation is completed and patches or updated versions are provided.

My observations on CVE-2021-30737:

Background: PKINIT is a preauthentication mechanism for Kerberos 5 which uses X.509 certificates to authenticate the KDC to clients and vice versa.
PKINIT requires an X.509 certificate for the KDC and one for each client principal which will authenticate using PKINIT.

Vulnerability details:
A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 Generalized Time decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution.

Official announcement: https://support.apple.com/en-us/HT212548

Iphone 6s owner have serious operation problem after upgrade their IOS to 12.4.9. Do you think vendor will be fixed?

Preface: Vendor insists to fix the cyber security weakness of CVE-2020-27929 & CVE-2020-27930. However, this iOS upgrade action was caused the specify iPhone product encounter operation difficulties especially 6s.

Observation 1: On 5th November, 2020, apple implement security update to enhance the cyber security protection on their products. This enhancement including an remediation action to two different vulnerabilities. However quite a lot of user including myself encountered technical problem. For instance, the touch screen service on iPhone 6s suspended intermittent.

Observation 2: When I connect my iPhone 6s to my notebook. The touch screen service malfunction problem not been happen in frequent But still occur intermittent. The symptom looks that it is related to a daemon (com.apple.mtmergeprops.plist). Do you think this problem cause by missing a step to check ios device chip model (A9 or a10). Whereby causes memory mapping problem occurs.

Reference: Apple security updates on 5th Nov 2020 – https://support.apple.com/en-us/HT211940

Please be vigilant. Spyware will be installed on your phone at any time – Oct 2019

Preface: Since the spyware runs in a stealth mode, it will let you track the device without being detected.

Background: Patroit Act empower law enforcement agency or related department can legally monitor the movements of suspect especially Terrorism. And therefore law enforcement agency will be used spyware monitor what’ the target movement. As time goes by, quite a lot of software vendors do a transformation of mobile phone monitoring tool (spyware) to consumer product. Flexispy and Spyzie are popular in the market. You can purchase this product though vendor web portal. The slogan by vendor is that no rooting or jailbreaking required. It can easy to track SMS, CallLogs, Social Apps and locations.

Legal point of view: If the spyware was ‘used on a case,’ a detail document of report should be provided. Given the functionality of FlexiSpy, it would require a wiretap order, not just a search and seizure warrant, said attorney.

The reasons why cyber criminals want to hack your phone?

  • To eavesdrop on calls
  • To steal money
  • To blackmail people

So the Federal Trade Commission recommended Smartphone users who suspect an illegitimate stalking app on their device should consider their recommendations. Refer to URL for more details. https://www.consumer.ftc.gov/blog/2019/10/stalking-apps-retina-x-settles-charges

Reflection – Crafted emoji cause WeChat application (for Android) service crash.

Preface: When mobile computing born, cyber attack (botnet attack) and data leakage rapidly growth. Do you think this is the destiny.

Observation: A proof of concept shown that a technical limitation occurs on TenCent WeChat 7.0.4 (android version). When a stranger send a craft emoji to WeChat user. The WeChat application will be crashed once open the emoji file. The security expert found the following reason:

vcodec2_hls_filter in libvoipCodec_v7a.so in the WeChat application through 7.0.3 for Android allows attackers to cause a denial of service

Refer to attached diagram, the 1st phase of attack should get the IMEI. Perhaps the specify attack has per-requisite. So it let the people feeling that it is only an idea and therefore may not pay attention in high pioritty. But it is an alert signal to WeChat users. Why? Wechat’s plug-ins are encapsulated in jar files and so files in the / assets / preload directory (see attached diagram). Security expert found technical limitation on vcodec2_hls_filter in libvoipCodec_v7a.so. From technical point of view , attacker can be develop attack technique ride on this issue. Stay tuned.

End.

Who is right, who is wrong. Who know?

Preface: Spy Chip Scandal Amplifies Concerns over Huawei’s 5G Equipment on last year (2018).

Doubt – Is it safe to use Huawei phones and should the manufacturer be trusted to make 5G network equipment?

Reality: A flaw discovered in an ASN.1 compiler, a widely used C/C++ development tool, could have propagated code vulnerable to heap memory corruption attacks, resulting in remote code execution. It looks that this technical flaw not resolve yet!

Vulnerability Note VU#790839
Objective Systems ASN1C generates code that contains a heap overflow vulnerability, for more details, please refer to below url for reference.

https://www.kb.cert.org/vuls/id/790839/

What is your decision? I am a mobile phone users, a lot of time I forget about surveillance scandal. But 5G phone it is expensive in the moment, I do not have money to buy!

Does QR Codes can pose a risk to your security and safety?

Preface:
QR codes have become common in consumer advertising. Friendly speaking, it make your finger and mouth more relaxed!

Is the QR code safe?
Most risks with QR Codes stem from QR Codes not being readable to humans. Since the QR codes not being able to easily identify a code as the original where the problems arise. As a result, the mobile application authentication design will be a key factor for security protection.
In addition, malware hidden in the QR-Reader app can infect your smartphone. Malware known as ‘Andr/HiddnAd-AJ’ was able to load itself onto a number of apps designed to read QR-Codes. And compromise your smartp

Realistic:
Even if it involves risk, the modern world likes to take a risky approach. So how to enhance the QR code system security?

Possible ways:

  1. QR code system uses fingerprints and face recognition.
  2. Awareness training
  3. Mobile device management especially patch management and antivirus system.

Should you have interest to find out more, please refer below url for reference:
Security Considerations of Using QR Code – https://www.polyu.edu.hk/its/general-information/newsletter/144-year-2018/feb-18/732-security-considerations-of-using-qr-code

Synopsis- NIST plan to retire SMS function deployed for two Factor Authentication

As of today, we are enjoying the security protection of 2 factor authentication with SMS-based one-time passwords (OTP). This protection mechanism was distributed widely. For instance, online banking, Visa,Master credit card online payment system and mobile application payment system. However NIST plan to retire SMS base 2 factor authentication. This decision has similar a open topic for public discussion in related industry since end of 2016. Some of the people queries of the technical standpoint of this decision.

Background – NIST-800-63-3 equivalent a bible for CSO (chief security officer) in the world. Even though you business not focusing US market.  The documentation structure of NIST SP 800-63A is the subset of 800-63-3. This subset of guidelines was specify address digital identity guidelines. Item 4.4.1.6 indicate the address confirmation including SMS. (below hyperlink for official document download).

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf

Reference: Two-factor authentication uses two different factors of below namely, “something you have” (e.g. mobile phones), “something you are” (e.g. fingerprints) or “something you know” (e.g. password), to authenticate a user identity.

SMS messages system design limitation (see below):

  1. SIM swap is a type of phishing fraud that poses a serious threat to mobile phone user. As a result, all calls and texts to the victim’s number are routed to the fraudster’s phone, including one-time passwords
  2. SMS Messages Can Be Intercepted in Many Ways (problem in SS7)
  3. ASN.1 design flaw

Should you have interest of item 2 and 3? Please refer below:

SS7 flaw make two factor authentication insecure – Reveal the veil

 

 

Integrated GPU may allow side-channel and rowhammer attacks – 03 May 2018 | Last revised: 03 May 2018

The side-channel attack looks never ending in CPU world.
So called rowhammer attack jeopardize to the cyber security world today especially smartphone. The worst is that it can altering the information saved in a computer’s memory once attack successful.

An academic paper describes an attack called “GLitch,” which leverages two different techniques to achieve a compromise of a web browser using WebGL (see below url for reference).

https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf

Impact

The attacker may be able to bypass security features provided by the web browser.

Observation:

Microsoft and Cisco announce that they will intend to integrate New Intel Threat Detection Technology to Help Defend Against Advanced Security Threats last month.
I think they have to consider this technincal problem before click start of their project.

https://newsroom.intel.com/editorials/securing-digital-world-intel-announces-silicon-level-security-technologies-industry-adoption-rsa-2018/

Status:

 

Vendor Status Date Notified Date Updated
Google Affected 16 Mar 2018 03 May 2018
Mozilla Affected 16 Mar 2018 03 May 2018
Microsoft Not Affected 16 Mar 2018 25 Apr 2018
AMD Unknown 16 Mar 2018 16 Mar 2018
Apple Unknown 16 Mar 2018 16 Mar 2018
Arm Unknown 26 Apr 2018
BlackBerry Unknown 16 Mar 2018 16 Mar 2018
Brave Software Unknown 16 Mar 2018 16 Mar 2018
Broadcom Unknown 16 Mar 2018 16 Mar 2018
IBM, INC. Unknown 26 Apr 2018 26 Apr 2018
Imagination Technologies Unknown 16 Mar 2018 16 Mar 2018
Intel Unknown 16 Mar 2018 16 Mar 2018
NVIDIA Unknown 16 Mar 2018 16 Mar 2018
Opera Unknown 16 Mar 2018 16 Mar 2018
QUALCOMM Incorporated Unknown 16 Mar 2018 16 Mar 2018

Realistic threats exists in NFC. Are they all secure?

The mobile payment is aggressive in some sort of area. As seen, it fully utilized in China market. From the economey point of view, this new payment design driven the retail business in parallel. The traditional banknote concept convert to digitalization silently.Is this a prelude of digital currency? The people doubt of the NFC (near field communcation) technology embedded in Visa payment earlier. As times goes by, it is popular today. The new smartphone market similar pushing the NFC techonology into next phase. The new form of payment method integrated both smartphone (iPhone and Android) and payment card with near field communication. How Secure Are NFC Payments? NFC technology comes with a range of security features that help protect financial data from stolen. But are they capable to avoid modern cyber attack? Perhaps if the computer product contains Java programming element. It is hard to avoid vulnerability. As a matter of fact, Java bytecode Verification is a key element in Java world. If this feature applied in the overalll design. It will significant reduce the malware infection because it is not easy to execute the malicious code. Do you have doubt after this discussion?