Week 30 in Review – 2013

Resources

• Hackers turn Verizon box into spy tool – youtube.com

  Researchers at iSec hacked into a Verizon network extender, which anyone can buy online, and turned it into a cell phone tower small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range.

• Project Artemis OSINT activities on Deep Web – resources.infosecinstitute.com

  We have worked mainly in two directions: the first one related to a massive analysis of a meaningful number of Tor URLs and hidden services and their evolution at the time, and in a second breach we explored the possibility to track users within Tor networks.

• The Real Cost of a Data Breach Infographic – veracode.com

  What happens when you let your application security posture go unchecked? Data breaches happen and with every breach comes a cost. As we’ve just witnessed in recent headlines regarding the five Eastern European computer programmers that went on a seven year hacking spree, this cost can be quite high with damages estimated to exceed $300 million.

Tools

• trailofbits/iverify-oss – github.com

  iVerify is an integrity validator for iOS devices capable of reliably detecting modifications such as malware and jailbreaks, without the use of signatures. It runs at boot-time to thoroughly inspect the device, identifying any changes and collecting relevant artifacts of these changes for offline analysis. This will let you know if the device has simply been jailbroken or if it has been modified in a much sneakier way.

Vulnerabilities

• Apple Hacked
  • Apple Confirms That Its Dev Center Has Been Breached By Hackers – techcrunch.com

    After 3 days of silence as to why the iOS Developer Center has been down, Apple has just confirmed that they are investigating a security breach.Developer..

  • Apple confirms hack of its developer website – computerworld.com

    Apple on Sunday admitted that its developer website, which has been offline since Thursday, had been hacked and sSome information may have been stolen.

• Car Hackers
  • Hackers Reveal Nasty New Car Attacks–With Me Behind The Wheel (Video) – forbes.com

    A pair of Pentagon-funded hackers prove it’s possible to take control of your car with a few keystrokes. Time for Detroit to wake up.

  • Car hackers use laptop to control standard car – bbc.co.uk

    Next time you have a passenger in the back seat of your car offering infuriatingly “helpful” advice about your driving skills, count yourself lucky that they aren’t doing anything more sinister in their attempts to guide your vehicle.

  • Court stops scientists from publishing codes that could wirelessly lockpick Porsches – theverge.com

    Three cryptography experts from a Dutch university have cracked the codes used to start luxury cars such as Audis, Bentleys, Porsches, and Lamborghinis, knowledge that could allow anyone with the right tools to wirelessly lockpick a $300,000 car.

• First Malicious Use of ‘Master Key’ Android Vulnerability Discovered – symantec.com

  Earlier this month, we discussed the discovery of the Master Key vulnerability that allows attackers to inject malicious code into legitimate Android applications without invalidating the digital signature.

• Android Bug Superior to Master Key – Jay Freeman (saurik) – saurik.com

  This bug was to be disclosed at Blackhat 2013, but due to a large amount of attention that it was given by the community, it was rapidly found, both internally in security circles, as well as on blogs and forums.

Other News

• Barnaby Jack, Computer Hacker, Dead at 36 – bloomberg.com

  Barnaby Jack, a computer-security professional with a showman’s flair for demonstrating technical weaknesses in ATMs and medical devices, has died. He was 36.

• Spy agencies ban Lenovo PCs on security concerns – afr.com

  Computers made by the world’s biggest PC-maker, Lenovo, have been banned from the “secret” and ‘‘top secret” ­networks of the intelligence and defence services of Australia, the US, Britain, Canada, and New Zealand.