Week 14 In Review – 2017

Events Related

• Cyphercon 2.0 Videos – www.irongeek.com
  These are the videos from the Cyphercon 2.0 conference.

• DakotaCon – www.youtube.com
  South Dakota’s premier security event.

• TROOPERScon – www.youtube.com

• AIDE 2017 – www.irongeek.com

Resources

• BlackHat 2017 – blackhat.com

• Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) – googleprojectzero.blogspot.com
  It’s a well understood fact that platform security is an integral part of the security of complex systems. For mobile devices, this statement rings even truer; modern mobile platforms include multiple processing units, all elaborately communicating with one another.

• How Long Does It Take to Crack Your Password? – blog.elcomsoft.com
  We hear the “how long will it take to break…” question all the time. The answer is always the same: “it depends”. In this article we’ll try to give a detailed explanation and a definite answer for as many possible combinations as possible.

Tools

• USB Canary – github.com
  USB Canary is a Linux tool that uses pyudev to monitor USB devices either around the clock, or just while it’s locked. It can be configured to send you an SMS via the Twilio API, or notify a Slack channel with it’s inbuilt Slack bot.

• nRF24 Playset – github.com
  The nRF24 Playset is a collection of software tools for wireless input devices like keyboards, mice, and presenters based on Nordic Semiconductor nRF24 transceivers, e.g. nRF24LE1 and nRF24LU1+.

Techniques

• How I Hacked my Smart TV from My Bed via a Command Injection – www.netsparker.com
  It was one of those lazy evenings, just watching TV after a long day. I was tired but kept on thinking about a vulnerability I found earlier on in a router someone gave me. Finding a flaw in such a device is always quite fun because you often see things that aren’t meant to be seen by the users, except the developers and maybe the company’s tech support team.

• Hacking the Belkin E Series OmniView 2-Port KVM Switch – blog.talosintelligence.com
  In this post, we demonstrate the possibility of modifying a standard KVM switch to include an Arduino based key logger. We show that this can be achieved using off-the-shelf tools and components by anyone with a minimum of electronic engineering and programming knowledge.

Vulnerabilities

• Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle – alephsecurity.com
  In this blog post we describe a new critical vulnerability CVE-2017-5622 in OnePlus 3/3T (OxygenOS 4.0.2 and below), which relaxes the attack prerequisites. Combining it with CVE-2017-5626 allows a malicious charger to own your device if it’s hooked-up while being powered off (the charger may also just wait until the battery is drained).

• An Analysis of CVE-2017-5638 – blog.gdssecurity.com
  At GDS, we’ve had a busy few weeks helping our clients manage the risk associated with CVE-2017-5638 (S2-045), a recently published Apache Struts server-side template injection vulnerability. As we began this work, I found myself curious about the conditions that lead to this vulnerability in the Struts library code.

• ATM hackers release cold, hard cash at the click of a remote button – www.zdnet.com
  Researchers have revealed a novel way for hackers to withdraw money fraudulently through an ATM, and without any need to physically access the device.

• CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps – blog.flanker017.me
  Recently I’ve switched my main research focus back from Apple stuff to Android and browsers. While I was auditing a custom image parsing library written by some ppls, I transferred the test case image manipulated by 010editor via a popular IM messenger, and all of a sudden, the app crashed.

• Booby-trapped Word documents in the wild exploit critical Microsoft 0day – arstechnica.com
  There’s a new zeroday attack in the wild that’s surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.

Other News

• Congress just killed online privacy rules. Now what? (FAQ) – www.cnet.com
  As of Tuesday, both houses of Congress have voted to repeal regulations adopted last year by the Federal Communications Commission. The next step is a signature from President Donald Trump, who has already signaled he’s eager to get rid of the regulation.

• Trump signs law allowing ISPs to sell your browsing history – www.zdnet.com
  President Donald Trump quietly signed a law Monday preventing privacy rules that were passed last year from coming into effect which prevented internet providers from selling their browsing data.

• The Purge is cancelled: Hackers unleash sirens of doom on Dallas – mashable.com
  Beginning around 11:44 p.m., all 156 of the outdoor warning sirens meant to alert the residents of Dallas (population 1.3 million) of impending disaster bellowed across the city. There was no immediate explanation, and the sirens didn’t stop.