The vulnerability is related to access tokens to the Amazon Web Services cloud service. Apparently, 77% of the analyzed apps contained the credentials in their code, in view of possible attackers who could use them to access private services.

One of the vulnerabilities was exploited to extract data from thousands of clients of a bank

As the researchers explain, AWS access credentials are normally used to connect the resources necessary for the application to fulfill its mission, including files from configuration or authentication data of other services.

The problem is that the more than 1,800 apps analyzed had the credentials embedded directly in the code. And what is even worse: more than half of the applications used the same access credentials used by apps from other companies and developers.

To make matters worse, 47% of the identified applications contained valid AWS tokens that granted full access to all private files and Amazon Simple Storage Service (S3) buckets in the cloud. This included infrastructure files and data backups, among others.

After analyzing the vulnerability, the researchers detailed the case of a company that offers a communications platform for their clients as well as a mobile development kit, and had the access keys embedded in the SDK code. For that reason, the data of all its clients was exposed, including corporate data and financial records belonging to more than 15,000 medium and large companies.

That’s not all. In the case of five applications belonging to banking entities, made for the iOS operating system, it was possible to obtain the biometric access data of more than 300,000 clients. To date, the companies in charge of developing the affected apps have already been notified by the team of researchers. Unfortunately, Symantec has not shared a list of the applications affected by the vulnerability.

The post Threat actors could access user data stored in the Amazon cloud due to vulnerabilities in nearly 2,000 iOS and Android apps appeared first on Information Security Newspaper | Hacking News.

These features have access to Secure Element, which stores sensitive device information and remains active on the latest iPhone models even with the phone turned off. According to specialists at the Technical University of Darmstadt, Germany, this would allow malware to be loaded onto a Bluetooth chip running on an inactive device.

The compromise of these features would allow threat actors to access protected information, including payment card details, banking information and other sensitive data. While this risk is considered real and active, the researchers acknowledge that exploiting these flaws is complex, as hackers would require loading malware onto a target iPhone when it’s turned on, which mandatory requires a remote code execution (RCE) tool.

According to the report, the bug exists because of the way Low Power Mode (LPM) is implemented on Apple’s wireless chips: “The LPM setting is triggered when the user turns off their phone or when the iOS system automatically shuts down due to lack of battery.”

Experts believe that, in addition to its obvious advantages, the current implementation of LPM created new attack vectors. LPM support is based on iPhone hardware, so bugs like this can’t be fixed with software updates.

One attack scenario, tested by the researchers, describes how the smartphone’s firmware would allow attackers to have system-level access for remote code execution using a known Bluetooth vulnerability, such as the popular Braktooth flaw. The research was shared with Apple before its publication. Although the company did not comment on it, experts proposed that Apple add a hardware-based switch to disconnect the battery, preventing functions related to the error from receiving power with the device turned off.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Researchers find new way to hack any iPhone even when it’s turned off appeared first on Information Security Newspaper | Hacking News.

For years, Apple has required apps to pass a security patch to be supported in the App Store before they can be installed on end-user devices. This process prevents malicious apps from reaching devices and can trigger risk scenarios.

Sophos researchers detailed the detection of two methods employed in this campaign, identified as CryptoRom and based in cryptocurrency fraud targeting iOS and Android users. Unlike the Android system, iOS does not allow the installation of applications from third-party platforms.

The campaign depends on the abuse of TestFlight, an Apple service for beta testing of new apps. By installing TestFlight from the App Store, any iOS user can download and test apps that have not yet completed Apple’s strict verification processes, which threat actors tried to use to their advantage to compromise the devices of unsuspecting users.

Sophos mentions that hackers contacted TestFlight users to convince them to install what appeared to be a new version of BTCBOX, a cryptocurrency exchange app. These users received a link that redirected to the fraudulent APK.

For the researchers, this attack vector allows for better evasion of App Store security measures, such as the Super Signature feature. This feature allows you to use an Apple developer account for limited delivery of some apps. The attack also abuses Developer Enterprise, a program for large enterprises to deploy applications for internal use.

CryptoRom operators also exploit the Web Clips feature, which allows you to add a link directly to an iPhone’s home screen in the form of an icon that can be mistaken for a benign app; this item appears after a user has saved or copied a link. Sophos mentions that threat actors abuse Web Clips to add legitimacy to malicious URLs that redirect to fraudulent app downloads.

In the example below, hackers use a malicious app called RobinHand, intentionally designed similarly to the Robinhood investment platform.

This campaign relies heavily on social engineering, with threat actors resorting to all sorts of tricks to build a trusting relationship with the target user. For example, hackers use social media, dating apps and WhatsApp messages to try to convince affected users to install TestFlight and the malicious app on their iPhone devices.

This is an active risk so iPhone users are advised to stay on top of any signs of attack before it’s too late.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New method to install malware variants on iPhone devices appeared first on Information Security Newspaper | Hacking News.

Launched in April 2021, this device allows iPhone users to track their devices through the Find My service. However, it has been reported on multiple occasions that malicious users can use them to track a person without permission, stealthily hiding them in a backpack, clothing or any other similar site.

Despite Apple’s efforts to counter malicious use of these devices, this remains a severe problem, especially when the tracked user does not have a tool to detect an Apple device from the abusive behavior patterns established by the company.

In 2021 Apple launched the Tracker Detect app for Android users, which would inform users that there is an AirTag enabled in a nearby location. However, the app only informs the user if it is being tracked, so it is not really a reliable tool.

The researchers decided to reverse engineer iOS tracking detection to better understand its inner workings and then design the AirGuard app, for automatic detection of any passive tracking activity and that works with all Find My accessories in addition to the AirTag.

The app was launched at the end of 2021 through the official Google Play Store platform and already has about 120,000 users. With this tool it will be possible to detect all the devices of the Find My family, including the AirTags modified for tracking and espionage purposes.

The app will also be able to detect any AirTag placed in a car, which can prove difficult even for other tools from Apple itself. Finally, the researchers acknowledge that the main weakness during their testing is the limited scanning opportunities on the Android operating system, so the scope of the search could be limited.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post AirGuard: Free Android app allows users to detect if they are being spied on using an Apple AirTag appeared first on Information Security Newspaper | Hacking News.

The update (iOS 15.2.1) is now available for all supported iPhone and iPad devices. In its report, Apple only describes these flaws as a “resource depletion bug” that causes the device to crash when processing specially crafted HomeKit accessory names.

The sudden appearance of this update a couple of weeks after Trevor Spiniolas publicly disclosed the flaw in HomeKit confused the users, as the expert warned that the bug could be exploited to launch ransomware-like attacks on the affected iPhone/iPad.

The expert found that when the name of an Apple HomeKit device is changed to too large a string of characters, any iOS device that loads the string will face an interrupt condition. To make matters worse, resetting the affected device and logging back into the iCloud account linked to the HomeKit device will re-enable the error.

Spinolas suggested that this bug could trigger a campaign of extortion attacks against iOS device users: “Apps with access to homekit device owners’ startup data can lock them out of their local copies and prevent them from logging back into their iCloud on iOS,” the researcher states.

The expert also believes that malicious hackers could use email addresses intentionally similar to those used by Apple services to trick users into handing over sensitive information. Finally, Spinolas says it first reported this security issue to Apple in early August last year, and had since pressured the company to issue an update.

Users of iOS devices are advised to install the latest version available as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Vulnerability in Apple devices that made them unusable finally fixed. Update immediately iOS appeared first on Information Security Newspaper | Hacking News.

Tracked as CVE-2021-34423, the first of the flaws is considered to be of high severity and could also affect other components and software development kits (SDK). According to Zoom, this would allow threat actors blocking the affected services or applications, in addition to forcing arbitrary code execution.

The second vulnerability, tracked as CVE-2021-34424, was described as a memory corruption error that would allow the state of the process memory to be exposed in various processes in multiple products and components: “The flaw could be exploited to obtain information about arbitrary areas in the memory of the affected product,” the report states.

Among the affected products are:

• Zoom Client for Meetings for Android, iOS, Linux, macOS and Windows, versions earlier than 5.8.4
• Zoom Client for Meetings for Blackberry (iOS and Android) versions earlier than 5.8.1
• Zoom Client for Meetings for intune (iOS and Android), versions earlier than 5.8.4
• Zoom Client for Meetings for Chrome, versions earlier than 5.0.1
• Zoom Rooms for Conference Room (Android, AndroidBali, macOS, and Windows), versions earlier than 5.8.3
• Drivers for Zoom Rooms (iOS, Android and Windows) earlier than v5.8.3
• VDI zoom prior to v5.8.4
• Zoom Meeting SDK for Android, versions earlier than 5.7.6.1922
• Zoom Meeting SDK for iOS, versions earlier than 5.7.6.1082
• Zoom Meeting SDK for macOS, versions earlier than 5.7.6.1340
• Zoom Meeting SDK for Windows, versions earlier than 5.7.6.1081
• Zoom Video SDK (iOS, Android, macOS and Windows), prior to versions 1.1.2
• Zoom On-Premise Meeting driver, versions prior to 4.8.12.20211115
• Zoom On-Premise Meeting, versions prior to 4.8.12.20211115
• Zoom On-Premise Recording connector, versions prior to 5.1.0.65.20211116

Zoom also implemented a new automatic update mechanism to the desktop version of the software to help users find and apply security updates in a timely manner, preventing known flaws from being exploited.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero-day vulnerability in Zoom affects Linux, Windows, Apple and Android users appeared first on Information Security Newspaper | Hacking News.

In the form of the most recent edition, held this weekend in the Chinese city of Chengdu, the contestant hackers had three 5-minute attempts to demonstrate the functionality of their exploits.

During the weekend, white-hat hackers managed to successfully compromise the following devices and operating systems:

• Windows 10
• Adobe PDF Reader
• Ubuntu 20
• Parallels VM
• iOS 15
• Apple Safari
• Google Chrome
• ASUS AX56U router
• Docker CE
• VMWare ESXi
• VMWare Workstation
• qemu VM
• Microsoft Exchange

Other devices and software unsuccessfully targeted by the ethical hackers include:

• Synology DS220j NAS device
• Xiaomi MI 11
• An unnamed domestic IoT device

As mentioned above, one of the demonstrated exploits was described as a zero-click remote code execution attack against a fully updated iOS 15 executed on an iPhone 13 smartphone. This exploit gave its developers a prize of $300,000 USD.

Another experiment that caught the eye was a string of RCE attacks against Google Chrome whose exploitation would allow the total compromise of affected systems.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero-click remote code execution exploit for fully patched iOS 15 running on iPhone 13 demonstrated by experts appeared first on Information Security Newspaper | Hacking News.

In their latest investigation, Sophos security team detailed how a group of threat actors managed to steal millions of dollars from users of Tinder, Grindr, Facebook Dating, Bumble and other dating apps in their iOS version. Apparently, the attackers chose a potential victim and then gained their trust to make them download fraudulent cryptocurrency investment applications.

To distribute the malicious apps, the scam operators managed to manipulate Developer Enterprise and Enterprise/Corporate Signature, two Apple app developer programs. The apps used by the hackers posed as tools from Binance and other cryptocurrency exchange platforms.

The scam is managed remotely by abuse of Apple’s legitimate tools.

The malicious operation, identified as CryptoRom, allowed threat actors to steal at least $1.4 million USD from users of the aforementioned apps in the United States and some European Union countries, although it is not ruled out that they have also attacked users in Asia.

Jagadeesh Chandraiah, a researcher at Sophos, mentions that virtually every stage of this fraudulent scheme depends on a successful social engineering campaign, indicating that scammers are adept at interacting with potential targets and can easily gain anyone’s trust.

“Attackers start by creating fake profiles on popular dating apps. After contacting a user and gaining their trust, the attackers will propose to take the conversation to an instant messaging platform where they will try to persuade the target to install a cryptocurrency exchange application and invest money in the platform.

These platforms of dubious legitimacy are characterized by showing users a good initial performance, making the user lower their guard. Eventually, the funds stored in the victims’ accounts will simply disappear without explanation.

Experts believe that it all starts in dating apps because through these platforms it is easier to form a bond of trust with potential victims. In addition, the proposal to start a conversation through WhatsApp or Facebook Messenger can be taken as a good sign by legitimate users of dating apps.

Moreover, experts mention that the cryptocurrency scam might not be the only target of threat actors, as abuse of developer tools at Apple could allow improper access to iPhone devices. It is worth mentioning that these systems were created so that developers could test apps for iOS before sending them to the App Store.

According to Chandraiah, the abuse of these functionalities would allow the deployment of attacks to large groups of iPhone users, creating the possibility of remotely controlling the compromised devices, in addition to collecting confidential information and installing other malicious apps.

Although its origin has already been traced, the campaign is still active, so users of dating apps are advised not to take their interactions to other platforms unless they can verify the identity of the other person. In addition, it is recommended not to install applications from unofficial platforms and in case they wish to invest in cryptocurrency, it is best to seek out a specialized advisor to reduce the risk of investing in an illegitimate platform.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How hacker group CryptoRom is cashing out bank accounts of Tinder, Bumble, Grindr and Facebook Dating users appeared first on Information Security Newspaper | Hacking News.

WhatsApp is the world’s most popular messaging platform, with around 1.5 billion active users a month sending text messages, voice notes, multimedia content and PDF files from virtually everywhere. Although it was created by developers Brian Acton and Jan Koum, a couple of years ago WhatsApp was bought by Facebook, extending its dominance on digital platforms.

Due to its popularity, WhatsApp has become one of the favorite targets of threat actors, who have spent years trying to find the best method to compromise accounts on this platform.

Despite counting as end-to-end encryption, preventing actors outside the conversation from accessing messages, WhatsApp is affected by various security flaws that can be exploited by threat actors, as user-backed information is not protected by end-to-end encryption or other security variants.

On this occasion, the experts in mobile hacking of the International Institute of Cyber Security (IICS) will show you the most popular methods to hack WhatsApp accounts, in addition to listing some tips to prevent these attacks. As usual, we remind you that this article was prepared for informational purposes only, so IICS is not responsible for the misuse that may be given to the information contained herein.

HOW TO HACK WHATSAPP ACCOUNTS

Phishing

This is a malicious practice in which hackers try to obtain sensitive information from a vulnerable user, including login credentials and browser cookies. In the case of WhatsApp, experts in mobile hacking mention that phishing focuses on stealing the QR code to log in to WhatsApp Web in order to steal the credentials of the web client.

Hackers use node.js and socket.io for the target website, deploying a cross-site scripting (XSS) attack in order to launch a new browser and connect with web.whatsapp.com. The hackers will then obtain the QR code data and send it to the client via the web socket connection. When the QR code is scanned, WhatsApp will authenticate the selenium-controlled browser and store some tokens in the local storage and document cookie.

Keyloggers

Hackers can also use advanced tools to record each key pressed by the target user in order to extract their WhatsApp passwords. These tools, known as keyloggers, must be inadvertently installed on the target system so that the user has no knowledge that he is being spied on, as mention by the experts in mobile hacking.

When the target user opens WhatsApp on their phone, the keylogger starts collecting all the information entered into the device and stores it so that hackers can access the logs easily. There are several types of keyloggers available on the network, so threat actors have no major problems using these tools.

Mobile hacking

Mobile hacking tactics allow threat actors to give detailed tracking to the target user. Employing these methods, hackers can access detailed information such as call history, text messages, and list of installed apps, including WhatsApp.

According to experts in mobile hacking, this application is easily hackable using sophisticated cyberespionage tools . The good news is that these tools are very expensive and not available to any user.

SS7 attacks

Signaling System 7 (SS7) is a telecommunications standard responsible for defining how a telephone network exchanges information over a digital network. SS7 is in charge of number translation, billing, SMS message services, among other telecommunications services, mention experts in mobile hacking.

Threat actors can abuse known SS7 vulnerabilities in order to trick a telecommunications network into believing that the attacker’s phone has the same number as the victim’s. If the attack is successful, the hacker will be able to spy on the legitimate user by logging into a device other than the original; in other words, the hacker will be able to use the compromised account as if it were the affected user.

Session hijacking

This attack consists of taking control of the session on a valid device, gaining unauthorized access to sensitive information. According to mobile hacking specialists, this attack is more likely when using WhatsApp Web even though the service notifies users when a second active session is detected.

Despite the security measures on the platform, most users do not pay much attention to hints of malicious activity, so they could inadvertently confirm hackers’ access to their accounts on the messaging platform.

Social engineering

Not all hacking techniques involve the use of complex intrusion schemes and sophisticated security tools, as threat actors have multiple methods to get what they want without even using malicious code.

Social engineering is based on the extraction of confidential information through deception, saturating the user with messages, phone calls or emails in which they are offered fake products or services to gain the trust of victims and force the delivery of confidential information, in this case passwords and WhatsApp authentication codes.

WhatsApp Hack Tool

For some years now, various cybercriminal groups have been dedicated to the development of hacking tools to extract information from WhatsApp. One of the most famous examples is WhatsApp Hack Tool, a tool sold on the dark web, easy to use, with advanced features to compromise accounts on the messaging platform and that also works for both iOS and Android.

Experts in mobile hacking claim that this tool works thanks to the recreation of a security bug in the WhatsApp database. The hackers created a “worm” that goes unnoticed by almost any security solution, allowing the full compromise of the affected account.

DNS spoofing

In this attack, hackers must direct the target user to a legitimate-looking malicious website, divert web traffic, and steal login credentials. While this isn’t the stealthiest attack on this list, threat actors can go unnoticed for a long time.

Once a human language is entered into the computer, a DNS server finds the real IP address and then redirects the request from the user’s browser to the real machine based on the IP address. Ultimately, hackers employ this attack technique to hijack the real address of the WhatsApp website and redirect it to another IP address controlled by the attackers.

Using Firesheep

Firesheep is a tool capable of a packet sniffer to intercept unencrypted session cookies from websites such as Facebook and Twitter. According to experts in mobile hacking, this tool only works when the attacker and the victim are connected to the same network, since this condition facilitates the interception of cookies to improperly access the user’s WhatsApp account.

WHATSAPP SECURITY

As we can see, threat actors have multiple resources at their disposal to compromise WhatsApp accounts, so users should keep their devices and online accounts secure enough to prevent most conventional hacking attempts.

Among the best security measures for WhatsApp are:

• Avoid using unsupported versions of WhataApp
• Make sure your messages are not copied to Google Drive or iCloud
• Enable multi-factor authentication on your online accounts
• Avoid connecting your devices to public WiFi hotspots as they are very insecure
• Do not share personal information with anyone, especially by phone or email
• Avoid installing mobile apps from unofficial platforms
• Always log out of WhatsApp Web when you finish using the platform
• Keep your WhatsApp app always up to date

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How to hack WhatsApp in 2021 and how to protect it so that nobody can spy on your messages appeared first on Information Security Newspaper | Hacking News.

While these flaws do not pose a severe risk to Telegram’s millions of users, this is a sign that the system present on the messaging platform is not as secure as previously thought. Kenny Paterson of ETH Zurich noted that a total of four weaknesses of consideration were found and could be addressed relatively simply.

According to Paterson, the main risk detected is related to the way in which the sequences of messages coming from a client to a Telegram server in the cloud can be manipulated, which could alter the order and even the content of a message sent by a legitimate user.

The second flaw was described as a bug that would allow threat actors on the network to detect which of the two messages is encrypted by a client or a server, something that by design should rule out the cryptographic protocol in Telegram but doesn’t actually happen. However, this flaw has only been analyzed at a theoretical level.

The third bug is found in the iOS, Android, and desktop versions of Telegram, as they contain code that would allow threat actors to intercept plain text messages, although deploying this attack in the wild is virtually impossible, as it required hackers to send millions of specially crafted messages to a target user. While experts rule out a successful attack attempt, they point out that the main mitigation for this scenario is that some metadata in Telegram is randomly selected and kept secret.

Finally, the experts demonstrated that threat actors can deploy a Man-in-The-Middle (MiTM) attack variant in the key negotiation process between the client and the server, which would completely compromise the target user’s communications. This attack is also virtually impossible, as it would require threat actors to send billions of messages to a Telegram server in a minimal time window.

As you may realize, these weaknesses in Telegram’s encryption do not pose an immediate risk to users; however, it is important for the platform to know how to address these potential entry points before malicious hackers can exploit them.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Four critical vulnerabilities found in Telegram cryptography appeared first on Information Security Newspaper | Hacking News.

Carl Schou, a mobile security specialist, reported how he had a problem while connecting to his own WiFi hotspot (identified as ‘%p%s%s%s%s%n’). After some failed attempts the expert noticed that the WiFi functionality of his device was automatically disabled and enabled, a situation that was repeated even after restarting the device.

The expert mentioned that his tests worked successfully on an iPhone XS device running iOS v14.4.2. Moreover, a group of specialists confirmed that this flaw is also present in iPhone v14.6 devices.

Apparently, the only way to correct this problem is to reset the network settings of the affected devices. Affected iPhone users can follow these steps to address the issue:

• Go to the Settings menu on your iPhone, select the General option
• Under General, select Reset
• You will now be on the Reset screen, where you can reset various functions of the iOS system
• On this screen, select the ‘Reset network settings’ option and confirm that you want to continue with this process

These flaws are considered serious, as threat actors can create malicious WiFi hotspots, attracting users looking for free WiFi connections. The good news is that apparently this issue only exists on some versions of iOS, so Android device users are not affected.

Additional reports indicate that this flaw could exist due to the appearance of strings with the character “%” in the name of some WiFi access points. The operating system may misinterpret this symbol as a string format specification. This hypothesis could be confirmed in the coming days.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Newly discovered iOS flaw prevents iPhone users from connecting their devices to a WiFi network appeared first on Information Security Newspaper | Hacking News.

Recently a researcher detailed how his daughter was able to easily unlock her smartphone, first mentioning that she previously used a Samsung Galaxy Android device, although she tried to find on the iPhone 12 Pro Max a device with better security features.

The latest version of the system allows you to unlock your device even if the user is wearing a mask, which requires linking an Apple Watch to the iPhone and keeping it in a location near the device. The problem is that your device allows too wide a distance between your Apple Watch and your iPhone.

Jack Moore, ESET cybersecurity specialist, mentions how he got acquainted with this new device: “After setting up iOS 14.5, I asked my eight-year-old daughter to test system security. She put on a mask and immediately accessed the phone while standing next to it; I was notified on my watch that the phone was unlocked and I had the option to block it, although this could be circumvented relatively easily by threat actors,” Moore says.

The researcher continued to conduct tests with the help of his partner, who also used a mask: “We went to opposite ends of the house and the iPhone unlocked in the same way, regardless of whether my partner looks nothing like me, even with the face shield on.” Moore mentions that this new feature is not based on Face ID to recognize the user trying to unlock the device: “Even when this feature is enabled the device mentions that it will unlock when any face with mask is detected if the iPhone detects that the linked Apple Watch is nearby,” adds the expert.

One thing worth noting is that if you use the iPhone lock button on your Apple Watch, the unlock feature is disabled until the user enters their password. This would prevent someone from having immediate access to the device, although the security hole created by this new feature should not be ignored.

Moore believes that using this feature is not recommended, at least until Apple implements a more appropriate security mechanism: “This may not be such a bad idea, although its implementation for now is too permissive and it would be worth it for Apple to make some modifications.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New unlock feature with Apple Watch allows hackers to access anyone’s iPhone appeared first on Information Security Newspaper | Hacking News.