Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

Friday, April 16, 2021

New WhatsApp Vulnerabilities could have allowed Attackers to Hack Android Mobile Remotely

 

WhatsApp technical team recently addressed 2 security vulnerabilities in WhatsApp for Android. As per security researchers Remote attackers could have exploited these vulnerabilities to execute malicious code on a target device.

The flaws allow attackers to execute “man-in-the-disk” attacks that is possible when mobile apps use External Storage that is shared across all the applications. Attacker can manipulate certain data being exchanged between mobile app and the external storage

Census Labs researchers reported one of the two issues(CVE-2021-24027) and said “We will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions.”

“With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keys used for end-to-end encryption in user communications.”




The CVE-2021-24027 vulnerability , in prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18, leverages Chrome's support in Android and this can allow an attacker with access to the device’s external storage to read cached TLS material. An attacker can send a specially-crafted HTML file to a victim over WhatsApp, which once opened in the victim’s browser, executes the attacker’s code contained in the HTML file.

"All an attacker has to do is lure the victim into opening an HTML document attachment. WhatsApp will render this attachment in Chrome, over a content provider, and the attacker's Javascript code will be able to steal the stored TLS session keys." Census Labs researcher Chariton Karamitas said.

“WhatsApp comes with a debugging mechanism that allows its development team to catch fatal errors happening in the wild during the first few days of a release. More specifically, if an OutOfMemoryError exception is thrown, a custom exception handler is invoked that collects System Information, WhatsApp Application Logs, as well as a dump of the Application Heap (collected using android.os.Debug::dumpHprofData). These are uploaded to crashlogs.whatsapp.net.”  As per report.

The attackers could purposefully throw the exception to force the data being sent to the server to intercept it.

Google has already addressed this vulnerability by introducing the “scoped storage” model in Android 10 that allows each app to access only their own app-specific cache files.

Remediation

The CVE-2021-24027 vulnerabilities were addressed by WhatsApp with the release of version 2.21.4.18.

WhatsApp users are recommended to use version 2.21.4.18 to rule out the risk associated with the vulnerability. When reached for a response, the company confirmed “The "keys" that are used to protect people's messages are not being uploaded to the servers and that the crash log information does not allow it to access the message contents.

Wednesday, January 3, 2018

5 Most Commonly Used Method To Hack And Preventive Measures


There are number of methods used by hackers to hack your Email/Social Network account and get your personal information. Today I will let you know 5 Most commonly used method to hack or crack your account password and preventive actions to avoid such attacks. This article will help to make your account safe.


1.      Brute Force Attack:

Brute Force attack or cracking is a hit and trial method to match all possible combinations of password. In Brute Force attack, that automated tool calculates every possible combination of numbers, letters and special characters that could make up a password and test that password whether it is the correct password or not. The cracking time is determined by the length and complexity of the password. This means short passwords can usually be cracked quite quickly.


Preventive Measures: Always use long and complex passwords using upper and lowercase letters along with numbers and special characters. Brute-force attack will take decades to crack long and complex passwords.


2.      Social Engineering

In Social engineering, hacker try to manipulate known person to gain trust and get information from them. Hacker can call his co-worker or friend and pretend to be from the IT department and ask for his login details. Nowadays hackers are calling the victims pretending to be from bank and ask for their credit/debit cards details. Many people fall into the trap and lose their money.

Preventive Measures: If someone tries to get your personal, bank details, any password or OTP, never ever give such details on phone or emails.

3.      Keyloggers:

Keylogger can be software and hardware both. Hacker install Keylogger software on victim’s computer by sending any malicious file. Most of the Keylogger work in stealth mode so you can not find them into installed programs. Hacker can monitor every keystore including passwords and control the computer remotely. Cyber Cafe’s operator connect keyboard in hardware Keylogger and collect all your information.

Preventive Measures: Never use cyber cafe or someone else computer to login on your bank account. If its important use on-screen or virtual keyboard while tying the login.  Never open any email attachment if it comes from unknown source or user.


4.      Phishing:

Phishing is the popular hacking method used by hackers to get someone login details. In Phishing attack hacker create fake page of any real website and send to victim. If receiver put his login detail on this fake page, this page sends all details to hacker. It’s very easy to create such kind of fake pages and host on servers.

Preventive Measures: Always make sure that websites url is correct. For example, URL of phishing page of ICICI might look like ICIICI.com (As you can see There are two "I").

5.      Guessing:

Guessing easily helps you to get someone password within seconds. In This method, if hacker knows you, he can try to guess your password by using your known information i.e. your name, surname, phone number or date of birth.

Preventive Measures: Never use your name, surname, phone number or date of birth as your password. Always use long and complex passwords using upper and lowercase letters along with numbers and special characters.

Thursday, November 17, 2016

Hack Locked Computer using $5 Device (PoisionTap)



If you think that your computer is safe when it is locked with a strong password, then Samy Kamkar’s device PoisionTap will make you wrong. This cheap exploit tool takes just 30 seconds to install a privacy-invading backdoor into your computer.

PoisionTap, a tiny $5 Raspberry Pi Zero microcomputer loaded with Node.js code and attached to a USB adapter. Inventor has publicly released the source code to PoisionTap, so that any would-be hacker can try it out for themselves.

If you are a hacker and want to hack or get information of any of your coworker in your office. All you need is to plug this device in the target computer and wait. PoisonTap targets the victim’s browser cache and injects the malicious code there.

Once the hacking tool is recognized by the target machine, it is loaded as a low-priority network device that starts impersonating a new Ethernet connection and runs a DHCP request across it. The machine sends a DHCP request to the tool that in response tells it that the entire IPv4 address space is part of PoisonTap’s local network. In this way, the entire traffic it routed through the PoisonTap device before reaching the legitimate gateway to the Internet. With this trick, it intercepts all unencrypted Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites.

PoisonTap will give you an invisible position on the local network to connect to the intranet site and send data to a remote server. Now this computer will be in your control even after this tool is unplugged from the targeted computer. Since it uses siphons cookies, you can also hijack the target user's online accounts even they are secured with two-factor authentication (2FA).

Inventor says “it can also bypass many other security mechanisms, including same-origin policy (SOP), HttpOnly cookies, X-Frame-Options HTTP response headers, DNS pinning and cross-origin resource sharing (CORS). Whenever the websocket is open, the attacker can remotely send commands to the victim and force their browser to execute JavaScript code

There is no easy fix available for users as long as a web browser application is running in the background.





Thursday, November 3, 2016

Google’s Disclosure Makes Microsoft Unhappy





Now Google has started a new war by publishing details about a critical vulnerability in Windows and that makes Microsoft angry. Google claimed that it reported the bug to Microsoft 10 days ago but company did nothing to address this issue.

In its official Security Blog , Google wrote:

"After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released.

Google confirmed that it repaired the vulnerability for its Chrome users, and Adobe issued an update for Flash last week.

Google describes the vulnerability, CVE-2016-7855, as:

“A local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.”

Microsoft shows his anger by below statements:

"We believe in coordinated vulnerability disclosure, and today's disclosure by Google could put customers at potential risk,"

“We disagree with Google's characterization of a local elevation of privilege as 'critical' and 'particularly serious,' since the attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week. Additionally, our analysis indicates that this specific attack was never effective in the Windows 10 Anniversary Update due to security enhancements previously implemented."

It’s not first time, Google exposed bug in Microsoft. In 2015, Google published bug report 90 days after informing MS company.

Microsoft’s Chris Betz said at the time “The decision feels less like principles and more like a ‘gotcha’, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers.”