Most vulnerable operating systems of 2014 are Apple

GFI Reports…

It is interesting that although Microsoft operating systems still have a considerable number of vulnerabilities, they are no longer in the top 3. Apple

with OS X and iOS is at the top, followed by Linux kernel.

2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.

via Most vulnerable operating systems and applications in 2014.

Malware Is Still Spying On Android After Your Mobile Is Off

As posted on the AVG blog, a new piece of Android Malware has been found.

After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.

While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.

How does this happen?

First, we have to analyze in detail, the shutting down process.

On Android devices, when the power off button is pressed it will invoke the interceptKeyBeforeQueueingfunction of the class interceptKeyBeforeQueueing.interceptKeyBeforeQueueing will check if the power off button is pressed and go to certain process.

Malware Is Still Spying On You After Your Mobile Is Off.

The New QNX Hypervisor, Read more!

Blackberry QNX Hypervisor

Efficiency Through Software: New QNX Hypervisor Enables Cost-Effective, Consolidated Embedded Systems

Hypervisor Reduces System Costs of Medical, Industrial, and Automotive Devices by Enabling Critical and Non-Critical Applications to Run on a Single Hardware Platform

OTTAWA, ONTARIO–(Marketwired – Feb. 18, 2015) – QNX Software Systems, a subsidiary of BlackBerry Limited, today announced the QNX® Hypervisor 1.0, a realtime Type 1 hypervisor for medical devices, industrial automation systems, and automotive applications such as car infotainment systems, advanced driver assistance systems (ADAS), and digital instrument clusters. By using the QNX Hypervisor, embedded system developers can consolidate multiple operating systems onto a single compute platform or system-on-chip (SoC), thereby reducing the cost, size, weight, and power consumption of their products.

The QNX Hypervisor simplifies the certification process for safety-critical systems by allowing developers to keep safety-related and non-safety-related software components fully isolated from each other. Safety-related components can run on one OS while non-safety components run on another OS, which the hypervisor hosts in a separate virtual machine. This technique complements the advanced isolation mechanisms of the QNX Neutrino® OS, which prevent software components from corrupting or consuming system resources needed by other components or by the OS itself.

The QNX Hypervisor employs patent-pending technology to reduce development time for consolidated systems. With this technology, multiple operating systems can use a single display controller to render graphical content on two or more displays, such as an automotive digital instrument cluster and infotainment touchscreen. The QNX Hypervisor can also simplify the sharing of other resources, including network connections, file systems, and input/output devices such as the I2C serial bus. Developers are spared the effort of writing custom shared-device drivers that increase testing and certification costs and that typically exhibit lower performance than vendor-supplied device drivers.

The QNX Hypervisor also helps companies preserve their software investments by minimizing the work required to port software from legacy systems to new hardware platforms.

QNX Software Systems’ business is deeply focused on markets that, according to recent data from VDC Research, will significantly increase adoption of hypervisors and other virtualization techniques over the next three years. These markets include automotive, medical, industrial automation, and rail and transport.

“More and more engineering organizations are consolidating previously discrete systems, requiring the adoption of new software solutions. By leveraging a hypervisor, system designers can separate safety functions from non-safety functions, saving on hardware costs and potentially streamlining the certification process,” said Christopher Rommel, executive vice president, VDC Research. “QNX Software Systems has a proven history in mission-critical embedded systems and, with the release of the QNX Hypervisor, it is providing yet another option for its customers to optimize their next-generation designs.”

The QNX Hypervisor supports the QNX Neutrino OS and other operating systems, including Linux and Android. The QNX Hypervisor complies with standards such as IEC 61508 for industrial safety, ISO 26262 for automotive safety, and IEC 62304 for medical device software.

Designed for fast, predictable performance, the QNX Hypervisor supports time-critical applications for automotive, medical, and industrial devices, including, for example, backup cameras that require extremely short boot times.

“With the release of the QNX Hypervisor, QNX Software Systems offers the core components for building consolidated, safety-certified, realtime solutions. These include microkernel OS architecture, adaptive partitioning technology, certified OS products, and now, a virtualization solution for isolating multiple operating systems on a single platform,” said Grant Courville, director of product management, QNX Software Systems. “The unique capabilities of our hypervisor solution reflect our commitment to reducing development efforts and enabling customers to place a greater focus on product differentiation and time-to-market.”

Availability

Select customers will begin evaluating the QNX Hypervisor 1.0 in April 2015. It is scheduled for general release in Q3 2015.

via Efficiency Through Software: New QNX Hypervisor Enables Cost-Effective, Consolidated Embedded Systems.

BlackBerry’s QNX Still Dominates Car Market, but For How Much Longer?

BlackBerry’s QNX Still Dominates Car Market, but For How Much Longer?

BlackBerry acquired QNX Systems in 2010. Back then, it was still called Research In Motion. A lot has changed since then, including the name.

One thing that has not changed, though, is QNX’s impressive marketshare of the automboile industry’s “infotainment” space—you know, all the new-fangled, problematic interfaces most new cars come with these days. QNX, born in Ottawa in the ’80s by two University of Waterloo, owns more than half the market. And it’s a fast-growing one, too.

QNX isn’t a massive part of BlackBerry’s overall revenue—around 3% to 5%, according to some estimates—but the automobile industry is half of QNX’s revenue. Which is why it’s a little wary of the sudden appearance of Google’s Android platform in motor vehicles today.

The connected-car market is expected to be worth more than $50 billion by 2015, according to a 2013 forecast from the GSM Association of mobile operators, which is more than triple its value today. That’s a big opportunity for QNX—and its competitors, which includes not only Google, but also Apple, the world’s most valuable company.

via BlackBerry’s QNX Still Dominates Car Market, but For How Much Longer?.

Investigating Malware Pawn Storm for iPhone

As posted on the Fortinet Blog!

What does the malware do?

To summarize the malware’s goals, it fetches commands via HTTP GET from a remote C&C, and uploads information via HTTP POST. The command it recognizes are listed in the table below.

0 Get Info Device

1 Start Record

2 Get Audio File

3 Get Contact List

4 Current Location

5 Get Installed Apps

6 Wifi Status

7 Get all Pictures from Photo Library

8 List a given directory

9 Get a given file

10 Get process list

11 Get SMS

The code shows a few interesting things:

via Investigating on Pawn Storm for iPhone | Fortinet Blog.

Bank Hackers Steal Millions via Malware

PALO ALTO, Calif. — In late 2013, an A.T.M. in Kiev started dispensing cash at seemingly random times of day. No one had put in a card or touched a button. Cameras showed that the piles of money had been swept up by customers who appeared lucky to be there at the right moment.

BankMalware

But when a Russian cybersecurity firm, Kaspersky Lab, was called to Ukraine to investigate, it discovered that the errant machine was the least of the bank’s problems.

via Bank Hackers Steal Millions via Malware – NYTimes.com.

WhatsApp security still broken…

“WhatsSpy Public” a tool for spying on WhatsApp users bypassing security settings

WhatsAppSpy

Social media is growing at a fast pace nowadays but with growing socialization the safety measures and privacy option should also be developed so that one’s information cannot be leaked at any endpoints. Social apps such as Facebook, WhatsApp, Hike, Instagram etc. are used by several people without knowing that how safe they really are or if their messages or personal information are not leaked.

The smartphone stand alone instant messaging App, WhatsApp is once again in the news due to a certain tool which can break its security features.  WhatsSpy Public tool which was recently released can give you status updates of any WhatsApp user, even if privacy options have been enabled.

WhatsSpy Public uses the web-based utility to trace the moments of a WhatsApp user and shows them in a dashboard with events being displayed in a timeline. The tool can be used to compare activities from one user to those of another for a more comfortable experience.

via WhatsSpy Public : WhatsApp status tool lets stalkers track you bypassing privacy settings.

Dark Clouds above the Netatmo Weather Station After Sending WPA Passphrase in the Clear

I have the bad habit of playing with home automation and various data acquisition tools. I could quit any time if I wanted to, but so far, I decided not to. My latest toy to add to the collection was a “Netatmo” weather station. It fits in nicely with the aluminum design of my MacBook, so who cares if the manufacturer considered security in its design, as long as it looks cool and is easy to set up.

Setting up the device was pretty straight forward, and looked “secure”. It requires connecting to the device via USB, and a custom application is used to configure the device with your username, password and WiFi settings including the WiFi password. After the initial setup, the station needs USB for power only, and communicates via WiFi to the “Cloud”.

InfoSec Handlers Diary Blog - Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear

But after the simple setup, a nice “surprise” waited for me in my snort logs:

[**] [1:1000284:0] WPA PSK Passphrase Leak [**] [Priority: 0] {TCP} a.b.c.d:21908 -> 195.154.176.41:25050

I do have a custom rule in my snort rule set, alerting me of the passphrase being sent in the clear. Lets just say that it happened before. The rule is very simple:

alert ip any any -> any any ( sid: 1000284; msg: “WPA PSK Passphrase Leak”; content: “[Iamnotgoingtotellyou]”; )

So what happened? After looking at the full capture of the data, I found that indeed the weather station sent my password to “the cloud”, along with some other data. The data include the weather stations MAC address, the SSID of the WiFi network, and some hex encoded snippets.

Not only should data like this not be transmitted “in the clear”, but in addition, there is no need for Netatmo to know the WPA password for my network.

I reported the problem to Netatmo, and got the following reply:

Hi,

 

Indeed at first startup we dump weather station memory for debug purposes, we will not dump it anymore.

We will remove this debug memory very soon (coming weeks).

 

So far I haven’t seen any additional transmissions from the weather station containing the password, even after restarting it. I didn’t do a full factory reset yet. But in general, the data appears to be unencrypted. The MAC address of the station and the outdoor sensor are easily found in the payload. So far, I couldn’t find a documentation for the protocol, so it will take a bit more time to reverse it.

According to the weather station map provided by Netatmo, these devices are already quite popuplar. Here a snapshot of the map in my “Neighborhood”:

via InfoSec Handlers Diary Blog – Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear.

Alcatel-Lucent report on malware in 2014 sees rise in device and network attacks that place personal and workplace privacy at risk | Alcatel-Lucent

The Motive Security Labs report – which looked at all popular mobile device platforms – found that such malware infections in mobile devices increased 25% in 2014, compared to a 20% increase in 2013. Android™ devices have now caught up with Windows™ laptops, which had been the primary workhorse of cybercrime, with infection rates between Android and Windows devices split 50/50 in 2014. While less than 1% of infections come from iPhone® and Blackberry® smartphones, new vulnerabilities emerged last year to show they are not immune to malware threats.

Malware growth continues to be aided by the fact that a vast majority of mobile device owners do not take proper device security precautions. A recent Motive Security Labs survey found that 65% of subscribers instead expect their service provider to protect both their mobile and home devices. Motive’s malware report concluded that infection rates in residential networks also rose significantly in 2014, with malware found in 13.6% of residences, an increase of 5% over the previous year.

“With malware attacks on devices steadily rising with consumer ultra-broadband usage, the impact on customer experience becomes a primary concern for service providers,” said Patrick Tan, General Manager of Network Intelligence at Alcatel-Lucent. “As a result, we’re seeing more operators take a proactive approach to this problem by providing services that alert subscribers to malware on their devices along with self-help instructions for removing it.”

Other Motive Security Lab report highlights include:

The mobile infection rate in 2014 is 0.68%. Based on this Alcatel-Lucent estimates that worldwide, about 16 million mobile devices are infected by malware.

Mobile malware is increasing in sophistication with more robust command and control protocols

Mobile spyware, used to spy on a phone’s owner, is also on the increase. It tracks the phone’s location, monitors ingoing and outgoing calls, text messages, e-mail and tracks web browsing.

The overall monthly infection rate in residential fixed broadband networks is just under 14%. This is up substantially from the 9% seen in 2013. This is mostly attributable to an increase in infections by moderate threat level adware.

High-level threats such as ‘bots’, ‘rootkits’, and ‘banking trojans’ remain steady at around 5%.

via Alcatel-Lucent report on malware in 2014 sees rise in device and network attacks that place personal and workplace privacy at risk | Alcatel-Lucent.