SS7 Vulnerabilities

SS7 – Network of Telephony Signalling Procedures

Signalling System No. 7 – SS7 network is a set of telephony signalling procedures which had been invented in 1975. It has been utilised to set up and slash down several of the public switched telephone network PSTN telephone calls of the world.

Besides this it also tends to perform number translation, local number portability, prepaid billing, Short Message Service – SMS together with other mass market services. The SS7 networks is said to form one of the supports of the prevailing effective telecommunication industry.

In spite of all its importance of enabling telecommunication services, SS7 tends to integrates only nominal safety features. However since SS7 had been introduced in the past 35 years the telecommunication marketplace had altered radically and SS7 susceptibilities have now become more unprotected.

 Over the past few months, invaders have been utilising a flaw in Signalling System 7 in order to intercept two factor authentication codes which have been sent to online banking customer in an attempt to transfer funds. Suddeutsche Seitung, a German newspaper had reported that the invaders first tend to compromise the bank account of the customer utilising traditional bank fraud Trojans to steal passwords and log into accounts.

Mobile Transaction Authentication Numbers 

They learned that the offenders carried out an attack from a network of foreign mobile network operator in mid-January wherein the attack redirected incoming SMS messages for selected German customers to the attackers Thereafter they utilised the SS7 susceptibility in order to redirect text messages comprising of one-time passwords to the device of the attacker instead of the customers.

Then they utilise mobile transaction authentication numbers - mTANs for the purpose of transferring money from the targeted accounts. The SS7 susceptibility is not new but had been discovered in 2014 by German researchers and reported by The Washington Post. The detection of the abuse of the SS7 vulnerability followed an open letter two U.S. congressmen had written to U.S.

Homeland Security Secretary John Kelly requesting for an update on the progress in dealing with SS7 security errors and why the agency had not been doing more regarding the same. Rep. Ted Lieu – D-Caliphs, one of the authors of the letter had a personal experience with the SS7 susceptibility.

Congressional Action 

The security researchers with the permission of Lieu were capable of stalking the congressman using only his cell phone number and an SS7 network. The researchers were capable of recording his phone calls as well as monitor his precise location in real time. The exploit of the cell phone of Lieu was featured on the television show 60 Minutes.

 In April 2016, following its airing, the FCC had stated an investigation in the SS7 vulnerability and a report from FCC was anticipated in March 2016 which is yet to appear. Lieu had issued a statement calling for congressional action on the matter in reply to the draining of bank accounts utilising the same SS7 weakness.

Lieu had mentioned that everyone’s account protected by text-based two factor authentication like bank accounts, were possibly in danger till the FCC together with the telecom industry tend to fix the SS7 security flaw.

The FCC together with the telecom industry is aware that hackers can acquire our text messages and phone conversations just by knowing our cell phone number. It is improper that the FCC and the telecom industry have not taken immediate action in the protection of our privacy and financial security.

rpcbomb: remote rpcbind denial-of-service + patches

It is imperative to block the post immediately after being used. Sources have claimed that a payload of 60 bytes which is sent to a UDP socket via a rpcbind service which is capable of leading to a crash to its host by blocking the memory of the target user.

This rpcbind vulnerability is enough to crash your entire system, which will lead to further consequences like blocking your entire system, loss of all the primary data and files. The vulnerability can be avoided only by taking proper measures and being cautious enough in terms of blocking all the ports.

The rpcbomb exploit was manufactured by Guido Vranken, he is the person behind the discovery of vuln. He is a very tactful person and rumors are he wrote the matches for the system himself since he was unable to contact the maintainers to get the required actions for putting up the managing packages. This complaint against him is viral everywhere which has made him famous both positively and negatively by setting an example that if you are determined enough to get something, none can stop you from achieving it.

He with regard to this complaint has written Shodan which is responsible for converting rpcbind’s Port up for almost 1.8 million hosts. This port related to rpcbind vulnerability is also known as Port 111 subjected to the Internet. Some or even many are hosting mass like AWS, where a user generally configures a default Linux distribution and if you really intend to run rpcbind which binds all the RPC calls to their address by putting all the limitations of firewall Port 111 behind the world outside. The experts have suggested that the best way in which you can avoid this situation is by turning off the daemon, they say it is the easiest way of avoiding rpcbind vulnerability to block your port.

The patches present in the GitHub are said to be small enough through which the developers get a way to figure out whether they are nice and accurate or not. This also helps them to ensure that whether they aren’t malicious. Sources have even suggested that a rpcbind vulnerability requires only two lines for getting it fixed, while libtirpc requires 256 lines to get the thing patched and rectified. In this way, we can understand that how serious is the damage that has taken place.

Vranken has suggested that rpcbind vulnerability enables an attacker to attach itself to ample number of bytes i.e. almost up to 4 gigabytes per attack that too for the host of a remote bind and the memory is never released from the attack unless the entire system gets crashed or the administrator waits for a while or restarts the service again.

It is certain that an attacker can possibly go beyond the limits of only hosting the target. Vranken writes as per this situation since some software is always subjected to unpredictable downfalls when the system tends to run out of the memory.

Bionic Hand: Hand That Sees Offers New Hope to Amputees

A revolutionary discovery leading to the betterment of the affected, introducing the bionic hand! With research and studies over years, biomedical engineers in the Newcastle University have invented a prosthesis worth praising.

This newest discovery allows the individual to wear and reach out to objects in the same way a real hand does, without thoughts. Funded by the Engineering and Physical Sciences Research Council, the hand consists of a camera, assesses it by taking pictures and triggers movements, like a reflex action.

TRIALS THAT FOLLOWED:

A few amputees trialed it and the University are to introduce the same to patients in Newcastle’s Freeman Hospital. As explained by a Senior lecturer from the Biomedical engineering department, the new models are hardy, light weight and durable. With studies conducted in the UK, 600 new amputees are reported every year, and around 500,000 in the US.

This bit of information is important because it gives us the idea of the need of the hour and how this discovery can benefit the population. Instead of usage of myoelectrical signals, neural networks are used for these bionic hands. It was done by showing the computer a few pictures, teaching it actions like gripping and clutching of various objects. This is done by viewing the same object in various angles and light to identify it with the hand, as to what kind of grip would be required for picking it up and performing an action.

Grasp types:

The programming was done according to four types of grasps, palm wrist neutral, palm wrist pronated, tripod and pinch. Within a matter of milliseconds using a 99p camera, the hand identifies the correct type of grasp required for an object. This helps in broadening the object identification, rather than manually programming images of objects in the hand.

Baby steps to success:

The research objective was to make the bionic hand sense pressure and temperature too, and send it to the brain. The purpose was to set-up forearm neural networks to allow a two-way communication with the brain. The working would involve the electrodes to be wrapped around the nerve endings in the arm, establishing direct communication of the brain and the prosthesis. The process is cheap and does not involve new prosthesis, old ones can be used for the same. The most success has perhaps been seen with upper limb prosthesis.

A live example! 

According to a live example of Doug Mcintosh, 56 years old from Aberdeen, Scotland, who lost his right arm to cancer, the prosthesis was immensely rewarding.

Battling cancer and feeding a family was not easy. He was one of the amputees who were involved in the myoelectric trials and later the Newcastle team. He has successfully been part of various charity events for amputees and cycled long distances, standing as an inspiration to a lot of people all over the world.

The only complaint he had was that the hand was not doing the real job, it still felt foreign. He would prefer a split over it, any day. This was before he was introduced to the newer, developed version of the bionic hand, serving the esthetic and materialistic purpose.

Source:

WannaCry: Everything You Need To Know About the Ransomware Sweeping the Globe

WannaCry – Ransomware Programme – Microsoft Windows OS

WannaCry is said to be a ransomware programme affecting Microsoft Windows operating system. A huge cyber-attack utilising it had been launched on May 12, 2017 infecting over 230,000 computers in about 150 countries demanding ransom payments in 28 languages in the cryptocurreny bitcoin. The outbreak spreads by various systems inclusive of phishing emails and on unpatched systems as computer worm which has been defined by Europol as first-time in scale.

 It was the worst ransomware attack ever faced in the world driving thousands to tears all across the world. WannaCry has held out a blatantwarning regarding the susceptibilities of our digital inter-linked presence. WannaCry is also known as WannaCrypt bug that encodes data on a computer within a few seconds displaying message demanding from the user to pay a ransom of $300 in Bitcoins to restore access to the device together with the data with it.

 Most surprisingly the attack also had affected the National Health Service of the United Kingdom obstructing surgeries together with the other critical patients’ treatment all over the British Isles making confidential information and documents of patient inaccessible. Several types of malware affecting a computer are available which may vary from those that may tend to steal your information to those that could delete information which is on the device.

ExternalBlue Exploit

Ransomware as the name indicate foils the user from accessing their devices as well as their data till a definite ransom has been paid to the initiator wherein the computers are locked and encrypts the data on it, thus preventing software together with the apps from functioning. The attack had affected Telefonica together with the other huge companies in Spain together with Britain’s National Health Service NHS, FedEx, Deutsche Bahn and LATAM Airlines.

Other targets in around 99 countries had also been reported to have affected around at the same time. WannaCry is said to have utilised the EternalBlue exploit that had been invented by the U.S. National Security Agency – NSA to gain access to Microsoft Windows computers that had been utilised by terrorist outfits and enemy statesin order to affect computers running Microsoft Windows operating systems.

EternalBlue tends to exploit vulnerability MS17-010 in in implementation of the Server Message Block – SMB protocol of Microsoft. Although a patch to eliminate the underlying susceptibility for the supporting systems, - Windows Vista and later operating systems, had been issued on 14th March 2017, delay in apply security updates together with the absence of support by Microsoft of legacy varieties of Windows had left several users helpless.

Under Control – Malware Tech

Owing to the measure of the attack and dealing with the unsupported Windows system together with an effort of controlling the spread of the ransomware, Microsoft had taken the unusual step of releasing the updates for all the earlier unsupported operating systems from Windows XP onwards.

The attack had been brought under control by a security researcher, an accidental hero who has asked to be identified only as a MalwareTech. He has discovered a hard-coded security control in the form of a connection to a ridiculous domain name and had bought the domain name for $10.69. This had triggered thousands of pings from attacked devices and killed the ransomware together with its spread.

Had this not been surfaced, there would have been millions of computers all over the world supposedly locked within a few days thus disturbing in all types of global services. Several surgeries had been reported to have been postponed, x-rays were cancels and ambulances had been called back within hours of the attack in the UK where a minimum of 40 hospitals under NHS had been affected.

Shadow Broker

Fear of this type of an attacked had been speculated for a long time which would bring public utilities or transport system to a stop compelling the government to pay a huge amount to bring the service back to normal. This had occurred though for a few hours on Friday 12th May. Interestingly a group known as Shadow Broker had stolen the NSA tool in April who had been unhappy with Donald Trump, the US President whom they had voted for. Microsoft had claimed that it had released a security update addressing the susceptibility which these attacks had exploited in March and had advised users to update their system to deploy latest patches.

 But in India, regular updates were not done since most of the official computers tend to run Windows and hence the exposure could be great. Personal online data have now been linked to Aadhaar data of more than a billion India.

Regional Director, ComTIA India, Pradipto Chakrabarty had mentioned that the linking of Aadhaar to bank accounts, income-tax together with other personal information has given rise to threat. Since the bank account of the user is connected with his Aadhaar number, the ransomware could probably lock down the account making it inaccessible unless a ransom has been paid.

Common Phishing Tactics

The Head of Asia Pacific, Corporate Business at F-Secure Corporation, Amit Nath had stated that success of the WannaCry ransomware attack has the potential of giving hostile nation state a cause to create cyber weapons where there could be no hope of recovering the data and it could be the worst case scenario.

One post accredited to the Principal Security Group Manager, Microsoft Security Response Centre, Phillip Misner had mentioned that the attacks had been utilising common phishing tactics such as malicious attachments asking users to be cautious while opening attachments and the least one could do is to refrain from clicking links which cannot be trusted and stop downloading software from the unfamiliar sources.

 F-Secure had also emphasized on the need of a four-phase approach to cyber-security – Predict, Prevent, Detect and Respond, wherein you predict by performing an exposure analysis. Prevent by organizing a defensive solution in reducing the attack surface. Respond by defining on how a breach tends to occur and what are the impacts it tends to have on the systems, detect by monitoring infrastructure for any indications of intrusion or any suspicious behaviour.

Intel chip flaw allows hackers to hijack thousands of PCs

Thousands of Window computers were exposed to remote hacking due to a security flaw in the Intel chip. Dating almost back to a decade, this bug allows hackers to remotely access the keyboard and mouse of a computer even when it’s switched off, thereby granting them complete access to that PC’s files and folders and allowing them to install viruses. In this defect, the “AMT” port security, used by IT departments to support and install softwares through remote access, can be easily bypassed by hackers.

This AMT feature is mostly used by IT administrators for remotely accessing computers for support, maintenance and software updates installation. AMT can also be accessed via a web browser interface which would be protected by an admin password and can be remotely accessed even the computer is off.Last week, Intel revealed that this defect in security meant allowing hackers to exploit computers but it is now appearing to be that one could gain access which would be as easy and simple as ignoring the requirement of a password while logging in.

The flaw was discovered by researchers at the Embedi security group and they have circulated further details disclosing that hackers could enter into a system through the AMT system by simply leaving the password field empty.Hackers can also gain entry into the system through networking ports. An address on an internal home network can easily be accessed with the help of a web browser.

Intel did not disclose any statistics on how many computers were affected because of this defect but a search on a public web ports-scanning website called Shodan revealed that more than 8,000 computers were affected. Compared to consumer desktops and laptops, this technology is present only corporate PCs but sensitive information could be exploited by hackers if they gain access.

Identifying the defect

This flaw is more likely to affect Intel Chips dating as far back to 2008 that run management firmware versions from 6 and 11.6. Intel also released a security advisory that precautionary corrective steps need to be taken for a system that is runs AMT.

Researchers at Embedi warned that any systems facing internet with open ports 16992 and 16993 were more prone to the hack. After the disclosure of this flaw, scans on these affected ports have increased in number which means that hackers are actively on the lookout for such susceptible systems to take advantage.

Precautionary measures

In order to overcome this defect in the Intel chip, Intel has advised a few precautionary steps. Firstly, one needs to determine if their system has an Intel AMT capable system. Then, the system needs to be analysed for the flaw with a tool published by Intel which lets you check if your system is susceptible and disable the AMT technology.

Next, a check needs to be made for updated firmware versions. Most of the affected and vulnerable systems are older and no longer receive firmware updates. The AMT is disabled on such computers. Intel is working hard to fix this bug in the Intel chip and their hardware partners are in process to push fixes to the vulnerable systems. It is expected that computer companies like Dell, Fujitsu, HP and Lenovo will issue their patches soon and have already issued security advisories.