Hack Android Phones

New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices

Attention Android users!

Millions of Android devices are vulnerable to hackers and intelligence agencies once again – Thanks to a newly disclosed Android Stagefright Exploit.

Yes, Android Stagefright vulnerability is Back…

…and this time, the Stagefright exploit allows an attacker to hack Android smartphones in 10 seconds just by tricking users into visiting a hacker's web page that contains a malicious multimedia file.

A group of security researchers from Israel-based research firm NorthBit claimed it had successfully exploited the Stagefright bug that was emerged in Android last year and described as the "worst ever discovered".

The new Stagefright exploit, dubbed Metaphor, is detailed in a research paper [PDF] that guides bad guy, good guy as well as government spying agencies to build the Stagefright exploit for themselves.

Just yesterday, we reported about critical vulnerabilities in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on a vulnerable Android device, leaving more than a Billion Android devices at risk.

Video Demonstration — Exploit to Hack Android Phone in 10 Seconds

The researchers have also provided a proof-of-concept video demonstration that shows how they successfully hacked an Android Nexus 5 device using their Metaphor exploit in just 10 seconds. They also successfully tested Metaphor on a Samsung Galaxy S5, LG G3 and HTC One smartphones.

According to the researchers, Millions of unpatched Android devices are vulnerable to their exploit that successfully bypasses security defenses offered by Android operating system.

What is StageFright Bug and Why You have to Worry about it?

Stagefright is a multimedia playback library, written in C++, built inside the Android operating system to process, record and play multimedia files such as videos.

However, what Zimperium researchers discovered last year was that this core Android component can be remotely exploited to hijack 95 percent of Android devices with just a simple booby-trapped message or web page.

Another critical vulnerability discovered last October in Stagefright exploited flaws in MP3 and MP4 files, which when opened were capable of remotely executing malicious code on Android devices, and was dubbed Stagefright 2.0.

However, to tackle this serious issue, Google released a security update that patches the critical bug as well as promised regular security updates for Android smartphones following the seriousness of the Stagefright bugs.

Here's How the New Stagefright Exploit Works

Researchers described the following process to successfully hijack any vulnerable Android smartphone or tablet:

Step 1: Tricking a victim into visiting a malicious web page containing a video file that crashes the Android's mediaserver software to reset its internal state.

Step 2: Once the mediaserver gets a restart, JavaScript on the web page sends information about the victim's device over the Internet to the attacker's server.

Step 3: The attacker's server then sends a custom generated video file to the affected device, exploiting the Stagefright bug to reveal more info about the device's internal state.

Step 4: This information is also sent back to the attacker's server to craft another video file that embeds a payload of malware in it, which when processed by Stagefright starts executing on the victim's smartphone with all the privileges it needs to spy on its owner.

The researchers also claim that their exploit specifically attacks the CVE-2015-3864 vulnerability in a way that bypasses Address Space Layout Randomisation (ASLR), a memory protection process.

"It was claimed [the Stagefright bug] was impractical to exploit in­ the wild, mainly due to the implementation of exploit mitigations in [latest] Android versions, specifically ASLR," the research paper reads.

The team's exploit works on Android versions 2.2 ­to 4.0 and 5.0 to 5.1 while bypassing ASLR on Android versions 5.0 to 5.1, as version 2.2 to version 4.0 do not implement ASLR. Other Android versions are not affected by the new Stagefright exploit.

You can go through the full research paper [PDF] that provides enough details to create a fully working and successful exploit.

'The Fappening' Hacker Reveals How He Stole Nude Pics of Over 100 Celebrities

Almost one and a half years ago after the massive leakage of celebrities' nude photographs — famous as "The Fappening" or "Celebgate" scandal — a man had been charged with the Computer Fraud and Abuse Act, facing up to 5 years in prison as a result.

The US Department of Justice (DOJ) announced on Tuesday that it charged Ryan Collins, 36, of Pennsylvania for illegally accessing the Gmail and iCloud accounts of various celebrities, includingJennifer Lawrence and Kim Kardashian, and leaked their nude photos onto 4chan.

Social Engineering Helped Hacker Stole Celebs' Nude Pics

Collins was trapped by the Federal Bureau of Investigation (FBI) and in the process of the trial, the hacker revealed that…

The Fappening did not involve Apple's iCloud services being compromised through password cracking or brute-forcing, but rather it was the result of simple Social Engineering, in the form of Phishing Attacks.

Yes, The Fappening scandal was the result of Social Engineering tricks, while we believed that Apple's iCloud services had targeted under brute-force password hacking attacks.

At the time when the celebrities' nude images were circulating online, Apple denied that its iCloud service was hacked and claimed that the hacks were more likely to be a phishing scam. So this was actually the case.

Collins was engaged in Phishing schemes between November 2012 and September 2014, when he hijacked more than 100 celebs' accounts using fake emails disguised as official notifications from Google and Apple, asking victims for their usernames and passwords.

Once done, Collins then used this information to access 50 iCloud accounts and 72 Gmail accounts, most of which belonged to female celebs, and illegally download the contents of their iCloud backups and look for more data, including nude photos of celebrities.

Collins admitted only to hacking celebrities accounts, but not to uploading their naked photos online.

However this does not mean Collins did not leak those photographs, but the hacker negotiated a lighter guilty plea, allowing United States authorities to close the investigation faster.

Collins has not been sentenced yet but faces a maximum sentence of 5 years in prison for his crime, along with fines of up to $250,000. However, according to a plea agreement, the prosecution will recommend the judge an 18-month prison sentence.

How to Make $100,000? Just Hack Google Chromebook

 

Yes, you could earn $100,000 if you have the hacking skills and love to play with electronics and gadgets.

Google has doubled its top bug bounty for hackers who can crack its Chromebook or Chromebox machine over the Web.

So if you want to get a big fat check from Google, you must have the ability to hack a Chromebook remotely, that means your exploit must be delivered via a Web page.

How to Earn $100,000 from Google

The Chrome security team announced Monday that the top Prize for hacking Chromebook remotely has now been increased from $50,000 at $100,000 after nobody managed to successfully hack its Chromebook laptops last year.

The Top bug bounty will be payable to the first person – the one who executes a 'persistent compromise' of the Chromebook while the machine is in Guest Mode.

In other words, the hacker must be able to compromise the Chromebook when the machine is in a locked-down state to ensure its user privacy. 

Moreover, the hack must still work even when the system is reset.

"Last year we introduced $50,000 rewards for the persistent compromise of a Chromebook in guest mode," the Google Security Blog reads.
"Since we introduced the $50,000 reward, we have not had a successful submission. Great research deserves great awards, so we're putting up a standing [6-figure] sum, available all year round with no quotas and no maximum reward pool."

Bug bounties have become an essential part of information security and have been offered by major Silicon Valley companies to hackers and security researchers who discover vulnerabilities in their products or services.

Last year, Google paid out more than $2,000,000 in bug bounties overall to hackers and researchers who found bugs across its services – including $12,000 to Sanmay Ved, an Amazon employee, who managed to buy Google.com domain.

FBI threatens to Force Apple to Hand Over iOS Source Code

 Monday, March 14, 2016  Vikram Kumar

 

The Department of Justice (DoJ) has warned Apple that it may force the tech giant for handing over the source code to the complete operating system if it does not help the Federal Bureau of Investigation (FBI) unlock the San Bernardino shooter's iPhone.

Apple is battling with the FBI over iPhone encryption case. The federal investigators needs Apple's assistance to unlock an iPhone 5C belonging to San Bernardino shooter Syed Rizwan Farook.

However, Apple CEO Tim Cook has said explicitly that providing a backdoor would likely open up the company's iPhones to not just the federal agents, but also to malicious hackers who could use it for evil purposes.

On Thursday, Apple and the FBI head to another court hearing on the San Bernardino iPhone case.

The DOJ's latest 43-page brief filing contains an implicit threat that if Apple does not create the vulnerable version of its iOS operating system needed to bypass the passcode protection on the terrorist iPhone 5C, the government could force the tech giant to hand over both:

• Source Code to iOS
• Electronic Signature iPhones need to run modified software

...so that the FBI's own programmers could create its own backdoored version of iOS with the security features stripped out and then stamped it with Apple's electronic signature.

The DOJ filing reads in part:

"For the reasons discussed above, the FBI cannot itself modify the software on Farook's iPhone without access to the source code and Apple's private electronic signature. The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers."

The DoJ then goes on to cite a previous court ruling in which Ladar Levison – the owner of the secure email service Lavabit used by whistleblower Edward Snowden – was hit with contempt sanctions for failing to comply with a court order requiring assistance on encrypted email which included "producing a private SSL encryption key."

Meanwhile, Polk County Sheriff Grady Judd told reporters that he would have jailed the CEO of Apple for not assisting the FBI to unlock the terrorist's iPhone.

Needless to say, Apple's top lawyer Bruce Sewell categorized the filling as an offensive attempt to "vilify Apple" on unsubstantiated theories with "false accusations and innuendo."

"Everyone should beware, because it seems like disagreeing with the Department of Justice means you must be evil and anti-American," Sewell said in a statement. "Nothing could be further from the truth."

Both sides are playing too hard, in both the legal battle as well as rhetoric. The DOJ yesterday accused Apple of being "false" and "corrosive" and Apple responded by accusing the government to become "so desperate at this point that it has thrown all decorum to the wind."

Now, let's see where this battle ends.

Here's How Hackers Stole $80 Million from Bangladesh Bank

 Monday, March 14, 2016 Vikram kumar

 

The recent cyber attack on Bangladesh's central bank that let hackers stole over $80 Million from the institutes' Federal Reserve bank account was reportedly caused due to the Malware installed on the Bank's computer systems.

Few days ago, reports emerged of a group of unknown hackers that broke into Bangladesh's central bank, obtained credentials needed for payment transfers from Federal Reserve Bank of New York and then transferred large sums to fraudulent accounts based in the Philippines and Sri Lanka.

The criminal group was able to steal a total value of about $81 Million from the Federal Reserve's Bangladesh account through a series of fraudulent transactions, but a typo in some transaction prevented a further $850 Million Heist.

However, the question was still there:

How the Hackers managed to transfer $80 Million without leaving any Trace?

Security researchers from FireEye's Mandiant forensics are helping the Dhaka investigators to investigate the cyber heist.

Investigators believe unknown hackers installed some type of malware in the Bangladesh central bank's computer systems few weeks before the heist and watched how to withdraw money from its United States account, Reuters reports.

Although the malware type has not been identified, the malicious software likely included spying programs that let the group learn how money was processed, sent and received.

The malware in question could be a potential Remote Access Trojan (RAT) or a similar form of spyware that gave attackers the ability to gain remote control of the bank's computer.

The investigators suspect the hack could have exploited a "zero-day" flaw as they are unknown to vendors as well.

After this, the hackers were able to steal the Bangladesh Bank's credentials for the SWIFTmessaging system, a highly secure financial messaging system utilized by banks worldwide to communicate with each other.

"SWIFT and the Central Bank of Bangladesh are working together to resolve an internal operational issue at the central bank," Belgium-based SWIFT said in a statement Friday. "SWIFT's core messaging services were not impacted by the issue and continued to work as normal."

Security experts hope that the malware sample will be made available to the security researchers soon so that they can determine whether the sample was truly advanced, or if Bangladesh Central Bank's security protection was not robust enough to prevent the hack.

The Bangladesh Bank discovered weaknesses in its systems, which could take years to repair the issues though the Federal bank has denied any system compromise.