close

Security news

NSA to release reverse engineering tool ‘GHIDRA’ for free

NSA to release reverse engineering tool ‘GHIRDA’

NSA will release a free open source reverse engineering tool ‘GHIDRA’

The U.S. National Security Agency (NSA) will be releasing a free open source reverse engineering tool for public use in a session at the RSA conference 2019 in San Francisco titled “Come Get Your Free NSA Reverse Engineering Tool!”

For the unaware, NSA has until now officially shared its own software tools only with government agencies, secret services, and other countries.

Dubbed as GHIDRA, the software reverse engineering framework is developed in Java and has a graphical user interface (GUI). It is available for Windows, macOS, and Linux. However, in order to use the tool, the system is required to run Java 1.7.

“NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019,” states the RSAConference session description. “An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS, and Linux and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.”

GHIDRA includes a disassembler that breaks down executable files into assembler code, which in turn can be read and examined by humans. It can be utilized to analyze binary files used by programs, as well as malware, that runs on different operating systems such as Windows, macOS, Linux as well as mobile platforms like Android and iOS.

Apparently, the existence of GHIDRA has never officially been a secret, until it was first publicly released by WikiLeaks in CIA Vault 7 leaks in March 2017. Developed back in the early 2000s, the tool has been used extensively ever since, including outside the US and several other law enforcement agencies.

GHIDRA is expected to be released soon on NSA’s open source repository at https://code.nsa.gov/ and also on the associated GitHub account.

read more

Vulnerability in Skype app for Android allows access to phone data without a passcode

Vulnerability in Skype app for Android version

Design flaw in the Android version of Skype app allows you to unlock the phone without a password

A bug hunter has discovered a vulnerability in Microsoft’s Android version of Skype app that can be exploited to access several app functions without entering passcode authentication to unlock the phone.

Kosovo-based bug-hunter Florian Kunushevci, who discovered the vulnerability, demonstrated the bypass in a YouTube video (see below). The video shows that anyone in possession of someone’s phone to receive a Skype call, can answer it without unlocking the handset.

Once the person answers the call, he or she can then view photos, access contacts, send a message, and access the browser by clicking on the links sent in the message. All these actions can be carried out without the need to unlock the phone.

Kunushevci, who is an everyday user of the Skype for Android app, discovered that there was something wrong the way in which the app accessed local files on the handset while performing VoIP calls.

“One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should,” he explained to The Register. “Then I had to change the way of thinking as a regular user into something that I can use for exploitation.”

The researcher discovered that when a Skype call is answered, several phone application functions like photo-sharing and contact look-ups could be accessed regardless of whether the phone was locked or not. In other words, the vulnerability allows anyone to access the photo and contact feature without confirming if the person using the handset was authenticated.

Just like multiple iOS flaws found in the system over the years, this vulnerability is due to a slight oversight in system’s security. Kunushevci said, “For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes.”

Kunushevci reported the security flaw to Microsoft in October before disclosing it to the public. Apparently, the vulnerability was corrected in the version of Skype released on December 23, 2018, which is safe to use.

It is suggested that users install or upgrade to the latest version of Skype for Android app for better security, as this vulnerability affects Skype on all Android versions. Please note that the patch for this bug is included in all the Skype app builds with a version number over 8.15.0.416 for different Android versions.

Microsoft has yet to issue an official statement on the matter.

read more

Microsoft’s Windows 10 October Update Enters New Year With New Problems

Microsoft’s Windows 10 October Update

Microsoft’s Windows 10 October Update deactivates built-in Administrator account, breaks FLAC support

2018 was certainly not a good year for Microsoft’s Windows 10 October 2018 Update (version 1809), as it was plagued with issues such as automatic deletion of files, ZIP files overwrite confirmation bug, font and display problems. To fix these problems, Microsoft had re-released the Windows 10 version 1809 in November last year.

However, it looks like problems surrounding the Windows 10 October 2018 Update is far from over. Windows 10 October 2018 Update has entered the new year with two new issues.

To start with, in a blog post by Microsoft’s Japanese Network & AD support team, the company has acknowledged that upgrading from Windows 10 version 1803 to version 1809 is inadvertently invalidating the built-in Administrator account if it has been previously activated.

This problem is known to occur during the upgrade process when (1) the built-in Administrator account is valid and (2) there are other accounts that also have Administrator permissions.

Microsoft who is aware of the problem is looking to release a fix in late January 2019. Meanwhile, the company is suggesting users to give Administrator privileges to another user account when upgrading to the October 2018 Update.

For those who have already upgraded and are looking to re-activate Administrator account, can do so by going to Computer Management >Local Users and Groups > Users.

Another issue plaguing Windows 10 October 2018 Update is the broken FLAC support in Windows 10. Apparently, users are complaining that upgrading from Windows 10 April 2018 Update to the Windows 10 October 2018 Update is breaking FLAC support in Windows 10. In other words, metadata for FLAC audio files are being truncated or cut off while using File Explorer and other locations such as Groove Music or Windows Media Player.

It appears that Microsoft is aware of the issue, as it had acknowledged and addressed the issue in the latest Windows 10 19H1 preview builds.

“We fixed an issue resulting in FLAC metadata being cut short in File Explorer and other locations, the company writes in a blog post.

However, the fix hasn’t been brought to the October 2018 Update and has not been listed as a known issue. Hence, it is unclear when the issue will be fixed.

read more

Google Chrome Exploit is Causing Windows 10 To Crash~ How To Fix

Google Chrome has now become an industry standard web browser that is used by millions of Windows 10 users. Recently a new exploit was discovered in Google Chrome that consumes 100% of system resources and completely freezes a Windows 10 computer.

So here’s everything you need to know about the Google Chrome Exploit and how to fix it.

ALSO READ: Google Chrome’s Dark Mode For macOS To Arrive In Early 2019

Google Chrome Exploit: The Issue

Google Chrome is one of the most feature-rich web browsers that is very well optimized for Windows OS. According to some reliable sources, a new bug which seems to be a tech support scam completely crashes Windows 10 and informs the users that their computer has been affected by a virus.

Initially, this bug makes Google Chrome browser unusable and then all of the open tabs are completely locked. Once both Windows 10 and Google Chrome are completely frozen a pop-up comes up which claims to be from Microsoft support. A user can’t close this pop-up and this pop-up says that your data is at a risk.

For quite some time, this bug makes your Windows 10 computer useless.

Google Chrome Exploit: The Fix

Well, if you or any of your friends or a family member has encountered this bug then this fix might completely resolve the issue. So here’s how you can get Windows 10 up and running once again.

  1. Open Task Manager from Taskbar or by pressing Shift+Ctrl+Esc at the same time.
  2. Under the Processes Tab, locate Google Chrome in the Apps Section.
  3. Lastly, select Google Chrome and right-click to End Task.

Hopefully, your Windows 10 computer will now return to its normal state. It is worth noting, that the next time you open Google Chrome the browser would prompt you to restore tabs as the browser didn’t had a proper shutdown. Don’t restore the tabs else you would have to face the same issue once again.

read more

iOS 12.1.2 Bug Disconnects iPhone’s From Cellular Data~ How To Fix

Apple recently released the iOS 12.1.2 update that was supposed to fix issues with eSIM support for the iPhone XR, iPhone XS, and iPhone XS Max. After a few days, Apple released another update with similar version number but this time around instead of resolving issues the update brought some significant problems.

After the latest iOS update, many iPhone users have been reporting about a bug that automatically disconnects iPhone’s from cellular data.

So here’s everything you need to know about the issue mentioned above.

ALSO READ: iPhone X explodes after iOS 12.1 Update

iOS 12.1.2 Bug: The Issue

As mentioned earlier the bug that came along the latest iOS update kills the cellular data on iPhones. Consequently, users didn’t receive phone calls and text messages due to the unavailability of mobile data. The issue came into notice when people started reporting on forums and social media platforms like Twitter, Facebook, and Reddit.

In addition to that, some users also reported that the bug affected WiFi connections as well. It is worth noting that the bug has affected many iPhones, but it’s not present on every iPhone.


iOS 12.1.2 Bug: The Fix

Well, if you are one among many affected iPhone users, then these two fixes from 9to5Mac might help you.

  1. Firstly you can disable Wi-Fi Calling from the cellular menu of the settings app.
  2. Next up, head on to Cellular Data Options and change the Enable LTE field from Voice and Data to Data only.

These two fixes are not the exact solutions, but they might help many users. As of now, Apple hasn’t addressed the bug that disconnects iPhones from cellular data. That said, Apple might soon release the iOS 12.1.3 update which will ultimately resolve this issue.

Do share any personal fix that you have found for the issue mentioned above in the comments section below.

read more

Hacker talks to an Arizona man through his internet security camera

Hacker talks to an Arizona man through his internet security camera

Arizona Man Says Hacker Spoke to Him Through His Home’s Nest Security Camera

As creepy and disturbing it may sound, an Arizona man was startled when a hacker spoke to him through his internet security camera that was meant to keep him safe, reports The Arizona Republic.

The victim, Andy Gregg, a real estate agent in Phoenix, Arizona, said he was in his backyard when he heard a voice speaking to him creepily from inside his home. At first, he thought a burglar had entered his home. However, he soon realized that the voice was coming from his Nest Cam IQ security camera in the front window of his home.

The hacker claimed that he was a “white hat” hacker associated with the Anonymous hacktivist group. He informed Gregg that his personal information was compromised probably in a previous data breach.

The hacker then recited a number of passwords Gregg had used for logging into multiple websites. While the hacker had no access to the cam’s video feed, nor Gregg’s location, he said the loopholes, however, could have been explored by notorious hackers for malicious purposes.

“I’m really sorry if I startled you or anything. I realize this is super unprofessional, and I’m sorry that it’s a little late in the day to do this,” the hacker can be heard telling Gregg, according to a recording obtained by The Arizona Republic/azcentral.

“We don’t have any malicious intent.”

The hacker informed Gregg that he had accessed his camera to warn him about its security vulnerabilities. Gregg immediately unplugged the camera and changed his passwords to avoid any future access to his camera by malicious hackers.

“You basically feel very vulnerable,” Gregg told The Arizona Republic. “It feels like you’ve been robbed essentially and somebody’s in your house. They know when you’re there. They know when you’re leaving.”

Google-owned Nest said in a statement to the Arizona Republic that it is aware of hackers accessing its cameras using passwords exposed in other breaches. It said that the company has no control over the device beyond the user’s login point, as their devices do not come with default logins. Users need to set up their device with a unique set of login credentials that only they are aware. Hence, Nest suggests its users to set up two-factor authentication to provide an additional layer of security on their devices.

read more

Cydia app store disables purchases option for jailbroken iPhones

Cydia app store disables purchases option for jailbroken iPhones

New Purchases For JailBroken iPhones Closed Down On Cydia App Store

Cydia app store creator Jay “Saurik” Freeman on Friday announced in a Reddit post that software purchases would no longer be available on Cydia App Store.

For the unaware, Cydia App Store for iOS provides user software packages that can be installed on jailbroken iPhones, iPads and iPod touch devices. Basically, it allows users to install software from third-party by bypassing Apple’s own App Store lockdown.

However, the number of users who have cracked the iPhone has decreased in recent years due to Apple’s iOS ecosystem has grown more strong and secure.

While Freeman had initial plans to shut down the store purchases option by the end of 2018, a recently found security vulnerability in the app that would allow hackers to buy apps using other people’s accounts led to the shut down earlier than planned.

“The reality is that I wanted to just shut down the Cydia Store entirely before the end of the year, and was considering moving the timetable up after receiving the report (to this weekend); this service loses me money and is not something I have any passion to maintain: it was a critical component of a healthy ecosystem, and for a while it helped fund a small staff of people to maintain the ecosystem, but it came at great cost to my sanity and led lots of people to irrationally hate me due to what amounted to a purposeful misunderstanding of how profit vs. revenue works,” he writes.

The shutting down announcement does not mean the immediate end of jailbreaking since Freeman will continue to bear the cost of running the platform. iOS users will still be able to download apps that they have purchased from Cydia store in the past; however, they would now be no longer able to purchase new apps.

Further, Freeman is going to publish a more “formal” post this week with further details about the past and future of Cydia.

Also Read- Apple sued for lying about screen size and pixel count in its iPhone X series

read more

iTunes 12.8.1 is freezing Safari running on OS X Yosemite 10.10.5

iTunes 12.8.1 is freezing Safari running on OS X Yosemite 10.10.5

Beware! Do not update to iTunes 12.8.1 if you are on OS X Yosemite 10.10.5

iTunes users took to MacRumors ForumsTwitterReddit, and Stack Exchange recently to report that upgrading to iTunes 12.8.1 version is breaking Safari 10.1.2, the latest version of the browser for OS X Yosemite 10.10.5.

Users who updated to iTunes 12.8.1 were greeted with following error message when opening Safari on OS X Yosemite 10.10.5:

“Safari cannot be opened because of a problem.

Check with the developer to make sure Safari works with this version of Mac OS X. You may have to reinstall the application. Be sure to install any available updates for the application and Mac OS X.

One Stack Exchange user was of the opinion that the iTunes 12.8.1 update is likely updating the MobileDevice.framework in /System/Library/PrivateFrameworks/ to a version incompatible with Safari 10.1.2.

However, it now appears that Apple has pulled the iTunes 12.8.1 update. Some users have found a workaround to fix Safari. For that, you need to go the Finder app, click on Go > Go to Folder… in the top menu bar, typing in /System/Library/PrivateFrameworks/ and drag MobileDevice.framework to the Trash.

Note: These steps have not been tested by us.

Also Read- What is Mac OS? Pros and Cons Of Using It

read more

Facebook bug exposed unposted photos of 6.8 million users

Facebook bug exposed unposted photos of 6.8 million users

Facebook accidentally exposed 6.8 million users’ private photos to developers

Facebook on Friday disclosed a data breach that may have exposed unposted photos of as many as 6.8 million users.

According to the company’s developer blog, a photo API bug accidentally gave hundreds of third-party apps unauthorized access to photos of as many as 6.8 million users during a 12 days period between September 13 and 25. It is believed that up to 1,500 apps built by 876 developers may have been affected by the bug.

“When someone gives permission for an app to access their photos on Facebook, we usually only grant the app access to photos people share on their timeline,” engineering director Tomer Bar said in a message to developers.

“In this case, the bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories.”

Apparently, the bug inadvertently also gave third-party apps access to photos that were not shared on timelines, for example, if someone uploads a photo to Facebook but doesn’t finish posting it, Bar added.

“We store a copy of that photo so the person has it when they come back to the app to complete their post,” he said.

Bar added that potentially affected Facebook users will get a Facebook notification, which will direct them to a Help Center link where they will be able to see if they have used any apps that were affected by the bug.

“We’re sorry this happened,” Bar said. “Early next week we will be rolling out tools for app developers that will allow them to determine which people using their app might be impacted by this bug. We will be working with those developers to delete the photos from impacted users.”

Bar also suggested that users should log into any apps with which they have shared their Facebook photos to find out if they have access to photos they shouldn’t.

Besides the Facebook photo API bug discovered in September, the social networking giant was also hit by another data breach the same month where data of some 30 million users were exposed to hackers as a result of a flaw in Facebook’s ‘View As’ feature.

read more

Google decides to kill off Google+ earlier than planned

Google decides to kill off Google+ earlier than planned

Another data leak forces Google to close down Google+ in April 2019

In October this year, we had reported how personal data of hundreds of thousands of Google+ social media users were exposed after a software glitch between 2015 and March 2018. Following the data exposure, Google had decided to shut down Google+ permanently over a span of 10 months.

However, a newly discovered second data leak has now forced Google to shut down much before it has planned. According to the company, a bug in the Google+ API has exposed the data of 52.5 million users, which has compelled the search giant to kill off Google+ in April 2019. The company also added that the bug was fixed within a week of it being introduced.

“We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API. We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way,” David Thacker, VP, Product Management, G Suite said in a blog post.

“With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days. In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.”

Profile information of Google+ users such as name, email address, occupation, and age were exposed even when their profile was set to not-public. In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly. However, no access was given to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.

The company has started notifying consumer users and enterprise customers affected by the bug. Although the platform will shut down for consumer users in April 2019, Google will continue to invest in Google+ for businesses.

“We understand that our ability to build reliable products that protect your data drives user trust. We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs. We will never stop our work to build privacy protections that work for everyone,” said David Thacker in the closing statement.

For those who are unaware, Google+ is an Internet-based social network that was launched in June 2011 and is owned and operated by Google. The major reason why Google developed this social media platform was to compete with the exponentially growing social-media platform Facebook.

To increase the active user base Google interlinked Google+ with other services like Gmail and YouTube; however, the integration didn’t work out. In fact, even after massive investments and development Google+ didn’t gain immense popularity among users.

What do you think about Google+ being shut down? Do let us know your thoughts in the comments section below.

read more