Firewall

All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack

MORE is coming

 

Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2.

Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts.


What's interesting about Cloak and Dagger attack?

The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device.

Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity.

Cloak and Dagger attacks utilise two basic Android permissions:

  • SYSTEM_ALERT_WINDOW ("draw on top")
  • BIND_ACCESSIBILITY_SERVICE ("a11y")


The first permission, known as "draw on top," is a legitimate overlay feature that allows apps to overlap on a device's screen and top of other apps.

The second permission, known as "a11y," is designed to help disabled, blind and visually impaired users, allowing them to enter inputs using voice commands, or listen content using screen reader feature.

Scary Things Hackers Can Do to Your Android (Demo)


Since the attack does not require any malicious code to perform the trojanized tasks, it becomes easier for hackers to develop and submit a malicious app to Google Play Store without detection.

Unfortunately, it’s a known fact that the security mechanisms used by Google are not enough to keep all malware out of its app market.

If you are following regular security updates from The Hacker News, you must be better aware of frequent headlines like, "hundreds of apps infected with adware targeting play store users," and "ransomware apps found on play store."

Just last month, researchers uncovered several Android apps masqueraded as an innocent "Funny Videos" app on Play Store with over 5,000 downloads but distributed the 'BankBot banking Trojan' that steal victims' banking passwords.

Here's what the researchers explained how they got on the Google Play Store to perform Cloak & Dagger attacks:

"In particular, we submitted an app requiring these two permissions and containing a non-obfuscated functionality to download and execute arbitrary code (attempting to simulate a clearly malicious behavior): this app got approved after just a few hours (and it is still available on the Google Play Store)." researchers say.

Once installed, the researchers say the attacker can perform various malicious activities including:

  • Advanced clickjacking attack
  • Unconstrained keystroke recording
  • Stealthy phishing attack
  • Silent installation of a God-mode app (with all permissions enabled)
  • Silent phone unlocking and arbitrary actions (while keeping the screen off)


In short, the attackers can secretly take over your Android device and spy on your every activity you do on your phone.

It's Insanely Easy to Bypass Samsung Galaxy S8 Iris Scanner with a Photo

Sorry Samsung after Battery this may be the other problem you may face.

Samsung recently launched its new flagship smartphones, The Galaxy S8 and Galaxy S8 Plus, it is with both Facial and IRIS Recognition features, making it easier for users to unlock their smartphone and signing into websites.


We already knew that the Galaxy S8's facial unlock feature could be easily fooled with just a simple photograph of the device owner, but now hackers have also discovered a simple way to bypass the iris-based authentication, which Samsung wants you to think is unbeatable.

All it took for German hacking group Chaos Computer Club (CCC) to break the Galaxy S8's iris-recognition system was nothing but a camera, a printer, and a contact lens.

 

The process was very simple. The CCC group simply used the night mode setting on a Sony digital camera to capture a medium range photo of their subject.

Since the iris scanner uses infrared light, the group then printed out a real-life sized infrared image of one eye using a Samsung printer and placed a contact lens on the top of the printed picture to provide some depth. And, it was done.

The Samsung Galaxy S8 instantly recognized the mare photo as being a "real" human eye and unlocked the phone, giving hackers full access to the phone, including Samsung Pay.

So, the hackers successfully bypassed Galaxy S8's iris-based authentication, which Samsung claims is "one of the safest ways to keep your phone locked."

"The patterns in your irises are unique to you and are virtually impossible to replicate, meaning iris authentication is one of the safest ways to keep your phone locked and the contents private," Samsung's official website reads.

Here's what Samsung said about the iris-recognition system hack:

"We are aware of the issue, but we would like to assure our customers that the iris scanning technology in the Galaxy S8 has been developed through rigorous testing to provide a high level of accuracy and prevent attempts to compromise its security, such as images of a person's iris. If there is a potential vulnerability or the advent of a new method that challenges our efforts to ensure security at any time, we will respond as quickly as possible to resolve the issue."

This is not the first time when CCC hacked into biometric systems. Late 2014, the group recreated an accurate thumbprint a fingerprint of a Germany's federal minister of defense using a standard photo that could fool any fingerprint security systems. The same technique the group also claimed could be used to fool IRIS Biometric security systems.

In March 2013, the CCC group managed to fool Apple's TouchID fingerprint authentication system.

So, it is a good reminder for people to always stick on a strong passcode and device encryption to secure their devices, instead of relying on biometric features, like fingerprint scan, IRIS scan, or facial recognition, that can eventually be broken by a determined hacker.

 

 

Iot Botnets are Coming, How Can You Escape Them?

Using the Mirai botnet - which took advantage of unprotected firmware in certain IoT devices - attackers were able to quickly flood DNS servers, making it impossible for users to contact the services they wanted to use (most of which weren’t Minecraft servers!). The botnet used in the attack on OVH involved over 170,000 compromised devices, from all over the world.

 

What was different about these attacks was their scale, and their use of unprotected IoT devices, rather than compromised PCs. So how can you defend your networks and your users against attacks that take advantage of consumer hardware?

 

What can be done?

Cisco and Fortinet Switch Latency RATE  

Who is the BEST


 

 

CISCO  2960

FORTISWITCH 248D

LATENCY RATE

6 microseconds

> 3 microseconds

FORWARDING RATE

108 Gbps

104 Gbps

Packets Per Second

130.9 Mpps

155mPPS

The above table shows that Fortinet SWITCH is far more Better than CISCO.

Choose wisely as network Slow can be the major problem when you go to higher switchs