• Ar chevron_right

    Study shows which messengers leak your data, drain your battery, and more / ArsTechnica · Monday, 26 October, 2020 - 21:31

Stock photo of man using smartphone.

Enlarge (credit: Getty Images )

Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday , were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews.

When a sender includes a link in a message, the app will display the conversation along with text (usually a headline) and images that accompany the link. It usually looks something like this:

Read 9 remaining paragraphs | Comments

  • Ar chevron_right

    A watch designed exclusively for kids has an undocumented spying backdoor / ArsTechnica · Monday, 12 October, 2020 - 13:00 · 1 minute

A watch designed exclusively for kids has an undocumented spying backdoor

Enlarge (credit: Xplora )

A popular smartwatch designed exclusively for children contains an undocumented backdoor that makes it possible for someone to remotely capture camera snapshots, wiretap voice calls, and track locations in real time, a researcher said.

The X4 smartwatch is marketed by Xplora, a Norway-based seller of children’s watches. The device, which sells for about $200, runs on Android and offers a range of capabilities, including the ability to make and receive voice calls to parent-approved numbers and to send an SOS broadcast that alerts emergency contacts to the location of the watch. A separate app that runs on the smartphones of parents allows them to control how the watches are used and receive warnings when a child has strayed beyond a present geographic boundary.

But that’s not all

It turns out that the X4 contains something else: a backdoor that went undiscovered until some impressive digital sleuthing. The backdoor is activated by sending an encrypted text message. Harrison Sand, a researcher at Norwegian security company Mnemonic, said that commands exist for surreptitiously reporting the watch’s real-time location , taking a snapshot and sending it to an Xplora server, and making a phone call that transmits all sounds within earshot.

Read 15 remaining paragraphs | Comments

  • Ar chevron_right

    Apple’s T2 security chip has an unfixable flaw / ArsTechnica · Saturday, 10 October, 2020 - 11:04 · 1 minute

2014 Mac mini and 2012 Mac mini

Enlarge / The 2014 Mac mini is pictured here alongside the 2012 Mac mini. They looked the same, but the insides were different in some key—and disappointing—ways. (credit: Andrew Cunningham )

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access. The flaw is one researchers have also been using for more than a year to jailbreak older models of iPhones . But the fact that the T2 chip is vulnerable in the same way creates a new host of potential threats. Worst of all, while Apple may be able to slow down potential hackers, the flaw is ultimately unfixable in every Mac that has a T2 inside.

In general, the jailbreak community hasn't paid as much attention to macOS and OS X as it has iOS, because they don't have the same restrictions and walled gardens that are built into Apple's mobile ecosystem. But the T2 chip, launched in 2017 , created some limitations and mysteries. Apple added the chip as a trusted mechanism for securing high-value features like encrypted data storage, Touch ID, and Activation Lock, which works with Apple's "Find My" services. But the T2 also contains a vulnerability, known as Checkm8, that jailbreakers have already been exploiting in Apple's A5 through A11 (2011 to 2017) mobile chipsets. Now Checkra1n, the same group that developed the tool for iOS, has released support for T2 bypass.

On Macs, the jailbreak allows researchers to probe the T2 chip and explore its security features. It can even be used to run Linux on the T2 or play Doom on a MacBook Pro's Touch Bar. The jailbreak could also be weaponized by malicious hackers, though, to disable macOS security features like System Integrity Protection and Secure Boot and install malware. Combined with another T2 vulnerability that was publicly disclosed in July by the Chinese security research and jailbreaking group Pangu Team, the jailbreak could also potentially be used to obtain FileVault encryption keys and to decrypt user data. The vulnerability is unpatchable, because the flaw is in low-level, unchangeable code for hardware.

Read 13 remaining paragraphs | Comments

  • Ga chevron_right

    A new security flaw is revealed with 'BlindSide' on Linux affecting Intel and AMD / GamingOnLinux · Saturday, 12 September, 2020 - 16:07 · 1 minute

VUSec have published and shown an example of a newly discovered flaw present with both Intel and AMD processors when used with Linux.

BlindSide allows attackers to “hack blind” in the Spectre era. That is, given a simple buffer overflow in the kernel and no additional info leak vulnerability, BlindSide can mount BROP-style attacks in the speculative execution domain to repeatedly probe and derandomize the kernel address space, craft arbitrary memory read gadgets, and enable reliable exploitation.

It's quite a wide-reaching security issue too which they mentioned testing being successful across Intel Skylake, Kaby Lake and Coffee Lake microarchitectures and additionally AMD Zen+ and Zen2 microarchitectures with their testing overcoming the latest mitigations too.

Going by what they said in the full paper, the issue is present in the Linux Kernel from v3.19 up to v5.8 so that's potentially a lot of systems. They said it means that "an attacker armed with a write vulnerability can perform BlindSide attacks on a wide range of recent production Linux kernel versions even when blind to the particular kernel version".

They showed off a demo of it in action too:

youtube video thumbnail
Watch video on

The conclusion of their paper:

We presented BlindSide, a new exploitation technique that leverages an underexplored property of speculative execution (i.e., crash/execution suppression) to craft speculative probing primitives and lower the bar for software exploitation. We showed our primitives can be used to mount powerful, stealthy BROP-style attacks against the kernel with a single memory corruption vulnerability, without crashes and bypassing strong Spectre/randomization-based mitigations.

As always, ensure you're regularly checking for updates. It's better to be up to date and safe, than think some specific situations won't apply to you. Better safe than sorry.

You can see the full paper here and their blog post here . Hat tip to Phoronix .

Article from - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.
  • Ga chevron_right

    Intel chipsets have another security issue, this time it's 'unfixable' / GamingOnLinux · Friday, 6 March, 2020 - 12:24 · 1 minute

Researchers have uncovered a fun new vulnerability in Intel processors, and this one has a claim attached that it's not possible to fix it.Sound familiar? Yeah, there's been a lot of problems over at Intel in the last couple years. We reported on some back in January and it seems it's not getting any better.

This issue, found and reported by Positive Technologies, mentions CVE-2019-0090 which as the numbered year suggests was already announced last year. However, the plot thickens . If you have an Intel chipset and/or SoC older than the 10th Generation (so anything in the last few years), you will be affected by this.

Not something you can get a firmware update or an operating system patch to help with either, since it concerns the Converged Security and Management Engine (CSME). As written by the folks over at Positive Technologies:

We will provide more technical details in a full-length white paper to be published soon. We should point out that when our specialists contacted Intel PSIRT to report the vulnerability, Intel said the company was already aware of it (CVE-2019-0090). Intel understands they cannot fix the vulnerability in the ROM of existing hardware. So they are trying to block all possible exploitation vectors. The patch for CVE-2019-0090 addresses only one potential attack vector, involving the Integrated Sensors Hub (ISH). We think there might be many ways to exploit this vulnerability in ROM. Some of them might require local access; others need physical access.

As you can see, it's not going to be the most practical for people to break into so you don't need to go and wildly panic right this second, since they would need some sort of physical and local access but it's still a damning look for Intel's processor security. To have something so severe that can only be fixed by replacing the entire hardware—ouch.

Do you currently have an Intel CPU and are you considering switching to AMD? Let us know in the comments.

Article from - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.