SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
#USB
12 Feb 2018

It's 2018 and you can still p0wn your Linux box by plugging in a USB stick

Linux users running KDE Plasma desktop environments need to apply patches to fix a bug that can lead to malicious code execution every time a user mounts a USB thumb drive on his computer.

The KDE Plasma team has released versions 5.8.9 and 5.12.0 to address the issue, tracked as CVE-2018-6791 and categorized as an "arbitrary command execution" vulnerability. According to a description of the bug, USB thumb drives that contain the characters `` or $() in the volume label will execute the text contained within these characters as shell commands. This means that an attacker can place malicious code in a USB thumb drive's name.

Read more
Tags:
USB information leaks
Source:
BleepingCimputer
1543
15 Aug 2017

USB devices vulnerable to crosstalk data leaks

Just like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker. The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB-based devices plugged into adjacent ports.

"Electricity flows like water along pipes – and it can leak out," said project leader Dr. Yuval Yarom. "In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub." This scenario implies the presence of a malicious USB device inserted in a nearby port that the attacker can use to monitor data flows in adjacent ports.

Read more
Tags:
information leaks USB
Source:
BleepingComputer
1509
23 Jun 2017

Wikileaks docs show how the CIA allegedly infected offline computers

Hacking air-gapped machines — computers that are not connected to the internet, so theoretically less vulnerable — is always pretty interesting.

On Wednesday, Wikileaks published a series of alleged CIA documents that supposedly show how the intelligence agency's malware was designed to infect these sort of targets. Naturally, the documents indicate how the CIA has continued to develop its own hacking tools, allegedly targeting devices from smart TVs to internet routers. According to one of the documents, "Brutal Kangaroo is a tool suite for targeting closed networks by air gap jumping using thumbdrives."

Read more
Tags:
Wikileaks CIA information leaks USB
Source:
Motherboard
1709
30 Mar 2017

About 90% of smart TVs vulnerable to remote hacking via rogue TV signals

A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.

The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code.

Read more
Tags:
information leaks USB
Source:
BleepingComputer
1706
23 Mar 2017

Why American farmers are hacking their tractors with Ukrainian firmware

To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums.

Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform "unauthorized" repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time. Most all the new equipment requires a download to fix.

Read more
Tags:
USA hackers USB information leaks
Source:
Motherboard
1834
23 Sep 2016

Malware-infected USB sticks posted to Australian homes

USB sticks containing harmful malware have been left in Australian letterboxes, police in Victoria have warned. Residents of Pakenham, a suburb of Melbourne, have reportedly found the unmarked sticks in the boxes.

Plugging them into a computer triggers fraudulent media-streaming service offers, as well as other malware, the force said in a statement. The devices are "extremely harmful" and should not be used, police say. It is not uncommon for USB sticks to be used to carry and transmit destructive malware and viruses to computers. Berlin-based researchers Karsten Nohl and Jakob Lell said a device that appeared to be completely empty could still contain a virus. 

Read more
Tags:
USB information leaks fraud
Source:
BBC News
1957
8 Sep 2016

Stealing login credentials from a locked PC or Mac just got easier

Snatching the login credentials of a locked computer just got easier and faster, thanks to a technique that requires only $50 worth of hardware and takes less than 30 seconds to carry out.

Rob Fuller, a principal security engineer at R5 Industries, said the hack works reliably on Windows devices and has also succeeded on OS X, although he's working with others to determine if it's just his setup that's vulnerable. The hack works by plugging a flash-sized minicomputer into an unattended computer that's logged in but currently locked. In about 20 seconds, the USB device will obtain the user name and password hash used to log into the computer.

Read more
Tags:
information leaks USB
Source:
Ars Technica
2166
30 Aug 2016

Meet USBee, the malware that uses USB drives to covertly jump airgaps

In 2013, a document leaked by former NSA contractor Edward Snowden illustrated how a specially modified USB device allowed spies to surreptitiously siphon data out of targeted computers, even when they were physically severed from the Internet or other networks.

Now, researchers have developed software that goes a step further by turning unmodified USB devices into covert transmitters that can funnel large amounts of information out of similarly "air-gapped" PCs. The USBee — so named because it behaves like a bee — is in many respects a significant improvement over the NSA-developed USB exfiltrator known as CottonMouth.

Read more
Tags:
USB information leaks
Source:
Ars Technica
1862
25 Aug 2016

Should you use that USB key you found?

Here is a scenario for you: You are walking around, catching Pokémon, getting fresh air, people-watching, taking Fido out to do his business, when something catches your eye. It’s a USB stick, and it’s just sitting there in the middle of the sidewalk.

Jackpot! Christmas morning! So, now the question is, what is on the device? Spring Break photos? Evil plans to rule the world? Some college kid’s homework? You can’t know unless… Stop right there. If you found yourself in this scenario, what would you do? Would you plug in the drive or just toss it in the nearest trash can? If you would plug it in, you are not alone — although you really should not do that.

Read more
Tags:
USB data protection fraud
Source:
Kaspersky Daily
1972
27 May 2016

Charging your smartphone’s battery over USB can be dangerous

Chances are that each of us has found ourselves in a situation where our phone is dying and we had no charger on hand, but at the same time we desperately need to stay connected — to answer an important call, receive a text message or email, whatever.

It’s perfectly normal to look for any source of precious electricity on such occasions — any USB port would do. But is it safe? No. In fact, it can be dangerous: Over a USB connection someone can steal your files, infect your smartphone with something nasty — or even brick it. Before we get to the problem of thieves, we must point out that not all electricity is equally good for your phone. 

Read more
Tags:
information leaks USB Android
Source:
Kaspersky Daily
Author:
Alexey Komarov
1967
SafeUM NEWS
27 Apr 2017 safeum news imgage Encrypted Group Chat
4 Apr 2017 safeum news imgage Each SafeUM user gets free anonymous phone number
10 Mar 2017 safeum news imgage SafeUM useful features to help you feel safe
28 Sep 2016 safeum news imgage Secure Messenger SafeUM
21 Jul 2015 safeum news imgage New secured zone of Google Play: secure messenger SafeUM for Android. Download, Install, Communicate
3 Apr 2015 safeum news imgage We are beginning to test SafeUM for Windows Phone
25 Feb 2015 safeum news imgage SafeUM messenger is available for public testing
20 Feb 2015 safeum news imgage Algorithms and encryption schemes used for secure messenger SafeUM
30 Jan 2015 safeum news imgage New "TOP Security!" app is on the App Store
22 Jan 2015 safeum news imgage Free "TOP Security!" app is available on Google Play
28 Oct 2014 safeum news imgage How are security keys generated in SafeUM?
19 Jun 2014 safeum news imgage SafeUM is the best messenger for data protection and information security
16 Jun 2014 safeum news imgage Become a SafeUM tester and get free PREMIUM subscription for a year
12 May 2014 safeum news imgage Why Premium secure messenger SafeUM cannot be free
25 Apr 2014 safeum news imgage Encrypted secure messaging for every mobile device
All news
First page Previous
1 2
Next Last page
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015