FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.
The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. To lower the chances that the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers.Read more
Two security researchers, Roberto Paleari and Aristide Fattori, have revealed the technical details of an exploit they've discovered in Samsung Galaxy devices that allows an unauthorized third-party to start calls or send SMS texts from locked devices.
According to a technical write-up published on GitHub two days ago, an attacker that has temporary access or has stolen a Samsung Galaxy device, can connect it via USB to a Linux workstation and send malicious commands that initiate hidden calls and send SMS messages. This trick works without leveraging any software vulnerability, and even if the phone has USB debugging or USB tethering turned off.Read more
Security experts are warning organizations about a new USB trojan that is extremely difficult to spot, can target air-gapped systems, and is ideal for cyber and industrial espionage campaigns.
Nicknamed USB Thief, this is probably the most complex trojan ever discovered, using encryption and self-protection procedures to infect targets and hide from prying eyes. The trojan binds itself on each USB stick, using the USB drive's details to hide its malicious files under AES128 encryption. If the trojan is copied to another USB or on a classic storage device, the encryption breaks, and the content of the malicious files cannot be determined.Read more
Car Hacking is a hot topic today. Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means that a majority of car's functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator.
No doubt these auto-control systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. Previously researchers demonstrated how hackers can remotely hijack your car to control its steering, brakes and transmission. And now hackers can successfully disable car's airbags.Read more
We are very used to dividing the concept of IT security into two unequal subcategories, hardware- and software-centric. The hardware is usually considered relatively safe and clean — as opposed to software which is usually the layer suffering from bugs and malware.
This value system has been functioning for quite a while, however lately it has been showing signs of changing. Certain firmware responsible for managing discrete hardware components has been getting increasingly complex and is subject to vulnerabilities and exploits. Let’s review the top 5 dangerous hardware vulnerabilities that have recently been found in today’s PCs.Read more
BadUSB hasn’t gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs. Researcher, who warned the world during Black Hat last summer that the controller chips in most USB devices could be reprogrammed to behave badly, has dug deeper into the problem.
The real kicker, however, is that USB device makers indiscriminately flip-flop between these chips depending on price and availability, meaning that not all USBs are alike — not even those in the same product line. Determining which chips are risky requires physically dismantling and examining the chip in the particular USB device.Read more
After analyzing a lot of Stuxnet files collected over a two-year period, experts could identify the first victims of the Stuxnet worm. After Stuxnet was discovered over four years ago as one of the most sophisticated and dangerous malicious programs, researchers can now provide insight into the question: what were the goals of the Stuxnet operation?
Initially security researchers had no doubt that the whole attack had a targeted nature. The code of the worm looked professional and exclusive; there was evidence that extremely expensive zero-day vulnerabilities were used. However, it wasn’t yet known what kind of organizations were attacked first and how the malware ultimately made it right.Read more
When we think and talk about malware and viruses, we often try and secure our computers with antivirus programs. The obvious threat comes from web where we visit a number of websites and online applications; some of them posing a serious threat for our systems.
However, have you ever thought that a USB device can pose as a danger to our systems? No, we are talking about the viruses entering from a USB to our Windows PCs through some files. This new threat is caused by USB firmware. Well, this is the fact which was brought to notice by a researcher duo, Karsten Nohl and Jakob Lell, in 2014’s Black Hat annual conference that took place in Las Vegas.Read more
According to German researches of the SR Labs company, which works in the field of the information security, all devices that work through USB are poorly protected and dangerous.
Experts have found vulnerability which was invisible earlier in the USB standard. Everybody knows that viruses can be transferred through flash cards and it isn't very dangerous. Experts claim that the found vulnerability will allow malefactors to reach personal information of any device, which works through USB easily. In order to prove that vulnerability really exists, SR Lab Company specialists have developed the application that can be used to get full access to the computer disregarding all anti-virus decisions, which exist.Read more