UNM4SK3D: Pwn2Own, FireEye, and Google

November 3, 2017 | Views: 4295

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

#zeroday

Participants in the Mobile Pwn2Own 2017 competition recently produced exploits for exploits for the iPhone 7, Samsung Galaxy S8, and other mobile devices. Nothing like a little friendly competition, right?  

For those unfamiliar, this competition is a two-day event hosted by Trend Micro’s Zero Day Initiative (ZDI) and promotes the disclosure of vulnerabilities during the competition, with rewards in excess of $500,000. According to ZDI, once the vulnerabilities are disclosed, vendors will have 90 days to issue a fix before ZDI provides an advisory with mitigation suggestions. Standout competitors from the competition include 360 Security who found a bug in the Samsung Internet browser.

Tencent Keen Security Lab discovered “our vulnerabilities in the Apple iPhone 7 running iOS 11.1, that could lead to a remote code execution through a WiFi bug and escalate privileges to persist through a reboot,” earning them $110,000. In related news, Apple has patched iOS, macOS, macOS High Sierra, Sierra, and El Capitan against the KRACK vulnerability recently disclosed in the WPA2 Wi-Fi security protocol. The update is part of iOS 11.1 and includes patches for 13 other bugs. Despite the patches included in 11.1, thanks to Tencent Keen, there will need to be further patches for the newly discovered zero day.

This vulnerability appears to be caused by a remark in the Wi-Fi standard that suggests to clear the encryption key from memory once it has been installed for the first time. When the client now receives a retransmitted message 3 of the 4-way handshake, it will reinstall the now-cleared encryption key, effectively installing an all-zero key. -Mathy Vanhoef

Get the full details on KRACK. Read last week’s ‘UNM4SK3D.’

#leaktheanalyst

FireEye CEO Kevin Mandia just informed the media that the hacker who allegedly breached FireEye earlier this year was taken into custody yesterday, 11/2. Sounds like #caughttheanalyst

Back in July, the alleged hacker, whose name has not yet been released to the media, managed to hack the personal online accounts of a ‎Senior Threat Intelligence Analyst at Mandiant, a Virginia-based cybersecurity firm owned by the FireEye. In doing so, the anonymous hacker leaked nearly 32 megabytes of data belonging to the analyst, Adi Peretz. At the time, the hacker proclaimed they had complete access to the company’s entire internal network as a part of their #leaktheanalyst mission.

In this latest announcement, Mandia stated that FireEye had to spend a ‘tremendous’ amount of its time and effort into “investigating the hacker’s initial claims, which costs the company a lot, both in efforts and money.” It seems as though the hacker did not actually have access to the company’s corporate network but instead was able to use credentials to compromise Peretz’s social media and email. Meanwhile, FireEye CEO maintained that he is glad with this arrest the hacker will be brought to justice, saying, “I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys.”

It was fun to be inside a giant company named “Mandiant” we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malware and stuff. This leak was just a glimpse of how deep we breached into Mandiant, we might publish more critical data in the future. -Original Pastebin post from hacker

For the original #leaktheanalyst article on Cybrary, check out this edition of ‘UNM4SK3D.’

#recaptcha

Cybrary’s neighbors at the University of Maryland were able to crack Google’s reCaptcha service using an automated attack they developed. 

CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, was introduced by Google in 2014 to most of its public services in an effort defeat bots and scripts. This new attack, which has about 85% accuracy, abuses the audio challenge option of Google’s reCaptcha V2 service. In what they are calling ‘unCaptcha,’ researchers use this method to identify words or numbers spoken in an audio clip. Using a free speech-to-text engine found online and advanced phonetic mapping techniques, they select the audio option of the reCaptcha services with browser automation software.

Then, this triggers the download of the sound file and the free online speech-to-text services can determine the audio word challenge. “After performing phonetic mapping on each of the individual speech recognition services’ predictions, we ‘assemble’ their responses to obtain a single answer,” researchers wrote. “After a candidate string of digits has been assembled, unCaptcha organically (with uniform timing randomness between each character) types the solution into the field and clicks the ‘Verify’ button.” It appears Google, however, is aware of the many flaws in reCaptcha, as tools like ‘ReBreakCaptcha’ are able to defeat the reCaptcha security via a script leveraging Google’s own APIs to capture audio challenges as sound files.

We evaluate unCaptcha using over 450 reCaptcha challenges from live websites, and show that it can solve them with 85.15 percent accuracy in 5.42 seconds, on average. -University of Maryland researchers Kevin Bock, Daven Patel, George Hughey, and Dave Levin.

The Tripwire blog dives in-depth on Google’s use of reCaptcha. Explore this post for more.

#factbyte

“According to a recent Nationwide Insurance survey, nearly half of business owners have been victims of cyberattacks and didn’t know it.  Nationwide’s annual survey of business owners found that 13% said they experienced a cyberattack. However, that number jumped to 58% of owners who identified as victims when shown a list of the following types of attacks – a 45%  gap and lack of understanding about what constitutes an actual attack.”

olivia2

Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel