Schneier on Security

Another Shadow Brokers Leak

There's another leak of NSA hacking tools and data from the Shadow Brokers. This one includes a list of hacked sites.

According to analyses from researchers here and here, Monday's dump contains 352 distinct IP addresses and 306 domain names that purportedly have been hacked by the NSA. The timestamps included in the leak indicate that the servers were targeted between August 22, 2000 and August 18, 2010. The addresses include 32 .edu domains and nine .gov domains. In all, the targets were located in 49 countries, with the top 10 being China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia. Vitali Kremez, a senior intelligence analyst at security firm Flashpoint, also provides useful analysis here.
The dump also includes various other pieces of data. Chief among them are configuration settings for an as-yet unknown toolkit used to hack servers running Unix operating systems. If valid, the list could be used by various organizations to uncover a decade's worth of attacks that until recently were closely guarded secrets. According to this spreadsheet, the servers were mostly running Solaris, an operating system from Sun Microsystems that was widely used in the early 2000s. Linux and FreeBSD are also shown.

The data is old, but you can see if you've been hacked.

Honestly, I am surprised by this release. I thought that the original Shadow Brokers dump was everything. Now that we know they held things back, there could easily be more releases.

Tags: hacking, leaks, NSA

Posted on November 1, 2016 at 2:10 PM • 4 Comments

Card Game Based on the Iterated Prisoner's Dilemma

Interesting.

Tags: game theory, games

Posted on November 1, 2016 at 6:21 AM • 1 Comments

How to Avoid Kidnapping Children on Halloween

A useful guide.

Tags: humor, kidnapping

Posted on October 31, 2016 at 2:27 PM • 13 Comments

A High-End Card-Reading Device

An impressive Chinese device that automatically reads marked cards in order to cheat at poker and other card games.

Tags: cheating, gambling, games, phones

Posted on October 31, 2016 at 1:12 PM • 12 Comments

Friday Squid Blogging: Squid Nebula

Beautiful.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Tags: squid

Posted on October 28, 2016 at 4:11 PM • 117 Comments

Eavesdropping on Typing Over Voice-Over-IP

Interesting research: "Don't Skype & Type! Acoustic Eavesdropping in Voice-Over-IP":

Abstract: Acoustic emanations of computer keyboards represent a serious privacy issue. As demonstrated in prior work, spectral and temporal properties of keystroke sounds might reveal what a user is typing. However, previous attacks assumed relatively strong adversary models that are not very practical in many real-world settings. Such strong models assume: (i) adversary's physical proximity to the victim, (ii) precise profiling of the victim's typing style and keyboard, and/or (iii) significant amount of victim's typed information (and its corresponding sounds) available to the adversary.
In this paper, we investigate a new and practical keyboard acoustic eavesdropping attack, called Skype & Type (S&T), which is based on Voice-over-IP (VoIP). S&T relaxes prior strong adversary assumptions. Our work is motivated by the simple observation that people often engage in secondary activities (including typing) while participating in VoIP calls. VoIP software can acquire acoustic emanations of pressed keystrokes (which might include passwords and other sensitive information) and transmit them to others involved in the call. In fact, we show that very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input keystrokes typed on the remote keyboard. In particular, our results demonstrate
that, given some knowledge on the victim's typing style and the keyboard, the attacker attains top-5 accuracy of 91:7% in guessing a random key pressed by the victim. (The accuracy goes down to still alarming 41:89% if the attacker is oblivious to both the typing style and the keyboard). Finally, we provide evidence that Skype & Type attack is robust to various VoIP issues (e.g., Internet bandwidth fluctuations and presence of voice over keystrokes), thus confirming feasibility of this attack.

News article.

Tags: academic papers, eavesdropping, key logging, side-channel attacks, Skype, VoIP

Posted on October 28, 2016 at 5:24 AM • 15 Comments

Hardware Bit-Flipping Attacks in Practice

A year and a half ago, I wrote about hardware bit-flipping attacks, which were then largely theoretical. Now, they can be used to root Android phones:

The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control of core parts of the operating system and neuters key security defenses. Equally important, it demonstrates that the new class of exploit, dubbed Rowhammer, can have malicious and far-reaching effects on a much wider number of devices than was previously known, including those running ARM chips.
Previously, some experts believed Rowhammer attacks that altered specific pieces of security-sensitive data weren't reliable enough to pose a viable threat because exploits depended on chance hardware faults or advanced memory-management features that could be easily adapted to repel the attacks. But the new proof-of-concept attack developed by an international team of academic researchers is challenging those assumptions.

An app containing the researchers' rooting exploit requires no user permissions and doesn't rely on any vulnerability in Android to work. Instead, their attack exploits a hardware vulnerability, using a Rowhammer exploit that alters crucial bits of data in a way that completely roots name brand Android devices from LG, Motorola, Samsung, OnePlus, and possibly other manufacturers.

[...]

Drammer was devised by many of the same researchers behind Flip Feng Shui, and it adopts many of the same approaches. Still, it represents a significant improvement over Flip Feng Shui because it's able to alter specific pieces of sensitive-security data using standard memory management interfaces built into the Android OS. Using crucial information about the layout of Android memory chips gleaned from a side channel the researchers discovered in ARM processors, Drammer is able to carry out what the researchers call a deterministic attack, meaning one that can reliably target security-sensitive data. The susceptibility of Android devices to Rowhammer exploits likely signals a similar vulnerability in memory chips used in iPhones and other mobile devices as well.

Here's the paper.

And here's the project's website.

Tags: academic papers, Android, exploits, hacking, phones

Posted on October 27, 2016 at 2:23 PM • 16 Comments

How Powell's and Podesta's E-mail Accounts Were Hacked

It was a phishing attack.

Tags: e-mail, Gmail, hacking, phishing

Posted on October 27, 2016 at 6:20 AM • 36 Comments

OPM Attack

Good long article on the 2015 attack against the US Office of Personnel Management.

Tags: China, cyberattack, hacking, national security policy

Posted on October 26, 2016 at 1:37 PM • 17 Comments

Malicious AI

It's not hard to imagine the criminal possibilities of automation, autonomy, and artificial intelligence. But the imaginings are becoming mainstream -- and the future isn't too far off.

Along similar lines, computers are able to predict court verdicts. My guess is that the real use here isn't to predict actual court verdicts, but for well-paid defense teams to test various defensive tactics.

Tags: academic papers, artificial intelligence, courts, crime, cybercrime, social engineering

Posted on October 26, 2016 at 6:38 AM • 41 Comments

← Earlier Entries

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.