A bug by any other name...

This is a random collection of recent exploits and vulnerabilities. They are loosely grouped by vector, but most effective compromises are a chain of different exploits.

The summarized version is this:   Attacks can come many vectors outside the control of any piece of software, rendering complex systems unreliable over time.


hardware

Qualcomm Chip exploit impacts 40% of all phones - Over 400 vulnerabilities associated with Qualcomm's Snapdragon chip threaten mobile phones' worldwide.

WiFi chip vulnerability - A vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic.

Bluetooth chip exploit - The vulnerable BLE chips are used by roughly 70 to 80 percent of business wireless access points today by way of Cisco, Meraki and Aruba products.

BLE chip bug enables remote root of kernel - QualPwn, two vulnerabilities allow attackers to compromise the Android Kernel over-the-air.

Bluetooth Classic protocol attacks - Multiple chipset vulnerability allows an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint.

Google Trusted Computing chip vulnerable - Bug in certain Infineon TPM firmware results in keys generated by the TPM being vulnerable recovery of the private key from just the public key.

Hacked Apple USB Cable as Attack Platform - A USB charging cable with embedded microcontroller as an invisible attack platform.

Multiple vendor TPM chip timing attack - Timing leakage can be used to extract private keys stored inside the TPM chipset.

How Puri.sm avoids Intels backdoor - Intels AMT risk can be mitigated following these steps.


firmware

Survey of pre-installed apps and firmware - Analysis of out-of-the-box vulnerabilities built into phones from vendors.

Baseband remote exploit - Blackhat paper on example Huawei baseband exploit.

MediaTek rootkit - Vulnerability in the firmware allows a script to root any Android devices using the affected CPUs.

Android Baseband attack - Several brands of phones can be tricked into snooping on their owners by exploiting a weakness that gives accessories access to the baseband software.

BlueFrag firmware attack - Bluetooth, zero-click short-distance RCE exploit against Android 9 establishes a remote shell on a Samsung Galaxy S10e.

WiFi firmware exploit walkthrough - Deep dive into an example of firmware analysis and exploitation.

OTA firmware exploits - Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.


carrierr/SIM

Journalists phone compromised via network injection - A commercial off-the-shelf attack toolkit, exploited weaknesses in the device through spoofed SMS containing malicious links.

SS7 Cellular Network Flaw Nobody Wants To Fix - The flaw can allow a hacker to track user location, dodge encryption, and even record private conversations. Now used to hijack verification code in text messages by banks.

SIMjacker - SMS containing a code which triggers the SIM Card to retrieve information and perform sensitive commands.

iPhone and Android SIM exploit - 9% of all SIM cards are vulnerable to another variation of SIMjacker attack.

Build your own SIM exploit - a talk from 2013 on how to roll your own SIM exploit.

Overview of phone and carrier tracking - EFF guide to general problems with mobile phones and carrier controls.

IMSI intercept overview - an overview of the general class of weaknesses around IMSI and GSM.


operating system

Android OS bug - The post notes the exploit requires little-to-no customization to root an exposed phone and was being exploited in the wild.

Windows OS Zero-day #5,654,344 - Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems... again. for the billionth time...

iPhone OS vulnerabilities - overview of some recent iOS vulnerabilities.


application

Malware in Apples store - examples of recent malware apps provided by app stores.

Remote Code Execution in Slack desktop apps - Any in-app redirect, or HTML or javascript injection it's possible to execute arbitrary code within Slack desktop apps.

Hijacked android apps for fun and profit - insert malicious code into existing apps for botnet ad revenue. No need to be so obvious though...

TikTok bypassing security permissions - An example of mainstream app being naughty.

WhatsApp as attack vector - Jeff Bezos wasn't the only victim.

Zoom Doom (again) - Additional support for Zoom's nomination as Malware of the Year award.

Firefox zero-day(s) - Used to hack Coinbase crypto exchange employees.

WebRTC attack on messenger apps - WebRTC exploit impacts wide variety of messenger apps.

Android Twitter vulnerable - Vulnerability affected Android 8 and 9 at the OS level, exploiting the bug could expose Twitter Direct Messages.


cloud server

GPS data fly unzipped - Random example of your harvested data hanging out, available to pretty much anyone...

More GPS data - further on the same GPS data topic.

but I gotta get my points in! - Military assets mapped by fitness app.


hijacked updates

WinRAR CertJacked - WinRAR update signing cert stolen, used to spread malware.

Petya ransomware - software updates themselves were the carrier of malware. The payload did not need to be destructive or obvious.

ASUS Software updates hijacked - Attackers compromised a company cloud server then signed a malware-laden update with stolen certificates making it appear to be an authentic software update. Targeted variants of this happen far more than is reported.


evil upstream/backdoored libs

JQuery plugin exploited for 3 years - "The plugin is the second most starred jQuery project on GitHub"... I.. I just cant even..


credentials/authentication

Hijack Sign-in with AppleID - Example of credential and authentication weakness.

Twitter admin social hack - Twitter internal admin tools accessed via social engineering away basic credentials.


other

Zero-day price list - back-to-school sale prices may apply...

Android malware system for sale - get it while supplies last! Cheap!



craft    |      code    |      copyright 2020 Anomie Technologies Inc.    |      reports    |      errata