- All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack
According to a new report, a new series of vulnerabilities in Android have been discovered by researchers at the University of California Santa Barbara and the Georgia Institute of Technology. “Cloak & Dagger” this new class of vulnerabilities and attack vectors targeting latest version of Android operating systems. Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts. According to the researcher, this attack doesn’t exploit any vulnerability in Android ecosystem but able to take control over the device due to permissions. Cloak and Dagger attacks utilize two basic Android permissions:
1. SYSTEM_ALERT_WINDOW (“draw on top”)
2. BIND_ACCESSIBILITY_SERVICE (“a11y”)
The first permission, known as “draw on top,” is a legitimate overlay feature that allows apps to overlap on a device’s screen and top of other apps and second permission, known as “a11y,” is designed to help disabled, blind and visually impaired users, allowing them to enter inputs using voice commands, or listen content using screen reader feature. According to the researcher attacker able to perform following types of attacks;
1. Advanced clickjacking attack
2. Unconstrained keystroke recording
3. Stealthy phishing attack
4. Silent installation of a God-mode app (with all permissions enabled)
5. Silent phone unlocking and arbitrary actions (while keeping the screen off)
Cyber Security Tips: Google has not patched this vulnerability, temporary mitigation for this attack is to disable the Cloak and Dagger attacks in Android 7.1.2 is to turn off the “draw on top” permission by go to Settings → Apps → Gear symbol → Special access → Draw over other apps, always download application from trusted sources, keep using antivirus and check app permission during app installation.
- NSA’s Windows ‘EsteemAudit’ RDP Exploit Remains Unpatched
WannaCry had already targeted more than 237,000 computers worldwide through SMB vulnerability. But according to the latest report, WannaCry is again targeting but this time unpatched RDP service. EsteemAudit is another dangerous NSA-developed Windows hacking tool leaked by the Shadow Brokers that targets RDP service (port 3389) on Microsoft Windows Server 2003 / Windows XP machines. Since Microsoft no longer support Windows Server 2003 and Windows XP and there is no emergency patch released by Microsoft. According to the report over 24,000 vulnerable systems remains still exposed on the Internet for anyone to hack. Windows XP-based systems currently account for more than 7 percent of desktop operating systems still in use today and 175 million websites, still run Windows Server 2003 accounting for roughly 18 percent of the global market share,” researchers say.
Cyber Security Tips: Users are advised to disable RDP or filtered it with firewall, wait until the Microsoft release emergency patches, keep your system up to date or upgrade your current operating system with latest one.
- Student hacks university computer; changes grade from F to B
The culprit, 22-year-old Mr. Sami Adel Ammar an engineering student was arrested for hacking into University of Central Florida computer system and changing his grade from F to B. According to the professor, Ammar “had only completed one assignment the entire semester” which makes it obvious that he would have ended up with low grades, not B. During the investigation, a police found an IP address of the computer system which was hacked by Ammar to change his grades. It’s unclear who the second person was; Ammar, on the other hand, has been arrested and currently in the Orange County Jail. Further investigation is going on said spokesman.
Cyber Security Tips: To protect from such hacking keep universities systems secure with reputed security software, keep a strong password to your systems, keep your system up to date and be aware of phishing.