Tomorrow is Today

PlaceRaider Malware Hijacks Smartphone Camera to Render 3D Model of Victim’s Location

Malware called PlaceRaider, developed by academics at the Naval Surface Warfare Centre in Indiana and at Indiana University, takes control of a smartphone’s camera, relaying information about the target’s physical environment back to the thief.

The PlaceRaider malware could be hidden inside a custom-made, innocuous-looking app, something like Instagram or Hipstamatic that would be downloaded by a large number of users, the researchers say.

Capturing information from the camera continuously would generate tens of megabytes of data every minute, quickly overwhelming the phone’s communication channels, filling up its storage space and preventing any further monitoring. Instead, the researchers, led by Robert Templeman from the Naval Surface Warfare Centre, use the device’s gyroscope and accelerometer to instruct the malware to take pictures only when it will be useful to the attacker, avoiding recording when the phone is still and upside down in a person’s pocket, for instance.

The malware then sends those collected images to the PlaceRaider command and control centre, where the images are knitted into a 3D model that the thief can examine at their leisure to find valuable objects or information.

To make sure the victim is unaware their smartphone is snapping away, PlaceRaider mutes the telltale sounds of the shutter closing and also covers up the preview picture that normally appears when a photo has been taken.

(via One Per Cent: Hijacked smartphone camera spies on your world)

State-Sponsored Malware Serving as Template For New Civilian Attacks

“They are copying the design philosophy,” says Schouwenberg, adding that one now-popular technique found in conventional “criminal malware” was inspired by the discovery of Stuxnet.

For example, Stuxnet installed fake device drivers using digital security certificates stolen from two Taiwanese computer component companies, allowing them to sneak past any security software. Other malware now uses fake certificates in a similar way to hide malicious software from antivirus programs.

“Stuxnet was the first really serious malware with a stolen certificate, and it’s become more and more common ever since,” says Schouwenberg. “Nowadays you can see use of fake certificates in very common malware.”

Aviv Raff, chief technology officer and cofounder of Israeli computer security firm Seculert, agrees. “Design features of Stuxnet, Duqu, and Flame are appearing in opportunistic criminal malware,” he says.

(via Stuxnet Tricks Copied by Computer Criminals - Technology Review)

Air Force Issues Formal RFP for Cyber Weapons

Cyber Warfare becomes official US policy

In a recent broad agency announcement—a public document issued by any agency usually requesting something from the private sector or notifying the world at large that there are contracts up for grabs—the Air Force Life Cycle Management Center (AFLCMC) called on contractors to submit proposals for specific “cyberspace warfare operations” (CWO) capabilities, including “cyberspace warfare attack.” It doesn’t get much more explicit than that.

More specifically, the BAA outlines “cyberspace warfare attack” as those capabilities that would allow the Air Force to “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries ability to use the cyberspace domain for his advantage,” Threatpost reports.

It also requests “cyberspace warfare support” capabilities, which are basically the means to intercept enemy cyber attacks, open doors to their networks, and otherwise locate both sources of access and sensitive areas within enemy networks that are ripe for attack.

Israel will probably continue to act as a semi-official US proxy in this regard, but I imagine the Pentagon is keen to beef up its own capabilities.

(via The U.S. Air Force is Officially Seeking Cyber Weapons | Popular Science)

Antivirus Researchers Examining Vulnerability of Smart Cars

As automakers add more and more technology to their vehicles, they’re also making them increasingly vulnerable to the same security flaws that affect PCs and mobile devices.

While the effects — and likelihood — of remote attacks are unknown, flaws in cars’ systems could theoretically be exploited to steal the vehicle, eavesdrop on a driver’s conversation, or even lead to navigation systems becoming confused and potentially cause accidents.

Studies have already proven that it is technically possible to hack into a car’s on-board warning systems and alter its tire pressure, as well as prevent it from using its brakes. To date, however, there have been no severe attacks on vehicles through viruses.

Nevertheless, Intel-owned McAfee has a number of staff, based in a West Coast garage, checking out ways to protect the new generation of technology-packed cars.

(via McAfee looks to combat vehicle viruses | Cutting Edge - CNET News)

Frankenstein Virus Assembles Malware Payload in Real Time by Remixing Snippets of Benign, Legitimate Code

Previous research has shown that it is theoretically possible, given enough gadgets, to construct any computer program.

Mohan and Hamlen set out to show that Frankenstein could build working malware code by having it create two simple algorithms purely from gadgets. “The two test algorithms we chose are simpler than full malware, but they are representative of the sort of core logic that real malware uses to unpack itself,” says Hamlen. “We consider this a strong indication that this could be scaled up to full malware.”

Frankenstein follows pre-written blueprints that specify certain tasks - such as copying pieces of data - and swaps in gadgets capable of performing those tasks. Such swaps repeat each time Frankenstein infects a new computer, but with different gadgets, meaning that the malware always looks different to antivirus software, even if its ultimate effects are the same.

The research was part-funded by the US air force, and Hamlen says that Frankenstein could be particularly useful for national security agencies attempting to infiltrate enemy computer systems with unknown antivirus defences.

“It essentially infers what the [target computer’s] defences deem permissible from the existing files on the system to help it blend in with the crowd,” he says.

(via Frankenstein virus creates malware by pilfering code - tech - 20 August 2012 - New Scientist)

As Brain-Computer Interfaces Approach the Mainstream, Hackers Demonstrate Security Vulnerabilities, “Backdoor for the Brain”

To extract this information, the researchers rely on what’s known as the P300 response — a very specific brainwave pattern …that occurs when you recognize something that is meaningful (a person’s face), or when you recognize something that fits your current task (a hammer in the shed).

The researchers basically designed a program that flashes up pictures of maps, banks, and card PINs, and makes a note every time your brain experiences a P300.

Afterwards, it’s easy to pore through the data and work out — with fairly good accuracy — where a person banks, where they live, and so on.

In a real-world scenario, the researchers foresee a game that is specially tailored by hackers to extract sensitive information from your brain — or perhaps an attack vector that also uses social engineering to lull you into a false sense of security. It’s harder to extract data from someone who knows they’re being attacked — as interrogators and torturers well know.

(via Hackers backdoor the human brain, successfully extract sensitive data | ExtremeTech)

Rakshasa: The Untraceable, Undeleteable  Hardware Backdoor That Could Already be on Every Gadget you Own

Hardware backdoors are lethal for three reasons:

• They can’t be removed by conventional means (antivirus, formatting);
• They can circumvent other types of security (passwords, encrypted filesystems); and
• They can be injected at manufacturing time.

At the Black Hat security conference last week, assembly master and long-time security consultant Jonathan Brossard demonstrated a proof-of-concept hardware backdoor. Called Rakshasa (which are unrighteous spirits in Hindu and Buddhist mythoi), this backdoor is persistent, very hard to detect, portable, and because it’s built using open-source tools (Coreboot, SeaBIOS, and iPXE) it could be used by governments and still grant them plausible deniability.

To infect a computer with Rakshasa, Coreboot is used to re-flash the BIOS with a SeaBIOS and iPXE bootkit. This bootkit is benign, and because it’s crafted out of legitimate, open-source tools, it’s very hard for anti-malware software to flag it as malicious.

At boot time, the bootkit fetches malware over the web using an untraceable wireless link if possible (via a hacker parked outside), or HTTPS over the local network. Rakshasa’s malware payload then proceeds to disable the NX (no-execute) bit, remove anti-SMM protections, and disable ASLR (address space layout randomization).

(via Rakshasa: The hardware backdoor that China could embed in every computer | ExtremeTech)

After Multiple Windows Security Fails, US Navy Turns to Linux for Drones

First, Chinese Keyloggers PWN the USAF drone program, then Flame malware writes its own security certificates. Looks like it’s curtains for Windows in the US Military.

The U.S. military is not new to Linux, and has learned from past problems with less-reliable operating systems.

“While the US military has been a growing user of Linux, the contract might also have something to do with the swabbies learning from the mistakes made by the flyboys and girls in the US Air Force,” The Register wrote.

“After a malware attack on the Air Force’s Windows-based drone-control system last year, there has been a wholesale move to Linux for security reasons.” At the same time, the U.S. Department of Defense is also prepared for the Linux integration, and has put out guidelines on how its agencies can use open-source code.

“The US government can directly combine GPL and proprietary/classified software into a single program arbitrarily, as long as the result is never conveyed outside the U.S. government, but this approach should not be taken lightly,” the guidelines state. “When taking this approach, contractors hired to modify the software must not retain copyright or other rights to the result (else the software would be conveyed outside the US government.)”

(via U.S. Navy turns to Linux to run its drone fleet | Cutting Edge - CNET News)

Flame Malware Could be Repurposed Against Its Creators

Flame, as it’s called, is a whopper of a program—20 megabytes, the size of a video file, and 40 times bigger than the Stuxnet virus that took down Iranium centrifuges back in 2010. But Flame is not just another cyber weapon—it could greatly expand the scope of nations capable of carrying out cyberattacks.

Flame bears many similarities to Stuxnet. Both are specimens of highly advanced programming and detailed expertise in many specialized areas. Both programs are the products of large teams of experts working hundreds of hours on development and testing. Only a handful of nations have the technical capacity to do this kind of work. The list would include the United States, the UK, Germany, China, Russia, Israel and Taiwan, says Scott Borg, head of U.S. Cyber Consequences Unit, a security consulting firm.

But Flame differs from Stuxnet in many important respects. Whereas Stuxnet was designed for a specific purpose—infiltrating and destroying the centrifuges used in Iran’s nuclear fuel enrichment facility at Natanz—Flame appears to be a general purpose tool for espionage. It has a broad ability to gather data from screenshots or through Bluetooth connections with other devices.

Once Flame makes it onto a computer, it begins “sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” says a May 28 report by security firm Kaspersky. It can compress and encrypt the information it captures and hold onto it until it has a reliable Internet connection to send it Flame was apparently targeted to countries in the Middle East—it was showed up mainly in Iran, with infections also in Israel, the Palestinian territories, Sudan and Syria.

Perhaps the biggest potential problem is that the programmers who designed Flame did not try and disguise the code in a way that makes it difficult to reverse engineer. The practice, known as “code obfuscation,” is common among commercial software developers as a way to keep competitors from being able to figure out how software products are designed. Flame programmers apparently didn’t take such measures, which means a knowledgeable programmer wouldn’t have too much trouble extracting the pertinent design of Flame and making use of it. Flame, in other words, is a boomerang.

(via “Flame” malware greatly expands the scope of cyber warfare | Observations, Scientific American Blog Network)