hardware hacking | Breaking Cybersecurity News | The Hacker News

One of the most popular computer manufacturers Lenovo is being criticized for selling laptops pre-installed with invasive marketing software, or malware that, experts say, opens up a door for hackers and cyber crooks. The software, dubbed ' Superfish Malware ', analyzes users' Internet habits and injects third-party advertising into websites on browsers such as Google Chrome and Internet Explorer based on that activities without the user's permission. Security researchers recently discovered  Superfish Malware  presents onto new consumer-grade Lenovo computers sold before January of 2015. When taken out of the box for the first time, the adware gets activated and because it comes pre-installed, Lenovo customers might end up using it inadvertently. SUPERFISH CERTIFICATE PASSWORD CRACKED The  Superfish Malware  raised serious security concerns about the company's move for breaking fundamental web security protocols, carrying out " Man in the Middle " (MitM) at

Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all. In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of "secretly" stealing users' information — including SMS messages and photos —from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider . Security Researchers from  F-Secure Antivirus firm  has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to " api.account.xiaomi.com "  server located in China, including following information

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany. The researchers demonstrated how it is possible to hack the microcontroller inside every SD and MicroSD flash cards that allow arbitrary code execution and can be used to perform a man in the middle attack . The Hardware Hackers  Andrew " bunnie " Huang and Sean "xobs"  described the exploitation method on their blog post ," it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers. " It seems that to reduce SD cards price and increase their storage capability, engineers have to consider a form of internal entropy that could affect data integrity on every Flash drive. Almost every NAND flash memory is affected by defects and presents problems like electron leakage between adjacent cells. " Flash memory is really

We have discussed many times in our stories the network of Intelligent devices , their capabilities and the possibilities that cyber criminals could exploit them for illegal activities. Hidden chips are used by cyber criminals and state-sponsored hackers to infiltrate company networks and organizations for various purposes, to send out spam or for cyber espionage . The fact has happened in Russia, the State-owned channel Rossiya 24 has showed the images of an electric iron included in a batch of Chinese imports where the operators find a chip used for spying the environment surround. China is planting Microchips practically in every electrical device, as recently it has been discovered that the  electric iron  and kettles were modified with this technique to launch spam attacks. The Microchips were equipped with a little microphone and according to the correspondent the component were mostly being used to serve malware and the chips in fact are able to connect any co

Last week Craig Heffner, specialized on the embedded device hacking exposed a serious backdoor in number of D-Link routers allows unauthorized backdoor access. Recently he published his another researcher, Titled ' From China, With Love ', exposed that D-Link is not only the vendor who puts backdoors in their products. According to him, China based networking device and equipment manufacturer - Tenda Technology  (www.tenda.cn) also added potential backdoors into their Wireless Routers. He unpacked the software framework update and locate the httpd binary an found that the manufacturer is using GoAhead server, which has been substantially modified. These routers are protected with standard Wi-Fi Protected Setup (WPS) and WPA encryption key, but still by sending a UDP packet with a special string , an attacker could take over the router. Routers contain a flaw in the httpd component, as the MfgThread() function spawns a backdoor service that listens fo

A team of researchers from the U.S. and Europe has developed a Hardware Trojan , which is an undetectable to many techniques, raising the question on need of proper hardware qualification.  They  released a paper on stealthy Dopant-Level Hardware Trojans, showing how integrated circuits used in computers, military equipment and other critical systems can be maliciously compromised during the manufacturing process. " In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. " states the paper abstract. The Scientists devised two such backdoors they said adversaries could feasibly build into processors to surreptitiously bypass cryptographic protections provided by the computer running the chips

According to a new report, the world's biggest personal computer maker, Chinese firm Lenovo Group Limited has reportedly been banned from supplying equipment for  networks of the intelligence and defense services of Australia, the United States, Britain, Canada and New Zealand, due to hacking concerns. Sources from intelligence and defense entities in the UK and Australia have confirmed the ban introduced in the mid-2000s after intensive laboratory testing of its equipment. In 2006 it was disclosed that the US State Department had decided not to use 16,000 new Lenovo computers on classified networks because of security concerns. Serious backdoor vulnerabilities in hardware and firmware were apparently discovered during the tests which could allow attackers to remotely access devices without the knowledge of the owner. Lenovo, headquartered in Beijing, acquired IBM's personal computer business in 2005, after which IBM continued to sell servers and mainframes that we

You might want to be a little more careful the next time you pick up a cheap knock-off accessory for your device to save a few bucks because new hardware hacks could be the next big thing among cyber criminals . Researchers say they've built a custom iPhone wall charger that can Install malware in any iOS device using a custom made malicious chargers called Mactans , which are in turn controlled by a Raspberry-Pi like computer called a BeagleBoard. Mactans, which is named after the black widow spider's Latin taxonomy, will be demonstrated by Billy Lau, Yeongjin Jang, and Chengyu Song at the Black Hat 2013 conference in July and they said all users were vulnerable to attacks over the charger. They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. In order for the malicious software to remain installed and unseen, the trio will show how an attacker can hide their software in the

About five months ago, OLPC Project started a little experiment . They chose a village in Ethiopia where the literacy rate was nearly 0% and decided to drop off a bunch of Motorola Xooms there. The One Laptop Per Child project started as a way of delivering technology and resources to schools in countries with little or no education infrastructure, using inexpensive computers to improve traditional curricula. On the tablets, there was custom software that was meant to teach kids how to read. This experiment began earlier this year. Timeline of Experiment: 1st Four Minutes - One kid had opened the box and had figured out how to turn on the Xoom. In 1st Five Days -  The kids were using nearly 50 applications each every day. In Two Weeks - The kids were singing their ABC's in English. Now its 5th Month - They hacked the Motorola Xooms so they could enable the camera, which had been disabled by OLPC. OLPC founder Nicholas Negroponte at MIT Technology Review's EmTech conference last