#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

man in the middle | Breaking Cybersecurity News | The Hacker News

Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones
Nov 19, 2016
Here's some bad news for Android users again. Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy. Backdoor/Rootkit Comes Pre-installed The vulnerable OTA mechanism, which is associated with Chinese mobile firm Ragentek Group, contains a hidden binary — resides as /system/bin/debugs — that runs with root privileges and communicates over unencrypted channels with three hosts. According to the researchers, this privileged binary not only exposes user-specific information to MITM attackers but also acts as a rootkit, potentially allowing

Microsoft removes its controversial Windows 10 Wi-Fi Sense Password Sharing Feature

Microsoft removes its controversial Windows 10 Wi-Fi Sense Password Sharing Feature
May 14, 2016
Microsoft has finally decided to remove one of its controversial features  Wi-Fi Sense network sharing feature from Windows 10 that shares your WiFi password with your Facebook, Skype and Outlook friends and enabled by default. With the launch of Windows 10 last year, Microsoft introduced Wi-Fi Sense network sharing feature aimed at making it easy to share your password-protected WiFi network with your contacts within range, eliminating the hassle of manually logging in when they visit. This WiFi password-sharing option immediately stirred up concerns from Windows 10 users especially those who thought the feature automatically shared your WiFi network with all your contacts who wanted access. Must Read: Here's How to run Ubuntu Linux on Windows 10 . But Wi-Fi Sense actually hands over its users controls so they can select which networks to share and which contact list can access their Wi-Fi. Also, the feature doesn't share the actual password used to protect yo

external linkEliminating SaaS Shadow IT is Now Available via a Free Self-Service Product

SaaS
websitewww.wing.securitySaaS Security / Shadow IT
This new product provides IT and Security visibility into the risky SaaS apps employees are using.

Why You need to Stop using WhatsApp?

Why You need to Stop using WhatsApp?
Feb 24, 2014
If you haven't heard by now, Facebook just made its biggest move ever, buying the messaging service WhatsApp in a deal worth some $19 billion. That's 19 times what Facebook paid for Instagram two years ago. The WhatsApp Service run by the team of just 32 engineers, handles more than 50 Billion messages daily, and approx 385 million active users. WhatsApp acquisition has also brought out fresh criticism over security for the billions of messages delivered on the platform. Security Researcher at Praetorian Labs identified several SSL-related security issues in WhatsApp application using Project Neptune , a mobile application security testing platform. " WhatsApp communication between your phone and our server is fully encrypted. We do not store your chat history on our servers. Once delivered successfully to your phone, chat messages are removed from our system ." Company said in a blog post . But researchers found that WhatsApp is vulnerable to Man-in-theMiddl

Apple's iOS vulnerable to Man-in-the-middle Attack, Install iOS 7.0.6 to Patch

Apple's iOS vulnerable to Man-in-the-middle Attack, Install iOS 7.0.6 to Patch
Feb 22, 2014
Apple's latest 35.4 MB update of  iOS 7.0.6  doesn't seem important at first, but it contains a critical security patch that addresses a flaw with SSL encryption. Yes, a very critical security vulnerability that could allow hackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computer. Apple provides very little information when disclosing security issues, ' For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. ' said in the security advisory . Cryptography experts immediately tried to figure out what was wrong with Apple's implementation of Secure Sockets Layer (SSL) and the details are: Impact:  The vulnerability assigned CVE-2014-1266 and  affects both the iOS and OS X operating systems , describes as ' Secure Transport failed to validate the authent

NSA allegedly hacked Belgian Cryptography Expert with spoofed LinkedIn Profile

NSA allegedly hacked Belgian Cryptography Expert with spoofed LinkedIn Profile
Feb 03, 2014
Cryptographer Professor Jean-Jacques Quisquater has become the part of a targeted attack by the US National Security Agency (NSA) and its British counterpart GCHQ, first reported on Saturday morning by De Standaard . A few months back in September 2013 it was revealed that, Belgacom , the largest telecommunications company in Belgium was hacked and number of employees on Belgacom's network, including their servers were compromised. Later in November 2013 , it was revealed that the NSA and GCHQ were behind the infiltration of the company's computers, according to the document provided by the former NSA contractor Edward Snowden . The document detailed that the British intelligence agency GCHQ created fake ' LinkedIn ' and ' Slashdot ' pages to spy on computers of Belgacom network engineers. They used a method called " quantum insert ", to redirect employees to fake websites that contained malware using Man in the middle attack to a spoofed server ( codenamed "

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users

Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users
Jan 24, 2014
Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship. When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes , which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination. According to a recent report ' Spoiled Onions: Exposing Malicious Tor Exit Relays ', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users' encrypted traffic using man-in-the-middle techniques. Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called " exitmap " and detected su

Yahoo Mail turns on HTTPS encryption by default to protect users

Yahoo Mail turns on HTTPS encryption by default to protect users
Jan 09, 2014
After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows that the NSA secretly accessed data from several tech giants, including Yahoo, by intercepting unencrypted Internet traffic in a program called Muscular. As promised back in October 2013,  Yahoo  has finally enabled the HTTPS connections by default for their users, that will now automatically encrypts the connections between users and its email service. Jeff Bonforte , senior vice-president of communication products at Yahoo announced  in a blog post: It is 100% encrypted by default and protected with 2,048 bit certificates. This encryption extends to your emails, attachments, contacts, as well as Calendar and Messenger in Mail. HTTPS by default is really a good news for Yahoo users, that will

Firmware vulnerability allows man-in-the-middle attack using SD Memory cards

Firmware vulnerability allows man-in-the-middle attack using SD Memory cards
Jan 02, 2014
How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany. The researchers demonstrated how it is possible to hack the microcontroller inside every SD and MicroSD flash cards that allow arbitrary code execution and can be used to perform a man in the middle attack . The Hardware Hackers  Andrew " bunnie " Huang and Sean "xobs"  described the exploitation method on their blog post ," it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers. " It seems that to reduce SD cards price and increase their storage capability, engineers have to consider a form of internal entropy that could affect data integrity on every Flash drive. Almost every NAND flash memory is affected by defects and presents problems like electron leakage between adjacent cells. " Flash memory is really

France Government used Rogue Google SSL Digital Certificates to Spy on users

France Government used Rogue Google SSL Digital Certificates to Spy on users
Dec 11, 2013
Google has found that the French government agency using unauthorized digital certificates  for some of its own domains to perform man-in-the-middle attacks on a private network. Google security engineer Adam Langley described the incident as a "S erious Security breach ", which was discovered in early December. Rogue digital certificates that had been issued by French certificate authority ANSSI, who closely work with the French Defense agency. "In response, we updated Chrome's certificate revocation metadata immediately to block that intermediate CA, and then alerted ANSSI and other browser vendors. Our actions addressed the immediate problem for our users" Google has immediately blocked the misused intermediate certificate and updated Chrome's certificate revocation list to block all dodgy certificates issued by the French authority. In a statement, ANSSI said that the intermediate CA certificate was used to inspect encrypted traffic with the user's knowledge on a p

Security Risks of FTP and Benefits of Managed File Transfer

Security Risks of FTP and Benefits of Managed File Transfer
Dec 10, 2013
File transfer services such as FTP or HTTP has been the most common way of file transfer for business requirements. Typically what a file transfer means is that a file transfer protocol such as FTP or HTTP is used to send the stream of bits stored as a single unit in a file system including file name, file size, timestamp and other metadata from one host to another host over a TCP-based network such as the Internet. But this process is not foolproof. FTP, by itself, is not a secure file transfer protocol and it has a lot of security vulnerabilities. It's a known fact that FTP doesn't provide any encryption for data transfer. Most of the times, the requirement in any business is pretty simple: to transfer files between two endpoints in different locations, and the parties involved do not think much about how secure the file transfer process is going to be. Using FTP for official file transfer can leave your data transmission exposed to many security attacks: FTP Bounce Attack Gener

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers

Snowden reveals, GCHQ planted malware via LinkedIn and Slashdot traffic to hack Belgacom Engineers
Nov 11, 2013
Edward Snowden , a former contractor at America's National Security Agency (NSA) , has rocked the intelligence world by leaking secret documents which reveal the previously unknown extent of global spying. But looks like the NSA isn't the only one using dirty digital tricks to hack its targets. Back in September, it was reported that the UK's equivalent of the NSA, GCHQ had hacked Belgacom , a leading telecommunications provider in Belgium. Some New analysis of the Snowden papers by German magazine Der Spiegel shows that British intelligence agency GCHQ created fake LinkedIn and Slashdot pages to spy on computers of  Belgacom  network engineers. Communications networks are particularly valuable to spies, because they allow instant access to individual users. Belgacom provides internet access to dozens of key EU institutions based in its capital city Brussels and its global roaming exchange is a hub for connections between various international mobile network

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack

Unbreakable Apple's iMessage encryption is vulnerable to eavesdropping attack
Oct 18, 2013
Though Apple claims iMessage has end-to-end encryption, But researchers claimed at a security conference that Apple's iMessage system is not protected and the company can easily access it. Cyril Cattiaux - better known as pod2g, who has developed iOS jailbreak software, said that the company's claim about iMessage protection by unbreakable encryption is just a lie, because the weakness is in the key infrastructure as it is controlled by Apple: they can change a key anytime they want, thus read the content of our iMessages . Basically, when you send  an   iMessage to someone, you grab their public key from Apple, and encrypt your message using that public key. On the other end, recipients have their own private key that they use to decrypt this message. A third-party won't be able to see the actual message unless they have access to the private key. Trust and public keys always have a problem, but the  researchers noted that there's no evidence that Apple or

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication

Microsoft discontinues MD5 crypto for digital certificates to improve RDP Authentication
Aug 15, 2013
This week Microsoft has released several advisories to help their users update from weak crypto. Microsoft is beginning the process of discontinuing support for digital certificates that use the MD5 hashing algorithm and to improve the network-level authentication for the Remote Desktop Protocol . Microsoft's optional updates : Microsoft Security Advisory 2661254: The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks . Microsoft Security Advisory 2862973: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7 , Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate

Google may introduce Anti-NSA surveillance encryption for Google Drive

Google may introduce Anti-NSA surveillance encryption for Google Drive
Jul 18, 2013
Privacy protection in the services we use on a daily basis has been a big topic of conversation following accusations that Google, Microsoft, Apple and other large tech companies were working with government agencies to provide user data. According to a new report by CNet , Google may introduce encryption for users' data generated on their Google Drive to protect its customers' privacy against attempts by the U.S. government to access the data. Why Encryption ?  Secure encryption of users' private files means that Google would not be able to divulge the contents of stored communications even if NSA submitted a legal order under the Foreign Intelligence Surveillance Act or if police obtained a search warrant for domestic law enforcement purposes. "Mechanisms like this could give people more confidence and allow them to start backing up potentially their whole device, " said Seth Schoen, Electronic Frontier Foundation. Many companies use SSL and HTTPS to secu

T-Mobile Wi-Fi Calling App vulnerable to Man-in-the-Middle attack

T-Mobile Wi-Fi Calling App vulnerable to Man-in-the-Middle attack
Mar 22, 2013
T-Mobile devices having a default Wi-Fi Calling feature that keeps you connected in areas with little or no coverage using Wi-Fi connection. But according to new finding by students Jethro Beekman and Christopher Thompson from University of California Berkeley, that this feature lets millions of Android users vulnerable to Man-in-the-Middle attack . The simplest way to become a man-in-the-middle would be for the attacker to be on the same open wireless network as the victim, such as at a coffee shop or other public space. In a technical analysis of the exploit, The flaw could potentially allow hackers to access and modify calls and messages made by T-Mobile users on certain Android smartphones. Beekman and Thompson informed T-Mobile, a division of Deutsche Telekom, of the flaw in December and on March 18 T-Mobile was able to resolve the issue for all affected phone models. T-Mobile uses regular VoIP for Wi-Fi Calling instead of a connection that encrypted, somethin

Facebook Camera App Vulnerable to Man in The Middle Attack

Facebook Camera App Vulnerable to Man in The Middle Attack
Dec 26, 2012
Egypt-based security researcher reported that Facebook Camera App for mobiles are Vulnerable to Man in The Middle Attack , that allow an attacker to tap the network and hijack Camera users accounts and information like email addresses and passwords can be stolen . Mohamed Ramadan trainer with Attack-Secure, who previously reported us about similar vulnerability in Etsy app for iPhone Mohamed explains " The problem is that the app accepts any SSL certification from any source, even evil SSL certifications, and this enables any attacker to perform man in the middle attacks against anyone who uses the Facebook Camera app for IPhone. This means that the application doesn't warn the user if someone in the same (Wi-Fi network) is trying to hijack his or her Facebook account. " Facebook suggest users to upgrade the Camera application To Version 1.1.2. A statement released by the company says " We applaud the security researcher who brought this bug to our attenti
More Resources