Monday, January 19, 2015

Hacking ATM with Raspberry Pi

First days of new year came with the warning about a new class of ATM fraud named "black box attack". The crooks gain physical access to the top of the cash machine, connect their own computer to the the cash dispenser and force it to spit out cash, Krebs OnSecurity reports. In fact, this technics isn't so new. The Positive Technologies experts Olga Kochetova and Alexey Osipov showed similar attacks on ATM at Black Hat Europe 2014 in Amsterdam.

Thursday, January 15, 2015

iOS Blocking — Do Not Give In to Cyber Blackmail!

Another scandal beside the one with celebrity nude photo leaks seems to break out soon. Recently, many owners of Apple phones and tablets have faced iCloud account blocking. Accounts are blocked by Apple itself in response to continuous bruteforce attempts. Positive Technologies experts warn you of iCloud blocking attacks conducted for the sake of blackmail and ask to ignore suspicious emails.

Nowadays cybercriminals are very attentive to information security researches — celebrity photos appeared on the Internet right after Andrey Belenko published his report "iCloud Keychain and iOS 7 Data Protection". Following notorious photo publications, Apple restricted the number of login attempts. Once all of them fail, an account gets blocked.

Mobile eavesdropping via SS7 and first reaction from telecoms

Mobile network operators and manufacturers finally said some words about vulnerabilities in the SS7 technology that allow an intruder to perform subscriber’s tracking, conversation tapping and other serious attacks. We reported some of these vulnerabilities and attack schemes in May 2014 at Positive Hack Days IV as well as here in our blog.

In December 2014, these SS7 threats were brought to public attention again, at the Chaos Communication Congress in Hamburg, where German researchers showed some new ways to intercept and decrypt mobile phone calls using SS7. The research have included more than 20 networks worldwide, including T-Mobile in the United States.

Monday, December 29, 2014

4G Security: Hacking USB Modem and SIM Card via SMS

Telecommunications operators are pushing fast and cheap 4G communications technology. Yet only the chosen few know just how insecure it is. While researching the security level of 4G communications, Positive Technologies experts managed to uncover USB modem vulnerabilities that allow a potential attacker to gain full control of the connected computer as well as to access a subscriber account on a mobile operator portal. Additionally, attacks on a SIM card using a binary SMS allow an intruder to sniff and decrypt traffic or lock the SIM.

Tuesday, December 2, 2014

DDoS attack over Load Balancer: secure your cookies!

In security analysis, we deal with various network devices, both well-known and rare ones. Among the latter, load balancers can be singled out. Today we would like to talk about session persistence methods of F5 BIG-IP load balancer. As we found out, an intruder is able to attack such a system and bypass the specified load balancing algorithm by manipulating with cookies’ value.

What is load balancer? It’s a network device that distributes application traffic between servers and allows to control and change traffic characteristics due to specified parameters. When using applications, a client session should be served by the same server. For this purpose BIG-IP monitors and saves session information, which includes an address of a certain web server that serves the client. This information is used mainly for sending client requests to one and the same web server during the session lifetime.

Wednesday, September 17, 2014

Microsoft Windows 8.1 Kernel Patch Protection Analysis & Attack Vectors

Authors: Mark Ermolov, Artem Shishkin // Positive Research

PDF version: link

Kernel Patch Protection (also known as "patchguard") is a Windows mechanism designed to
control the integrity of vital code and data structures used by the operating system. It was
introduced in Windows 2003 x64 and has been constantly improved in further Windows
versions. In this article we present a descriptive analysis of the patchguard for the latest
Windows 8.1 x64 OS, and primarily focus on patchguard initialization and attack vectors related
to it.

It is natural that kernel patch protection is being developed incrementally, so the initialization
process is common for all versions of Windows that have patchguard. There are a lot of papers
published about kernel patch protection on Windows, which describe the process of its
initialization, so you may use references at the end of this article to obtain details.

Sunday, August 3, 2014

Cell Phone Tapping: How It Is Done and Will Anybody Protect Subscribers

You probably have read on various news websites about surveillance programs led by security services in different countries that reach phone and Internet communications of ordinary citizens. We have already wrote about possible threats to mobile telecommunication networks and today we want to put more emphasis on one of the attack vectors against mobile subscribers.

In short, the outline is like this. The attacker penetrates into the SS7 (Signaling System's No. 7) network and sends a Send Routing Info For SM (SRI4SM) service message to the network channel, specifying the phone number of an attacked subscriber A as a parameter. The subscriber's A home network sends the following technical information as a response: IMSI (International Mobile Subscriber Identity) and address of the MSC currently providing services to the subscriber.