Waze traffic app allows user trackingResearchers [1] in Santa Barbara have discovered that the popular Waze [2] GPS app is vulnerable to MitM attacks, making it possible to track users.Waze allows drivers to pool traffic information, avoid obstacles and stay up to date on congestion, weather and other road-based issues. To do this, the app crowdsources data about location and speed from individual devices in order to infer congestion levels. Researchers found that the absence of authentication tools meant that there was no real way for Waze to confirm whether traffic requests from user apps were genuine (originating from a vehicle on the road) or created by a script. By broadcasting data from multiple fictitious 'ghost riders', researchers were able to launch a Sybil attack [3] on Waze, overwhelming legitimate contributions and forging roadside events, causing Waze to redirect users around non-existent hazards. Because Waze allows inter-user communication it was also possible to use these ghost riders to track real drivers with the app by 'following' them around during the day.While researchers worked solely with Waze in this study, there are broader implications for the concept of Sybil attacks against peer-to-peer mobile applications. Waze has already addressed some of the aforementioned privacy issues by hiding the starting and ending locations of users.French software company uses malwareCisco's Talos security team has revealed [4] that French software manufacturer Tuto4PC [5] (AKA Eorezo Group, Wizzlabs) has been using malware-like software to sell its programs.Upon installation, software published by Tuto4PC scans for the presence of sandboxes, AV software, forensics tools and browsers, before relaying this information to servers via an encrypted channel. The software also gained admin privileges during setup and was able to install a variety of unwanted programs without prompting the user to accept license agreements or confirm installation. According to Tuto4PC, over 12 million users have installed the company's software, which includes what is basically a backdoor. Researchers discovered that the company has been accused of illicit software practices before, having been warned by French authorities for processing user information without consent.Gundremmingen plant infected with more malware (update)According to the station's operator, Gundremmingen nuclear power [6] plants was infected with several kinds of malware, rather than just the one originally reported. Conficker [7] and Ramnit [8] were found on computer systems in the plant's B unit, as well as on 18 removable drives. RWE, which runs the plant, has increased its security measures as a result.While common malware variants like Conficker and Ramnit can spread quickly and easily through a variety of systems, they do not necessary pose a direct threat to operations unless an actor is deliberately targeting an institution for attack. Such infections can have unintended side effects however; in January 2003 the Safety Parameter Display System at Davis-Besse nuclear power plant was unavailable for nearly 5 hours because of a Slammer worm infection that overloaded the system's memory.The Silobreaker Team
[1] http://arxiv.org/pdf/1508.00837.pdf
[2] https://my.silobreaker.com/View360.aspx?Item=11_1002729444&q=product%3a%22Waze+%28application%29%22&rd=true
[3] https://my.silobreaker.com/View360.aspx?Item=11_654585390&q=keyphrase%3a%22Sybil+Attack%22&rd=true
[4] http://blog.talosintel.com/2016/04/the-wizzards-of-adware.html
[5] https://my.silobreaker.com/View360.aspx?Item=11_260785519&q=company%3a%22Tuto4PC%22&rd=true
[6] https://my.silobreaker.com/View360.aspx?Item=11_1001674303&q=place%3a%22Gundremmingen+Nuclear+Power+Plant%22&rd=true
[7] https://my.silobreaker.com/View360.aspx?Item=11_56782561&q=keyphrase%3a%22Conficker%22&rd=true
[8] https://my.silobreaker.com/View360.aspx?Item=11_153338292&q=keyphrase%3a%22Ramnit%22&rd=true
↧