Archive for June 2018
What is RAMPAGE Attack? Why Does It Affect Every Android Since 2012?
No matter how secure Google calls its mobile operating system, it seems like a determined security researcher could come up with a vulnerability any day. A team of eight researchers has done the same with their exploit having a fancy name RAMPAGE (CVE-2018-9442), which enables unauthorized access to Android devices.
What is RAMPAGE attack?
In 2012, with the release of Android ICS, Google introduced a new component to the Android kernel called ION that allocates memory for different apps and services. RAMPAGE targets ION, thus, making itself a threat to millions of Android devices across the world.
However, Android isn’t to be blamed entirely. The attack originates out of a fundamental, more of a hardware error in the RAM chips called Rowhammer which works on ARM-based devices. In modern RAM chips, the memory cells are packed very close to each other. This could result in the cells leaking their charge and interact with other cells.
Each memory cells contains one memory bit which represents a unit of data in the RAM chip. An attack leveraging row hammer can be used to extract data from the RAM chip by changing the state of a memory bit from 0 to 1 and vice-versa, i.e., bit flipping.
How does RAMPAGE work?
A malicious app fitted with RAMPAGE can use the ION memory subsystem and cause a row of memory bits to change its state repeatedly until bit flipping happens in the adjacent row.
This way, an app could potentially attain admin level privileges to access the data of some other app which is not possible in regular scenarios. It can harvest confidential information like passwords from a password manager or browser, documents, photos, messages, etc.
“RAMPAGE breaks the most fundamental isolation between user applications and the operating system. This attack allows an app to take full administrative control over the device,” wrote the researchers on the website describing the attack.
Does it affect my device?
As mentioned above, every Android 4.0 and above devices released since 2012 that use LPDDR2, LPDDR3, or LPDDR4 RAM chip come under the radar. Although it’s not confirmed the attack could be crafted for iOS, Windows, MacOS, and also cloud servers.
However, the story isn’t as scary as it sounds. Modern operating systems don’t write all the information about an app in adjacent memory cells; it’s scattered across different cells. So, the process of flipping the bits may be easier but knowing what’s written on the memory bit isn’t.
An average Android smartphone with 32GB memory capacity has 32 billion bits. Given this fact, it would be nearly impossible for an attacker to pinpoint a particular piece of information. It’s nothing but a game of chance.
What should I do?
You can sit back and try not to worry. Google and Amazon are already notified about the RAMPAGE so it’s less likely that some malicious app would appear on Google Play. Moreover, it’s not known if the vulnerability is being exploited in the wild.
How do I check whether my device is vulnerable to RAMPAGE?
If you want, you can check whether your device is vulnerable to RAMPAGE by using the test app [direct link] created by the researchers. They have also created an app called GuardION which is meant to prevent attacks from modifying the memory cells.
It’s not the first time we have seen attack methods trying to explore hardware errors. In a similar attempt, a row hammer based attack called DRAMMER appeared in 2016 that affected Android devices.
Back then, there was a sense of satisfaction as it was less effective on LPDDR4 memory, but this doesn’t seem to be the case with RAMPAGE. Hopefully, devices makers and Google would come up with security patches soon.
Source: RAMPAGE via Android Central
“Gaming Disorder” Is A Mental Health Condition, WHO Declares
If you open the latest edition of the International Statistical Classification of Diseases (ICD) handbook of the World Health Organization, you’ll notice that Gaming Disorder has been classified as a mental health condition.
In the handbook, the organization has placed it under the “Disorders due to substance use or addictive behaviors” category–it’s the same category which includes “Gambling Disorder” as well. Some people might find this placement apt as video games were already being called “digital drugs” by concerned parents and health specialists.
The organization further lists different reasons that could trigger the disorder:
- Impaired control over gaming
- Priority is given to gaming over other tasks
- Escalation of gaming despite negative consequences
- However, this inclusion isn’t being well received by all; many experts aren’t convinced that gaming disorder even exists in the first place.
On the other hand, Vladimir Poznyak, the WHO member who proposed the diagnosis, told CNN that the inclusion is a result of the trends and developments in the professional field as well as daily lives.
The experts have also argued that WHO’s criteria needs to be more narrowed down as it doesn’t offer a way to distinguish between severe and mild addiction.
How to safeguard your databases from SQL injections
SQL (Structured Query Language) is a popular programming language for managing data kept in relational databases. However, the databases can be breached when an attacker adds SQL statements that attempt to corrupt, delete, extract, or delete the data held in the databases.
With the current rise of SQL injection cases, learning how to protect your databases is critical for achieving your cyber security goals. You can also improve your skills of shielding yourself from this type of attack by watching how professionals do it.
For example, Darren Rainey, who is from the U.K. and has more than four years of experience in cyber security, usually livestreams the measures he employs to safeguard systems from various types of attacks, including SQL injection.
How does an SQL injection take place?
An SQL injection occurs when a hacker “injects” a malicious SQL statement into another statement, causing the database to carry out unintended actions. Such type of injections usually affect applications that formulate SQL statements from user actions such as the values users input on the form of a website.
The main type of SQL injection attacks is error-based attacks. They take place when attackers compromise unsanitized inputs.
If a developer fails to sanitize inputs by eliminating needless characters from inputted data, an attacker can insert wrong values and cause harm to the database.
For example, here is the PHP code of a login web form having username and password fields.
?php
$my_username=$_POST[‘username’];
$my_password=$_POST[‘password’];
$my_sql_query=”SELECT * FROM users WHERE username='”.$my_username.”‘ AND user_password='”.$my_password”‘;”;
?>
The above command would then be sent to a database server to determine correspondence with the data stored, before allowing or denying a user access.
Let’s say that a user inputs “computer” as username and “comp123” as the password, it would lead to the following command.
$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password='”.$comp123″‘;”;
However, the above code is vulnerable to attacks. If an attacker inserts ‘ or ‘a’=’a ‘or’ in the password field, then the variable $my_password will have the value ‘ or ‘a’=’a ‘or’.
In that case, the resulting command will look like the following, which usually leads to a non-empty dataset.
$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password=” or ‘a’=’a’;”;
Consequently, since the statement a=a is always true, the attacker may be granted entry without having valid login credentials.
How to protect your database
Sanitize inputs
An important technique you should use to safeguard your database from SQL injection attacks is to sanitize input strings. If you sanitize the user input on the server side, you will remove any potential harmful commands and ensure that users offer only the right type of input.
For example, in PHP you can use the mysqli\_real\_escape\_string() function for escaping the characters that could alter the characteristics of the SQL command.
Here is the improved version of the code mentioned above.
?php
$my_username= mysqli_real_escape_string$_POST([‘username‘]);
$my_password= mysqli_real_escape_string($_POST[‘password‘]);
$my_sql_query=”SELECT * FROM users WHERE username=‘”.$my_username.”‘ AND user_password=’“.$my_password“‘;”;
?>
With the improvements, the web form would be safeguarded when an attacker includes an escape character (\) in front of single quotes in the fields.
You can also sanitize user inputs by ensuring that numeric or alphanumeric fields lack symbol characters and removing whitespace and new line characters before sending them for processing on the server-side.
Furthermore, you should ensure that user inputs are validated to keep to the guidelines set for length, syntax, and type. For example, if users are providing email addresses in a form, they should be filtered to allow only the characters that constitute an email address.
Restrict database permissions
You should avoid giving users excessive privileges. When your application is connecting to a database, ensure that the users are granted only the necessary privileges for that purpose.
This way, you will lower the effects of any SQL injection attacks that could compromise the security of your database.
For example, if you are using the Microsoft SQL server, you could limit database permissions as follows.
deny select on sys.tables to sqldatabasepermit;
deny select on sys.packages to sqldatabasepermit;
deny select on sys.sysobjects to sqldatabasepermit;
Use parameterized queries
With this simple and effective technique, you can segregate the data provided by the users from the code powering the application.
As such, the two will not interact with one another directly, allowing you to minimize the effects of SQL injection attacks.
Importantly, you should avoid revealing database error information to users. If attackers get hold of the error messages, they can use them to exploit the security of your database.
Conclusion
SQL injection is one of the common types of attacks hackers use to compromise systems. Therefore, you need to stay vigilant and appropriately guard your IT infrastructure from this type of attack.
The techniques listed in this article are simple and may not offer you full protection from this type of attack. That is why you need to learn from the cyber security experts on how to reinforce your protection measures from SQL injections.
With the current rise of SQL injection cases, learning how to protect your databases is critical for achieving your cyber security goals. You can also improve your skills of shielding yourself from this type of attack by watching how professionals do it.
For example, Darren Rainey, who is from the U.K. and has more than four years of experience in cyber security, usually livestreams the measures he employs to safeguard systems from various types of attacks, including SQL injection.
How does an SQL injection take place?
An SQL injection occurs when a hacker “injects” a malicious SQL statement into another statement, causing the database to carry out unintended actions. Such type of injections usually affect applications that formulate SQL statements from user actions such as the values users input on the form of a website.
The main type of SQL injection attacks is error-based attacks. They take place when attackers compromise unsanitized inputs.
If a developer fails to sanitize inputs by eliminating needless characters from inputted data, an attacker can insert wrong values and cause harm to the database.
For example, here is the PHP code of a login web form having username and password fields.
?php
$my_username=$_POST[‘username’];
$my_password=$_POST[‘password’];
$my_sql_query=”SELECT * FROM users WHERE username='”.$my_username.”‘ AND user_password='”.$my_password”‘;”;
?>
The above command would then be sent to a database server to determine correspondence with the data stored, before allowing or denying a user access.
Let’s say that a user inputs “computer” as username and “comp123” as the password, it would lead to the following command.
$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password='”.$comp123″‘;”;
However, the above code is vulnerable to attacks. If an attacker inserts ‘ or ‘a’=’a ‘or’ in the password field, then the variable $my_password will have the value ‘ or ‘a’=’a ‘or’.
In that case, the resulting command will look like the following, which usually leads to a non-empty dataset.
$my_sql_query=”SELECT * FROM users WHERE username='”.$computer.”‘ AND user_password=” or ‘a’=’a’;”;
Consequently, since the statement a=a is always true, the attacker may be granted entry without having valid login credentials.
How to protect your database
Sanitize inputs
An important technique you should use to safeguard your database from SQL injection attacks is to sanitize input strings. If you sanitize the user input on the server side, you will remove any potential harmful commands and ensure that users offer only the right type of input.
For example, in PHP you can use the mysqli\_real\_escape\_string() function for escaping the characters that could alter the characteristics of the SQL command.
Here is the improved version of the code mentioned above.
?php
$my_username= mysqli_real_escape_string$_POST([‘username‘]);
$my_password= mysqli_real_escape_string($_POST[‘password‘]);
$my_sql_query=”SELECT * FROM users WHERE username=‘”.$my_username.”‘ AND user_password=’“.$my_password“‘;”;
?>
With the improvements, the web form would be safeguarded when an attacker includes an escape character (\) in front of single quotes in the fields.
You can also sanitize user inputs by ensuring that numeric or alphanumeric fields lack symbol characters and removing whitespace and new line characters before sending them for processing on the server-side.
Furthermore, you should ensure that user inputs are validated to keep to the guidelines set for length, syntax, and type. For example, if users are providing email addresses in a form, they should be filtered to allow only the characters that constitute an email address.
Restrict database permissions
You should avoid giving users excessive privileges. When your application is connecting to a database, ensure that the users are granted only the necessary privileges for that purpose.
This way, you will lower the effects of any SQL injection attacks that could compromise the security of your database.
For example, if you are using the Microsoft SQL server, you could limit database permissions as follows.
deny select on sys.tables to sqldatabasepermit;
deny select on sys.packages to sqldatabasepermit;
deny select on sys.sysobjects to sqldatabasepermit;
Use parameterized queries
With this simple and effective technique, you can segregate the data provided by the users from the code powering the application.
As such, the two will not interact with one another directly, allowing you to minimize the effects of SQL injection attacks.
Importantly, you should avoid revealing database error information to users. If attackers get hold of the error messages, they can use them to exploit the security of your database.
Conclusion
SQL injection is one of the common types of attacks hackers use to compromise systems. Therefore, you need to stay vigilant and appropriately guard your IT infrastructure from this type of attack.
The techniques listed in this article are simple and may not offer you full protection from this type of attack. That is why you need to learn from the cyber security experts on how to reinforce your protection measures from SQL injections.
What Is Social Engineering? What Are Different Types Of Social Engineering Attacks?
You might have heard the word Social Engineering. But, what exactly is Social Engineering? What are the types of Social Engineering techniques? It can be assumed as a set of methods primarily intended by the people who want to hack other people or make them do some particular task to benefit the attacker.
However, to do this, they don’t want to depend mainly on the coding part. Social Engineering scams are the art of deception used by evil-minded people to nourish their greed for money or something else.
So, What is Social Engineering?
You might’ve received phone calls or emails from people giving credit card offers. They try to take their targets into confidence and make them pay a hefty amount to claim the offers. We call such things as a fraud. That’s an example/type of social engineering, where people try confidence tricks on their targets.
This social manipulation is not just for financial benefits. Social engineering can be done for other purposes too, for instance, harvesting information from people. It involves playing with their mind to get things done.
You can find social engineers everywhere. Even your friends sitting next to you concentrating on your keyboard while you type your passwords is a social engineer. It’s just that there is no certification for this thing. So, let’s tell you what are the types of social engineering in detail.
Types of Social Engineering Attacks:
There are many social engineering tactics depending on the medium used to implement it. The medium can be email, web, phone, USB drives, or some other thing. So, let’s tell you about different types of social engineering attacks:
1. Phishing
Phishing is the most common type of social engineering attack. The attacker recreates the website or support portal of a renowned company and sends the link to targets via emails or social media platforms. The other person, completely unknown of the real attacker, ends up compromising personal information and even credit card details.
You can prevent phishing emails by using spam filters in your email accounts. Most email providers do this by default nowadays. Also, don’t open any emails coming from an untrusted source or you find it suspicious.
2. Spear Phishing
A social engineering technique known as Spear Phishing can be assumed as a subset of Phishing. Although a similar attack, it requires an extra effort from the side of the attackers. They need to pay attention to the degree of uniqueness for the limited number of users they target. And the hard work pays off, the chances of users falling for the false emails are considerably higher in the case of spear phishing.
3. Vishing
Imposters or social engineers can be anywhere on the internet. But many prefer the old fashioned way; they use the phone. This type of social engineering attack is known as Vishing. They recreate the IVR (Interactive Voice Response) system of a company. They attach it to a toll-free number and trick people into calling the phone number and entering their details. Would you agree on this? Most people don’t think twice before entering confidential info on a supposedly trusted IVR system, do they?
4. Pretexting
Pretexting is another example of social engineering you might’ve come across. It’s based on a scripted scenario presented in front of the targets, used to extract PII or some other information. An attacker might impersonate another person or a known figure.
You might’ve seen various TV shows and movies where detectives use this technique to get into places where they’re personally not authorized, or extract information by tricking people. Another example of pretexting can be fake emails you receive from your distant friends in need of money. Probably, someone hacked their account or created a fake one.
5. Baiting
If you have seen the movie Troy, you might be able to recall the trojan horse scene. A digital variant of this technique is known as Baiting and it is one of the social engineering techniques used by people. Attackers leave infected USB drives or optical disks at public places with a hope of someone picking it up out of curiosity and using it on their devices. A more modern example of baiting can be found on the web. Various download links, mostly containing malicious software, are thrown in front of random people hoping someone would click on them.
6. Tailgating
Similarly, there are other social engineering techniques, like Tailgating, where a person takes help of an authorized person to get access to restricted areas where RFID authentication or some other electronic barrier is present.
7. Quid pro quo
Another social engineering method Quid pro quo involves people posing as technical support. They make random calls to a company’s employees claiming that they’re contacting them regarding an issue. Sometimes, such people get the chance to make the victim do things they want. It can be used for everyday people also.
Quid pro quo involves an exchange of something with the target, for instance, the attacker trying to solve a victim’s genuine problem. The exchange can include materialistic things such as some gift in return for the information.
How to defend yourself from social engineers?
In the past, you might’ve come across the story of Ivan Kwiatkowski. He had sensed a foul customer support call before it was too late. He managed to fool the so-called executive on the other side and installed ransomware on the attacker’s computer. That could be thought of as a counter-attack on such people. You need to be alert when someone asks you to give your information or when some unknown person is giving something to you for free.
Improve your emotional intelligence
Social engineers can also try to hit on the emotional part of people’s brains. They might try to take you on a guilt trip, make you nostalgic, or even try to impact negatively. The situation becomes alarming; people tend to open up in front of the ones trying to give them emotional comfort.
Stay aware of your surroundings
One more thing you must pay attention to save yourself from different types of social engineering scams is what you do on the internet. A person trying to hack into your online account may glance through your Facebook profile and find some clues about the answers to the security questions or even your password.
Think before you act
Mostly, such questions include less important stuff like pet names, school names, birthplace, etc. Also, pay attention to what web pages you visit or what files you download. They may contain malicious tools to harvest your information.
Keep your accounts and devices safe
With the abundance of electronic devices and internet nowadays, it’s easier than ever to get information about almost anyone. For instance, it could be some camera keeping an eye on you in the subway or on the streets that could be compromised during social engineering attacks.
So, what’s important is to keep your smartphones, PCs, and online accounts safe by adding strong passwords and other methods like two-factor authentication. Take appropriate security measures like anti-virus software, firewalls, etc. That’s the minimum you can do. Also, make sure you don’t have the habit of writing down passwords and financial details.
However, these are general ways to defend oneself from being exploited by a social engineer. Big organizations have devised more formal methods to deal with such scenarios. This can include things such as conducting regular drills on employees, training them to deal with such situations, and establishing proper methods to identify legitimate personnel.
Read More..