I’m not sure what it is, but it’s certainly a piece of malware, because it’s not just an executable file, it’s a Java app. And what it does is, it allows the attacker to get access to the ATM’s camera. So, the attackers were able to take photos of the people at the ATM, and then send it back to the command and control server. This of course is a huge privacy violation, and could also be used to steal information like ATM card numbers, or other information that the customers may have been entering into the ATM. So, this is a really serious bug, and it’s a good reminder that you need to be very careful when you’re designing these types of systems. You need to make sure that you’re doing input validation, and that you’re not allowing the user to upload any type of file that could potentially be malicious. DUCK. Now, finally, it is always fun to talk about data that comes back to life. And this one is quite a spooky one. It’s from the US Department of Justice… and it’s something called FOIA ‘redaction’. Now, the idea here is that when the DoJ releases documents to the public, it does so in a ‘redacted’ form – which means that certain sections of the document will be blacked out, to remove sensitive information. US Department of Justice FOIA redaction data comes back to life CHET. Well, it turns out that the way they were doing it was, they were using a software called “Redact-It”. And it turns out that the way the software works is that it doesn’t actually delete the text, it just covers it up. So, if you have, say, a PDF document, and you open it in a PDF reader, the text is still there. It just looks like it’s been blacked out, because of the way the software works. And so, it turns out that a programmer discovered this, and was able to write a script that would uncover all of the text that had been redacted by the DoJ. So, this means that all of the information that the DoJ had supposedly redacted for privacy reasons was actually still there, just hidden. So, this is a pretty big deal, in terms of privacy. And I think it goes to show that, even when you think you’ve done everything to protect your data and make it secure, you need to double-check, because there may be something lurking in the background that you didn’t know about. DUCK. Well, that’s it for this week, Chester. Thank you.
The mobile phone has recently been the subject of a worrying security flaw in its baseband chip. This is a part of the System-on-Chip (SoC) which handles the cellular network communication, GPS, and other radio transmissions. This chip usually has a very specific firmware and is highly regulated by the European Telecommunications Standards Institute (ETSI) to ensure it is safe, secure, and reliable. Recently, Google revealed the discovery of 18 security vulnerabilities in the Samsung Exynos baseband chip. Four of these vulnerabilities were deemed to be so severe that they chose to suppress the disclosure of their 0-day policy. These vulnerabilities were in the baseband chip of the Pixel 6 and 7 series, as well as several other devices from Samsung, Vivo, and even some cars.
The vulnerability was identified as an “internet-to-baseband remote code execution” which would allow a hacker, with internet access, to implant malware on a device without the user’s knowledge. This means that a hacker could potentially snoop on calls, read SMS messages, and block calls. The only protection against this vulnerability is to patch the device. Google was able to provide patches for their Pixel 6 and 7 series but only after delaying the release of the patch until March 20th. It is possible to turn off Voice over LTE (VoLTE) and Wi-Fi Calling options on a device if it is not yet patched, as these are the most vulnerable aspects of the vulnerability.
Google is not the only company to have recently had issues with their baseband chip. Recently, a company that manufactures Bitcoin ATMs had a major security breach. This was caused by a bug in their Core ATM server that allowed attackers to upload malicious Java apps which allowed them access to the ATM’s camera. This type of attack could be used to steal data such as ATM card numbers, as well as a major privacy violation for customers.
Finally, the US Department of Justice has recently had a major security breach with their FOIA redaction data. They were using a software called “Redact-It” which was supposed to delete text from documents released to the public. However, a programmer was able to write a script to uncover the text that was supposedly deleted. This means that all of the information that the DoJ had redacted for privacy reasons was still there, just hidden. This goes to show that, even when it seems like data is secure, it is still important to double-check for any potential hidden threats.
Overall, it is clear that security flaws can be hidden in many unexpected places, from mobile phone baseband chips to Bitcoin ATMs to FOIA redactions. It is important to always be aware of potential security threats and to patch devices as soon as possible. Additionally, it is important to double-check for any potential hidden threats that may be lurking in the background.