‘Man-In-The-Disk’: The New Cyber Monster!

‘Man-In-The-Disk’: The New Cyber Monster!

The most common android applications have been noticed to be susceptible to a recent cyber-attack of the name “Man-in-the-disk”. 

This extraordinarily named attack is said to allow a third party application to take control over or crash other apps and (or) run a malicious code in the phone.

According to ‘Check Point Research’, there is, apparently, a design flaw in the Android’s Sandbox, which is leading to the external storage of the Android phones to be a paved pathway towards the MitD attack. These attacks, possibly, could have hazardous results. Hidden installations of unwanted, malicious and unrequested applications, denial of service to other genuine apps and crashing down of the applications, to name a few, are some of the outcomes. This might lead to the injection of infected code that might make the application run in the way the attacker wants.
When irresponsible and heedless users let any unknown application use their storage, these kinds of attacks are all the more likely to happen.

Man-in-the-disk’s course of action.

Basically, any of the apps available on the store could have the ability to interfere with the storage data of another app, which is one of the very causes of this attack. Moreover, without caring much about the security hazards users very carelessly allow the apps the access to their storage.

Several tests were conducted, during one of which, the Check Point researchers succeeded in creating a malicious app that could give the impression of being a flashlight app. That app was then used by the researchers to gain access to the external storage space. Two types of attacks were accomplished by the end of the various tests, one of them could crash other applications and the other could update applications into their malicious forms.

In the first type of attack, there is an invasion in another app’s external storage files by insertion of malicious data which results in the crashing of the application. This attack could exploit the rival apps and could easily take advantage of the faulty design and malicious codes could be injected within.

The crashed app will ask for more permissions than the original one and if so, the attacker would have a chance to bum up his ability to approach more sensitive features. These permissions are such that are not at all received by the original app.
There exist applications that put update files into the external storage, before the update is done. Those files could be easily replaced with the malicious versions of themselves or a third party application, altogether. This is what the case is, in the second type, when the apps get updates; there is an attacker app that supervises the space of the external storage.

How To Avoid The Attack.

1.     When dealing with data from the external storage, perform input validation.
2.     External storage should not be filled with class files or ‘executables’.
3.     Preceding the dynamic loading the external storage files must be signed and cryptographically verified.

Some pretty popular apps were detected with the two types of ‘Man-in-the-disk’ attack, according to Check Point. To cite some examples, Google Translate, Yandex Search, Yandex Translate, Google Voice Typing and the super trendy Xiaomi are the applications that are exposed to the malicious update type attack.
The primary reason, these Android apps are being attacked is that the application developers have carelessly overlooked the Android Security Guidelines that include the basic methods for working with external storage.
Xiaomi decided not to take this ‘Man-in-the-disk’ situation into hand whereas, quite fortunately, Google, realizing the issue, has already released a patch for the affected applications.

Police body cameras can be easily hacked

Body cameras used by the law enforcement nowadays have already remained controversial but no one has, so far, attempted to assess the credibility of the device itself. But, a demonstration at Defcon 2018, in Las Vegas over the weekend showed police body cameras are increasingly becoming popular with U.S. police forces can be hacked and footage stolen or replaced. Associated metadata can be manipulated (such as the location, time, and date where the video was shot) as well as expose police officers to tracking and surveillance.

According to the findings of a security consultant at Australia based cybersecurity firm Nuix, by attacking police body cameras, a hacker can easily manipulate footages. Researcher Josh Mitchell assessed five different body camera models from different manufacturers: Vievu LLC (which was acquired by Axon in May 2018), Patrol Eyes, Fire Cam, Digital Ally Inc. and CeeSc and found these cameras to be vulnerable to remote digital attacks. These are the main companies that sell their devices to law enforcement authorities in the US. Surprisingly though, Mitchell left out the market leader Axon.

In theory, body cameras can act as an “objective” third party during police encounters with civilians, thereby protecting civilians from excessive use of force and protecting police departments from unfounded claims of abuse.

There is scant evidence to suggest that body cameras limit the use of force or complaints about the use of force, however, and now even their ability to faithfully record a police interaction is being cast into doubt.

With the exception of the Digital Ally device, the vulnerabilities allow a hacker to download footage off a camera, edit things out or make modifications and then upload it again with no record of the change. Hackers can use the addresses to identify the cameras remotely, as soon as the device is switched on. This would allow hackers to keep a check on police activities as they can easily watch footages from various cameras that are switched on at the same time and place.

Hacker bribes Czech Police in effort to get the seized hard drive containing details of 3200 Bitcoins

Hacker Peter Krzhystka, who is accused of cyber-fraud, offered a bribe to police officer at 384 million kroons (17 million USD) for the return of the hard drive that was seized during the search. However, police officer Lukasz Lazetskiy from the city Brno refused a bribe.

The police consider Peter one of the most dangerous hackers in the country. Earlier, he was already sentenced to four years in prison for hacking Bank accounts and stealing financial information.

During a search of the hacker's apartment, the investigators seized his hard drive and other computer equipment to understand his criminal activities. The hacker showed special interest to the disc. But the police did not know what was on it, as no one was able to decipher the access codes to the digitized data.

According to the Prague News media, one of the hacker's friends offered to the police officer a bribe at 17 million $ and asked him to return the hard drive and to delete it from the list of confiscated property. As it turned out later, the hacker hid information related to more than 3,200 Bitcoins on the hard drive, the total cost of which is about 800 million kroons (about 35 million USD).

Police officer Lukasz Lazetskiy refused a bribe and reported the incident to his superiors. A criminal case was initiated on the fact of the attempted bribery.

Hacking a brand new Mac during setup process

Planning to get a brand new Mac that is free from all kind of bugs and has a robust security system, but there is no such device.

According to security researchers, a brand new Mac could be easily compromised remotely just after it connects to Wi-fi.

The researchers will demonstrate the Mac security flaw on Thursday at the Black Hat security conference in Las Vegas. The attack is done by taking advantage of Apple’s Device Enrollment Program (.pdf) and its Mobile Device Management platform.

The flaw in the enterprise tools allows hackers to install malware inside the operating system remotely.

Jesse Endahl, chief security officer of Mac management firm Fleetsmith, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time.”

 “By the time they’re logging in, by the time they see the desktop, the computer is already compromised,”  Endahl says.

Last month, the security researchers had notified Apple about the flaw, and in response to that the company has released a patch for macOS High Sierra 10.13.6, however, the devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable.

Korean trojan spreading tentacles

A newly discovered ‘Key Marble’ strikes the cyber world causing huge concern for millions of internet users these days. The north korean Trojan, according to what the cyber security experts claim, helps the hackers get access to the details of a device at ease.

 Apart from these, ‘Key Marble’ keeps capturing the screenshots and can download files on every passing moments forcing the experts at the cyber security firms to evolve out an affective mechanism to counter the escalating threat of cybercrimes.

 After an initial study, the experts have stressed an updated anti virus software, strongest passwords to keep these hacking forces at bay.

Further, the internet users can configure personal firewalls on the workstation which could help them ignore unwanted requests.

 The existence of the malware in question surfaced as clear as broad day light when the top cyber security experts from McAfee had a great deal of deliberations at the Black Hat 2018 early this week.

Each of the speakers dwelt at length how the North Korean malware can infect the system. After code analysis the cyber experts successfully identified the links of the vital points acting on the case studies of how North Korea has been aiding and abetting the hackers.

 Both the companies---McAfee and Intezer code go to engine to ensure that the automated analysis process is done. The analysis of both the companies have some common striking similarities.

 The country’s top cyber research experts are learnt to have been possessing the details of the cyber attacks in North Korea. The cyber world experts claimed to have been in the possession of a link between a bank which keeps running at the leadership of a billionaire.

The bank in question got listed more than once in the very code of the malware which happens to be the possessor of fund that has gone missing.
According to the available records, the biggest one attacks, beyond doubt, targetted the Bangladesh Bank. Others in the hit list include the central bank of Bangladesh