Search This Blog

Showing posts with label Threat actors. Show all posts

Serious Vulnerabilities Discovered in Group Face Time Apps

 

Threat actors utilized Google Duo, Facebook Messenger, Signal, JioChat, and Mocha messaging apps vulnerabilities to their advantage by listening to user’s surroundings without any consent before the user on the other side received the call.

Natalie Silvanovich, a Google project Security Researcher discovered the [Group Face Time] bug in multiple video conferencing mobile applications and now all the vulnerabilities in these apps are fixed. iPhones, renowned across the globe for their security features were reported with a critical flaw in January 2019. 

Apple’s FaceTime group chat vulnerabilities allowed hackers to start off a FaceTime video call and eavesdrop on targets. Threat actors tricked the users by attaching their own number as a third person in a group chat right before the user on the other end received the call. This vulnerability was considered so critical that forced the company to eradicate the FaceTime group chats feature. Later, the issue was resolved via iOS update.

Natalie Silvanovich stated that “I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. Theoretically, ensuring callee consent before audio or video transmission should be a fairly simple matter of waiting until the user accepts the call before adding any tracks to the application”. 

“however when I looked at real applications, they enabled transmission in many different ways. Most of these led to vulnerabilities that allowed calls to be connected without interaction from the callee”, she further added. 

In December 2020 the Google Duo bug, a race condition that permitted callees to leak video packets from unanswered calls to the caller was patched. Two relatable vulnerabilities were discovered in the Mocha messengers and JioChat in July 2020; vulnerabilities that permitted sending JioChat audio, patched in July 2020. Mocha messengers audio and video bugs were patched in August 2020 after exploitation by the threat actors.

Threat Actors Bypassed MFA to Gain Access to Cloud Service Accounts

 

The United States Cybersecurity and Infrastructure Agency (CISA) has alerted the firms by stating that cyber attackers are bypassing multi-factor authentication (MFA) protocols to secure access to the cloud service accounts.

Threat actors often use username and password combinations while targeting the organizations but hackers usually are unsuccessful in doing so due to an enabled multi-factor authentication by an organization. CISA said, threat actors successfully gained access to a user’s account despite MFA being enabled, at one instance, in this incident the hackers may have used browser cookies to bypass MFA. 

The threat actors use stolen cookies to gain access to web applications or online services and take control over an authenticated session. CISA noticed that cyber attackers are taking benefits of email forwarding protocols by storing critical information regarding the user’s personal email accounts.

CISA stated in the report that “in one case, we determined that the threat actors modified an existing email rule on a use’s account-originally set by the user to forward emails sent from a certain sender to a personal account-to redirect the emails to an account controlled by the actors. The threat actors updated the rule to forward all email to the threat actors’ accounts”.

Threat actors also designed new mailbox regulations, which were created to send specific messages to the users. These messages contained specific phishing related keywords and these messages were transmitted by using Really Simple Syndication (RSS) feeds or RSS subscription folders to keep users from being alerted. CISA also clarified that this data breach has no link to the SolarWinds supply chain attack.

While explaining further, CISA told, “recommended mitigations for organizations to strengthen their cloud environment configuration to protect against, detect and respond to potential attacks”. These recommendations also include tactics, techniques, and procedures (TTPs) which will provide assistance to the security teams to counter the attacks by threat actors on their organizations.