Search This Blog

Showing posts with label Vulnerabilities and Exploits. Show all posts

Multiple Vulnerabilities found in SATCOM internet access terminal Cobham EXPLORER 710



CERT/CC researchers found multiple vulnerabilities as they examined Satcom terminal Cobham EXPLORER 710 as an extension of IOActive’s findings in 2014. These new vulnerabilities could affect both the device and firmware.

These frailties could give attackers unauthentic access to sensitive information, control of the device, create or implant backdoor, DoS attack and more.

Cobham EXPLORER 710 is a portable satellite terminal, broadband global area network (bgan) through telephony. The device provides internet connection through satellite communications setting new standards for size, speed and features.

 EXPLORER 710 is a sophisticated communication tool for broadcasting, streaming and other IP based industry applications with a speed of 1 Mbps and higher. It is used in various sectors as Commercial aerospace, military defenses, space systems, SATCOM and more.

 The sat-com terminal, firmware version 1.07 is affected with 6 vulnerabilities listed below-

 • CVE-2019-9529 – Authentication Failure 

This failure arises due to the web portal having no authentication by default, this could lead to any attacker connected to the device to gain access to the portal and perform changes.

 • CVE-2019-9530 – Unrestricted Directory Access

There are no restrictions on access to the webroot directory, creating a liability as hackers can read, access or download any file in the webroot directory.

 • CVE-2019-9531 – Authentication Failure to port 5454 

This vulnerability allows attackers to connect to port 5454 through Telnet and execute 86 Attention (AT) commands, and gain illegal access.

 • CVE-2019-9532 – Text Data Exchange 

The web application portal passes the login password in cleartext, it could easily give way to miscreant to intercept the password.

 • CVE-2019-9533 – Default Login Credentials

The root password is the same for all devices, this could allow to reverse-engineer the password in all available versions.

 • CVE-2019-9534 – Validate Failure

According to CERT/CC researchers, "The device does not validate its firmware image. Development scripts left in the firmware can be used to upload a custom firmware image that the device runs. This could allow an unauthenticated, local attacker to upload their own firmware that could be used to intercept or modify traffic, spoof or intercept GPS traffic, exfiltrate private data, hide a backdoor, or cause a denial-of-service."

Apart from the above gaps in security, the researchers also discovered some configuration issues, missing security headers and problems in default wifi password ( being same as same as serial number) which are gravely dangerous to the device and leave it susceptible to cross-site scripting and clickjacking.

 The researchers said they currently don't have any practical solutions to these problems.

'Yes Bank' registers a complaint against fake news, alleging it of frightening investors


Yes, Bank filed a police complaint against fake news stating that misinformation was posted on social media concerning the bank's finance. The complaint was filed at Mumbai Police's Cyber cell when the investors withdrew their shares, and the capitals at the stock market hit a downfall. The bank's police complaint says that the fake news was scaring away its investors and depositors.



The rise of mobile internet in India has resulted in social tremors, with users falling prey to false information. Due to the lack of digital literacy, people are easily exposed to Fake News.

One of the biggest reasons is that fake news is usually engaging, and frightening which drives people to share them in a flash. It intends to create chaos among the general public. For a few days, some perpetrators are circulating fake news and ill-disposed falsehoods about Yes Bank on social networking sites and WhatsApp to generate fright among the bank's clients. The information seeks to present the bank in bad standing and is aimed to defame the bank's image among its clients, shareholders, and society.

"Yes Bank filed a charge by Mumbai Police and Cyber Cell on the propagation of fake news and advertising of lies about the bank's economic status on different social media platforms such as WhatsApp," said the bank in its report. The bank also asked the authorities to establish a committee of specialists to look over the issue of rumor-mongering and find the convict guilty of spreading fake news over social media platforms, they also requested the experts to find the origin of the fake news.

The bank requests its stakeholders and investors to be aware of false information. 'We assure our client that Yes Bank's financial standing is safe and reliable and would continue to be the same for a long time,' it says. It is no doubt that since the last few years, fake news has become a threat to Indian democracy and the people of India. Misinformation that is aggressively spread or shared through social media platforms causes chaos and distress among the public.

Oyo Leaves Customers’ Confidential Data Unprotected Due to a Security Flaw



The world’s third-largest and fastest-growing hospitality and homestay chain, Oyo is reportedly leaving its customer data unprotected, which makes it vulnerable to a breach due to a flaw found in its security systems. A cybersecurity researcher, Jay Sharma, who used Oyo for the first time in his life, found a loophole in the service which was exposing confidential information of the customers availing the service.

Founded in 2013 by 25-year-old, Ritesh Agarwal, Oyo has confirmed the presence of security flaw in an email to the cybersecurity researcher who took to the professional networking site, LinkedIn to share his first time experience with the service and sent the report of the same to the company’s Cyber team on 22nd of August. The data at risk included booking IDs, contact numbers, the date of the booking, the number of people staying in the room and location.

Sharma was offered a bounty reward of Rs. 25,000, which is the increased amount after the officials, reviewed the severity involved, the initial amount offered was Rs. 5000.

Sharing the insights of the experience and the details of the vulnerability, Jay wrote on LinkedIn, “I used Oyo for the first time in my life, and once I checked in, it was compulsory to enter booking ID and phone number to access the Wi-Fi”, “Why should anybody in the room be forced to share personal information via OTP (one-time-password) verification to use Wi-Fi?”

“I researched more and found that the HTTP & Ssh ports were open with no rate limit for the IP which was hosting this. Captcha was a 5 digit number generated by math.random(). I created a way to brute force the login credentials while executing the captcha.”

“Once login was brute-forced all the historical data dating back to a few months was accessible. The booking IDs and phone numbers related to these IDs with timestamps were stored naked and all of it could be downloaded by parsing HTML using python scripts.” He wrote.

Jay further warned the customers not to log in and “wait till OYO announces officially that they have fixed this issue” as “all the properties which use this login are vulnerable.”

Commenting on the matter, the company, headquartered at Gurugram, said “Oyo provides safe and secure hotels to unmarried couples. Most Oyo hotels allow unmarried couples and accept local IDs; they have well-trained staff who ensure safety and privacy,”

“Any vulnerability, no matter how limited-time or small is taken very seriously and looked into,” a spokesperson told in a statement.

Vulnerability in the WIB SIM-browser allows attackers to take control of millions of mobile phones around the world


Previously, E Hacking News reported on the Simjacker vulnerability, which allows to monitor the owners of the phones.

Simjacker is the first real attack where the malicious instructions are sent directly in the SMS message. Interestingly, messages are not stored in either inbox or outbox, so everything happens completely unnoticed by the victim.

According to the researchers, attackers can exploit the vulnerability regardless of the brand of the user's device. A similar vulnerability was recorded on devices of many manufacturers, including Apple, Samsung, Google, HUAWEI and others.

According to Adaptive Mobile Security experts, the vulnerability has been exploited for at least two years by highly sophisticated cyber criminals (most likely working for the government) to spy on users.

Ginno Security Lab experts claim they identified similar kind of vulnerabilities in 2015 and this is the first time they are publishing the details.

Adaptive Mobile Security said that everything starts with sending a malicious SMS-message. It can be sent from a phone, GSM modem or even a computer. After opening, this malicious message launches the S@T Browser program installed on each SIM card, as mobile operators use it to provide their services. In this way, attackers can gain full control of the victim's phone.

The company Ginno Security Lab claims that they have found vulnerability in both WIB simcard-browser and S@T simcard-browsers.

"The Wireless Internet Browser (WIB) is specified by SmartTrust and is the market leading solution for SIM toolkit based browsing".

By sending a malicious SMS message to the victim's phone number, an attacker can exploit vulnerabilities in the WIB simcard-browser to remotely gain control of the victim's mobile phone to perform malicious actions.  In their demo, they remotely made a call from victim's phone to another phone.

The impact of the vulnerability in WIB is spreading around the world and putting hundreds of millions of telecommunication subscribers worldwide at risk. The security vulnerability comes from the SIM card, does not depend on mobile phones or the mobile phone operating system, so every mobile phone is affected.

According to the researchers, one of the main reasons for the existence of Simjacker vulnerability today is the use of outdated technologies in SIM cards, the specifications of which have not been updated since 2009. Experts have already information their findings to the GSM Association, a trade organisation that represents the interests of mobile operators around the world.

Hackers Now Allowed to Find Flaws in US Fighter Jets and Security System


The Trusted Aircraft Information Download Station could have been shut down entirely due to a host of flaws discovered by hackers who were challenged to detect vulnerabilities in a system of a U.S military fighter jet known as F-15.

It was unprecedented in the history of the tech world that outside researchers were given physical access to such critical machinery, and were asked to detect vulnerabilities. It was a matter of two days for a group of 7 hackers to come up with a number of exploits which included bugs that were identified by the Air Force itself but they couldn't fix it, according to the Washington Post.

Hackers put the system through numerous attacks which included subjecting it to malware and testing with objects like screwdrivers and pliers, reported the DEF CON 27.

In the context of the vulnerabilities exploited by the hackers, Roper Technologies attributed, “decades of neglect of cybersecurity as a key issue in developing its products, as the Air Force prioritized time, cost and efficiency.”

Usually, outsiders were not allowed such access to military equipment which is highly sensitive in nature and their operation; it came as a massive change in how the military and technological world works in synchronization, the gravity of which can be gauged by the fact that hackers physically approached the machine with tools.

As per Roper, American Air Force is of the belief that if it doesn't allow America's best hackers to find every single vulnerability present in their weapons, machinery and fighter jets, then they are at the risk of being exploited by other adversaries like Iran, Russia and North Korea.




Simjacker Exploits S@T Browser to Affect a Billion Users



Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands.

The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device.

To ensure a proper execution of these instructions, Simjacker exploits the S@T Browser, which is a software found in SIM cards. After receiving the 'attack SMS', SIM card resorts to the S@T Browser library for setting up the execution friendly environment which can trigger logic on the infected device.

S@T Browser, a legacy browser technology placed inside the SIM cards on a number of handsets, was typically used to send promotional messages or spam text messages. However, the attackers went on exploiting it for obtaining device's location and its unique International Mobile Equipment Identity (IMEI).

The attacker sends a SMS to the S@T browser asking it for the aforementioned information which it would obtain and store on to the SIM card. Then, the attacker would send another SMS to acquire the stored information. These messages are send and received in binary codes, unlike regular messages. It doesn't alert the victim in any manner and hence qualifies to be a highly effective tool for attacking mobile phones via messages.

Referencing from the findings of mobile carrier security company AdaptiveMobile Security, 

"The main Simjacker attack involves an SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieve and perform sensitive commands." 

"We believe this vulnerability has been exploited for at least the last two years by a highly sophisticated attacker group." The report reads. 

Notably, the exploit is working as a lot of operators are failing to check the origin of these binary codes (SMS), which can be blocked by configuring the firewall technology in their corresponding networks, advises AdaptiveMobile.





Kraken Bug: Traders Buy Bitcoins and Sell Them For Almost Double?



Kraken, the world’s oldest crypto-currency exchange medium recently revealed that a bug allegedly allowed specific customers to purchase and then resell $8,000 worth Bitcoin for $12,000.

It was mentioned on Twitter that the bug was found in an “unreleased advanced order type”.

The bug caused the orders to automatically execute without having cleared the requisite liquidity. Stop orders were immediately activated and filled at market rate.

The victims of this incident were strongly advised to submit “support tickets” with their questions. Nevertheless, the exchange was vehemently condemned.

Kraken’s CEO in response tweeted that he’s not sure how a “legitimate” trade takes place for pricing reasons or at least what boundaries it exists within.

The charts tell the story that a few over-fortunate traders quickly bought for a low price and sold for a fairly higher amount but the tweets tell another story.

User Accounts and Phone Numbers Exposed; Confirms Instagram


Social Media Giant and Instagram senior, Facebook affirms that a newfound security vulnerability may have put the user data in danger, leaving many open to attack by 'threat actors'.

The vulnerability is said to be so strong to the point that through it the attacker would effectively access 'secure' user data like the users' real names, Instagram account numbers and handles, and full phone numbers.

An Israeli hacker known by the handle @ZHacker13 found the vulnerability with Instagram and said that misusing it would empower an attacker utilizing a multitude of bots and processors to manufacture an accessible/attackable database of users, bypassing protections protecting that information.

The attacker utilizes a simple algorithm against Instagram's login form, checking each phone number in turn for those linked to a live Instagram account, and since there is no restriction on the number of algorithms that can be kept running in parallel, the attacker can do it as many number of times as he wants.


After this while exploiting the advantages of Instagram's Sync Contacts feature he can figure out how to discover the account name and number linked to the phone number.


Anyway as of now, there is no proof that any user data has been misused or mishandled via utilizing this vulnerability—in any case; on the other hand, there is no proof that it hasn't.

Probably the fact that the endeavour required two separate procedures may imply that the attackers have chosen to withdraw.

Meanwhile, @ZHacker13 tested his Instagram exploit post Facebook's fix and affirmed that it no longer worked.

Zwift hackers expose next generation of cycling doping


Cyber security experts proved they can hack into Zwift and boost their performance on the indoor cycling gaming platform.

The hack works by intercepting and manipulating data sent between smart trainers and Zwift.

It underscores the need to tighten security in e-racing, a growing field with UCI-sanctioned events and Olympic ambitions.

By his own admission, cyber security consultant Brad Dixon is a bit of a cycling hack. He rides his bike for fitness and recreation, but he’s better at cracking computer codes than cranking out pro-level wattage on two wheels.

Dixon’s lack of high-end fitness might keep him off the podium IRL, but his ability to game virtual reality could help him rise through the ranks in the ever-growing arena of e-sports, where cyclists compete, often for actual cash and real-world prizes, on stationary trainers via platforms like Zwift.

Last month, Dixon gave a 40-minute presentation at DEF CON, a popular computer security conference, called Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks. He detailed how, with some standard hardware and an Xbox controller, he tricked the system into thinking he was humming around Watopia at race pace while doing nothing more strenuous than cracking open a beer.

“The game limits you to 2,000 watts of power, but for a recreational rider like me, that’s infinity,” said Dixon, who works at the New York-based consulting firm Carve Systems. “I can easily cruise around at 30-40 mph in the game at those watts, if not more.”

Such high speeds might immediately cause suspicion among anyone getting their Zwift kit blown off by a pixelated competitor. But smaller boosts, like a 5-10 watt gain here or there—enough to beat someone up a climb or to the line for a sprint—would be far less noticeable.

In the end, these numbers are all that determine how quickly your little cartoon cyclist pedals around the island. And numbers are exactly what gave Carve Systems CEO Mike Zusman, a former Cat 1 mountain bike racer, the notion for this particular hack.

Google Calendar vulnerability affects 1 billion users


Google has finally acknowledged vulnerability in the Google Calendar app that left more than a billion users open to a credential-stealing exploit.

In 2017, two cybersecurity researchers at Black Hills Information Security had informed and demonstrated how they exploited the vulnerability in gaining access to the users credentials.

The vulnerability has put 1.5 billion users at risk.

A Google spokesperson responded to the researcher’s findings that "Google’s Terms of Service and product policies prohibit the spreading of malicious content on our services, and we work diligently to prevent and proactively address abuse."

Google is informing all its users about ”security protections for users by warning them of known malicious URLs via Google Chrome's Safe Browsing filters."

The Vulnerability inside Google Calendar allows anyone to schedule a meeting with you, and Gmail is built to integrate with calendaring functionality.

When a user get an invitation on the calendar, a pop-up notification appears on their smartphone. Hackers could create a messages that include a malicious link, and these links can direct users to a fake online poll or questionnaire with a financial incentive to participate and where bank account or credit card details can be collected.

"Beyond phishing, this attack opens up the doors for a whole host of social engineering attacks," Javvad Malik, a security awareness advocate at KnowBe4.

New Security Flaw in Google's Chrome Browser Lets Hackers Access Sensitive User Data



Hackers are always finding new ways to exploit bugs and compromise sensitive user data, a recently discovered flaw in Google Chrome which could lead to arbitrary code execution, allows attackers to view, edit or even delete confidential data.

The vulnerability in the browser was initially reported by the Centre for Internet Security (CIS) and it could have allowed hackers to execute arbitrary code in the context of the browser. In order to keep the flaw in check, Google Chrome released an immediate update for its users round the globe.

In the upcoming week, Google will be releasing patches for Mac, Windows and Linux, as per the reports. However, the older versions of the search engine, which are the versions before 76.0.3809.132 are prone to attack.

To be on a safe side, users are advised to have their browsers updated and be aware of suspicious websites. The report also recommends users to avoid following the hyperlinks from unknown sources.

“A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.” Reads the report.

WhatsApp’s Bug Leaves Private Chats Compromised?




Security researchers allegedly dug up some bug which apparently lets hackers access private chats and impacts user security heavily.

Per sources, WhatsApp immediately shunned the reports and hinted that it was absolutely preposterous to even think that WhatsApp would harm its users in such a way.

The people behind the massively successful messaging application are always keen on advising users on updating and following every security measure.

iOS users are especially advised to be cautious of this bug specifically when they’re surfing unknown websites. They are suggested to securely click on websites.

Users per usual are strongly advised to update their devices to the latest, download anti-virus apps and software and keep the security on high alert.

Per the source reports, allegedly, the hacked messages from the WhatsApp chats are floated on other servers.

Users should steer clear of unauthorized websites for the sake of their safety.


Well Known and Widely Used 4G Routers Compromised?



Security researchers revealed the various vulnerabilities and flaws that the latest 4G routers have got leading to information leaks and command execution attacks.

In the DEF CON hacking conference the researchers came across a lot of flaws in the “existing 4G modems and routers”.

Per sources, a selection of all the products was made and then tested which resulted in detection of “critical remotely exploitable flaws”.

The part that happens to be a real point of concern is that quite a large number of flaws were found in a very limited stock of devices.From consumer-grade routers and dongles to super expensive devices that are designed to be used on mass level all of them were tested with flaws.The vendors were immediately informed about the security defects and mostly they were fixed well before the Pen Test Partners report got published.

Netgear 4G Routers
Security issues also existed in the case of 4G routers fabricated by TP-Link and Netgear with four of them being assigned CVEs.The Netgear Nighthawk M1 Mobile router got tracked as CVE-2019-14526 and a post-authentication command injection (CVE-2019-14527) which could lead to arbitrary code execution.

The attacker could exploit the above vulnerabilities by tricking the users into visiting a maliciously designed page.Some insight into the SCRF protection bypass flaw of the Netgear routers and breaking the encrypted firmware was also given by the researchers.

TP-LINK 4G Routers
The mobile wireless routers by TP-Link were also found to be compromised and with their very own CVE issues.

The M7350 4G LTE is the model that was vulnerable with mainly, CVE-2019-12103 (Pre-Authentication Command Execution) and CVE-2019-12104 (Post-Authentication Command Execution).ZTE 4G RoutersZTE was a vendor that got immediately in the limelight during the research as it had avoided security issues in its MF910 and MF65+. The website they were listed on was out of support.Per sources the MF920 shared the same codebase with another router that the researchers checked and ZTE decided to take things seriously and fix the reported flaws.Sources mentioned the following issues were discovered MF910 and MF65 that aren’t going to be patched:

· A Cross-Site Scripting point in an unused “test” page.

· In the pre-authentication process the administration password could be leaked.

· One of the debug endpoints during post authentication is vulnerable to command injection.If these issues were to amalgamate, arbitrary code execution on the router becomes all the easier and could be triggered by the user’s visiting a malicious web-page.Two other vulnerabilities that were discovered in the ZTE 4G routers were:

· CVE-2019-3411 (Information leak, 7.5 high severity CVSS v3.0 base score)

· CVE-2019-3412 (Arbitrary Command Execution with a critical severity of 9.8 CVSS v3.0 base score)

If the degraded condition of the already existing 3G and 4G routers is not to get better the 5G routers to come wouldn’t attract as many consumers.The market condition is so that the users are majorly dependent- and if they aren’t they’re soon to be- on cellular connections for full-time internet.