Two new vulnerabilities have been found in Intel processors. They are undocumented capabilities of the manufacturer that allow hijacking control over the device. Access to them opens in a special mode that in most cases only Intel engineers have access to. However, in some scenarios it can also be activated by hackers. Information security experts suggest that these options may be present in all current Intel processors and see them as a major potential threat.
According to Positive Technologies experts Mark Yermolov and Dmitry Sklyarov, there are two undocumented instructions in Intel processors that allow modification of the microcode and gain control over the processor and the entire system.
"The discovered instructions allow bypassing all existing x86 architecture protection mechanisms in modern processors," said Yermolov.
The experts specified that the features found are in Intel's Atom processor family, which has been updated since 2011 to the present day.
"In theory, the vulnerabilities found can be exploited by any attacker who has the necessary information", Alexander Bulatov, Commercial Director of RuSIEM, told the publication.
In this case, the hacker would get a whole set of opportunities to control the compromised system.
“This can be either the simplest forced shutdown of the device, or flashing the processor with microcode that secretly performs certain tasks of the attacker,” explained Bulatov.
According to Yermolov, instructions can be activated remotely only in a special mode of operation of processors Red Unlock, which only Intel engineers should have access to. As Positive Technologies noted, some processors have vulnerabilities that allow third parties to enable Red Unlock mode as well.
Intel's press office said it takes Positive Technologies' research seriously and is carefully reviewing their claims.
The vulnerabilities found are potentially dangerous for users of devices based on the Intel Atom family. These are low-power processors mainly used in netbooks, tablets, POS terminals and POS machines.
In the last decade, a promising trend - the Internet of Things - has been actively developing in the world. Atypical functionality appears in many devices. Refrigerators are equipped with screens, kettles get Internet connection modules, and TVs get cameras. This is not a complete list of the symbioses that are formed in the modern world of technology, said partner and director of IQReserve Pavel Myasoedov.
According to the expert, this trend is clearly aimed at improving the quality of life, but along with it a number of cyber-threats emerge.
Devices are controlled by voice, receive our images and send all data to remote servers, where calculations take place, for example, to control the brightness of a smart light bulb or display a recipe on the refrigerator screen.
"At that time, there is a risk that the user's information or biometric data will be intercepted in the transmission process, or the server will be attacked by hackers. From this data, an attacker can learn a lot about a person. But this is not the biggest risk that smart home appliances bring to our world," noted Mr. Myasoedov.
Doorbells, cameras and microphones connected to the Internet allow us to monitor our actions from anywhere in the world in real-time. Switching on smart lights in different rooms will inform us about the person's movements in the apartment, while a sensor on the door will tell us when the person has left it. In some cases, the room can even be locked from the outside, creating a serious threat to life and health.
All this can let your partner know how and with whom you spend your time, and the thief will know the most appropriate moment to break into the apartment.
"Progress in terms of protecting devices from unauthorized access, of course, does not stand still. But today the Internet of Things is lagging far behind in terms of security. Neither manufacturers nor third-party companies offer sufficiently reliable anti-viruses and protection systems. So while smart technology is still developing, you have to be careful not to rely entirely on household appliances and not to load too much information into them," warned the expert.
More than 6,000 surveillance cameras in Russia are open to the public, some of them are located at industrial enterprises and critical infrastructure facilities
According to Avast, an IT security software company, more than 6.3 thousand CCTV cameras in Russia can be accessed by anyone: they have open IP addresses, making them accessible to cybercriminals.
Some of these cameras are located at critical infrastructure facilities and industrial enterprises. "The system of most of these cameras can be accessed without a username and password, or the password is set by default," explained Avast. These cameras can be used to set up an illegal video surveillance system. Another threat is that their IP addresses could be used by cybercriminals to gain access to the networks of companies or businesses. Cameras in banks that are open to the public threaten to leak credit card and passport data.
Experts noted that data from cameras, for example, can be a source of information about a person's movements. For example, an attacker could map a person's movements around the city. In case, of course, that the quality from the cameras allows a specific person to be recognized.
According to them, too little attention is usually paid to the security of the cameras. "Default ports and passwords and the use of the cheapest Chinese devices with insecure firmware are the norm rather than the exception," stated the experts.
Avast cites data from the Internet of Things search engine Shodan.io, which monitors vulnerable IP addresses. According to Shodan.io, Russia has the fifth-highest number of open IP surveillance cameras, behind Vietnam, Taiwan, South Korea and the US.
TelecomDaily analysts estimate that in terms of the total number of installed video surveillance cameras, Russia is in third place in the world with 13.5 million, or 93.2 units for every thousand people. Only China and the US have more cameras.
Unc0ver, one of the most popular iPhone jailbreaking tools has got a new update. The latest version 6.0 works on iOS 11 (iPhone 5s and later) to iOS 14.3 operating systems. A hacker group named ‘Pwn2Ownd’ is responsible for releasing this jailbreaking tool for iPhones.
Industrial associations have been cautioned for this present week that a critical authentication bypass vulnerability can permit hackers to remotely compromise programmable logic controllers (PLCs) made by industrial automation giant Rockwell Automation that are marketed under the Logix brand. These gadgets, which range from the size of a little toaster to a huge bread box or considerably bigger, help control equipment and processes on assembly lines and in other manufacturing environments. Engineers program the PLCs utilizing Rockwell software called Studio 5000 Logix Designer.
Google Project Zero team disclosed the details of a recently fixed Windows flaw, tracked as CVE-2021-24093, that can be compromised for remote code execution in the context of the DirectWrite user. Dominik Rottsches of Google and Mateusz Jurczyk of Google Project Zero discovered the flaws and reported the issue to Microsoft in November and the bug report was made public this week.
The administrator behind Joker's Stash professes to have formally closed down the operation on 15th February. Meanwhile, criminal gangs offering stolen payment cards for sale have stepped up their promotional efforts. Among the darknet marketplaces vying to get previous Joker's Stash clients are Brian's Club, Vclub, Yale Lodge, and UniCC, Kela says. Joker's Stash clients were likely already searching for a new marketplace, says the threat research firm Digital Shadows, because of the site's declining customer service and having its service hindered by law enforcement officials in December 2020.
In the SHAREit program, Trend Micro has found several vulnerabilities. The bugs may be exploited by extracting sensitive data from users, and by using malicious code or programs to run arbitrary code with the ShareIt permissions. It can also contribute to remote execution code (RCE). In the past, the software was often associated with bugs that used to download and abuse users' files. While the app allows for the upload and update of file types like the Android Package (APK), there are most definitely accidentally unconsidered bugs correlated with these functions.
Details of a series of bugs in Palo Alto Firewall Software, which the network provider addressed last September, were revealed by security researchers recently. The four-vulnerability swarm of bugs contains many bugs within, found by protection experts in Positive Technologies in the Palo Alto PAN-OS operating system. The next-generation firewall (NGFW) from Palo Alto Networks is the leading corporate firewall used to protect businesses from many cyber threats worldwide. It works with its own "PAN-OS" operating system.