Litany of Bad Behavior At Bezos' RING

December 13, 2019 by Marc Handelman in Hardware Flaws, Hardware Security, Death of Privacy, Information Insecurity

Based on outrage as to the marketing tactics of Amazon.com, Inc. (NASDAQ: AMZN) RING unit (and the serious flaws discovered weekly with this hardware home security solution), I predict significant lawfare targeting the company, for both it's privacy related SNAFUs (and the product line's deep security flaws) as well as it's aggressive and gratutities-laden marketing tactics (think the pharmaceutical industry in relation to doctors) targeting law-enforcement. Not too mention the obvious incompetence of the company's security oversight of RING as a line of business. Read All About It.

Researchers: SIMJacker Flaw Permits Device Hijack With SMS

September 16, 2019 by Marc Handelman in Hardware Flaws, Hardware Security, Information Security

Bad - very bad - news for SMS users, mobile device owners, manufacturers and carriers. h/t

'Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards that is widely being used by mobile operators in at least 30 countries and can be exploited regardless of which handsets victims are using.' - via Mohit Kumar, writing at The Hacker News

Spearphone

July 25, 2019 by Marc Handelman in Death of Privacy, Hardware Flaws, Hardware Security, Derivative Data Leakage

Exploit of the Month or How Using Smartphones In Speakerphone-Mode Descimates Your Privacy: Spearphone (PDF) (by way of the obviously superlative engineering of S. Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen), the speech privacy exploitation activity via the device-under-scrutiny's accelerometer detected vibrations emanating via the device's installed speakers. The claim is the use of the device's so-called speakerphone 'erodes' the privacy of the user. Today's Must Read! Hat Tip. Simply astonishing work.

"In particular, we show that by exploiting the affected accelerometer readings and carefully selecting feature sets along with off-the-shelf machine learning techniques, Spearphone can successfully perform gender classification (accuracy over 90%) and speaker identification (accuracy over 80%). In addition, we perform speech recognition and speech reconstruction to extract more information about the eavesdropped speech to an extent." via the Authors (S. Abhishek Anand, Chen Wang, Jian Liu, Nitesh Saxena and Yingying Chen))

Hardware Security, Ramtin Amin's Take

September 17, 2018 by Marc Handelman in Hardware Security, Hardware Secrets, Hardware Flaws, Information Security

Friend of the Blog Trey Blalock of Firewall Consultants sent a link in yesterday which amgically trasnprted us to Ramtin Amin's Web Blog yesterday (in actuality, a Hardware Security blog of considerable reknown)(gracias Trey!). Ramtin's work is indicative of a curious intellect, and tremendous hardware investigatory chops - (plus, keen eye-hand coordination!). If you are at all fascinated by hardware security (coupled with mobile telephony, femto-cells, cabling/dongles and the like) his blog will come as a refreshing changement de rythme of to-the-point discussions of same. Don't Doddle, Chop-Chop, Enjoy!

The Foreshadow Attack: Intel On The Ropes →

August 15, 2018 by Marc Handelman in Accountability, Hardware Flaws, Hardware Security, Information Security, Speculative Execution, Security Research

Is Intel Corporation (Nasdaq:INTC) Down and Out, or Just Down? As always you be the judge...

NetSpectre, The New Vector

July 30, 2018 by Marc Handelman in Hardware Security, Hardware Secrets, Hardware Flaws, Microcode Flaws, Information Security

Meanwhile, in Spectre (PDF) news, comes word from Ars Technica's Peter Bright, of a newly discovered attack vector (PDF) (dubbed NetSpectre) using the pernicious speculative-execution in-built microcode from the Minds of Intel Corporation. Now - and this is truly lovely - the vectors' not local, but external and free from the constraints of local environs (perhaps endpoint security, etc) and is consequently a more pernicious network-resident information operation. Thanks Intel You're Swell!

"That impact is now a little larger. Researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system." - via Peter Bright,, whilst writing at Ars Technica

Bad News Beemer, The Flaw Tales →

May 29, 2018 by Marc Handelman in Automobile Security, Information Security, Hardware Security, Hardware Flaws, Must Read

Charlie Osborne writing for ZDNet's Zero Day, regales us with the story of the proverbial Bad Beemer, and the discoveries of deep flaws in the German automaker's usually highly regarded automobiles, by Tencent's Keen Security Labs. Today's Must Read.

Black Hills Information Security-Rick Wisser & Sierra Ward's Hardware Hacking 101 →

May 24, 2018 by Marc Handelman in Education, Hardware Security, Hardware Secrets, Hardware Flaws, Information Security

Fourth Spectre/Meltdown Hole of Doom Discovered →

May 24, 2018 by Marc Handelman in Hardware Secrets, Hardware Flaws, Hardware Security, Information Security

via Chris Williams, Editor in Chief of The Register, comes this surprising/yet not surprising fourth security flaw that now joins the Spectre/Meltdown Speculative Execution flaw in modern CPUs. Bad news for all.

"Variant 4 is referred to as a speculative store bypass. It is yet another "wait, why didn't I think of that?" design oversight in modern out-of-order-execution engineering. And it was found by Google Project Zero's Jann Horn, who helped uncover the earlier Spectre and Meltdown bugs, and Ken Johnson of Microsoft." - via Chris Williams, Editor in Chief of The Register targeting the fourth known Spectre/Meltdown flaw.

The Grayshift Predicament →

April 27, 2018 by Marc Handelman in Hardware Secrets, Hardware Flaws, Hardware Security, Information Security, Forensication, Forensics, Law Enforcement, Law

I am sure you have all read the news of Grayshift's issues battling extortionists and their ilk. I have, however, not seen any significant commentary regarding the data theft this SNAFU could facilitate.

Here's the thought problem (looking for culpability, specifically): A Law Enforcement agency has taken custody (adhering to standards of Generally Accepted Chain of Custody guidelines) of a suspect's iPhone. Unbeknownst to the trusted Sworn Officers and Forensicators (often, one in the same) examining the device, the Grayshift appliance undergoes an unfortunate successful attack - mounted by external miscreant(s) unknown, and succumbs to the exfiltration of all data on the applicance AND the slurped data on the iPhone.

Subsequent forensication by the Sworn Officers or Forensicators (again, often one in the same - at least in smaller agencies) entrusted with reasonable and prudent Chain of Custody of the device under scrutiny, discover that the Grayshift appliance and the suspect's iPhone have both undergone the indignity of significant data leakage. How does the Agency proceed in the effort to lay charges - or not - and protect the Agency, as well?

Oh, and while they are at it, perhaps they could explain why the device is attached to a forward facing TCP/UDP connection to our beloved Interweb?

Branch-Prediction Exploitation, The Saga Continues... →

March 30, 2018 by Marc Handelman in Hardware Security, Hardware Flaws, Information Security

Bad news for the Intel Corporation (Nasdaq: INTC) and AMD Corporation (Nasdaq: AMD) apologists... There is word, coming from Peter Bright, plying his trade at Ars Technica of newly discovered branch prediction attacks. Bad news, indeed.

"Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data." - via Peter Bright, plying his trade at Ars Technica

Kerfuffle of Ryzen →

March 14, 2018 by Marc Handelman in Hardware Security, Hardware Flaws, Information Security, Kerfuffle

Ian Cutress - writing at eponymous AnandTech - expertly reported AMD Ryzen security flaws yesterday, via an announcement by security research firm CTS-Labs. While this appears to be bad news, let's leave the exact fix criteria to AMD, of which, has not responded (as of the writing of this post) to the annoucement from CTS-Labs (reportedly, the time-frame was a 24-hour notice, rather than the industry standard notification of 90 Calendar Days...). Stay tuned.

"CTS-Labs’ claims revolve around AMD’s Secure Processor and Promontory Chipset, and fall into four main categories, which CTS-Labs has named for maximum effect. Each category has sub-sections within." via Ian Cutress, reporting at AnandTech.

Updated 2018/03/15 0831 - Dan Goodin at Ars Technica provides additional insightful reportage, and this from Motherboard scribe Lorenzo Franceschi-Bicchierai detailing the indicators of fraud and subterfuge within (and without) the report.

Intel Warns Beijing of Spectre/Meltdown, Forgets to Call Washington... →

January 30, 2018 by Marc Handelman in Blatant Stupidity, Hardware Flaws, Hardware Security, Information Security

The stupidity just won't stop from the executives at Intel; Indeed... H/T

Another Flawed Bit of Intel Corp Nonsense, The Active Management Technology Vector →

January 17, 2018 by Marc Handelman in Bombast, Blatant Incompetence, Vulnerabilities, Vulnerability Research, Vulnerable Systems, Information Security, Hardware Security, Hardware Flaws

Reportedly, Harry Sintonen, empolyed at F-Secure as a security researcher, discovered during the course of his labors - a flaw in Intel's Active Management Technology (AMT) firmware. Ooops.

As is typical of Intel Corporation (Nasdaq: INTC) the firm is attempting to shirk responsability for this attack and transfer the blame onto the company's vendors, not to mention the glad-handing exhibited by the company's CEO at CES.

It's time to rein in Intel Corporation's significantly flawed software development practice (as evidenced by the output), as the ramifications for the company's vulnerability touch many - if not all - systems worldwide. Further, what else is flawed in the company's other products (for example, automotive chips, medical device systems where the firm's hardware and software reside)?

'But the latest vulnerability—discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post—is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer—even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords—by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel’s Management Engine BIOS Extension (MEBx).' - via Sean Gallagher - writing at Ars Technica

Linux: Check for Meltdown/Spectre Vulnerability →

January 14, 2018 by Marc Handelman in OpenSource, Hardware Flaws, Hardware Security, Information Security

Martin Brinkmann - writing at his superaltive GHacks site - provides a comprehensive tutorial for Linux targeting Meltdown and Spectre vulnerability; and as is typical for Mr. Brinkmann, he has the script sitting at GitHub. Very Nice, thanks Martin!

The Voice Assistant Gambit →

September 11, 2017 by Marc Handelman in All is Information, Alternate Attack Vectors, Alternate Attack Analysis, Physical Security, Information Security, Signals, Communication Security, Communications, Hardware Flaws, Hardware Security

Nicole Kobie, writing at New Scientist, tells the tale of newly researched voice assistant attack vectors leveraging signalling flaws (via an ultrasound attack) within both Apple Inc.'s (NasdaqGS: AAPL) and Amazon.com Inc.'s (NasdaqGS: AMZN) voice assitant offerings Siri and Alexa, respectively. The 'Dominoe Effect' of the ultrasound flaws in these products/services traverses down the device foodchain to Alexa and soo-to-be Siri enabled third party devices... Perhaps new protective sound generating devices are in order?

All Amazon and Apple Links in this Post are Non-affiliate

JHutchins' SharknAT&To →

September 05, 2017 by Marc Handelman in Routerland, Manufacturer Stupidity, Cruft, Information Security, Network Security, Hardware Flaws, Hardware Security, Must Read

Folks, gird yourselves for the truly horrifying... Read the superlative security reportage by jhutchins at NoMotion, in which, the good Hutchins details the cruft-laden, and fundamentally idiotic practice of hard-coding accounts in low-end routerland. Behold SharknAT&To, and more, much more... Today's Must Read. H/T

"When evidence of the problems described in this report were first noticed, it almost seemed hard to believe. However, for those familiar with the technical history of Arris and their careless lingering of hardcoded accounts on their products, this report will sadly come as no surprise. For everyone else, prepare to be horrified." - via NoMotions' jhutchins