Researchers Find Security Flaws in 40 Kernel Drivers from AMD, Nvidia, Intel, and Others
Researchers at last weekend’s DEF CON 27 presented design flaws they found in more than 40 kernel drivers from 20 different major hardware vendors. They blame the defects on poor coding practices which don’t take security into account.
Mickey Shatov, a principal researcher at Eclypsium, stated, “The design flaw surfaces when signed drivers provide functionality which can be misused by userspace applications to perform arbitrary read/write of these sensitive resources without any restriction or checks from Microsoft.”
Rather than making particular drivers only perform specific tasks, developers flexibly wrote them “to just perform arbitrary actions on behalf of userspace.” With an elastic structure, drivers are opened to an increased risk of exploitation.
Vendors that were shipping vulnerable drivers are shown below:
● American Megatrends International (AMI)
● ASRock
● ASUSTeK Computer
● ATI Technologies (AMD)
● Biostar
● EVGA
● Getac
● GIGABYTE
● Huawei
● Insyde
● Intel
● Micro-Star International (MSI)
● NVIDIA
● Phoenix Technologies
● Realtek Semiconductor
● SuperMicro
● Toshiba
Some vendors, such as Intel, have already issued updates; however, many remain vulnerable. The researchers plan to publish the list of affected drivers and their hashes on GitHub within the next couple of months.
Read more here
Binance KYC Data Leak — Crypto Exchange Sets $290,000 Bounty on Blackmailer
The world’s largest cryptocurrency exchange by volume, Binance, became a victim of a scammer who claimed to have hacked the Know Your Customer (KYC) data of thousands of users. The scammers threatened to release the information of 10,000 users if the company refused to pay 300 bitcoins ($3.5 million at the time). The scammers have provided several photos of individuals holding identification cards such as passports and licenses with a piece of paper saying “Binance” to various news outlets.
As a response, Binance released a statement confirming the threat and stated they are still investigating the legitimacy of the images. As of this writing, they will not pay the ransom. Binance is also offering a reward of 25 bitcoins (around $290,000) to anyone who provides information related to the identity of the scammers.
Read more here
DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack
Researchers at Check Point presented a new class of vulnerabilities targeting SQLite outside a browser for the first time at DEF CON 27. The latest attack techniques “exploit memory-corruption issues in the SQLite engine itself — leading to a host of new hacks, including code execution on an iOS device.” As SQLite is one of the most deployed piece of software in the world, this vulnerability could have serious consequences.
The researchers demonstrated how an attack against SQLite could be used to bypass an iPhone’s secure mechanism “by replacing the contacts database (AddressBook.sqlitedb) prior to reboot with a rogue database — leading to privilege escalation.” The new attack traces back to the researchers attempting to backdoor password-stealing malware samples Azorult, Loi Bot, and Pony. At the end of their presentation, the researchers stated that they are barely scratching the “tip of the iceberg” when it comes to SQLite exploitation potential.
Get more information here
Apple Announces Significant Changes to Its Bug Bounty Program, Including Higher Rewards
During the Blackhat cybersecurity conference, Apple announced multiple changes to its various bug bounty programs. One of the most substantial changes relates to the payout for bounty rewards. The maximum compensation for a zero-click kernel code execution (a vulnerability that could be exploited by an attacker to take over a device) increased from $200,000 to $1 million. The new reward is the largest payout for a bug bounty program operated by a tech company. Apple also announced it would provide a 50 percent bonus to any individual that reports a security issue before its public release.
Additionally, Apple extended its bug bounty program from only the iOS mobile operating system to all operating systems, including macOS, watchOS, tvOS, iPadOS, and iCloud. The tech giant also announced that, starting in 2020, it will provide pre-jailbroken iPhones “to a selected number of trusted white-hat hackers under its iOS Security Research Device Program.”
Read more here
Thousands of IoT Devices Bricked by Silex Malware
A 14-year-old hacker utilized a new strain of malware, Silex, to brick up to 4,000 insecure Internet of Things (IoT) devices. The malware targets IoT devices running Linux or Unix operating systems and contain known, or easily guessable, default passwords. Once the malware gains access, it destroys the device’s storage, removes the firewalls, and then entirely halts it.
The hacker states that he was “trying to take down targets for other script kiddies who might be looking to build botnets,” and that was his only motivation.
As always, it’s critical to avoid using default passwords and maintain a proper update process for all devices.
Read more here