Security Week 11: 38 infected smartphones, FBI crying for encryption, Google again patched up Chrome

To pick up something malicious on a more or less modern version of Android is not so easy. In most cases, the attack is carried out with the use of social engineering, and so fierce that the victim herself allows the installation of applications from the left sources in the system settings, she downloads herself and installs the Trojan on her smartphone. And we do not seem to be scared, because it is not about us. But there were guys with imagination and to our soul, who began to sell devices with built-in malware, and through reputable stores.

Strictly speaking, the topic is not very new - the pre-installed malware has been found more than once in the firmware of the Chinese telephones, and they wrote about the criminal groups involved in buying, infecting and selling used phones (and the subsequent cutting of the victims, of course). But this time the problem is bigger: the researchers found 38 popular smart phone models infected before they entered the store. Moreover, they were taken not at the market, as one might have thought, but in the “big telecommunication company” and “transnational technology company”.

Among these models there are all sorts - and budget, and flagship, including Google Nexus 5 and 5X, Samsung Galaxy S7, as well as popular among the people of Xiaomi and Lenovo. The researchers found several different malicious strains in them: some steal user data, others show ads from various suspicious banner networks. And in the same phone a potential owner was waiting for the extortionist cryptographer Slocker.

Interestingly, on six smartphones, the Trojan was hiding in the firmware, and could not be deleted by simply cleaning the flash memory, in other cases, the malware was installed as a third-party application on the official firmware. Who is to blame - is unclear. Experts are only looking for an entry point to the supplier chain. However, a variety of models and malicious strains already speaks of the not-weak scope of the operation. Or about several parallel campaigns, which is no better.
')
FBI complains about strong cryptography
After Snowden's revelations, life was scary, but fun. The people were told about Prism, backdoors, bookmarks and implants, thanks to which the competent authorities know almost everything about us, and began to teach the basics of information security. Protected instant messengers with the support of end-to-end encryption sprouted on mushrooms, perfectly moistened by people's fears like mushrooms. But still, in the depths of their hearts, no one believed that it was possible to defend themselves so easily from state supervision.

And then suddenly it turns out that some of the available means of ensuring the confidentiality of data still work well. FBI Director James Komi, incendiaryly, spoke at the Boston Conference on Cybersecurity, calling on the community for an adult discussion about the strong encryption that fell across his office.

The adult discussion from Komi looked like a stream of complaints and arguments like “we cannot investigate crimes without access to your data” and “you cannot persist in pedophile metadata alone”. And, due to the fact that the Bureau does not give money for the development of hacking tools, Mr. Director wants the information security community not to try so hard, and the agents could get at least a little bit of user data.

The problem is really serious: according to Komi, from October to December 2016, the FBI rummaged in 2800 mobile devices, and could not hack 1,200 of them. What if there is child porn and drawings of a “dirty bomb”? Modern cryptographic technologies equally reliably protect the data of a respectable user as well as a hardened criminal - so the court’s order will not help anything - the service provider simply does not have encryption keys.

Of course, strong encryption itself appeared quite a long time ago, the catch is that this is now a very fashionable topic, thanks to Snowden. Because of him, even the most ardent Neoldudites have come to respect information security and communicate via Signal, Telegram, and similar applications. However, security researchers have heard all these arguments more than once and for the most part understand that weak encryption gives criminals not less, but much more opportunities than law enforcement agencies - as long as the good guys bring one villain to justice, the bad ones will process a hundred innocent people users.

Chrome 57 closed dangerous vulnerabilities
You can watch endlessly on burning fire, flowing water, and closing vulnerabilities in Chrome . It would seem that the code has long been licked to shine, but - no, researchers are well motivated by Google’s award each month to bring a bunch of new holes. This time there are 36 of them, nine of which can allow an attacker to take control of the system. For example, here are a few:

- Violation of the integrity of memory (memory corruption) in the engine JavaScript V8;
- Use data after freeing memory (use after free) in the graphics API ANGLE;
- Record out of bounds of the buffer (out-of-bounds write) in PDFium;
- Overflow integer variable (integer overflow) in libxslt.

It cost Papa Brin an extra 38 thousand dollars, which is a penny for the company, and not a bad addition for researchers. The moral of the story is that maintaining security is a continuous process, and neglecting them means accumulating vulnerabilities in your product and endangering users.

Antiquities

"Estonia-1716"

Resident very dangerous virus. It affects start-up .COM- and EXE-files besides COMMAND.COM, it adds 4 check bytes to COM-files. Explicit plagiarism with viruses "Yankee". On Mondays at 14 o'clock, he deciphers the text “Independent Estonia presents” in the center of the screen, then plays “The Dog Waltz” and restarts the computer. Traces int 21h.

Quote from the book "Computer viruses in MS-DOS" Eugene Kaspersky. 1992 Page 67.

Disclaimer: This column reflects only the personal opinion of its author. It may coincide with the position of Kaspersky Lab, or it may not coincide. Then how lucky.