Mission Impossible Camera Hacking, SMS Spreading Android Malware and Telegram Voicemail Attack
Hollywood Hacking Surveillance Camera Feeds
Affects You If: You have or operate security camera feeds for a business.
Threat: Denial of Service and Footage Replay attacks. Most likely to be performed by script kiddies or hackers finding your devices via tools such as Shodan and looking to test their skills in some Hollywood hacking style scenarios. Probably more of an annoyance than anything.
Threat Level: Relatively low but proves a point regarding IoT device security.
Summary: Security researchers have demonstrated how vulnerable Internet of Things (IoT) security cameras can be by replacing live video feed with a pre-recorded video feed just like in the movies, hence the name, Hollywood hacking. Forescout researchers set up an environment much similar to how most new smart buildings are being organised and showed how through a bit of reconnaissance and know-how, you can replace the insecure live streaming feed.
Stage 1 is to create a Denial-of-Service (DoS) attack on the video surveillance system to prevent it showing, recording and storing footage. Once achieved the attacker obtains a frozen image from the original footage.
Stage 2 is following the DoS attack; the attacker forces the network video recorder to render the pre-recorded footage obtained earlier as long as the camera does not receive any new connections. As a result, any security guard watching the screen will see the scene he always expects except this time it's a still picture and what is actually playing out is the bad guy/girl going about their malicious activity. That's some mission impossible style hacking there.
A demonstration of the attack can be found here.
Prevention: Ensure you update the security configurations and firmware of any device you own and even before you buy to ensure that the device has the facility for you to manually change and check these settings. Set strong passwords on any external-facing remote login webpage for the devices and enable two-factor for login as well, if possible. If you need help regarding this issue or anything similar, please call Crucial Academy on 01273 060080 or email us on [email protected].
SMS Spreading Mobile Android Ransomware
Affects You If: You use the Android operating system 5.1 or later
Threat: The malware dubbed Android/Filecoder.C (FileCoder) infects your device and then sends out a load of malicious text messages to your contacts to spread further and then encrypts most of your user files on the device and then requests a ransom from you.
Threat Level: You’re in luck. Due to a flawed encryption method used by the attackers, it is possible to decrypt your affected files without any assistance from the attacker. See here for how to do it
Summary: First seen by ESET Mobile Security on July 12th, 2019, the campaign began on a few Reddit pages (now removed) and an Android Developers forum called “XDA Developers”. Here the posts would lure people with the offer of porn or sex simulators and attempt to get them to visit two different domains to download malicious Android files. And guess what was behind those download files? Actual Android apps? Nope, you guessed it, classic ransomware. To increase the chances of people downloading the ransomware, the pages also contained QR scan codes, which if scanned by the phone's camera again pointed to the malicious apps requesting to be downloaded. Also, URL shorteners have been used to disguise the real URL.
To further spread itself, once downloaded onto a mobile device, the ransomware will send malicious text messages from the phones contact list (using personal names to drop people’s guard) with links to the ransomware application.
Prevention: To prevent this sort of attack do not click on any links sent from people in your contact list that have unusual URLs, especially if they relate to pornography. Always contact the person separately to see if they intended to send the message. Keep your devices up to date and only download applications from reputable sources. If you need help regarding this issue or anything similar, please call Crucial Academy on 01273 060080 or email us on [email protected].
Voicemail Backdoor for Telegram
Affects You If: You use Telegram messaging app
Threat: Hackers exploiting Telegrams service of sending your account password to your voicemail if you fail to pick up its SMS or telephone alerts after three attempts.
Threat Level: Used to be relatively high if you are a company executive, politician or hold any position of power or influence and known to use Telegram. New security measures from Telegram reduce threat considerably.
Summary: So ever wondered how journalists hacked into all of those celebrity phones ages ago well this is partly an iteration of that attack. With some high-profile politicians in Brazil recently having to resign because they fell victim to this attack this is how it is done.
You may not realise that you can access your voicemail from any phone you please. As long as you can remember the phone number associated with the voicemail and the voicemail's 4-digit PIN, you can gain access by calling up from any phone, typing in the applicable phone number and accessing it with the PIN. Now, knowing that information and let’s say you wanted to gain access to someone’s Telegram account what you could do is go into Telegram’s settings and initiate the process to add a new account. This will send a verification code via SMS to your new device, but if you don’t type in the code, it will call your device. If you don’t pick up after the third attempt it will leave the verification code as a voicemail. Now, this is where the insecurity with voicemail comes in. Did you know that unless you change your voicemail PIN it is normally set as 0000 or 1234? So guess what the hackers have now? That's right, the key to your voicemail because who updates their voicemail PIN and if you have been street smart, then they can try and brute-force the 10,000 different combinations of the PIN to gain access. Then they can transfer the account to the new phone and have access to everything.
Now, this was an attack vector that affected WhatsApp as well and you will be glad to know that Telegram has stepped in after becoming aware of the vulnerability and users can now only request a login code via a call if they have two-step verification enabled, which requires a password as well as a code.
Prevention: So, to protect yourself with whatever messaging service you use, we recommend you turn on two-factor or two-step verification if it’s available, and if you’re a voicemail user, ensure it’s protected with a randomly generated PIN. If you need help regarding this issue or anything similar, please call Crucial Academy on 01273 060080 or email us on [email protected].