Syber Group
Toll Free : 855-568-TSTG(8784)
Subscribe To : Envelop Twitter Facebook Feed linkedin

Malware Turns Computers Into Cellular Antenna

August 19, 2015 by  
Filed under Security

Comments Off on Malware Turns Computers Into Cellular Antenna

A team of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.

They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.

While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.

Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it’s possible to steal data using just specialized malware on the computer and the mobile phone.

“If somebody wanted to get access to somebody’s computer at home — let’s say the computer at home wasn’t per se connected to the Internet — you could possibly receive the signal from outside the person’s house,” said Yisroel Mirsky, a doctoral student at Ben-Gurion University and study co-author.

The air-gapped computer that is targeted does need to have a malware program developed by the researchers installed. That could be accomplished by creating a type of worm that infects a machine when a removable drive is connected. It’s believed this method was used to deliver Stuxnet, the malware that sabotaged Iran’s uranium centrifuges.

The malware, called GSMem, acts as a transmitter on an infected computer. It creates specific, memory-related instructions that are transmitted between a computer’s CPU and memory, generating radio waves at GSM, UMTS and LTE frequencies that can be picked up by a nearby mobile device.

The GSMem component that runs on a computer is tiny. “Because our malware has such a small footprint in the memory, it would be very difficult and can easily evade detection,” said Mordechai Guri, also a doctoral student at Ben-Gurion.

Source

Is The DRAM Market Gaining Traction?

June 1, 2015 by  
Filed under Computing

Comments Off on Is The DRAM Market Gaining Traction?

DRAM market conditions will be better in the third quarter of 2015, recovering from the bad first half of the year, according to Inotera.

Inotera chairman Charles Kau said that it was unclear if DRAM prices will stop falling and rebound in the third quarter.

Inotera on May 11 signed a $508 million five-year syndicated loan agreement with a consortium of local banks in Taiwan in the hope of getting a bit of flexibility until things pick up.
The outfit was not thinking of flogging any of the family silver, but plans to start distributing dividends to shareholders in 2016, Kau noted.

In 2014, non-PC DRAM products accounted for 60 per cent of Inotera’s total revenues. The company will continue to improve its product mix in 2015, while making progress in the transition to 20nm process technology.

Kau told Digitimes that Inotera http://www.digitimes.com/news/a20150512PD219.html plans to have 80 per cent of its total production capacity to be built using a newer 20nm node by the end of 2015.

Meanwhile it is not planning any big capital expenditure, he said.

Source

Should Encryption Be The Norm?

December 1, 2014 by  
Filed under Computing

Comments Off on Should Encryption Be The Norm?

Encryption should be a matter of priority and used by default. That’s the message from the Internet Architecture Board (IAB), the worldwide body in charge of the internet’s technology infrastructure.

The IAB warned in a statement that “the capabilities and activities of attackers are greater and more pervasive than previously known”.

It goes on to say: “The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default.

“We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.”

The purpose, the IAB claims, is to instill public trust in the internet after the myriad high-profile cases in which computer traffic has been intercepted, ranging from bank details to email addresses and all points in between.

The news will be unwelcome to the security services, which have repeatedly objected to initiatives such as the default encryption in iOS8 and Android L, claiming that it is in the interest of the population to retain the right to intercept data for the prevention of terrorism.

However, leaked information, mostly from files appropriated by rogue NSA contractor Edward Snowden, suggests that the right of information interception is abused by security services including the UK’s GCHQ.

These allegations include the collection of irrelevant data, the investigation of cold cases not in the public interest, and the passing of pictures of nude ladies to colleagues.

Source

LPDDR4 Smartphones Coming Next Year

January 6, 2014 by  
Filed under Smartphones

Comments Off on LPDDR4 Smartphones Coming Next Year

(View Comments)

A modern phone with 2GB of memory works just fine and since all Android chips and the OS itself support 32-bit mode only, it doesn’t makes much sense to jump over 3.5GB anytime soon.

Still, 64-bit support for Android might be coming after all and Samsung has a solution for people who want more than 3GB on their phone. Samsung has announced the first 8 gigabit (Gb) 4GB RAM module based on low power double data rate 4 (LPDDR4 memory).

It is a 20nm chip and has the lowest energy consumption and higher density to date. Four 8Gb dies combine to offer a single 4GB module we should see them in smartphones and tablets in the near future.

With 3.1 Gbps bandwidth the new LPDDR4 can deliver a 50 percent speed boost over the existing DDR3 and LPDDR3 based chips. Samsung also claims that LPDDR4 will enable a data transfer rate per pin of 3,200 megabits per second (Mbps), which is twice that of the 20nm-class LPDDR3 DRAM.

The Samsung claims that the chip needs 1.1 volts which is 40 percent less than what you would need for 20nm DDR3 chips and mass production starts in 2014.

It is not known when we can expect to see phones and tablets based on LPDDR4 anytime soon, but a dreamer can hope that phones such as Samsung Galaxy S5 might end up using one. After all this should be the next big thing, at least this is what Samsung wants you to believe.

Source

3G And 4G Modems Pose Security Threats

March 25, 2013 by  
Filed under Security

Comments Off on 3G And 4G Modems Pose Security Threats

Researchers Nikita Tarakanov and Oleg Kupreev analyzed the security of 3G/4G USB modems obtained from Russian operators for the past several months. Their findings were presented Thursday at the Black Hat Europe 2013 security conference in Amsterdam.

Most 3G/4G modems used in Russia, Europe, and probably elsewhere in the world, are made by Chinese hardware manufacturers Huawei and ZTE, and are branded with the mobile operators’ logos and trademarks, Tarakanov said. Because of this, even if the research was done primarily on Huawei modems from Russian operators, the results should be relevant in other parts of the world as well, he said.

Tarakanov said that they weren’t able to test baseband attacks against the Qualcomm chips found inside the modems because it’s illegal in Russia to operate your own GSM base station if you’re not an intelligence agency or a telecom operator. “We’ll probably have to move to another country for a few months to do it,” he said.

There’s still a lot to investigate in terms of the hardware’s security. For example, the SoC (system on a chip) used in many modems has Bluetooth capability that is disabled from the firmware, but it might be possible to enable it, the researcher said.

For now, the researchers tested the software preloaded on the modems and found multiple ways to attack it or to use it in attacks.

For one, it’s easy to make an image of the USB modem’s file system, modify it and write it on the modem again. There’s a tool available from Huawei to do modem backup and restore, but there are also free tools that support modems from other manufacturers, Tarakanov said.

Malware running on the computer could detect the model and version of the active 3G modem and could write an image with malicious customizations to it using such tools. That modem would then compromise any computer it’s used on.

The researchers also found a possible mass attack vector. Once installed on a computer, the modem application — at least the one from Huawei — checks periodically for updates from a single server, Tarakanov said. Software branded for a specific operator searchers for updates in a server directory specific to that operator.

An attacker who manages to compromise this update server, can launch mass attacks against users from many operators, Tarakanov said. Huawei 3G modems from several different Russian operators used the same server, but there might be other update servers for other countries, he said.

Research in this area is just at the beginning and there’s more to investigate, Tarakanov said. Someone has to do it because many new laptops come with 3G/4G modems directly built in and people should know if they’re a security threat.

Source

Can Hackers Attack A Trains Network?

January 7, 2012 by  
Filed under Around The Net

Comments Off on Can Hackers Attack A Trains Network?

Security expert Professor Stefan Katzenbeisser of Technische Universität Darmstadt told a security conference in Berlin that the GSM-R which is being installed in train networks makes them vulnerable to hackers.

Katzenbeisser said that the new system was vulnerable to “Denial of Service” attacks and, while trains could not crash, service could be disrupted for quite some time. Speaking to the Chaos Communication Congress he said that Network Rail is currently installing GSM-R across the British railway network.

It uses the similar technical standards to 2G mobile networks and is due to replace older signalling technology in southern England next year, and throughout the whole country in 2014. But train switching systems, which enable trains to be guided from one track to another at a railway junction, have historically been separate from the online world. If they were connected to the internet as they are in GSM-R they could be hit by Denial of Service attacks.

Source…

Apple Outs Patch For Tracking Issue

May 6, 2011 by  
Filed under Around The Net

Comments Off on Apple Outs Patch For Tracking Issue

As Apple promised last week in several discussions regarding its location tracking issues, iOS 4.3.3 addresses three bugs related to the database of location information on iOS devices. Firstly, it reduces the amount of the cached location information to a week’s worth, rather than relying on a size limit, as it previously did.

Secondly, it no longer backs up the cache to your Mac or PC via iTunes upon syncing, so the information isn’t available to anyone with access to your computer. And finally, the cache is now deleted from the device when Location Services are disabled in iOS’s Settings app.

Apple has also announced plans to encrypt the location information on iOS devices itself in the next major update to the operating system, which presumably means it will be incoporated into iOS 5.

The iOS 4.3.3 update applies to the iPhone 4, iPhone 3GS, iPad, iPad 2, third-generation iPod touch, and the fourth-generation iPod touch. Exceptions to this fix though, are the iPhone 3G and the second-generation iPod touch, both of which were supported by the original release of iOS 4 when the location database is believed to have been created but have since been dropped from compatibility. Also missing in action is the CDMA iPhone 4, although some reports have suggested that it didn’t log data in the same way as the GSM model.

Read More…