Malware Turns Computers Into Cellular Antenna

A team of Israeli researchers have improved on a way to steal data from air-gapped computers, thought to be safer from attack due to their isolation from the Internet.

They’ve figured out how to turn the computer into a cellular transmitter, leaking bits of data that can be picked up by a nearby low-end mobile phone.

While other research has shown it possible to steal data this way, some of those methods required some hardware modifications to the computer. This attack uses ordinary computer hardware to send out the cellular signals.

Their research, which will be featured next week at the 24th USENIX Security Symposium in Washington, D.C., is the first to show it’s possible to steal data using just specialized malware on the computer and the mobile phone.

“If somebody wanted to get access to somebody’s computer at home — let’s say the computer at home wasn’t per se connected to the Internet — you could possibly receive the signal from outside the person’s house,” said Yisroel Mirsky, a doctoral student at Ben-Gurion University and study co-author.

The air-gapped computer that is targeted does need to have a malware program developed by the researchers installed. That could be accomplished by creating a type of worm that infects a machine when a removable drive is connected. It’s believed this method was used to deliver Stuxnet, the malware that sabotaged Iran’s uranium centrifuges.

The malware, called GSMem, acts as a transmitter on an infected computer. It creates specific, memory-related instructions that are transmitted between a computer’s CPU and memory, generating radio waves at GSM, UMTS and LTE frequencies that can be picked up by a nearby mobile device.

The GSMem component that runs on a computer is tiny. “Because our malware has such a small footprint in the memory, it would be very difficult and can easily evade detection,” said Mordechai Guri, also a doctoral student at Ben-Gurion.

Source

Can Oracle Make Money Off Android?

Database outfit Oracle’s moves to try and copyright APIs appear to be part of an attempt for Oracle to make money on Android.

Oracle has asked a U.S. judge for permission to update its copyright lawsuit against Google to include the Android which it claims contains its Java APIs.

Oracle sued Google five years ago and is seeking roughly $1 billion in copyright claims if it manages to convince a court that its APIs are in Android it could up the damages by several billions.

Oracle wrote in a letter to Judge William Alsup on Wednesday that the record of the first trial does not reflect any of these developments in the market, including Google’s dramatically enhanced market position in search engine advertising and the overall financial results from its continuing and expanded infringement.

Last month, the US Supreme Court upheld an appeals court’s ruling that allows Oracle to seek licensing fees for the use of some of the Java language. Google had said it should use Java APIs without paying a fee.

Source

Microsoft To Open Source Radio Code

Microsoft has begun to open source some more of its code, this time for the Microsoft Research Software Radio (Sora).

“We believe that a fully open source Sora will better support the research community for more scientific innovation,” said Kun Tan, a senior researcher on the Sora project team.

Sora was created to combat the problem of creating software radio that could keep up with the hardware developments going on around it.

The idea behind it is to run the radio off software on a multi-core PC running a basic operating system. In the example, it uses Windows. But then it would.

A PCIe radio control board is added to the machine with signals processed by the software for transmission and reception, while the RF front-end, with its own memory, interfaces with other devices.

The architecture also supports parallel processing by distributing processing pipelines to multiple cores exclusively for real-time SDR tasks.

Sora has already won a number of awards, and the Sora SDK and API were released in 2011 for academic users. More than 50 institutions now use it for research or courses.

As such, and in line with the groovy open Microsoft ethos, the software has now been completely open sourced, with customizable RF front-ends, customizable RCB with timing control and synchronization, processing accelerators and support for new communication models such as duplex radios.

The Sora source code is now up on GitHub. Use cases already in place include TV whitespace, large scale MIMO and distributed MIMO systems.

Microsoft has made a number of moves towards open sourcing itself over the past year. Most notably, The .NET Framework at the heart of most Windows programs was offered up to the newly created .NET Foundation.

It was announced yesterday that Google is releasing its Kubernetes code to the Linux Foundation to set up a standardized format for containerization.

Source

Xerox To Revamp Healthcare IT Business

Xerox Corp said it would overhaul its healthcare IT business and record a related impairment charge of about $145 million in the second quarter.

The company said it would end sales of its integrated eligibility system, a software system which can support operations in call centers and document imaging.

The healthcare business provides administrative and care management solutions to state Medicaid programs and government healthcare programs.

“Going forward, Xerox will focus on managing and completing the current Health Enterprise implementations, and will be highly selective in responding to new Medicaid Management Information System opportunities,” the company said on Friday.

The healthcare business contributes “$2 billion plus” to total revenue, a company spokeswoman said. The company reported total revenue of $19.54 billion for 2014.

“Basically, they are focusing their government healthcare business away from less profitable initiatives that they were pursuing. I see it as a positive,” Cross Research analyst Shannon Cross said.

“From a long-term stand point, it (Medicaid) is a profitable business,” Cross said.

Xerox, which has been shifting its focus to IT services from making printers and copiers, adjusted its earnings estimate for the quarter ended June to reflect the charge.

The company said it now expects earnings from continuing operations of 9-11 cents per share, below its prior guidance of 17-19 cents per share.

Shares of Xerox, which is expected to report second-quarter results on July 24, were up 1.6 percent at $10.79 in afternoon trading.

Source

Darkode Hacking Forum Shut Down

Law enforcement agencies from 20 countries collaborated to cripple a major computer hacking forum, and U.S. officials filed criminal charges against a dozen people associated with the website, the U.S. Department of Justice announced.

Darkode.com on is displaying a message saying the site and domain had been seized by the FBI and other law enforcement agencies.

Darkode, a password-protected online forum for criminal hackers, represented one of the gravest threats to the integrity of data on computers across the world, according to David Hickton, U.S. attorney for the Western District of Pennsylvania. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”

Five of the defendants face charges in Hickton’s district.

Darkode allowed hackers and other cybercriminals to sell, trade and share information and tools related to illegal computer hacking, the law enforcement agencies alleged.

Before becoming a member of Darkode, prospective participants were allegedly vetted through a process that included an invitation by a member, the DOJ said in a press release. The prospective member then pitched the skill or products he or she could bring to the forum.

Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware, the DOJ said.

The takedown of the forum and the charges announced Wednesday came after the FBI’s infiltration of Darkode’s membership.

Source

Is Yahoo Growing?

Yahoo’s share gains since November from a partnership with Mozilla may be a clue about whether the search company can gain new users through the just-announced contract to change Internet Explorer’s and Chrome’s default search through installations of Oracle’s Java.

Although the news of the Yahoo-Oracle partnership got the lion’s share of attention, CEO Marissa Mayer also used last week’s shareholder meeting to mention the Mozilla pact.

The five-year contract with Mozilla, the maker of Firefox, has boosted Yahoo’s share of the U.S. search market, but growth has stalled for the last three months, according to measurement company comScore.

On Wednesday, Mayer asserted that the Mozilla deal — negotiated last fall — was “profitable,” but didn’t provide any numbers to back that up. Neither Yahoo nor Mozilla has disclosed how much the former paid to become Firefox’s default search engine in the U.S.

By comScore’s measurement, Yahoo accounted for 12.7% of all U.S. searches in May, the same share it controlled in both March and April. Although that was 2.5 percentage points higher than in November 2014 — before Firefox began urging users to accept Yahoo as the default — and represented a six-month increase of 25%, May’s share was down from the January peak of 13%.

From all indications, Yahoo has gotten as much out of the Firefox deal as it will likely get. The flip-side is that Yahoo has hung onto most of what it grabbed from Google — Firefox’s previous default — even as Google has tried to get users to return.

For May, comScore pegged Google’s share at 64.1%, down one-tenth of a percentage point from the month prior. Microsoft’s share rose that one-tenth of a point to end May at 20.3%. Because Bing powers Yahoo’s search results, Microsoft’s technology accounted for 31.4% of all U.S. searches, still less than half Google’s 65.2%.

Source

Jawbone Sues Fitbit

Jawbone has filed another lawsuit against Fitbit in less than two weeks, alleging its activity tracking products infringe several of Jawbone’s patents.

The new suit, filed Wednesday in San Francisco by Jawbone parent company AliphCom, seeks unspecified damages and an injunction to block the sale of Fitbit devices such as the Flex, Charge and Surge bands.

Late last month, Jawbone filed another lawsuit, accusing Fitbit of poaching its employees and stealing trade secrets. Fitbit has said it has no knowledge of any such information in its possession.

In its latest complaint, Jawbone says it will also ask the U.S. International Trade Commission to investigate Fitbit, which could potentially lead to an import ban on Fitbit products.

Jawbone says it has hundreds of patents granted or pending, and claims that Fitbit infringes several of them. One patent describes a “general health and wellness management method and apparatus for a wellness application using data from a data-capable band.”

Another patent covers a “system for detecting, monitoring, and reporting an individual’s physiological or contextual status.”

Fitbit didn’t immediately respond to a request for comment on the latest suit.

The timing is bad for Fitbit, which is preparing to go public on the U.S. stock markets. It also faces intense competition from a number of rivals, which also include Garmin and Apple with its Apple Watch.

Both Jawbone and Fitbit make wearable bands and associated software that tracks people’s movement, exercise, sleep and heart rate.

Source

Can MB Challenge Tesla?

On the heels of Tesla announcing a home and commercial battery product line, Mercedes-Benz unveiled its own brand of energy storage products for those with solar systems to store surplus power.

The Mercedes-Benz energy storage plants for private use are available for order now and are expected to ship in September.

The batteries were first developed for cars, but Mercedes-Benz said the energy storage units “meet the very highest safety and quality standards” for home use.

Up to eight battery modules with an energy capacity of 2.5 kWh can be combined into an energy storage plant with a capacity of 20 kWh.

“Households with their own photovoltaic systems can thus buffer surplus solar power virtually free of any losses,” the carmaker said in a statement.

What wasn’t announced by Mercedes-Benz was information about the size of or pricing for the new batteries.

In May, Tesla announced its Powerwall batteries for home use and its Powerpack batteries for commercial use. Today, Tesla CEO Elon Musk announced his company would double the power output of the Powerwall batteries but keep their prices the same.

Tesla’s Powerwall batteries will go from having a two-kilowatt (kW) steady power output and 3.3kW peak output to a 5kW steady output and 7kW peak output, Musk said. The price of the batteries will remain the same: $3,000 for the 7kW/hour (KWh) daily cycle version and $3,500 for the 10kWh backup UPS version. Total installation cost will run around $4,000, according to Musk.

Up to nine Powerwall battery units can be daisy-chained together on a wall to provide up to 90kWh of power.

The average U.S. household uses about 20 kWh to 25 kWh of power every day, according to GTM Research.

Tesla Energy’s new commercial-grade battery is called the Powerpack, and will sell in 100kWh modules for $25,000 each. Musk said the Powerpack can scale infinitely, even powering factories and small cities.

Mercedes-Benz’s batteries, being produced by subsidiary Deutsche Accumotive, are its first industrial-scale lithium-ion units, and they’ve already been tested “on the grid,” the company said.

Source

IRS Reducing Size Of Cybersecurity Staff

The Internal Revenue Service, which confirmed rumors of a breach of 100,000 taxpayer accounts, has been consistently reducing the size of its internal cybersecurity staff as it increases its security spending. This may seem paradoxical, but one observer suggested it could signal a shift to outsourcing.

In 2011, the IRS employed 410 people in its cybersecurity organization, but by 2014 the headcount had fallen by 11% to 363 people, according to annual reports about IRS information technology spending by the U.S. Treasury Department Inspector General.

Despite this staff reduction, the IRS has increased spending in its cybersecurity organization. In 2012, the IRS earmarked $129 million for cybersecurity, which rose to $141.5 million last year, an increase of approximately 9.7%.

This increase in spending, coupled with the reduction in headcount, is an indicator of outsourcing, said Alan Paller, director of research at the SANS Institute. Paller sees risks in that strategy.

“Each organization moves at a different pace toward a point at which they have outsourced so much that the insiders do little more than manage contracts, and lose their technical expertise and ability to manage technical contractors effectively,” said Paller.

An IRS spokesman was not able to immediately answer questions about the IRS’s cybersecurity spending.

This breach is drawing congressional scrutiny. On Tuesday, U.S. Senator Orrin Hatch (R-Utah), who heads the Senate Finance Committee, called the breach “unacceptable.”

The IRS’s total IT budget in 2014 was $2.5 billion, an increase from the prior year’s $2.3 billion, with 7,339 employees last year, little change from 7,303 reported in 2013.

The agency’s IT budget has fared better than the agency overall. Congress has been cutting spending at the agency. IRS funding has been reduced by $1.2 billion over the last five years, from $12.1 billion in 2010 to $10.9 billion this year. An IRS official told lawmakers earlier this year that the budget cuts have delayed critical IT investments of more than $200 million, which includes replacing aging IT systems.

Source

RadioShack Plans To Sell Customer Data

RadioShack plans to keep moving forward with its plan to sell its customer data, despite opposition from a number of states.

The company has asked a bankruptcy court for approval for a second auction of its assets, which includes the consumer data.

The state of Texas, which is leading the action by the states, opposed the sale of personally identifiable information (PII), citing the online and in-store privacy policies of the bankrupt consumer electronics retailer.

The state claimed that it found from a RadioShack deposition that the personal information of 117 million customers could be involved. But it learned later from testimony in court that the number of customer files offered for sale might be reduced to around 67 million.

In the first round of the sale, RadioShack sold about 1,700 stores to hedge fund Standard General, which entered into an agreement to set up 1,435 of these as co-branded stores with wireless operator Sprint. Some other assets were also sold in the auction.

The sale of customer data, including PII, was withdrawn from the previous auction, though RadioShack did not rule out that it could be put up for sale at a later date.

The case could have privacy implications for the tech industry as it could set a precedent, for example, for large Internet companies holding consumer data, if they happen to go bankrupt.

Texas has asked the U.S. Bankruptcy Court for the District of Delaware for a case management order to ensure that in any motion for sale of the PII, RadioShack should be required to provide information on the kind of personal data that is up for sale and the number of customers that will be affected.

On Monday, Texas asked the court that its motion be heard ahead of RadioShack’s motion for approval to auction more assets.

The court had ordered in March the appointment of a consumer privacy ombudsman in connection with the potential sale of the consumer data including PII. RadioShack said in a filing Friday that it intends to continue working with the ombudsman and the states with regard to any potential sale of PII, but did not provide details.

Source

« Previous Page — Next Page »