Author: Dan Goodin

Researchers have devised an attack on Android and iOS devices that successfully steals cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other high-value assets.

The exploit is what cryptographers call a non-invasive side-channel attack. It works against the Elliptic Curve Digital Signature Algorithm, a crypto system that's widely used because it's faster than many other crypto systems. By placing a probe near a mobile device while it performs cryptographic operations, an attacker can measure enough electromagnetic emanations to fully extract the secret key that authenticates the end user's data or financial transactions. The same can be done using an adapter connected to the USB charging cable.

"An attacker can non-invasively measure these physical effects using a $2 magnetic probe held in proximity to the device, or an improvised USB adapter connected to the phone's USB cable, and a USB sound card," the researchers wrote in a blog post published Wednesday. "Using such measurements, we were able to fully extract secret signing keys from OpenSSL and CoreBitcoin running on iOS devices. We also showed partial key leakage from OpenSSL running on Android and from iOS's CommonCrypto."

More than 13 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a newly discovered, low-cost attack that decrypts sensitive communications in a matter of hours and in some cases almost immediately, an international team of researchers warned Tuesday. More than 97,000 of the top 1 million most popular Web properties are among the vulnerable HTTPS-protected sites.

The attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through SSLv2, a TLS precursor that was retired almost two decades ago because of crippling weaknesses. The vulnerability allows an attacker to decrypt an intercepted TLS connection by repeatedly using SSLv2 to make connections to a server. In the process, the attacker learns a few bits of information about the encryption key each time. While many security experts believed the removal of SSLv2 support from browser and e-mail clients prevented abuse of the legacy protocol, some misconfigured TLS implementations still tacitly support the legacy protocol when an end-user computer specifically requests its use. The most notable implementation subject to such fatal misconfigurations is the OpenSSL cryptographic library, which on Tuesday is expected to release an update that makes such settings much less likely to occur.

Recent scans of the Internet at large show that more than 5.9 million Web servers, comprising 17 percent of all HTTPS-protected machines, directly support SSLv2. The same scans reveal that at least 936,000 TLS-protected e-mail servers also support the insecure protocol. That's a troubling finding, given widely repeated advice that SSLv2—short for secure sockets layer version 2—be disabled. More troubling still, even when a server doesn't allow SSLv2 connections, it may still be susceptible to attack if the underlying RSA key pair is reused on a separate server that does support the old protocol. A website, for instance, that forbids SSLv2 may still be vulnerable if its key is used on an e-mail server that allows SSLv2. By the researchers' estimate, that leaves 13.6 million HTTPS-protected websites and a significant number of TLS-protected e-mail servers open to attack.

Researchers have uncovered what appears to be newly developed Mac malware from HackingTeam, a discovery that's prompting speculation that the disgraced malware-as-a-service provider has reemerged since last July's hack that spilled gigabytes worth of the group's private e-mail and source code.

The sample was uploaded on February 4 to the Google-owned VirusTotal scanning service, which at the time showed it wasn't detected by any of the major antivirus programs. (Ahead of this report on Monday, it was detected by 10 of 56 AV services.) A technical analysis published Monday morning by SentinelOne security researcher Pedro Vilaça showed that the installer was last updated in October or November, and an embedded encryption key is dated October 16, three months after the HackingTeam compromise.

The sample installs a copy of HackingTeam's signature Remote Code Systems compromise platform, leading Vilaça to conclude that the outfit's comeback mostly relies on old, largely unexceptional source code, despite the group vowing in July that it would return with new code.

A December outage in Ukraine that caused 225,000 customers to lose electricity was the work of hackers, a report prepared by US Department of Homeland Security officials has determined.

The report published Thursday by the DHS Industrial Control Systems Cyber Emergency Response Team largely agrees with analysis provided last month by a member of the SANS industrial control systems team—that the December 23 outage was caused by external hackers. As Ars reported earlier, the unscheduled interruptions are the first confirmed instance of someone using hacking to generate a power outage.

None of the analysis so far has determined the precise role played by "BlackEnergy," a malware package discovered in 2007 that infected at least three of the substations involved in the outage. While initial research speculated that BlackEnergy and an added data-wiping component called KillDisk may have given attackers access or allowed them to carry out destructive events causing the power to go out, the DHS report holds out the possibility that the two pieces of malware were used only after the outage in an attempt either to destroy evidence or make recovery more difficult.

Malicious websites are exploiting a recently fixed vulnerability in Microsoft's Silverlight application framework to perform drive-by malware attacks on vulnerable visitor devices, a security researcher has determined.

The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team. As Ars reported last July, the Silverlight exploit came to light following a hack on Hacking Team's network that exposed gigabytes worth of private e-mails and other data. Researchers with Russian antivirus provider Kaspersky Lab later discovered the vulnerability being exploited in the wild and privately reported it to Microsoft.

Now, exploit code for the patched vulnerability is being being distributed through Angler, one of several toolkits that criminals use to seed websites with code that carry out drive-by attacks. The Silverlight attack was spotted earlier this week by a researcher who goes by the moniker Kafeine. The vulnerability is indexed as CVE-2016-0034.

About 1.3 million IP addresses—including those used by Google, Yahoo, Craigslist, and Yelp—are turning users of the Tor anonymity network into second-class Web citizens by blocking them outright or degrading the services offered to them, according to a recently published research paper.

Titled "Do You See What I See? Differential Treatment of Anonymous Users," the paper said 3.67 percent of websites in the Alexa 1,000 discriminated against computers visiting with known Tor exit-node IP addresses. In some cases, the visitors are completely locked out, while in others users are required to complete burdensome CAPTCHAs or are limited in what they can do. The authors said the singling out was an attempt by the sites to limit fraud and other online crime, which is carried out by a disproportionately high percentage of Tor users. In the process, law-abiding Tor users are being treated as second-class Web citizens.

"While many websites block Tor to reduce abuse, doing so inadvertently impacts users from censored countries who do not have other ways to access censored Internet content," the authors wrote.

In February 2014, thousands of Asus router owners found a disturbing text file saved to their devices.

"This is an automated message being sent out to everyone effected [sic]," the message read. "Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection." The anonymous sender then urged the readers to visit a site that explained more about the router vulnerability.

On Tuesday, the US Federal Trade Commission settled charges that alleged the hardware manufacturer failed to protect consumers as required by federal law. The settlement resolves a complaint that said the 2014 mass compromise was the result of vulnerabilities that allowed attackers to remotely log in to routers and, depending on user configurations, change security settings or access files stored on connected devices. Under the agreement, Asus will maintain a comprehensive security program subject to independent audits for the next 20 years.

A key justification for last week's court order compelling Apple to provide software the FBI can use to crack an iPhone belonging to one of the San Bernardino shooters is that there's no other way for government investigators to extract potentially crucial evidence from the device. Technically speaking, there are ways for people to physically pry the data out of the seized iPhone, but the cost and expertise required and the failure rate are so great that the techniques aren't practical.

In an article published Sunday, ABC News lays out two of the best known techniques. The first one is known as decapping. It involves removing the phone’s memory chip and dissecting some of its innards so investigators can read data stored in its circuitry. With the help of Andrew Zonenberg, a researcher with security firm IOActive, here's how ABC News described the process:

In the simplest terms, Zonenberg said the idea is to take the chip from the iPhone, use a strong acid to remove the chip’s encapsulation, and then physically, very carefully drill down into the chip itself using a focused ion beam. Assuming that the hacker has already poured months and tens of thousands of dollars into research and development to know ahead of time exactly where to look on the chip for the target data -- in this case the iPhone's unique ID (UID) -- the hacker would, micron by micron, attempt to expose the portion of the chip containing exactly that data.

The hacker would then place infinitesimally small "probes" at the target spot on the chip and read out, literally bit by bit, the UID data. The same process would then be used to extract data for the algorithm that the phone normally uses to "tangle" the UID and the user's passkey to create the key that actually unlocks the phone.

From there the hacker would load the UID, the algorithm and some of the iPhone's encrypted data onto a supercomputer and let it "brute force" attack the missing user passkey by simply trying all possible combinations until one decrypts the iPhone data. Since the guessing is being done outside the iPhone's operating system, there's no 10-try limit or self-destruct mechanism that would otherwise wipe the phone.

But that’s if everything goes exactly right. If at any point there's even a slight accident in the de-capping or attack process, the chip could be destroyed and all access to the phone's memory lost forever.

A separate researcher told ABC News it was unlikely the decapping technique would succeed against an iPhone. Instead, it would likely cause the data to be lost forever. A slightly less risky alternative is to use infrared laser glitching. That technique involves using a microscopic drill bit to pierce the chip and then use an infrared laser to access UID-related data stored on it. While the process may sound like it was borrowed from a science fiction thriller, variations of it have been used in real world. In 2010, for instance, hardware hacker Chris Tarnovsky developed an attack that completely cracked the microcontroller used to lock down the Xbox 360 game console. His technique used an electron microscope called a focused ion beam workstation (then priced at $250,000 for a used model) that allowed him to view the chip in the nanometer scale. He could then manipulate its individual wires using microscopic needles.

An Oregon man has admitted he tricked hundreds of people into divulging their Apple and Gmail passwords in a scheme that allowed him to steal nude images of more than a dozen victims, some of them celebrities.

Andrew Helton, 29, of Portland, entered the plea on Thursday to one felony count of unauthorized access to a protected computer to obtain information, according to documents filed in federal court in Los Angeles. Prosecutors said he gained illegal access to 363 Apple and Gmail accounts, including those belonging to members of the entertainment industry in Los Angeles. He then used the access to obtain data stored in the online accounts, including 161 sexually explicit, nude, or partially nude images of 13 people, some who were unidentified celebrities.

According to a plea agreement unsealed Friday, Helton engaged in a fraud campaign from March 2011 to May 2013 in which he sent e-mails that falsely claimed to come from Apple or Google. The phishing e-mails asked victims to verify their accounts by clicking on links that led to what looked like authentic Apple or Google login pages. When targets complied, their passwords were transmitted to Helton, who used them to illegally access account data.

A security system used in more than 200,000 homes has an unfixable flaw that allows tech-savvy burglars to disarm the alarm from as far away as a few hundred feet.

The wireless home security system from SimpliSafe is marketed as costing less than competing ones and being easier to install, since it doesn't use wires for one component to communicate with another. But according to Andrew Zonenberg, a researcher with security firm IOActive, the system's keypad uses the same personal identification number with no encryption each time it sends a message to the main base station. That opens the system to what's known as a replay attack, in which an attacker records the authentication code sent by the valid keypad and then recycles it when sending rogue commands transmitted over the same radio frequency.

"Unfortunately, there is no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening," Zonenberg wrote in a blog post published Wednesday. "Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol. However, this is not an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable. This means that field upgrades of existing systems are not possible; all existing keypads and base stations will need to be replaced."