Online PC Support

OPS Technical Solutions : +1 315-226-4249


Would Tech Biggies Provide Backdoor Access to User Data?

It is indeed a double-edged sword and till a decision comes through, the debate on whether backdoor access should be given to the government and law enforcing agencies will continue. We are talking here about data encryption and the stand that tech companies are taking in this.

For the uninitiated, this debate has been going on between the two parties for quite some time now with both the parties believing strongly in why the backdoor access should be given or not given to government agencies. While the government believes that backdoor to the sensitive user data can help them nab criminals (wanted terrorists, etc.) easily, tech companies argue that any access into user data can jeopardize the user, particularly the ones who do not belong to the ‘criminal’ category.

Smartphones and all other gadgets that can be used to communicate or transfer sensitive communication have the ability to easily pass on encrypted data between members of an organization. Unless the government is granted the ‘backdoor access’, which is the possibility of decrypting that data to be able to decode what lies therein, law enforcing agencies can do little about the data on the devices that they may have seized from criminals. With this perspective in view, tech companies should actually give the government the right to access data with court’s order. However, this also gives rise to the risk that such information can be intercepted by other criminals, in addition to the agencies, who can use that data for other malicious purposes. With this argument in place, tech companies are mostly against creating a backdoor access.

As you can see, different people have different perspectives on this and it still remains to be seen whether the government will manage to convince the tech companies into giving them the access that they want. However, till that happens, here’s an update on what the different tech companies feel about the data-access proposal.


Is Giving In To Ransomware The Easiest Way Out?

The ugly head of Ransomware, a type of malware, has been cropping up for quite some time. And, every time it has cropped up, it has meant doom for the victims. Cryptolocker and Teslacrypt are two of the most prevalent ransomware families that have conned people into believing that enforcement agencies such as the FBI has apparently found objectionable content on your device and therefore has locked it down. Of course there’s a way you could unlock the device – pay up a ransom!

This is the modus operandi that ransomware uses and most people who fall victim easily give in to this demand fearing that they may be exposed or simply to do away with the hassles of getting the device decrypted (ransomware encrypts the device).

While all this time, every law enforcement agency was advising people against paying up, as they believed it would only boost the confidence of the cyber crooks, it is now that agencies such as the FBI is recommending people to pay up the ransom and get away. The entire decryption process is not only hassling, it is expensive as well.

As per Joseph Bonavolonta, Assistant Special Agent in charge of the FBI’s Boston office, “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom … To be honest, we often advise people just to pay the ransom.”

To justify this, the FBI has shared the below advantages that one can enjoy by paying up the ransom as opposed to looking for options elsewhere:

  • The Bitcoin payment that the ransomware designers demand is typically just a few hundred bucks (around $200) whereas decryption can cost you anything between $500 and $1000.
  • It is simpler to just pay up than look for reliable decryption services.
  • Cyber crooks almost always release a device and content soon after the ransom is paid; the time taken for completing a decryption process is generally longer.

However, having said this, it is also important to note that there is no surety that once you have recovered your device, the cyber crooks won’t ever try to take over it again. Also, while presently they have always let go off a device and its content after the money is received, there’s no guarantee that this will always be the case. The crooks may just take the money and vanish and leave your device useless as there’s a great deal of anonymity available with Bitcoins.

There’s a difference in opinion among the different agencies about whether to or not to pay the ransom; however, they are unanimous about getting the incident reported. Every agency urges users to report the incident with the respective authorities as this is the only way to combat this malware.

SAP Afaria vulnerability puts at risk over 130 million devices and data

Hackers do not miss an opportunity of creating havoc in the lives of unsuspecting technology users. And, when this opportunity comes to them in the form of vulnerability in specific software, they have even more to rejoice about at our cost.

Revelation from ace enterprise software maker SAP has once again left users in a lurch and thinking whether there is anything in the tech world that can be termed as 100% safe. SAP’S mobile device management program Afaria, used by over 6300 companies worldwide, connects mobile devices to the company networks and secures the devices from threats and risks. A critical weakness in the form of ‘authorization bypass vulnerability’ has been found in this system that has the potential to offer grounds to hackers to attack the phones of high-level executives in an organization simply by sending a connection request (SMS) to Afaria servers. Once the connection is established, the hacker can easily use the administrator status to wipe the data in particular devices, disable its Wi-Fi, lock it and even learn the location of the user.

Yes, this is indeed a scary situation and companies that are using this mobile management system need to pay attention to the security and confidentiality of their devices and data. Here’re a few significant aspects of the SAP Afaria vulnerability:

  • A hacker can send a connection request to the Afaria server to obtain a transmitter ID
  • He can also send across a random timestamp to show it as the last admin session
  • After procuring the phone number of an executive (business cards, websites, other means), the hacker can launch an attack by guessing the IMEI number of a device
  • The IMEI number is easy to collect as large corporations typically purchase devices in bulk and this makes it easy for one to guess the serial number of the devices
  • Once the ground is all set, the hacker can attack mobile devices running on any platform – Android, iOS, Windows Phone, Blackberry and so on
  • Since this isn’t specific to a particular device type or OS version, attacks can be launched against a wide range of systems and devices
  • What makes this vulnerability scarier is the fact that an attack can be launched on several devices (running into hundreds) at a time and the data of these devices can be wiped out completely in a go
  • While a backed up device would have less at stake of losing, the number of attacked devices can significantly lower the restore process – even if it were a big corporation
  • Researchers at ERPScan identified this vulnerability while they were testing  the security settings of SAP and Oracle business-critical ERP systems

Alexander Polyakov, CTO at ERPScan shared, “Unfortunately, solutions intended to secure organizations often put them at risk. The MDM solution that manages all company mobile devices is an attractive target for hackers.” This in itself summarizes the entire situation – many solutions that are designed to provide us security, end up putting us at more risks than ever thought of.

To remain unaffected of this vulnerability, enterprises should work upon installing the security patches that were released post the revelation and the security settings of the SAP Mobile Platform components should be re-configured to ensure there isn’t a miss.


Hackers manipulate Xcode; Apple pulls down infected apps from the App Store

Overcoming bigger hurdles give better satisfaction. While this is true in our daily lives, it seems that hackers are presently the ones making the most of this common saying. And bearing the brunt, people on the other side of the fence are iTunes App Store users who’ve unsuspectingly downloaded apps that are laden with malware. This time around, the app developers are also facing the heat as they have been conned into downloading the manipulated version of Apple’s software development kit, Xcode.

As per the latest reports, the affected apps were all developed in China. The modus operandi that the cyber crooks applied this time was to lure the app developers into using the Xcode version that they (the hackers) had maneuvered by playing around with the security features. While the legitimate Xcode kit is also available for free, app developers blundered in the pursuit of retrieving the software faster than they could from the original Apple’s website. Although they couldn’t figure out the mistake that time, it was later that they realized that the apps they created were in fact affected and had the potential to steal customers’ iCloud passwords and create even bigger messes due to this.

As a first step towards combating the threat, Apple pulled down all the infected apps from its app store. In a statement released to the media, Apple shared that “We’ve removed the apps from the App Store that we know have been created with this counterfeit software…” They further stated that, “…We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Out of the 39 iPhone and iPad apps that Apple researchers found were infected, WeChat, Didi Chuxing, and China Unicom Mobile Office are noteworthy. While many developers have already started working on fixing the damages, not everyone has shared their update.

Whether this instance can be treated as a simple intention of hack or another one of the large scale data breaches, only time will tell… For updates on the findings in this case, watch this space.

After hacking Bugzilla, hackers are now targeting Mozilla Firefox users

In the latest incident of data hacking, Mozilla users have had to bear the brunt after the bug tracking and testing tool Bugzilla was infringed. The hackers, after stealing sensitive data from the tool, used it to attack Mozilla Firefox users sending them into panic mode.

For the uninitiated, Bugzilla is an open source program that is mostly public except for security-sensitive data that is only restricted for a select few. Through this program, Mozilla tracks bugs in software that trigger the display of unexpected results when a user is using the Firefox browser.

To curb the reach of the hackers and to minimize the damage caused to users, Mozilla promptly shut down the account that was infiltrated and a high level investigation has also been initiated. While not much was known about the plans of the hackers and the impact this breach instance has had on the users, it is interesting to note that several other tech giants are also using the Bugzilla program as it is an open source platform. The names of organizations in this list include Red Hat, Apache, Gnome, LibreOffice and Eclipse, among others.

In a statement issued by Mozilla officials, they reiterated that “We are updating bugzilla’s security practices to reduce the risk of future attacks of this type. As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in.”

While it remains to be confirmed yet, initial investigations have revealed that the stolen data was being sent to a remote server in Ukraine. Mozilla further shared that the hackers were manipulating the stolen data to inject a malicious script into the victim’s machine that stealthily looked for key files in the device and uploaded the same to the remote server. As soon as a Firefox user would load an infected webpage, the script would run on the system and start its undercover activities.

Mozilla’s latest update, Firefox 40, is being touted as the security cover that one needs. This update has the potential to address all vulnerabilities that the hackers may have learnt about and thereby prevent harming you.

Facebook Threat Exchange to Curb Hacking Attempts

It isn’t that technology giants aren’t doing nothing about the large scale data breaches that are happening. To combat such threats, tech giants have decided to join hands and come up with measures that are a step ahead of the hackers. Certainly, fighting these threats individually isn’t helping anymore – rather, the demand of the hour is that we all unite and come up with a solution that is robust and efficient.

In February 2015, Facebook launched ThreatExchange – an API-based solution that offers security threat data to different companies that have united for this cause. In the early development stage, companies such as Yahoo!, Tumblr, Pinterest, Twitter, etc. joined hands. They provided their inputs that greatly contributed towards shaping the solution as we see it today. Gradually, others too showed interest in this cause and today Facebook has the contribution and participation of over 90 groups (companies are grouped basis the industry they belong to). Besides technology, there are groups that belong to educational and financial institutions as well as defense contractors.

What is ThreatExchange all about?

ThreatExchange is actually a platform that allows group members to collaborate and warn each other regarding a threat that may be attempting to intrude their database or system. It is the most remarkable weapon, against the next potential ‘spam king’, which you’ve been waiting for. In all, ThreatExchange helps you:

  • Identify hacking attacks and share your knowledge about attacks with other group members
  • Share common signs and traits that hackers display so as to identify the origin of the attack
  • Analyze the attack and share the findings with others in the group
  • Create a common knowledge pool to fight Internet-borne threats

So how’s Facebook putting this up?

Facebook stands at the background while companies publish content and pass on threat information to other members. Facebook keeps tab on the messages and pieces of data shared over this platform, through its own software. Members too use this software to share content. However, the difference is that, group members get to view the program as a regular security solution; whereas, Facebook ensures that the privacy conditions aren’t breached and that companies are able to smoothly share the data with members they wish to alert.

Facebook isn’t charging for this service and is only working towards securing the web and presenting it as a better and more secured place to be in.

As it appears now, ThreatExchange is sure creating the ripples as was expected. With several biggies coming together to stop the menace called ‘hacking’, we definitely can look forward to enjoying a secured web soon…

Call Now: +1 315-226-4249
Call Now: +1 315-226-4249
Call Now: +1 315-226-4249