BleedingBit – Bluetooth Chip Flaws

BleedingBit – Bluetooth Chip Flaws

Security researchers made a worrisome discovery of two major vulnerabilities in chips installed in millions of networking devices and access points around the globe.
Named BleedingBit, the two chip flaws in Bluetooth Low Energy (BLE) chips may allow hackers to run arbitrary code to take complete control of devices that don’t require authentication. This includes point-of-sales and IoT devices and well as critical medical devices such as pacemakers and insulin pumps. The discovery was made by researchers at Armis, an Israel-based security company that was also responsible for recently discovering BlueBorne, a range of Bluetooth-related flaws that affected billions of smartphones, TVs, laptops and watches using Android, Linux, iOS and Windows.

The Flaws

The vulnerabilities unveiled exist in BLE Stack chips manufactured by Texas Instruments and are embedded in a range of their enterprise products, used by companies such as Aruba, Meraki and Cisco. The first flaw affects many of Meraki and Cisco’s Wi-Fi access points. It uses a loophole in how incoming data is analysed by the chips. When excess data is sent to the chip, its memory is corrupted which makes the device vulnerable to malicious code. The second flaw stems from a firmware update done to a feature called Over the Air Firmware Download (OAD). All Aruba access points share the same password to this feature which can easily be obtained by hackers through sniffing a legitimate update or by reverse-engineering the Aruba BLE firmware. A malicious update can then simply be delivered to the access point and full control can be gained.

The Patch

After making the discovery, Armis reported it to all vendors and duly assisted companies with rolling out updates that address the issues. Texas Instruments confirmed the flaws and subsequently released security patches to affected companies. Cisco, Meraki (owned by Cisco) and Aruba released security patches for the hardware and announced that they are not aware of anybody exploiting these vulnerabilities.

Spying Malware Detected in Biomedical Company

Spying Malware Detected in Biomedical Company

Security experts have recently discovered a previously unknown Mac-based spy malware that preys on outdated coding practices to launch real-world attacks on computers in the biomedical research industry.

The unsophisticated and out-of-date code has remained undetected for years on macOS systems. The malware has been labelled Fruitfly and it was first discovered as ‘OSX.Backdoor.Quimitchin’. An IT administrator working for information security firm Malwarebytes was alerted to the malware due to unusual outgoing activity sourced from a Mac computer.

The First Malware of 2017

Researchers are labelling the Fruitfly the first Mac Malware of 2017. Fruitfly is said to contain code dating back to OS X and it has been conducting surveillance on targeted networks for over two years. Fruitfly uses a hidden pearl script which communicates with command and control servers. Disturbingly for targeted biomed companies, Fruitfly can capture webcam, screenshots, grab system uptime while moving and clicking the mouse cursor.

Fruitfly’s reach can extend to connected devices in the same network as the corrupted Mac as it attempts to connect to these also. Fruitfly uses a secondary script along with Java class to conceal its icon from displaying in the macOS Dock. It’s still unknown how the malware was distributed and infected the Macs.

Code Dating from 1998Shimon sheves- mac malware

Researchers have found that the malware’s code pre-dates Apple’s OS X and that it is running on “libjpeg” code, JPEG-formatted images files that were last updated almost 20 years ago in 1998.

How Has it Gone Undetected for so Long?

In a blog post written by Malwarebytes’ Thomas Reed, he speculated that Fruitfly has been used selectively in very tightly targeted attacks which have limited its exposure. International espionage is a buzz topic right now and the nature of this form of attack is a hallmark of past Russian and Chinese attacks aimed at US and European scientific research.