The 10 weirdest, wildest, most shocking security exploits ever
This ain't your momma's Internet
Update your browser. Ditch Java. Don't click weird links from even
weirder people. Ho-hum. The basic tenets of PC security are burned into
the brains of most Web surfers by now. The old malware tricks just don't
work as well anymore.
Surprise! Bad guys are getting creative. (Never underestimate the oh-so-powerful combination of greed, boredom, and cleverness.) Rather than targeting Internet Explorer, now they're gunning for your virtual machine, your video games, and your Web-connected thermostat.
"The more digital our lives become, the greater the number of potential nontraditional entry points for cybercriminals attempting to steal data and wreak havoc," says McAfee Labs security strategist Toralv Dirro, who referred us to some of the wild exploits highlighted here. Grab your tinfoil hat, and let's take a walk down wacky-hack lane.
Surprise! Bad guys are getting creative. (Never underestimate the oh-so-powerful combination of greed, boredom, and cleverness.) Rather than targeting Internet Explorer, now they're gunning for your virtual machine, your video games, and your Web-connected thermostat.
"The more digital our lives become, the greater the number of potential nontraditional entry points for cybercriminals attempting to steal data and wreak havoc," says McAfee Labs security strategist Toralv Dirro, who referred us to some of the wild exploits highlighted here. Grab your tinfoil hat, and let's take a walk down wacky-hack lane.
The chamber of chaos
First things first: Many of the more exotic exploits in this collection have been identified by security researchers, but not
found in the wild. But before you write off these dangers as tomfoolery
confined to labs alone, consider the terrifying case of the U.S.
Chamber of Commerce.
In 2010, the Chamber was the subject of a deep and complicated intrusion. The penetration was so thorough that once authorities discovered the problem, the Chamber found it easier to destroy some PCs completely rather than scrub them clean.
That's scary, but what happened after the problem was
"eliminated" is even more frightening: One of the Chamber's thermostats
was found to be communicating with Chinese servers, while one
executive's printer began spitting out pages composed entirely in
Chinese. And that brings us to the next wild exploit…In 2010, the Chamber was the subject of a deep and complicated intrusion. The penetration was so thorough that once authorities discovered the problem, the Chamber found it easier to destroy some PCs completely rather than scrub them clean.
I peep at your printer
The convenience of network- and Web-connected printers can't be overstated—printing from anywhere is awesome—but many of those Web-connected
printers sit outside of firewalls, just waiting for an enterprising hacker to say hello. A pair of January reports
highlighted the potential peril lurking inside printers.
First, ViaForensics researcher Sebastian Guerrero identified vulnerabilities in HP's JetDirect technology that hackers could attack to crash the hardware or, even worse, gain access to previously printed documents. App developer Andrew Howard followed up with a blog post detailing how a "quick, well-crafted Google Search" can identify tens of thousands of Web-accessible HP printers. Ruh-roh, Raggy!
Printer exploits aren't new, but as traditional exploits become less effective, wide-open office devices become big fat targets.
First, ViaForensics researcher Sebastian Guerrero identified vulnerabilities in HP's JetDirect technology that hackers could attack to crash the hardware or, even worse, gain access to previously printed documents. App developer Andrew Howard followed up with a blog post detailing how a "quick, well-crafted Google Search" can identify tens of thousands of Web-accessible HP printers. Ruh-roh, Raggy!
Printer exploits aren't new, but as traditional exploits become less effective, wide-open office devices become big fat targets.
Why DRM sucks, part 3279
The lips of PC gamers across the world often curl into a snarl whenever
the words "digital rights management" are uttered. In particular, gamers
frequently single out Ubisoft's DRM implementations for the depths of
their sucktitude. Said sucktitude reached new lows in July of last year,
when it was
discovered that Ubisoft's Uplay service silently installed a
sloppily coded browser plugin that
hackers could exploit to gain control of a gamer's computer. Gee, thanks, Assassin's Creed 2.
Fortunately, Ubisoft patched the hole mere hours after its discovery—with nary an apology, natch—and there's no evidence that anyone ever used it maliciously.
Fortunately, Ubisoft patched the hole mere hours after its discovery—with nary an apology, natch—and there's no evidence that anyone ever used it maliciously.
Steam-soured
The Ubisoft flaw isn't the only unorthodox video game exploit around.
Late last year, ReVuln—the same company that discovered the smart-TV
exploit—found that
the steam:// protocol of
Valve's Steam application can be exploited to launch malicious code.
The problem actually lies in browsers that automatically execute steam:// commands without a confirmation warning (Safari) or with minimal information (Firefox). Once malicious code gains permission to run, it can then use Steam's legit capabilities or known vulnerabilities to fill your hard drive with all sorts of nasty stuff. Moral of the story? Don't set your browser to automatically allow Steam protocol executions.
The problem actually lies in browsers that automatically execute steam:// commands without a confirmation warning (Safari) or with minimal information (Firefox). Once malicious code gains permission to run, it can then use Steam's legit capabilities or known vulnerabilities to fill your hard drive with all sorts of nasty stuff. Moral of the story? Don't set your browser to automatically allow Steam protocol executions.
Bait-and-switch done wrong
Just a few weeks back, Kaspersky researchers
discovered two apps in the Google Play Store—DroidCleaner and
Superclean—that purport to restart all the running services on your
phone, but get nasty when you connect your Android handset to your
Windows PC as a disk drive
(say, to transfer music or pictures).
If your PC has AutoRun enabled, code that the app hid deep in the root of your phone's SD Card executes and installs the malware. Once entrenched, the malware monitors your microphone. If it notices sound, it begins recording the audio, which it then encrypts and sends to the malware's master.
Devastating? Probably not. A novel twist on an old AutoRun vulnerability? Yes, indeed.
If your PC has AutoRun enabled, code that the app hid deep in the root of your phone's SD Card executes and installs the malware. Once entrenched, the malware monitors your microphone. If it notices sound, it begins recording the audio, which it then encrypts and sends to the malware's master.
Devastating? Probably not. A novel twist on an old AutoRun vulnerability? Yes, indeed.
Yes, VMs can play Crisis
Enhanced security is one of the big benefits of running a virtualized
PC—if the crud hits the rotating blades, you can simply wipe the disc
image and
start anew. But a piece of malware called Crisis turns that notion
on its head.
Symantec reports that once Crisis settles in on your computer—you first have to download a malicious JAR file—it looks for VMware virtual machine images stored on the hard drive. If it finds one, it embeds itself in the virtual machine using the VMware Player tool. This isn't actually a VMware vulnerability, but rather an unfortunate side effect of the nature of virtual machines—they're basically lines of code stored on your physical machine. For its part, VMware says that encrypting VM images can thwart Crisis.
Symantec reports that once Crisis settles in on your computer—you first have to download a malicious JAR file—it looks for VMware virtual machine images stored on the hard drive. If it finds one, it embeds itself in the virtual machine using the VMware Player tool. This isn't actually a VMware vulnerability, but rather an unfortunate side effect of the nature of virtual machines—they're basically lines of code stored on your physical machine. For its part, VMware says that encrypting VM images can thwart Crisis.
Simon says 'Pwned'?
In 2007, ZDNet's George Ou discovered that it's possible to
create an audio file that barks out Windows Speech Recognition commands, which your computer duly follows.
Why wasn't the Net deluged with websites whispering dulcet word-hacks? Because the exploit simply isn't practical. You'd have to have Windows Speech Recognition activated and paired with a working speaker and microphone, plus you'd have to sit by—silent and unmoving—while your PC spit out deliberate navigational commands. Even if all that happened, Windows' UAC protection would block the attack from running privileged functions.
As far as I can tell, the vulnerability hasn't been plugged, and it can delete your files or point your browser toward malicious websites. Even so, I agree with Microsoft's Security Response Team, which basically said not to sweat it.
Why wasn't the Net deluged with websites whispering dulcet word-hacks? Because the exploit simply isn't practical. You'd have to have Windows Speech Recognition activated and paired with a working speaker and microphone, plus you'd have to sit by—silent and unmoving—while your PC spit out deliberate navigational commands. Even if all that happened, Windows' UAC protection would block the attack from running privileged functions.
As far as I can tell, the vulnerability hasn't been plugged, and it can delete your files or point your browser toward malicious websites. Even so, I agree with Microsoft's Security Response Team, which basically said not to sweat it.
Bad-news Borg
If Inspector Gadget ever tries to give you a hug, run away screaming.
The cybernetics that seem so cool in games like Deus Ex and other works
of fiction are open to the same exploits as any other electronic device,
as evidenced by the ominous tale of Mark Gasson, the first human being to contract a computer virus.
Gasson, a cybernetics expert at the University of Reading, infected an RFID implant embedded in his hand with a custom-made virus, which jumped to his lab's computers and then infected the RFID swipe cards of any of his colleagues who entered the facility.
The scientist's proof-of-principle attack highlighted the need for caution in a society that already includes people walking around with mechanical hearts and deep brain stimulators. "A denial-of-service attack on a pacemaker, if such a thing were possible, would of course be very detrimental," Gasson told TechNewsDaily.
Gasson, a cybernetics expert at the University of Reading, infected an RFID implant embedded in his hand with a custom-made virus, which jumped to his lab's computers and then infected the RFID swipe cards of any of his colleagues who entered the facility.
The scientist's proof-of-principle attack highlighted the need for caution in a society that already includes people walking around with mechanical hearts and deep brain stimulators. "A denial-of-service attack on a pacemaker, if such a thing were possible, would of course be very detrimental," Gasson told TechNewsDaily.
Comments
Post a Comment