Archive for the ‘backdoors’ Category

APT29 Used Domain Fronting, Tor to Execute Backdoor

March 27th, 2017
APT29, a/k/a Cozy Bear, has used Tor and a technique called domain fronting in order to secure backdoor access to targets for nearly two years running.

Posted in APT29, backdoor, backdoors, Cozy Bear, FireEye, malware, mandiant, Tor, Tor Hidden Service | Comments (0)

Backdoors ‘punish the wrong people’, EU security body warns

December 16th, 2016
EU security body comes out strongly against governments compromising encryption, warning of decreased trust and innovation

Posted in backdoors, data encryption, data privacy, Law & order, privacy | Comments (0)

Threatpost News Wrap, December 8, 2016

December 9th, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google's new open source fuzzer.

Posted in backdoors, cryptography, DDoS, fuzzer, fuzzing, google, IoT, mirai, Open Source, OSS-Fuzz, Podcasts, Sony, Sony cameras, TURKEY, Turkish Hackers, vulnerabilities, Web Security | Comments (0)

If you’ve got a Sony IP camera, update its firmware now

December 8th, 2016
Sony closes backdoors in IPELA security cameras - but why were they open in the first place?

Posted in backdoors, Botnet, IoT, Organisations, Security threats, Sony, Vulnerability | Comments (0)

Powerful backdoor/rootkit found preinstalled on 3 million Android phones

November 18th, 2016


Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.

Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.

Since BitSight and its subsidiary company Anubis Networks took possession of the two preconfigured domains, more than 2.8 million devices have attempted to connect in search of software that can be executed with unfettered "root" privileges, the researchers said. Had malicious parties obtained the addresses before BitSight did, the actors could have installed keyloggers, bugging software, and other malware that completely bypassed security protections built into the Android operating system. The almost three million devices remain vulnerable to so-called man-in-the-middle attacks because the firmware—which was developed by a Chinese company called Ragentek Group—doesn't encrypt the communications sent and received to phones and doesn't rely on code-signing to authenticate legitimate apps. Based on the IP addresses of the connecting devices, vulnerable phones hail from locations all over the world, with the US being the No. 1 affected country.

Read 9 remaining paragraphs | Comments

Posted in android, backdoors, firmware, Gear & Gadgets, privacy, Risk Assessment, security, Technology Lab | Comments (0)

Threatpost News Wrap, November 18, 2016

November 18th, 2016
Mike Mimoso and Chris Brook discuss the news of the week, including this week's House hearing on the Internet of Things, Samy Kamkar's PoisonTap tool, and Windows 10's ransomware protections.

Posted in backdoors, Bruce Schneier, cookies, Government, Hacking, hacks, Internet of things, IoT, malware, Microsoft, Podcasts, PoisonTap, ransomware, Samy Kamkar, Windows 10 | Comments (0)

PoisonTap Steals Cookies, Drops Backdoors on Password-Protected Computers

November 16th, 2016
Samy Kamkar's latest hacking device, PoisonTap, can steal HTTP cookies from millions of websites and install persistent web-based backdoors.

Posted in backdoors, Cookie theft, hacks, Node.js, PoisonTap, Raspberry Pi, Samy Kamkar | Comments (0)

Shanghai surprise as cheap Android devices ‘phone home’ to China

November 16th, 2016
Sending texts, call logs and other PII to a server in Shanghai without consent 'a mistake', says firmware provider

Posted in Adups, Advertising, android, backdoors, china, data loss, firmware, Mobile, privacy, targeted advertising | Comments (0)

Meet PoisonTap, the $5 tool that ransacks password-protected computers

November 16th, 2016

Enlarge (credit: Samy Kamkar)

The perils of leaving computers unattended just got worse, thanks to a newly released exploit tool that takes only 30 seconds to install a privacy-invading backdoor, even when the machine is locked with a strong password.

PoisonTap, as the tool has been dubbed, runs freely available software on a $5/£4 Raspberry Pi Zero device. Once the payment card-sized computer is plugged into a computer's USB slot, it intercepts all unencrypted Web traffic, including any authentication cookies used to log in to private accounts. PoisonTap then sends that data to a server under the attacker's control. The hack also installs a backdoor that makes the owner's Web browser and local network remotely controllable by the attacker.

(credit: Samy Kamkar)

PoisonTap is the latest creation of Samy Kamkar, the engineer behind a long line of low-cost hacks, including a password-pilfering keylogger disguised as a USB charger, a key-sized dongle that jimmies open electronically locked cars and garages, and a DIY stalker app that mined Google Streetview. While inspiring for their creativity and elegance, Kamkar's inventions also underscore the security and privacy tradeoffs that arise from an increasingly computerized world. PoisonTap continues this cautionary theme by challenging the practice of password-protecting an unattended computer rather than shutting it off or, a safer bet still, toting it to the restroom or lunch room.

Read 11 remaining paragraphs | Comments

Posted in backdoors, hacks, Man in the middle, Risk Assessment, Technology Lab | Comments (0)

Pre-installed Backdoor On 700 Million Android Phones Sending Users’ Data To China

November 16th, 2016
Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours. You heard that right. Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours. Security researchers from

Posted in Android hacking, backdoor malware, backdoors, Chinese malware, Chinese phone, Chinese smartphone, hacking android phone, hacking news, mobile backdoor, Software backdoor | Comments (0)