Chinese based Android Trojan Dubbed “Most Sophisticated” Found to Date

We all love our games, but buyer beware. An Android Trojan has been discovered in some Chinese games. “Geinimi” not only steals personal data from the phone, but even has some Botnet like command and control features:

Geinimi is also capable of receiving commands from remote servers controlled by hackers, this botnet-style functionality together with the use of code obfuscation techniques leads mobile security firm Lookout to describe the malware as the most sophisticated to appear on Android devices to date.

According to Lookout Mobile Security, when Geinimi is installed it:

  • Collects location coordinates & device identifiers from the phone
  • Collects a list of installed Apps
  • Connects to a remote server at 5 minute intervals to transfer information
  • Can download apps it chooses
  • Prompts user to remove apps it doesn’t want on the phone

According to reports, Chinese and even Russian trojans like Geinimi seem to be locale based. Downloading apps from recognized and approved sources is the safest way to avoid these types of viruses.

Malware seems to be a growing problem with smart phones. Phandroid reports that 9% of Android users have been affected by an SMS bug that sends out the message “My boss is an A$$!” to random people from your contact list.

If this is trend continues, looks like even our phones will need constant system and virus protection updates.

Advertisements

USB Attack Vectors move Beyond Flash Drives to Malicious USB Devices

You have all heard about the dangers that USB drives can pose. In 2008, the US Military suspended the use of USB drives after a large worm attack hit military systems. Iran’s Nuclear power plant was hit with Stuxnet, supposedly from a USB drive. And following the recent Wikileaks disaster, the military is banning all removable devices from systems connected to SPIRNET, the government’s secret network:

Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 “Cyber Control Order” — obtained by Danger Room — which directs airmen to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” the Defense Department’s secret network. Similar directives have gone out to the military’s other branches.

So no more CD’s, DVD’s or thumb drives will be allowed near these machines.

Then there is always the threat of malicious hardware. For years the government has been worried about counterfeit electronic hardware mainly from Chinese manufactures that have built in backdoors. Earlier this year millions of dollars of counterfeit Cisco equipment was confiscated that was to be sold to Marines in Iraq:

Ashoor purchased counterfeit Cisco Gigabit Interface Converters (GBICs) from an online vendor in China with the intention of selling them to the U.S. Department of Defense for use by Marine Corps personnel operating in Iraq, the DOJ said. The computer network for which the GBICs were intended is used by the Marine Corps to transmit troop movements, relay intelligence and maintain security for a military base west of Fallujah, Iraq, the DOJ said.

So security experts have been on the lookout for USB drives and even counterfeit routers, but what about an innocent looking USB keyboard, or mouse? How much attention would that garner?

Adrian Crenshaw (Security Specialist and Speaker) has shown from his recent work with the Arduino “Teensy” programmable keystroke device that almost any USB device, including keyboards, mice, and the innocent desktop toy could be used as an attack vector. Adrian (also known as “Irongeek”) created the tool for professional security pen testers, but it has really shown how USB attacks can and will move way beyond “Autorun.inf” infectors.

The Teensy programmable keystroke device is made from PJRC’s Teensy USB Development Board.

The computer does not see the Teensy device as a USB drive or another accessory, but as a human interface device (a keyboard). The Teensy circuit board can be inserted inside a keyboard or mouse and can be set to activate when a certain key is pressed or a certain condition is met. So, for example, if the “Scroll Lock” or “Caps Lock” key is pressed, the teensy could send the commands to copy all the data from a certain directory. The Teensy can also be set to activate via timer or whatever the pentester desires. And antivirus would not detect it as it would seem to be just standard keyboard input.

Also, the inside of the mouse or keyboard leaves amble room for the miniature teensy and whatever else the pentester may want to use. Inside a standard mouse case, Adrian was able to insert a Teensy device, a USB hub and flash memory. With this type of setup, he could have the teensy device issue commands to run a script from the flash drive or even copy data from the system to flash storage. (View Adrian’s video on YouTube)

I believe that with the Teensy programmable keystroke device, we are really looking at a new generation of intelligent malicious hardware that will be limited only by the imagination of the attacker.

Dojocon 2010 Security Conference Videos Released

 [Vimeo 17854580]

Adrian Crenshaw has released videos from the Dojocon 2010 conference on his site Irongeek.com.

The video above is his presentation on Malicious USB Attack vectors. His presentation shows that USB attacks have gone way beyond autorun.inf attacks to malicious mice/ keyboards & desktop toys that have multiple payload options and that can be triggered by external stimulus.

Navy Launches first F/A-18E using Electromagnetic Catapult

Information from YouTube video description:

The Navy launches the first aircraft, an F/A-18E Super Hornet, from the Electromagnetic Aircraft Launch System (EMALS) at Naval Air Systems Command, Lakehurst, N.J. The Navy has used steam catapults for more than 50 years to launch aircraft from aircraft carriers.

EMALS is a complete carrier-based launch system designed for Gerald R. Ford (CVN 78) and future Ford-class carriers. Newer, heavier and faster aircraft will result in launch energy requirements approaching the limits of the steam catapult, increasing maintenance on the system.

The system’s technology allows for a smooth acceleration at both high and low speeds, increasing the carrier’s ability to launch aircraft in support of the warfighter. EMALS will provide the capability for launching all current and future carrier air wing platforms from lightweight unmanned aerial vehicles to heavy strike fighters. The first ship components are on schedule to be delivered to CVN 78 in 2011. (U.S. Navy video/Released)