Beruflich Dokumente
Kultur Dokumente
Researchers have recently demonstrated the capability for smartphone malware to use the various sensors in devices to steal information from a physical environmentsuch as malware that can listen for spoken credit card numbers or feel for patterns in keystroke recognition. Researchers at Indiana University and the US Naval Surface Warfare Center have developed a proof-of-concept malware that is able to see the space around the phone and re-create a three-dimensional map of a room through use of the camera. Called PlaceRaider by the researchers, this malware is able to hijack the camera on Android smartphones and take pictures of the space around the phone. The researchers only introduced this to the Android phone, but expected that the results would be similar on other mobile operating systems. As pictures are taken, the malware sends the image to a command and control server, where the cyber actor would be able to model a map of the area as well as view and manipulate the various images. The images they captured were high definition, and allowed the researchers to focus and zoom in on areas they needed, but they were able to demonstrate that lower resolution photographs could
give enough detail to successfully steal information. Using a detailed attack scenario, the researchers were able to use the malware to find several pieces of personally identifiable information in a constructed test areasuch as a calendar describing plans and events, a bank account number on a personal check, and other such information. Taking control of certain permissions on the phone, they could silence the shutter sound of the camera and obtain accelerometer data that could detect the phones orientation and location within an environment. Though merely a proof-of-concept, researchers demonstrated the possibility that a camera smartphone could be exploited to obtain personally identifiable information, bank account information, or corporate secrets. The researchers suggested defenses that Android or smartphone developers could implement to protect against this kind of malware, but noted that any corporation could prevent unwarranted data theft by maintaining policies against possession of cameracontaining devices and personal discipline by smartphone owners to keep their devices free of malware.
victim and begin wiping the device. Once the wiping process has begun, there is no way for the user to halt the process. The specific vulnerability was patched in Androids core code earlier in 2012, but the patch was not rolled out to every handset in use. The most recent version of the Android operating system (4.1, named JellyBean) is the only version that is not vulnerable, according to open source researchers. The delay between the initial patch of the vulnerability and its deployment to all handsets illustrates the larger issue that while developers are routinely finding these flaws, it is unknown if and how the end devices are being patched of these known vulnerabilities.
UNCLASSIFIED
VOLUME 2, ISSUE 10 PAGE 2
Zero-Day Attacks are More Common and Last Longer, Say Security Researchers
According to security researchers from antivirus and computer security company Symantec, computer attacks targeting undisclosed vulnerabilities (called zerodays) are more common and last longer than originally thought. This comes from a study tracking the number and duration of zero-day attacks over a three year period from 2008 to 2011. These attacks typically exploit software flaws prior to their official public disclosure. According to the study, the average attack lasts 312 days, and some have lasted over two and a half years. 11 of the 18 attacks they studied went undetected by antivirus software. The study also showed that over 60% of the zero-day vulnerabilities identified were not known before; suggesting that many more zero-day attacksperhaps more than twice as manyexist in the wild. The research detected that most zero-day attacks were reserved for high-value targets. Stuxnet, the malware that sabotaged Iranian nuclear centrifuges, and Conficker, a virulent worm that infected multiple computers (and still does) in order to drop hosted malware, both exploited previously unknown software vulnerabilities. The research was, however, incomplete, as certain kinds of attacks (cross-site scripting, polymorphic malware, and attacks embedded in non-executable files) were unable to be tracked. This suggests that the number of zero-day attacks researched is only a small fraction of those that were actually detected.
Symantec studied 18 zero-day attacks between 2008 and 2011 and discovered;
One surprising note was that upon the exploits becomthe average attack ing public knowledge, the number of attacks grewby margins of two-fold to 100,000-foldand the number of lasted 312 days, 60% attack variants also increasedfrom 185 to 85,000 more of attacks were prevariants. A possible cause of the surge is that the exploits may have been repackaged in other attacks, or viously unknown, that the malware authors tried to infect as many comand the number of puters as possible before the malware was added to antivirus detection. attacks and attack Although zero-day attacks are difficult to detect, and variants increased usually performed when antivirus updates and software dramatically once the patches are not scheduled for release, it is important that as soon as a patch or update is released to block the mal- exploit became public ware, it should be rolled out to all computers on the knowledge. network.
Black hat search engine poisoning through image searches is more difficult to detect and results in more successful compromise of users computers.
Address Comments to: Unit Chief Emerging Technology Cyber Intelligence Unit (ETCIU) Federal Bureau of Investigation 935 Pennsylvania Ave, NW, PAT-4 Washington, DC 20535 Tel: 202-651-3139
ETCIU Mission
ETCIU identifies innovations in information technology and assesses emerging cyber threats to US interests through the malicious use of those innovations.
UNCLASSIFIED