We have collected the most important news from the world of cybersecurity for the week.
- Experts have revealed surveillance of Android smartphones through Qualcomm processors.
- A vulnerability has been found that can amplify DDoS attacks by 2200 times.
- Kevin Mitnick showed a password cracker of 30 RTX graphics cards.
- Telegram blocked in Brazil.
Experts have revealed surveillance of Android smartphones through Qualcomm processors
Qualcomm processors collect and transfer personal data from Android users without the knowledge of Android users. This was reported by Nitrokey researchers.
#Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker https://t.co/Cvnw0xQPoZ #privacy pic.twitter.com/2np6Ak4ChU
— Nitrokey.com (@nitrokey) April 25, 2023
Experts checked several smartphones and found that, regardless of the presence of Google services, the devices sent data to Qualcomm’s Izat Cloud cloud storage address.
At the same time, the transfer was made over the insecure HTTP protocol, making it vulnerable to interception.
Among the data collected were a unique device identifier, chipset name and serial number, XTRA software version, country and mobile operator code, operating system type and version, smartphone brand and model, processor and modem operating time, a list of installed applications and IP- address.
According to Nitrokey experts, such data collection without the express consent of users is contrary to GDPR. However, Qualcomm said that this does not violate their privacy policy.
The United States imposed sanctions against OTC traders working for Lazarus Group
The US Treasury calculated three OTC-traders who conducted tens of millions of dollars of cryptocurrency transactions for the North Korean hacker group Lazarus Group.
The US Department of the Treasury’s #OFAC has just issued more sanctions targeting North Korea’s #crypto-enabled sanctions evasion activity. 🇰🇵
Today OFAC sanctioned Wu HuiHui and Cheng Hung Man, China and Hong Kong-based OTC #cryptocurrency brokers…https://t.co/bLoqlVyMYo
— Jay “TechAdept” Laurence (@TechAdeptRDD) April 24, 2023
According to OFAC, suspects from China and Hong Kong provided financial support to the hackers and converted digital assets into fiat for them. In addition, they helped buy some goods for North Korea, including American software, gadgets, and tobacco products.
Chainalysis Specialists figured outthat traders used cryptocurrency mixers and decentralized exchanges in their transactions.
The United States and South Korea, through which some of the transactions were carried out, were sanctioned against the defendants. Their cryptocurrency addresses are included in SDN.
Found a vulnerability that can amplify DDoS attacks by 2200 times
Researchers from bitsight And Curesec found in the protocol SLP an exploit that could lead to massive DDoS-attacks with 2200x amplification.
Great coverage of @Bitsight‘s research finding a new vulnerability in a legacy protocol. SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200 — https://t.co/2P95m1ePgh via @SecurityWeek
— BitSight (@BitSight) April 26, 2023
Created in 1997, SLP allows computers, printers, routers, and other devices to discover each other within local networks.
The vulnerability allows attackers to register arbitrary services on the SLP server, manipulating the content and size of the response to achieve a maximum amplification factor of up to 2200 times (the third largest ever).
More than 2,000 organizations and 54,000 servers could be targeted by hackers, according to researchers.
Affected devices include VMWare ESXi hypervisors, Konica Minolta printers, IBM hardware IMM and Planex routers. Most of these are located in the US, UK, Japan, Germany, Canada, France, Italy, Brazil, the Netherlands and Spain.
Experts have warned of the risk of a significant increase in SLP-based DDoS attacks in the coming weeks.
Kevin Mitnick showed a password cracker of 30 RTX video cards
The famous hacker, writer and information security expert Kevin Mitnick shared on Twitter photos of a system designed to crack passwords.
This is my new bad ass password cracker.
I have 24 4090’s + 6 2080’s all clustered running Hashtopolis.Thanks to the awesome team at @KnowBe4 that set up and configured the servers for me.
Now to go crack some hashes :-))))))) pic.twitter.com/SZLFH2OtKL
— Kevin Mitnick (@kevinmitnick) April 21, 2023
The four-server setup includes 24 NVIDIA GeForce RTX 4090 graphics cards based on the Ada Lovelace architecture and another six Turing-based RTX 2080 graphics cards. This system will be used in red team.
The assembly was carried out by specialists from KnowBe4, in which Mitnick is the chief director of hacking.
The media learned about the work of China on the invader of enemy satellites
China is developing cyberweapons capable of taking control of enemy satellites, rendering them useless for data transmission and wartime surveillance. This is reported Financial Times with reference to an American intelligence report.
According to the publication, the system will be able to simulate the signals that enemy satellites receive from their operators, allowing either to completely take over control or provoke a failure at a critical moment.
The report said that such a takeover would render satellites “ineffective in supporting communications, weapons, or intelligence, surveillance, and reconnaissance systems.”
The document reviewed by journalists was part of a leak for which the FBI had previously arrested 21-year-old US Air Force National Guard Jack Teixeira.
Telegram blocked in Brazil
The Supreme Court of Brazil has suspended the work of the Telegram messenger in the country for refusing to hand over data on neo-Nazi groups to the police. This was reported local media.
Law enforcement requested information as part of an investigation into an attack on a school in Aracruz that killed four people. According to them, the 16-year-old defendant interacted with anti-Semitic groups on Telegram.
The police were interested in the exact personal data of administrators and members of neo-Nazi channels, but the messenger did not comply with this requirement.
Local providers will be sent an appropriate letter about the suspension of Telegram. Also, the application will be required to be removed from the local versions of Google Play and the App Store.
Commenting on the situation, Telegram founder Pavel Durov said that the company’s mission is to “preserve privacy and freedom of speech around the world.”
“We sometimes have to pull out of markets where local laws go against that mission or are technologically unsustainable. A court in Brazil has requested data that is technically impossible to obtain,” Durov wrote.
Telegram intends to appeal against the court decision.
Also on Cryplogger:
What to read on the weekend?
In the educational section “Cryptorium” we talk about how intentional manipulations with Google algorithms create problems for recommender systems.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!