Select Page
Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google Adds Control-Flow Integrity to Beef up Android Kernel Security

Google has added a new security feature to the latest Linux kernels for Android devices to prevent it against code reuse attacks that allow attackers to achieve arbitrary code execution by exploiting control-flow hijacking vulnerabilities.

In code reuse attacks, attackers exploit memory corruption bugs (buffer overflows, type confusion, or integer overflows) to take over code pointers stored in memory and repurpose existing code in a way that directs control flow of their choice, resulting in a malicious action.

Since Android has a lot of mitigation to prevent direct code injection into its kernel, this code reuse method is particularly popular among hackers to gain code execution with the kernel because of the huge number of function pointers it uses.

In an attempt to prevent this attack, Google has now added support for LLVM’s Control Flow Integrity (CFI) to Android’s kernel as a measure for detecting unusual behaviours of attackers trying to interfere or modify the control flow of a program.

images from Hacker News

30 Million Facebook Accounts Were Hacked: Check If You’re One of Them

30 Million Facebook Accounts Were Hacked: Check If You’re One of Them

Late last month Facebook announced its worst-ever security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the ‘View As’ feature.

At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million.

Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn’t manage to access any third-party app data.

images from Hacker News

Google to Encrypt Android Cloud Backups With Your Lock Screen Password

Google to Encrypt Android Cloud Backups With Your Lock Screen Password

In an effort to secure users’ data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can’t read it.

Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it when required, instead of re-configuring all the apps after formatting or switching to a new phone.

However, until now your backup data was not encrypted and visible to Google, and now the company is going to change its storage procedure.

Starting with Android Pie, Google is going to encrypt your Android device backup data in the following way:

Step 1: Your Android device will generate a random secret key (not known to Google),

Step 2: The secret key will then get encrypted using your lockscreen PIN/pattern/passcode (not known to Google),

Step 3: This passcode-protected secret key will then securely sent to a Titan security chip on Google’s servers,

So, your Android back data will get encrypted or decrypted only if the lockscreen passcode get authorized through the Titan security chip.

“The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode,” Google writes.

In other words, the Titan security key will not decrypt any of your backup data unless it detects the lockscreen passcode you have used to request for decryption.

To prevent brute force attacks, Google’s Titan chip will permanently block access to the backup data if someone inputs incorrect passcode combinations several times in an attempt to guess it.

“The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip,” Google says.

“By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.”

Google also hired cybersecurity and risk mitigation firm NCC Group to perform a full security audit of the new Android Cloud Backup/Restore feature. NCC discovered a few issues, which were quickly fixed by the company.

Google has not yet confirmed that which Android smartphones will be able to use this additional layer of security, but it is clear that the device must be running the latest Android 9 Pie operating system. found to have pre-installed malware on them. The malware has been called RottenSys and is disguising itself as a system app.

images from Hacker News

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

Chrome, Firefox, Edge and Safari Plans to Disable TLS 1.0 and 1.1 in 2020

All major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether today announced to soon remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols.

Developed initially as Secure Sockets Layer (SSL) protocol, Transport Layer Security (TLS) is an updated cryptographic protocol used to establish a secure and encrypted communications channel between clients and servers.

There are currently four versions of the TLS protocol—TLS 1.0, 1.1, 1.2 and 1.3 (latest)—but older versions, TLS 1.0 and 1.1, are known to be vulnerable to a number of critical attacks, such as POODLE and BEAST.

Since TLS implementation in all major web browsers and applications supports downgrade negotiation process, it leaves an opportunity for attackers to exploit weaker protocols even if a server supports the latest version.

All Major Web Browsers Will Remove TLS 1.0 and TLS 1.1 Support in 2020

According to the press releases published by four major companies, GoogleMicrosoftApple and Mozilla, their web browsers will completely drop TLS 1.0 and 1.1support by default in the first half of 2020.

TLS 1.2, which was released ten years ago to address weaknesses in TLS 1.0 and 1.1, has enjoyed wide adoption since then, and will thus be the default TLS version unless the availability of TLS 1.3, which is currently in the development stage.

According to Microsoft, as TLS 1.0 continues to age, many websites have already moved to newer versions of the protocol. Today 94 percent of sites already support TLS 1.2, while only less than one percent of daily connections in Microsoft Edge are using TLS 1.0 or 1.1.

“Two decades is a long time for a security technology to stand unmodified. While we aren’t aware of significant vulnerabilities with our up-to-date implementations of TLS 1.0 and TLS 1.1, vulnerable third-party implementations do exist,” Microsoft writes.

“Moving to newer versions helps ensure a more secure web for everyone. Additionally, we expect the IETF to formally deprecate TLS 1.0 and 1.1 later this year, at which point protocol vulnerabilities in these versions will no longer be addressed by the IETF.”

Apple also says TLS 1.2 is the standard on its platforms and represents 99.6 percent of TLS connections made from Safari, while TLS 1.0 and 1.1 account for less than 0.36 percent of all connections.

images from Hacker News

New iPhone Bug Gives Anyone Access to Your Private Photos

New iPhone Bug Gives Anyone Access to Your Private Photos

A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.

Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos.

The bug was patched in iOS 12.0.1, but he now discovered a similar iPhone passcode bypass hack that works in 12.0.1 and is easier to execute than the bug Rodriguez discovered and reported two weeks ago.

The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages.

Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious college, friend or roommate who could access your iPhone’s photo album and grab your private photos.

images from Hacker News