Category Archives: Amazon

Technical Report of the Bezos Phone Hack

Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman.

...investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications."

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video."

Investigators determined the video or downloader were suspicious only because Bezos' phone subsequently began transmitting large amounts of data. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.

"The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data."

The Motherboard article also quotes forensic experts on the report:

A mobile forensic expert told Motherboard that the investigation as depicted in the report is significantly incomplete and would only have provided the investigators with about 50 percent of what they needed, especially if this is a nation-state attack. She says the iTunes backup and other extractions they did would get them only messages, photo files, contacts and other files that the user is interested in saving from their applications, but not the core files.

"They would need to use a tool like Graykey or Cellebrite Premium or do a jailbreak to get a look at the full file system. That's where that state-sponsored malware is going to be found. Good state-sponsored malware should never show up in a backup," said Sarah Edwards, an author and teacher of mobile forensics for the SANS Institute.

"The full file system is getting into the device and getting every single file on there­ -- the whole operating system, the application data, the databases that will not be backed up. So really the in-depth analysis should be done on that full file system, for this level of investigation anyway. I would have insisted on that right from the start."

The investigators do note on the last page of their report that they need to jailbreak Bezos's phone to examine the root file system. Edwards said this would indeed get them everything they would need to search for persistent spyware like the kind created and sold by the NSO Group. But the report doesn't indicate if that did get done.

Apps are sharing more of your data with ad industry than you may think

Apps like Grindr, Tinder and Happn are (over-)sharing data about sexuality, religion, and location with a shadowy network of data brokers. And it's not just dating apps that are doing it...

BlackBerry adds Cylance to QNX, announces partnerships with AWS, Damon, and Renovo

LAS VEGAS–BlackBerry has merged its Cylance ML security solution into its QNX software suite for autonomous vehicles, the company announced Jan. 6th at CES 2020.

The integration is the first time BlackBerry has announced a major plan for Cylance since its acquisition last year.

Vehicles are becoming increasingly complex with added driver-assist functions. Certain assistive safety functions need high degrees of reliability. The controllers and processors that manage these functions need regular updates and therefore need security solutions to prevent tampering. The BlackBerry Cylance will be used to do exactly that.

Cylance will be used to ensure APK integrity and alert manufactures if it detects a faulty or malicious piece of software installed in the vehicle’s control system.

If it detects an anomaly, Cylance will alert the user and vehicle manufacturer. It will not, however, execute any mitigative measures – BlackBerry leaves the response up to the manufacturer and the user.

“The architecture of the cars is changing, and we’re happy to be powering the traditional systems and the new next-generation systems safety systems,” said Grant Courville, vice-president of product and strategy at BlackBerry QNX. “That brings in that need for reliability, obviously, but also a big need for security and resiliency…that’s where BlackBerry comes in with Cylance.”

Cylance was able to successfully block a malicious piece of software from loading into the vehicle during a firmware update process.

A real-time demo at the booth demonstrated the detection process using the Range Rover Defender, which integrates QNX technologies into its systems. It was shown that Cylance was able to intercept a real-world malicious software before it was able to be uploaded into the car’s systems.

Cylance will also enable identity and persona detection based on the driver’s driving patterns.

In parallel with the Cylance announcement, BlackBerry also announced a new partnership with Damon motorcycles, which will integrate QNX safety technology into motorcycles.

Damon’s all-electric motorcycle can reach a 200 mph top speed and has a 200-mile range on a full charge.

A marquee feature is a collision detection warning. A strip of LED on the motorcycle’s windshield will blink in different colours and patterns when it detects an imminent threat. It operates in the rider’s peripheral so the rider can keep their eyes on the road. This solution does not take any steering action on the rider’s behalf and only serves as an advanced warning system.

The white LED strip at the top of the Damon motorcycle’s windshield.

“We could have written it ourselves, but that takes years and millions and millions of dollars,” said Jay Giraud, Damon Motorcycles CEO. “More than anything, it’s the testing time and the amount of data that QNX has probably collected off of its vehicle performance, and debugs with dozens and dozens of car OEMs to come up with a system as robust as theirs (BlackBerry) is no small thing for us to have undertaken as a startup. We couldn’t have done it.”

Giraud said that Damon’s partnership with BlackBerry is a multi-year journey and that they’re planning on more features down the road.

Renovo was another partner that merged QNX technology into its products. Through their partnership, the Renovo’s Insight automotive data management platform combined with QNX to generate more valuable data that will be used to improve advanced driver assistance systems (ADAS).

The Renovo Pacifica generates over 4TB of data per hour from its various sensors.

To handle data collection, BlackBerry turned to Amazon Web Services’ (AWS) IoT network to transport data. Amazon will also be powering the cloud computing portion of the QNX platform.

An example of how data flows from the battery health monitor in an IoT sensor through the AWS cloud.

BlackBerry says QNX is being used in over 150 million vehicles today world-wide. In addition, the company is working as an advisor to the Canadian government to establish regulations surrounding autonomous vehicles. BlackBerry received $40 million from the Ontario provincial government last year to accelerate autonomous vehicle innovation as part of the Autonomous Vehicle Innovation Network.

Numerous sensors in assistive vehicles generate vast loads of data. To prevent inundation, QNX vehicles parses most of it on the vehicle itself and only sends actionable insights.

Certain data can be inherently private. Insights into how drivers control their vehicles, where they frequent, and their breaking patterns can both help QNX fine-tune each vehicle to their primary handler and be very touchy.

“You’ll hear expressions like privacy by design,” noted Courville, “In other words: don’t design your vehicle just to be safe, secure, reliable, and then do the ‘oh yeah privacy’… no, decide it right from the beginning.”

Smashing Security #160: SNAFUs! MS Word, Amazon Ring, and TikTok

We discuss how Microsoft Word helped trap a multi-million dollar fraudster, how Amazon Ring may be recording more than you’re comfortable with, and how teens are flocking to TikTok (and why that might be a problem).

All this and much more is covered in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

The Guardian view on Boris Johnson’s NHS plan: trading patient data | Editorial

Donald Trump has made clear he wants a post-Brexit Britain to let US tech companies and big pharma access medical records

The NHS is a goldmine of patient data which the United States wants to be quarried by some of its biggest companies. Britain’s health service is home to a unique medical dataset that covers the entire population from birth to death. Jeremy Corbyn’s NHS press conference revealed that the US wanted its companies to get unrestricted access to the UK’s medical records, thought to be worth £10bn a year. A number of tech companies – including Google – already mine small parts of the NHS store. Ministers have been treading carefully after an attempt to create a single patient database for commercial exploitation was scrapped in 2016 when it emerged there was no way for the public to work out who would have access to their medical records or how they were using them.

However, such caution might be thrown to the wind if Boris Johnson gets his way over Brexit – and patients’ privacy rights are traded away for US market access. This would be a damaging step, allowing US big tech and big pharma to collect sensitive, personal data on an unprecedented scale. Donald Trump’s officials have already made clear that this is what they are aiming for. In the leaked government records of talks between US and UK trade representatives White House officials state that “the free flow of data is a top priority” in a post-Brexit world. Trump’s team see Brexit as an opportunity “to avoid forcing companies to disclose algorithms”. The US wants the UK to drop the EU’s 2018 data law, in which individuals must be told what is happening with their medical data, even if scrubbed of personal identifiers.

Continue reading...

How Much is Your Data Worth on the Dark Web?

You may not know much about the dark web, but it may know things about you.

What is the Dark Web?

The dark web is a part of the internet that is not visible to search engines. What makes the dark web, dark? it allows users to anonymise their identity by hiding their IP addresses. This makes those using the dark web nearly impossible to identify.

Only 4% of the internet is available to the general public, which means a vast 96% of the internet is made up of the deep web. It’s important to note here, that the dark web is just a small section of the internet but it’s a powerful small sector.

How much are your bank details worth?
The dark web is full of stolen personal bank credentials. It’s common to see MasterCard, Visa, and American Express credentials on the dark web from a variety of different countries.

Credit card data in the US, UK, Canada and Australia increased in price anywhere from 33% to 83% in the time from 2015 to 2018. The average price for a UK Visa or Mastercard in 2015 was £9, however, this did increase to £17 in 2018. This is approximately an 83% increase. Bank accounts that can transfer funds in stealth mode to United Kingdom banks are considerably more expensive. An account with a £12,500 account balance goes for around £700.

How much are your subscription services worth?
The sale value of your PayPal credentials depends on the available account balance. PayPal details can be sold for as little as £40 and this can increase to £820 - £2,500 for an available balance of £6580.

Your Amazon, British Airways, Facebook, Fortnite and Netflix logins are also available on the dark web. These can go for around £7 which is surprising as they hold various information about your banking and identity. Stolen hotel loyalty programs and auctions accounts can cost as much as £1,150 due to the extensive information they provide the buyer.

Are you surprised to learn that even reward programs and viewing subscriptions can be purchased on dark web markets?

How much is your whole identity worth on the dark web
The average modern person now has many online accounts. These can range from email and Facebook to online shopping, food delivery and banking. Combine all of those accounts and the typical internet user's identity is worth around £987 to hackers. The personal loss for victims is of course much higher.

Jade works for Total Processing, an advanced independent payment gateway provider who answers only to our customers.