Category Archives: cyberwar

US-Iran Cyberwar Heats Up

President Trump has authorized a round of cyber attacks against Iran, and U.S. companies and agencies are bracing for counter attacks.

The Washington Post reported that the U.S. cyberattack had disabled Iranian missile control systems. The attack was the latest in escalating tensions between the two countries, which includes the recent downing of an unmanned surveillance drone. 

“This operation imposes costs on the growing Iranian cyberthreat, but also serves to defend the United States Navy and shipping operations in the Strait of Hormuz,” said former senior White House cybersecurity official Thomas Bossert.

The Department of Homeland Security Cybersecurity and Infrastructure Agency (CISA) issued an alert warning organizations of potential retaliation from Iranian hackers, including the deployment of “wiper” malware that deletes data from targeted computers and networks. 

“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money,” said CISA director Christopher Krebs 

Cyber warfare is part of what the U.S. government has called “kinetic” actions, i.e. more traditional military operations. Earlier this month, the U.S. Cyber Command reportedly deployed offensive malware against Russia’s electrical grid. 

The post US-Iran Cyberwar Heats Up appeared first on Adam Levin.

Major Vulnerabilities in HSMs Discovered

Yesterday’s announcement of this HSM hacking in the 2019 BlackHat program caused a lot of excitement for a good reason: the authors claim to have discovered unauthenticated remote attacks, giving full control of an HSM and full access to the keys and secrets stored in it.

For the moment, very few details are available in English about how this attack was led by Ledger researchers, but fortunately for Francophones, this work was presented in detail earlier this week at the annual conference on Security of France SSTIC. Francophones can watch the video or read the document proceedings.

What really happened?

For non-Francophones, the Cryptosense bilingual team translated a brief summary of what Ledger researchers Gabriel Campana and Jean-Baptiste Bédrune did. Many technical issues needed to be resolved along the way, as part of a thorough and professional vulnerability survey:

  • They started using the SDK’s legitimate access to test HSM to load a firmware module that would give them a shell inside the HSM.
  • Then, they used the shell to run a fuzzer in the internal implementation of PKCS #11 commands for reliable and exploitable buffer overflows.
  • They verified that they could exploit this buffer overflows out of the HSM, that is, by simply calling the PKCS #11 driver of the host machine.
  • Then they wrote a payload that would overload the access control and allow them, to load an arbitrary firmware (without signature). It is important to keep in mind that this back door is persistent, a subsequent update will not solve it.
  • Then they wrote a module that would dump all the secrets of HSM and load it into the HSM.

What’s latest?

The vulnerabilities have now been fixed. The manufacturer is not mentioned in the presentation, but it is possible to solve it, looking at the latest security announcements of major manufacturers of HSM.

Conclusion 

Well-Funded vulnerability research teams within state intelligence agencies could have done similar work and discovered this attack. The disruption caused by the disclosure of certain secret keys to the financial system of the target country would be very interesting for those seeking to wage cyberwar. The most disturbing part of the attack may be that the firmware update is persistent. There may be HSM deployed in critical infrastructure now with similar backdoors.

Also, Read:

How To Deal With DNS Vulnerabilities?

Vulnerabilities, Stolen Credentials on Dark Web on the Rise

 

The post Major Vulnerabilities in HSMs Discovered appeared first on .

How do you retaliate against a WhatsApp attack? | James O’Malley

Cyberwarfare is on the march, but there is nothing in the Geneva conventions to cover it

We don’t yet know for sure who used Israeli company NSO’s software to hack WhatsApp users – the messaging service’s parent company Facebook has said only that the culprit is an “advanced cyber actor” – but all signs point to it being a government. According to one analysis, NSO has 45 governments as clients including, amazingly, Saudi Arabia and the United Arab Emirates, even though officially these states don’t recognise Israel.

Whoever the culprit, the WhatsApp attack will surely be added to a long list of state-backed attacks that includes Russia’s 2015 takedown of Ukraine’s power grid, China’s persistent intellectual property thefts and North Korea’s attack on Sony Pictures over the film The Interview. And yes, the west does it too – the United States used a cyber-weapon to take down Iran’s nuclear programme in 2010 – the so-called Stuxnet attack.

Related: WhatsApp spyware attack was attempt to hack human rights data, says lawyer

Related: The Guardian view on hacking: a dangerous arms trade | Editorial

Continue reading...