SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


1 Comment

Money for Nothing and Coins for Free

written by Antoine Neuenschwander

Beginning in mid-September 2017, we started seeing a new abuse scheme on .ch and .li domains. The websites in question were running on outdated software and inevitably, hackers exploited some well-known vulnerability in order to inject malicious code. At this point we would usually expect an exploit kit in the website’s content with the purpose of infecting the victim’s machine with malware. In these cases however, the Javascript inject often looked somewhat like the following:

This code is designed to run in the background of the victim’s browser and immediately starts an endless loop of intensive computations at full pace, effectively turning the browser into a hash-crunching mule for the sake of distributed mining of cryptocoins, with profits going directly to the hacker.

Continue reading


1 Comment

11th October 2017, DNSSEC key rollover of the root zone, be ready the key is here!

On the 27th September, ICANN announced the postponement for the KSK rollover. More information can be found here.

written by Yves Bovard

No, this is not a kind of secret message nor a new ice-cream. On 11th October 2017 the root zone will be signed with a new key. Ladies and gentlemen, update your DNS resolver. As of July 11th, the new key is published in the root zone and your resolver should start updating its trust anchors automatically!

Continue reading


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Cybercriminals increasingly targeting Mac users
  • Malware fitted as standard for Android
  • Switzerland breaks taboo of Net neutrality for sake of CHF 320 million
  • Internet of Things toys spying on children of all ages

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

Mobile Malware


Adups — The Spy in your Pocket

written by Antoine Neuenschwander

Smartphones have become inseparable companions of our everyday life. They are so cheap nowadays, you can buy commodity devices running Android OS for less than a hundred Swiss francs. Smartphones aren’t mere wireless telephony devices. They are modern computer systems equipped with a variety of sensors: cameras, microphone, GPS receiver, gyroscopes and accelerometers, etc. They also feature multiple wireless communication interfaces such as multi-generation mobile networking, 2.4 and 5 GHz Wi-Fi, Bluetooth, NFC, etc, which make them a polyvalent communication platform with a quasi permanent Internet connection. Another way of looking at it: using all the components typical smartphones are equipped with, they can be fitted as perfect bugging devices.

On November 15th 2016, Kryptowire published a blog post revealing that „several models of Android mobile devices contained a firmware that collected sensitive personal data about their users and transmitted the data to third-party servers without disclosure or the users’ consent“. The sensitive data includes unique device and user identifiers, but also contact lists, call history, installed applications, and under circumstances text messages as well as fine grained location data. The said firmware originates from Adups, a Shanghai-based company specialized in mobile and IoT technologies. It is part of their FOTA product, a commercial replacement of Google’s Over-The-Air upgrade system, which is used to deploy firmware upgrades to the devices (hence the acronym: Firmware Over The Air). The FOTA component is pre-installed on various brands and models of Android devices manufactured in China. Being installed as a system APK, the software has unrestricted access to all data on the device and cannot be uninstalled.

 

HTTP request originating from a device affected by the Adups backdoor

HTTP request originating from a device affected by the Adups backdoor

Continue reading


The Jan/Feb 2017 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • The Guardian going post-truth with WhatsApp story?
  • Fruitfly spyware lives long on Macs
  • Good malware – FBI in absurdity trap
  • Star Wars on Twitter – sleeping Twitter botnet with over 350,000 bots discovered

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


The November 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking
  • DDoS attack via IoT botnet shuts down parts of Internet
  • Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


2 Comments

The September 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Bug bounties and the Cyber Grand Challenge
  • Pegasus spies on Apple devices, QuadRooter threatens Android
  • A USD 22 billion investment pays off – WhatsApp shares phone numbers with Facebook
  • Now you see them, now you don’t – another multi-million-dollar Bitcoin theft
  • DiskFiltration and Fansmitter attempt to bridge the air gap

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.