SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Cybercriminals increasingly targeting Mac users
  • Malware fitted as standard for Android
  • Switzerland breaks taboo of Net neutrality for sake of CHF 320 million
  • Internet of Things toys spying on children of all ages

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

Mobile Malware


Adups — The Spy in your Pocket

written by Antoine Neuenschwander

Smartphones have become inseparable companions of our everyday life. They are so cheap nowadays, you can buy commodity devices running Android OS for less than a hundred Swiss francs. Smartphones aren’t mere wireless telephony devices. They are modern computer systems equipped with a variety of sensors: cameras, microphone, GPS receiver, gyroscopes and accelerometers, etc. They also feature multiple wireless communication interfaces such as multi-generation mobile networking, 2.4 and 5 GHz Wi-Fi, Bluetooth, NFC, etc, which make them a polyvalent communication platform with a quasi permanent Internet connection. Another way of looking at it: using all the components typical smartphones are equipped with, they can be fitted as perfect bugging devices.

On November 15th 2016, Kryptowire published a blog post revealing that „several models of Android mobile devices contained a firmware that collected sensitive personal data about their users and transmitted the data to third-party servers without disclosure or the users’ consent“. The sensitive data includes unique device and user identifiers, but also contact lists, call history, installed applications, and under circumstances text messages as well as fine grained location data. The said firmware originates from Adups, a Shanghai-based company specialized in mobile and IoT technologies. It is part of their FOTA product, a commercial replacement of Google’s Over-The-Air upgrade system, which is used to deploy firmware upgrades to the devices (hence the acronym: Firmware Over The Air). The FOTA component is pre-installed on various brands and models of Android devices manufactured in China. Being installed as a system APK, the software has unrestricted access to all data on the device and cannot be uninstalled.

 

HTTP request originating from a device affected by the Adups backdoor

HTTP request originating from a device affected by the Adups backdoor

Continue reading


The Jan/Feb 2017 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • The Guardian going post-truth with WhatsApp story?
  • Fruitfly spyware lives long on Macs
  • Good malware – FBI in absurdity trap
  • Star Wars on Twitter – sleeping Twitter botnet with over 350,000 bots discovered

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


The November 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking
  • DDoS attack via IoT botnet shuts down parts of Internet
  • Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


2 Comments

The September 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Bug bounties and the Cyber Grand Challenge
  • Pegasus spies on Apple devices, QuadRooter threatens Android
  • A USD 22 billion investment pays off – WhatsApp shares phone numbers with Facebook
  • Now you see them, now you don’t – another multi-million-dollar Bitcoin theft
  • DiskFiltration and Fansmitter attempt to bridge the air gap

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


The July 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • DAO-ism on the ethereal plane – hacker bags cryptocurrency worth USD 50 million
  • Ransomware – smart, greedy and unkillable
  • CANVAS ready to launch – bridging cybersecurity and ethics
  • US border guards want to be your Facebook friend – and other news on anti-terror measures

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


The June 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • A RUeful tale – unknown cyberattackers steal 20 gigabytes of data from RUAG
  • Twitter shuts the door on US intelligence services
  • iPhone stays locked – Touch ID demands a password after 48 hours
  • Passwords for e-banking and suchlike? You can soon forget them!

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.