Adups — The Spy in your Pocket

written by Antoine Neuenschwander

Smartphones have become inseparable companions of our everyday life. They are so cheap nowadays, you can buy commodity devices running Android OS for less than a hundred Swiss francs. Smartphones aren’t mere wireless telephony devices. They are modern computer systems equipped with a variety of sensors: cameras, microphone, GPS receiver, gyroscopes and accelerometers, etc. They also feature multiple wireless communication interfaces such as multi-generation mobile networking, 2.4 and 5 GHz Wi-Fi, Bluetooth, NFC, etc, which make them a polyvalent communication platform with a quasi permanent Internet connection. Another way of looking at it: using all the components typical smartphones are equipped with, they can be fitted as perfect bugging devices.

On November 15th 2016, Kryptowire published a blog post revealing that „several models of Android mobile devices contained a firmware that collected sensitive personal data about their users and transmitted the data to third-party servers without disclosure or the users’ consent“. The sensitive data includes unique device and user identifiers, but also contact lists, call history, installed applications, and under circumstances text messages as well as fine grained location data. The said firmware originates from Adups, a Shanghai-based company specialized in mobile and IoT technologies. It is part of their FOTA product, a commercial replacement of Google’s Over-The-Air upgrade system, which is used to deploy firmware upgrades to the devices (hence the acronym: Firmware Over The Air). The FOTA component is pre-installed on various brands and models of Android devices manufactured in China. Being installed as a system APK, the software has unrestricted access to all data on the device and cannot be uninstalled.

 

HTTP request originating from a device affected by the Adups backdoor
HTTP request originating from a device affected by the Adups backdoor

Continue reading “Adups — The Spy in your Pocket”

The Jan/Feb 2017 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • The Guardian going post-truth with WhatsApp story?
  • Fruitfly spyware lives long on Macs
  • Good malware – FBI in absurdity trap
  • Star Wars on Twitter – sleeping Twitter botnet with over 350,000 bots discovered

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

The November 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • IT security researchers reveal vulnerabilities in photoTAN procedure for mobile banking
  • DDoS attack via IoT botnet shuts down parts of Internet
  • Triple record: Yahoo loses half a billion customers’ details, more trust than ever and USD 1 billion from its acquisition price

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

The September 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Bug bounties and the Cyber Grand Challenge
  • Pegasus spies on Apple devices, QuadRooter threatens Android
  • A USD 22 billion investment pays off – WhatsApp shares phone numbers with Facebook
  • Now you see them, now you don’t – another multi-million-dollar Bitcoin theft
  • DiskFiltration and Fansmitter attempt to bridge the air gap

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

The July 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • DAO-ism on the ethereal plane – hacker bags cryptocurrency worth USD 50 million
  • Ransomware – smart, greedy and unkillable
  • CANVAS ready to launch – bridging cybersecurity and ethics
  • US border guards want to be your Facebook friend – and other news on anti-terror measures

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

The June 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • A RUeful tale – unknown cyberattackers steal 20 gigabytes of data from RUAG
  • Twitter shuts the door on US intelligence services
  • iPhone stays locked – Touch ID demands a password after 48 hours
  • Passwords for e-banking and suchlike? You can soon forget them!

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

The May 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Faster than Odysseus – e-banking Trojan Gozi attacks Switzerland via news website
  • Heartbreak remote – chip implants and the security of implanted, software-driven medical devices
  • One point three million dollar phone – FBI spends big in iPhone hacking dispute with Apple
  • It looks horrible, and it is – Jigsaw causing terror once again, this time in digital form

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

The April 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Probably the most expensive typo ever foils probably the biggest attempted bank robbery ever
  • Switzerland targeted by various hacker groups? Series of DDoS attacks on Swiss websites
  • Connected cars “one of this generation’s biggest security risks”
  • Done and dusted – the new Federal Act on the Surveillance of Post and Telecommunications

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

The March 2016 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Torpedoed for a fistful of dollars – university helps authorities spy on Tor users
  • Crypto Wars 3.0 – will the FBI be given a licence to snoop, or can – Apple successfully lock down the unlocking?
  • Deadly bugs in hospital – ransomware Trojan Locky shuts down entire clinics and more
  • Mission: Possible – Big Data and automated law enforcement

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 

New SWITCH Security Report available

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Does PrivaTegrity spell the end of crypto wars? David Chaum’s new encryption system bridges gap between completely anonymous communication and crime prevention
  • The boss is listening, and it’s OK – controlled surveillance of private communications at work does not violate human rights
  • Yesterday’s science fiction, today’s reality – forecasting software and systems to spot crimes before they are committed
  • A patchy start to the year – reports of security issues read like a who’s who of network equipment suppliers

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

Get ready for “cybercrime as a service”!

In our new SWITCH Story our security expert Serge Droz discusses cybercrime in 2015.

“Various reports and studies have shown that .ch is among the most secure top-level domains in the world. […] SWITCH wants to step up its activities to combat the misuse of domains.”

“In general, however, we can say that cybercriminals are driven by money, and they’ll keep seeking out new strategies to get their hands on it. They won’t stop taking us by surprise.”

Read the full story here!

Happy Christmas to all of you!

Dear Reader!

The SWITCH Security Team wishes you a Merry Christmas and a Happy New Year!

Our blog will be taking a break for Christmas. We will be back in January with further exciting news and information from the world of IT security.

Thank you for your interest in our blog, we look forward to greeting you in 2016.

Icon_mensch_interaktion_virenbekämpfung_waffe_virus

New SWITCH Security Report available – Invitation to take part in a Reader Survey

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Pavlov in Paris – how the conditioned response to terrorist attacks links the real and online worlds
  • «Added value» as standard – new devices delivered complete with malware and extra vulnerabilities
  • Silent profilers – audio beacons allow advertisers to operate extensive tracking
  • Ads, adblockers, anti-adblockers, anti-adblock killers – the arms race continues
  • The Clipboard: interesting presentations, articles and videos

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

Invitation to take part in the SWITCH Security Report Reader Survey

SWITCH is carrying out a reader survey on the Security Report, and we would be grateful if you could share your views on how we can improve it. Your help will allow us to enhance the Security Report, and tailor it better to your needs.

It goes without saying we will handle your responses in the strictest of confidence and with due discretion. With this in mind, all of the information you provide will be analysed in completely anonymised form.

Please complete the questionnaire by Friday, 18 December 2015 at the latest. It will take you roughly 8-10 minutes.

You can take the survey at one of the following links:

German: http://swit.ch/befragung-secrep

English: http://swit.ch/survey-secrep

Please don’t hesitate to contact us if you have any questions about completing the survey!

Many thanks for taking part and helping us.

A Yeti in the DNS

written by Yves Bovard

Most of the time, the Internet works without any problem; we can just power on our computer and start surfing… ok, most of the time. Many things have to be reliable to make this possible: power, cables, routers, computers, software and, last but not least, the DNS. This last point is one of the most critical parts of the Internet. Each time we read our favorite online newspapers, each time we check our e-mails, write and reply to them, or more generally, each time we use the Internet, many queries are sent to DNS servers to convert (more or less) meaningful Web addresses to IP addresses. And this is only the tip of the iceberg.

In the early days of the Internet, this task was handled by a single file. During the 1980s, however, it became clear that such a method was not scalable enough. The DNS was thus born. Three parts were designed. First, the stub resolver is located on your computer. It receives your question: what is the IP of www.switch.ch? This question is transformed to a standard DNS message and sent over the network to the second part, the resolvers. These are able to find an answer almost instantly, either because somebody has already looked for it or by querying the third part, the authoritative servers, located somewhere on the Internet. They are structured in a hierarchical tree, with root servers at the top. Some of them know the answer to the question you asked.

Nowadays, the authoritative root of the tree is made up of 13 servers named alphabetically from a.root-servers.net to m.root-servers.net. In reality, a technique named anycast allows a much larger number of servers around the world to listen out for (and answer with) the same address. For example, k.root-server.net actually comprises 33 nodes spread all across the globe. To analyse the workload of the DNS, DNS OARC (DNS Operations Analysis and Research Center) computes yearly statistics (Day in The Life of the Internet, DITL). In 2015, it used a time window of three days and found that 10 of the 13 root servers answered about 60 billion queries in this period.

The current state of this infrastructure is robust. A single server failing to respond does not affect the availability. When a server is overloaded, we can just add more servers to spread the traffic. The size and complexity of this infrastructure make it hard to analyse. The new Yeti DNS Project (www.yeti-dns.org) aims to study it by asking the following questions and more:
Continue reading “A Yeti in the DNS”

The November 2015 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • No safe harbour in the Land of the Free – EU Court of Justice restricts data transfer to US
  • A different kind of virus – medical equipment hackable online on a grand scale
  • Viruses, scanned – free anti-virus programs almost as good as those you pay for
  • Let’s hear it, buddy! ETH Zurich research team simplifies two-factor authentication with sound recognition
  • Situation critical – researchers find vulnerabilities in 87% of all Android devices

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.