Hacking Traffic Lights is Amazingly Really Easy

Hacking Internet of Things (IoTs) have become an amazing practice for cyber criminals out there, but messing with Traffic lights would be something more crazy for them.

The hacking scenes in hollywood movies has just been a source of entertainment for the technology industry, like we've seen traffic lights hacked in Die Hard and The Italian Job, but these movies always inspire hackers to perform similar hacking attacks in day-to-day life.

Security researchers at the University of Michigan have not only hacked traffic light signals in real life, but also claimed that it’s actually shockingly easy to perform by anyone with a laptop and the right kind of radio. If we compare the traffic light hacks in movies and real life, the reality is much easier.

In a paper study published this month, the security researchers describe how a series of major security vulnerabilities in traffic light systems allowed them to very easily and very quickly seized control of the whole system of at least 100 traffic signals in an unnamed Michigan city from a single point of access.

Researchers took permission from a local road agency before performing the hack, but they did not disclose exactly where in Michigan they did their research.

‟Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the paper explained.

SECURITY HOLES IN TRAFFIC LIGHT SYSTEMS

The team, led by University of Michigan computer scientist J. Alex Halderman, said that the networked traffic systems are left vulnerable to three major weaknesses:

• unencrypted radio signals,
• the use of factory-default usernames and passwords, and
• a debugging port that is easy to attack

This left the network accessible to everyone from cyber criminals to young hackers.

“The vulnerabilities we discover in the infrastructure are not a fault of any one device or design choice, but rather show a systemic lack of security consciousness,” the researchers report in a paper.

In an effort to save on installation costs and increase flexibility, the traffic light system makes use of wireless radio signals rather than dedicated physical networking links for its communication infrastructure - this hole was exploited by the researchers. Surprisingly, more than 40 states currently use such systems to keep traffic flowing as efficiently as possible.

“The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case,” the team said. “We investigate a networked traffic signal system currently deployed in the United States and discover a number of security flaws that exist due to systemic failures by the designers. We leveraged these flaws to create attacks which gain control of the system, and we successfully demonstrate them on the deployment.”

WIRELESS SECURITY IN QUESTIONS

The Traffic light systems use a combination of 5.8GHz and 900MHz radio signals, depending on the conditions at each intersection, for wireless communication in point-to-point or point-to-multipoint configurations. The 900MHz links use "a proprietary protocol with frequency hopping spread-spectrum (FHSS)," but the 5.8GHz version of the proprietary protocol isn't terribly different from 802.11n.

The researchers says that anyone with a laptop and a wireless card operating on the same frequency as the wirelessly networked traffic light — in this case, 5.8 gigahertz — could access the entire unencrypted network.

DEBUG PORT

Now, after gaining access, next was to communicate with one of the controllers in their target network. This was done very easily due to the fact that this system’s the control boxes run VxWorks 5.5, a version which by default gets built from source with a debug port left accessible for testing.

“By sniffing packets sent between the controller and this program, we discovered that communication to the controller is not encrypted, requires no authentication, and is replayable. Using this information, we were then able to reverse engineer parts of the communication structure,” the paper reads.

“Various command packets only differ in the last byte, allowing an attacker to easily determine remaining commands once one has been discovered. We created a program that allows a user to activate any button on the controller and then displays the results to the user. We also created a library of commands which enable scriptable attacks. We tested this code in the field and were able to access the controller remotely.”

This debug port allowed researchers to successfully turned all lights red or alter the timing of neighboring intersections — for example, to make sure someone hit all green lights on a given route.

More worrying part is the ability of a cyber criminal to perform DoS Attack on controlled intersections by triggering each intersection’s malfunction management unit by attempting invalid configurations, which would put the lights into a failure mode.

SOLUTION TO PROBLEM

At last, the team called for manufacturers and operators to improve the security of traffic infrastructure. It recommended that the traffic-system administrators should not use default usernames and passwords, as well as they should stop broadcasting communications unencrypted for “casual observers and curious teenagers” to see.

"While traffic control systems may be built to fail into a safe state, we have shown that they are not safe from attacks by a determined adversary," the paper concluded.

Moreover, they also warned that devices like voting machines and even connected cars could suffer similar attacks.

Source : thehackernews 

  

AdThief' Chinese Malware Infects Over 75,000 Jailbroken iOS devices

If you have jailbroken your iPhone, iPad, or iPod touch and have downloaded pirated tweaks from pirated repositories, then you may be infected by “AdThief” malware, a Chinese malware that is now installed on more than 75,000 iPhone devices.

According to a recent research paper published on Virus Bulletin by the Security Researcher Axelle Apvrille, the malware, also known as "spad," was first discovered by security researcher Claud Xiao in March this year.

Till now, AdThief aka Spad malware has hijacked an estimated 22 million advertisements and stealing revenue from developers on the iOS jailbreak community, Axelle Apvrille says.

 

The malware allegedly infects iOS jailbroken devices by disguising itself as Cydia Substrate extension, presents only on jailbroken Apple devices, when a malware infected Cydia package is downloaded and installed by the unsuspecting user.

Once installed, the malware modifies certain advertisements displayed on your iOS devices in an effort to redirect all the revenues to malware developer. In short, if you download or install a free ad-supported iOS app from the App Store, all of the cash generated by that app goes to the cyber criminal behind AdThief rather than the app’s developer.

 

"In other words, each time you view or click an ad on an infected device, the corresponding revenue goes to the attacker, and not to the developer or the legitimate affiliate," Apvrille said. "[AdThief] hooks various advertisement functions and modifies the developer ID (promotion ID) to match that of the attacker."

 

Adthief has targeted advertisements from 15 popular mobile advertising networks, including Google’s AdMob and Mobile Ads, AdWhirl, MdotM, and MobClick, four of which were based in the US, two in India and the remainder in China.

The security researcher was able to identify the targets because the hacker mistakenly forgot to remove identifying information from the code. Further investigation allowed Apvrille to identify the coder who ran a blog providing details of various Android hacks, a Github and inactive Twitter account. Researcher located a Chinese vxer Rover 12421 who admitted writing the AdThief code but denied propagating it.

According to the researcher, the number of infected devices by the malware is small if compared to the figure of iOS devices in use, attackers likely generated significant revenue with an estimated 22 million advertisements hijacked.

The most important thing about this particular hack is that there is no way to find out if your device is infected by AdThief malware, because it runs in the background and is almost impossible to detect. Users of unmodified iOS devices need not to worry as they are safe from this malware infection.

Users of jailbroken Apple iOS devices are recommended to avoid downloads from untrusted repositories. Always be careful about adding new sources, and also be suspicious of those sources that promise pirated downloads of paid apps or tweaks.

 

Microsoft Fixes Faulty Patch Update that Caused Windows 'Blue Screens of Death'

Microsoft today reissued a security update for Windows to the faulty update that previously caused PCs to suffer Blue Screen Of Death

The new security update comes almost two weeks after reports emerged that the dodgy update crippled users’ computers with the infamous “Blue Screens of Death.” The company later advised people to uninstall the update, but now it has fixed the issue.

 

"This month we had our first roll out with additional non-security updates. A small number of customers experienced problems with a few of the updates," Tracey Pretorius, director of Microsoft Trustworthy Computing, wrote in a blog post. 

"As soon as we became aware of some problems, we began a review and then immediately pulled the problematic updates, making these available to download. We then began working on a plan to re-release the affected updates."

The offending Microsoft patch identified as MS14-045, fixes Windows kernel vulnerabilities in 47 of Microsoft's systems which the company marked as important, can cause system crashes forcing users to reboot it.

Soon after the initial release of the patch, the issue surfaced on Microsoft’s support forum where customers started posting messages on an eventually-lengthy thread saying that their systems, specially users running Windows 7 PCs with the 64bit version, had been bricked with an error message and ensuing "Blue Screen of Death."

This update flashed a message on the screen that reads: “Your PC ran into a problem and needs to restart. We’re just collecting some error info and then we’ll restart for you (0% complete).”

The BSoD-triggering patch was really an embarrassment for Microsoft and it quietly told customers to uninstall the MS14-045 update.

Now, after testing the patches against its huge codebase, Microsoft Security Response Center (MSRC) came up with a security fix and the update is available once again for download, but now known as KB2993651.

So, if you have KB2982791 installed, we recommend you to uninstall it and download KB2993651 instead. You don't necessarily have to uninstall the old update, but it is highly recommended you to do so.

Those who have not enabled automatic updates are advised to visit the Microsoft site and download the patch manually, as soon as possible.

Google Chrome 64-bit arrives for Windows 7 and Windows 8

Along with the launch of 32-bit Chrome 37, Google today also released the 64-bit version of Chrome for Windows 7 and Windows 8 in the stable channel. Nevertheless, going 64-bit is still an opt-in process: to take advantage you have to hit the new “Windows 64-bit” download link over at google.com/chrome.

Google first launched Chrome 64-bit back in June, but only in the browser’s Dev and Canary channels. The beta channel received the same treatment in July, and now it’s finally available in the stable channel.

Google has found that the native 64-bit version has improved speed on many of its graphics and media benchmarks:

For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15 percent improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects. 

The 64-bit version is faster because it can take advantage of the latest processor and compiler optimizations, a more modern instruction set, and a calling convention that allows more function parameters to be passed quickly by registers. It is more secure, since Chrome can take advantage of the latest OS features such as High Entropy ASLR on Windows 8, better defend against exploitation techniques such as JIT spraying, and improve the effectiveness of existing security defense features like heap partitioning.

Overall, it should also be more stable, yet despite the stable channel release you should still expect some issues. Google says the only significant one (that the company knows of) is the lack of 32-bit NPAPI plugin support, although that’s on its way out anyway.

Google says it plans to support the 32-bit channel “for the foreseeable future.” The company didn’t say, however, when the 64-bit channel will no longer be opt-in, or when it would become the default option for 64-bit Windows users.

How to Jailbreak iOS 7.1-7.1.x with Pangu 1.2.1 (Updated for Jailbreak Issues)

Pangu jailbreak for iOS 7.x has been updated to 1.2.1 for Windows with a few bug fixes. If you haven’t jailbroken your iPhone or are facing issues with a jailbroken iPhone, here’s your chance to jailbreak/re-jailbreak with the latest version of Pangu.

The new update comes almost right after Pangu v1.2 came out about a few days back. Both 1.2 and this one have minor changes but an important one if you’ve been having problems with boot or anything else on your iPhone.

Jailbreaking using Pangu is almost as easy as it was with evasi0n, the tool that we used to jailbreak iOS 7 and 7.0.x with.


How to Jailbreak your iPhone/iPad with Pangu 1.2.1

 Step #1. Download Pangu 1.2.1 (for Windows at the moment)

Step #2. Make sure your iPhone doesn’t have a passcode.

Step #3. Change the date of your iPhone to something earlier than June 1, 2014.

Step #4. Now, connect your iPhone and run Pangu 1.2.1.

Step #5. Click on “Jailbreak” to initiate the process.

Step #6. Now, your iPhone will possibly do a reboot and you should see the Pangu icon on the homescreen. When you’re prompted to tap on it, do so.

Step #7. The jailbreak process will continue for a little while and your iPhone should go into a reboot again. Once the jailbreak finishes, you should see Cydia up on the homescreen.

Pangu was a surprising release this year and a welcome one at that. The initial tool from evad3rs could jailbreak devices running on iOS 7 and 7.0.x. When Apple released iOS 7.1, some patch was fixed and evasi0n couldn’t be used to jailbreak iOS 7.1.

Apple followed iOS 7.1 with other minor updates (resulting in iOS 7.1.1 and 7.1.2).

Pangu can jailbreak all iOS devices that run iOS 7.x (this includes iOS 7.1, 7.1.1, 7.1.2).

Pangu hasn’t been very hassle-free though. We’ve run into boot-loop issues here when we tried to jailbreak an iPhone running iOS 7.1. Most old iPhones do face a few problems when you jailbreak using Pangu but then a couple of rejailbreaks later, everything works fine.
Pangu 1.2 and 1.2.1 try to fix these little issues and quicks.

Google Patches 50 Security Vulnerabilities in Chrome Browser Update

Google has plugged 50 security vulnerabilities in the latest update to the Chrome browser.
Among the issues fixed in Chrome 37 are a number of bugs that can be used together to break out of the Chrome sandbox and execute code remotely. That discovery earned the researcher behind it a $30,000 bug bounty. Several other vulnerabilities earned researchers between $500 and $4,000.

Here are some of the bugs fixed in the update and their associated rewards:

[$30000][386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox.

[$2000][369860] High CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer.

[$2000][387389] High CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak.

[$1000][390624] High CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu.

[$4000][390928] High CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer.

[$1500][367567] Medium CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey.

[$2000][376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar.

[$500][389219] Medium CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte Kettunen from OUSPG.

"We would also like to thank Collin Payne, Christoph Diehl, Sebastian Mauer, Atte Kettunen, and cloudfuzzer for working with us during the development cycle to prevent security bugs from ever reaching the stable channel," according to Google. "$8000 in additional rewards were issued."

BetterWifi7 Cydia Tweak for iOS 7: Finest Wifi Enhancement Suite for the iPhone

There aren’t very many Wi-fi related tweaks on Cydia right now. At first glance, it might seem normal: after all, what extra features would the Wi-fi settings page on iPhone need? It looks and works fine (except for a few things of course).
But here’s a tweak that changes it all. BetterWifi7 by Simon Selg is a fantastic Cydia tweak that adds some really cool features to the Wi-fi settings. The features read like a list of “oh these should have been put there by default” ones.

BetterWifi7 adds a slue of features to Settings → Wifi. They are not just visual. They’re totally functional too. Here’s a sampling of the features that caught our attention:

#1. Pull to refresh: How many times have you had to toggle the Wifi switch just to refresh the list? (your iPhone actually automatically refreshes the list frequently but more control is always nice). BetterWifi7 adds a pull to refresh feature which works just like how Mail/Stocks app do. Pull down to refresh the Wifi list.

#2. Open Networks Only: BetterWifi7 puts this toggle under Wifi settings which filters the Wifi networks around you. It shows you only the open networks so that you can pick on easily.

#3. Remove RSSI Limit: Apple sets a threshold limit (of signal strength) beneath which it won’t try to detect or connect to a Wifi signal. This switch makes sure this is bypassed. Your iPhone will search for low-strength signals too and try to connect. May cause battery issues though.
Besides these, there are few additional visual cues.

For instance, BetterWifi7 will show (under the Wifi name), the signal strength and the security mode (WPA, WEP etc.) of the Wifi networks. This is not extremely useful (the signal strength feature is) unless you’re some kind of a techie there.

Also, if you’ve connected to a network before, BetterWifi7 will keep track of all that info and remember the passwords. It also lets you copy passwords.

And there’s also a CleverPin-like auto-passcode-lock-disable feature which disables passcodes when you’re connected to a known Wifi network. (however, BetterWifi7 uses a different key to authenticate).

It’s a paid tweak but it’s well worth the $1.50 you’ll spend. The tweak is up on BigBoss repo.
Compatibility: all iOS 7.x devices

iPhone Battery Drain? Here’s An App That Might Help You Get More Battery-life

Battery issues on the iPhone is a consistent pain in the you-know-where. It’s so common, so frequent and so rampant that we find ourselves writing about how to get more juice out of your iPhone’s battery very frequently.
I just stumbled across this app thanks to some suggestions by a few tech-bloggers. “Normal: Battery Analytics” is an iPhone app that might help you get more battery-time on your iPhone. And it’s basically through analytics of how much resources apps consume on your iPhone.

The basic idea of Normal: Battery Analytics is to figure out what apps are eating away at your iPhone’s battery. It then suggests that you kill those apps (close them from the multi tasking switcher). But this is not all.
Normal: Battery Analytics goes way beyond telling you what apps you need to close. Read on.

 In-depth Analytics of Apps
Normal’s analytics is not just about your device. It collects app-usage-stats from your iPhone and then compares it with the data it has collected from all other users who use Normal.

While not a new approach to analytics, this is probably one of the first apps to do this in the realm of battery management on iPhone.
By comparing data, Normal can tell you if that Snapchat app you use is causing battery drain on your device only or if it’s generally the case that Snapchat app causes battery issues on most users’ devices.

Doesn’t Stop with Quitting an App
Normal: Battery Analytics does not just say, “hey, this app is using up a lot of battery so quit it”. It goes on to say, “hey, I found that you use this app a lot and if you avoid it, you might save these many hours of battery every day.”

The app collects data over a period of time. It knows how much you use Facebook and with that, it pulls the average battery time consumption. And then it suggests apps that you can avoid/uninstall to enhance your iPhone’s life.


A Fabulous, Minimal Interface
Normal comes with a flat interface that’s also minimal, clean and informative. All information is also textual so there’s almost no room for confusion.

What I really like about Normal: Battery Analytics is that it is very contextual while also telling you how most other people use the apps (for comparison). Sometimes, you know if you’re using an app more than you really should (in the case of apps that are really distractions) or if you’re using an app well (in the case of apps that help you be more productive.)

We’ve suggested quitting/killing apps in the background as a battery-life enhancement tip, but it’s a blanket solution that doesn’t really tell you which app is draining your iPhone. Normal: Battery Analytics will do this for you. That’s why it gets our must-have recommendation.

Best Cydia Sources/Repos of 2014 for iOS 7.x Tweaks and Mods

The best way to discover cool Cydia tweaks, themes, mods and get troubleshooting help is through the community. The jailbreak community is spread over a vast area, with some really awesome forums being hosted by popular websites.
If you’re looking to jailbreak your iPhone/iPad, there’s  Pangu for IOS 7.x . Here’s a list of the most popular and most useful iOS 7 Cydia repos / sources of 2014.

Best Cydia Sources/Repos for iOS 7.x
Repo: BigBoss
Source: http://apt.thebigboss.org/mobileweb/index.php

BigBoss is the single largest source of most popular tweaks. You’ll find most of the popular iOS 7 tweaks showing up on BigBoss. Developers submit their tweaks here to reach a wide audience. The tweaks in BigBoss are usually checked for inconsistencies etc. This comes as a default repo with Cydia but you can remove it. Well, removing it doesn’t make any sense though.

Repo: ModMyi
Source: http://apt.modmyi.com/
Right next to BigBoss, it’s ModMyi (although some folks would argue the opposite). ModMyi hosts a lot of tweaks too, many of them insanely popular. ModMyi also comes with a lot of mods too although it would be less interesting than the tweaks themselves.

Repo: Rpetri.ch
Source: http://rpetri.ch/repo/
Ryan Petrich is a lead developer when it comes to intelligent, smart and ingenious tweaks. He is the guy behind tweaks like Activator, DisplayRecorder, BrowserChooser. We hear he’s got a lot of new stuff on the works for iOS 7 and it would be pretty interesting to test them out. This is a must-have repo for everyone interested in Cydia tweaks.

Repo: iSpazio
Source: http://repo.ispazio.net
iSpazio is a good source for tweaks, mods and other things. As the community develops compatibility and stability for iOS 7 tweaks, I expect iSpazio to feature new tweaks and mods that would work on iOS 7 devices.

Rogue Repos

Besides the genuine ones, there are also other repos which feature cracked versions of the tweaks. It’s piracy and we don’t support it. But in certain cases like HackYouriPhone, we’ve had the chance to download some interesting tweaks and mods that are not available elsewhere. Proceed with caution.

Repo: Insanlyi.com
Source: http://repo.insanelyi.com
Features: tweaks, mods

Repo: BiteYourApple
Source: http://repo.biteyourapple.net
Features: tweaks, mods
Repo: HackYouriPhone
Source: http://repo.hackyouriphone.org
Features: tweaks, ringtones, mods

iOS 7.1 / 7.1.1 / 7.1.2 Untethered Jailbreak Released

Pangu jailbreak available for Windows and Mac can jailbreak all devices on the latest Apple iOS firmware version. If you are looking to jailbreak your device using Pangu, simply follow the tutorial linked above to jailbreak iOS 7.1 or iOS 7.1.2 on any iPhone, iPad and iPod touch.

Compatible devices:

• iPhone 5s
• iPhone 5c
• iPhone 5
• iPhone 4s
• iPhone 4
• iPad Air
• Retina iPad mini
• iPad mini
• iPad 4, 3, 2
• iPod touch 5

Compatible iOS firmware:

• iOS 7.1.2
• iOS 7.1.1
• iOS 7.1

Timeline of how the jailbreak happened:
In March, Apple released iOS 7.1 in which Evasi0n7 untethered jailbreaking tool, as expected, was patched by the Cupertino-based company.
Later in the same month, Winocm posted a video on YouTube demonstrating iOS 7.1 untethered boot on an A4-based iPhone 4. No time frame was given for its release. This was immediately followed by iH8sn0w who claimed on Twitter that his iPhone 4s is jailbroken on iOS 7.1. But details, as usual, were scarce, and it was unknown on when the actual jailbreak will be made available to the public.
iOS 7.1.1 was released in April. In May, i0n1c, Winocm and Yeongjin all managed to jailbreak iOS 7.1.1 independently. i0n1c’s one was called Cyberelevat0r. There was still no word on public ETA from any of them.

 In June, out of no where, a team of Chinese developers released Pangu iOS 7.1.1 untethered jailbreak which worked on all devices.

i0n1c claimed that the exploits used in Pangu jailbreak were actually stolen from him from folks who took one of his training classes early in the year.

On June 30th, Apple released a bug fix iOS 7.1.2 update which didn’t patched the exploits used in Pangu jailbreak. The developers behind Pangu updated the software for both Windows and Mac with full support for iOS 7.1.2 untethered jailbreak on all the iOS devices. 

Source : redmondpie.com

Jobvite Recruitment Service Website Vulnerable to Hackers

Jobvite, a recruiting platform for the social web, is found vulnerable to the most common, but critical web application vulnerabilities that could allow an attacker to compromise and steal the database of the company.

Jobvite is a Social recruiting and applicant tracking created for companies with the highest expectations of recruiting technology and candidate quality. Growing companies use Jobvite's social recruiting, sourcing and talent acquisition solutions to target the right talent and build the best teams.

An independent security researcher Mohamed M. Fouad from Egypt, has found two major flaws in Jobvite website that could be leveraged or used by an attacker to comprise the company’s server. As a responsible security researcher, Fouad reported the critical flaws three months ago, but the company didn’t fix till now.

According to Fouad, Jobvite is vulnerable to a Boolean SQLi (SQL injection) and LFI (local file inclusion) vulnerabilities, which he found was one of the best security vulnerabilities he has ever discovered.

SQL INJECTION VULNERABILITY

SQLi or SQL injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. The attackers take advantage of improper coding of your web applications that allows them to inject SQL commands into, say, a login form to allow them to gain access to the data held within your database.

LFI VULNERABILITY

LFI or Local File Inclusion is a type of vulnerability most often found on websites that allows an attacker to include a local file, usually through a script on the web server, which occurs due to the use of user-supplied input without proper validation. This can lead to code execution on the web server or on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS), Denial of service (DoS) and Data theft or manipulation.

Mohamed told The Hacker News that SQLI Vuln in the Jobvite website allows him to gain access to the company’s database which includes the confidential data of its admin users along with the emails and passwords.

Using LFI Vuln an attacker can get access to the critically important files stored on the web server i.e. /etc/passwd or /etc/hosts. Fouad used the LFI flaw which allowed him to view all the company’s LINUX server user accounts exists.

Source : thehackernews.com