Latest Cell Phone Worm Tricks Users

As the second mobile worm found in the wild for 2009,

The malware is affecting S60 3rd Edition series devices, and has a valid certificate signed by Symbian tricking the mobile device user into thinking it’s a legitimate application. In terms of propagation, “Sexy View” propagates by collecting all the phone numbers from the infected device, and then SMS-es itself to all of them including a link to a web site hosting a copy of it.

With SymbOS/Yxes.A!worm or “Sexy View”, information is the main target.

What’s particularly interesting about SymbOS/Yxes.A!worm is that it appears that the worm’s main objective is to harvest information from the infected devices such as phone numbers, IMEI, IMSI, phone type and OS version. This data harvesting approach is pretty similar to that of email harvesting tools, and in the long term the harvested data will be monetized and resold to phone scammers whose activities are already driving the success of such site as WhoCallsme? and 800notes.

Read more.>

Hackers Take Aim at Smartphones

Connected devices will enter the race this year at the upcoming security conference CanSecWest. While the first challenge will have hackers racing to break into one of several browsers,

“The second challenge will pit hackers against a variety of smartphone operating systems, including Google Inc.'s Android, Microsoft's Windows Mobile and Apple's iPhone operating system, which is a scaled-down version of Mac OS X.”

Here’s what last year’s winner had to say.

"I'm really disappointed that there looks to be no Mac OS X target, as I'm really up to speed on that OS," said Miller, who will be at CanSecWest as a speaker. Although he was confident that he could hack Apple's operating system again, he also said he was up to snuff on both browser and smartphones.

Read more.>

Do You Know Where Your Phone is?

Turns out most people don’t, at least not on a consistent basis, which is a huge liability when it comes to keeping information secure.

“Johannes Ullrich, chief research officer for the SANS Institute, a security research organization, says the biggest threat for cell phone users is leaving their devices behind somewhere, or losing them. And perhaps putting too much data on the device.”

Too much data?

"The information stored on a phone should be limited to information that is required while on the move," he said. "Some phones allow the user to store spreadsheets and other office documents. If any passwords are stored on the phone, they should be encrypted."

As smartphones grow in popularity, so too does interest by thieves, not necessarily for the devices but for the information they hold.

With WiFi, Bluetooth and even your local cab company, find out more tips on how to keep your phone safe and secure.

Hints from Mocana Engineering

What is the difference between an EAP pass-thru authenticator and an EAP standalone authenticator?

A pass-thru authenticator requires a AAA server to do user credential verification, whereas a standalone authenticator has a local username/password or certificate store to verify identity. NanoEAP can act as a standalone as well as pass-thru authenticator. e.g. Critical users may use EAP-TLS certificate authentication, while others might pass-thru to a AAA for simple username / password authentication.

French Fighter Planes Grounded by Virus!

"The virus attacked the non-secured internal French navy network called Intramar and was detected on 21 January. The whole network was affected and military staff were instructed not to start their computers. According to Liberation newspaper, two days later the chiefs of staff decided to isolate Intramar from the military's other computer systems, but certain computers at the Villacoublay air base and in the 8th Transmissions Regiment were infected. Liberation reported that on the 15 and 16 January the Navy's Rafale aircraft were "nailed to the ground" because they were unable to "download their flight plans". The aircraft were eventually activated by "another system".

Read the article. >

"War Cloning -- It's the New Hacker Sport,"

Or so says Chris Paget, a security researcher who, "with a $250 used RFID scanner he purchased on eBay and a low-profile antenna tucked away in his car, recently cruised the streets along Fisherman's Wharf in San Francisco, where he captured -- and cloned -- a half-dozen electronic passports within an hour."

Talking about the security weaknesses of the EPC Gen 2 RFID tags, which are being used in the new wallet-sized passport cards offered by the U.S. Department of Homeland Security, DarkReading’s Kelly Jackson Higgins writes,

Unlike previous RFID hacks that have been conducted within inches of the targeted ID, Paget's hack can scan RFID tags from 20 feet away. "This is a vicinity versus proximity read," he [Paget] says. "The passport card is a real radio broadcast, so there's no real limit to the read range. It's conceivable that these things can be tracked from 100 meters -- a couple of miles."

Paget says he was able to drive his car at 30 miles per hour and capture an RFID tag in a matter of seconds. "The software for [copying them] lets you just choose the tag you want to copy, wave a blank tag in front of it, and it writes it out," he says.

Read the article. >

Zombie Crossing?

Road signs in Austin recently warned of a different kind of traffic -- Zombie traffic.

The road signs, which normally warn drivers about traffic conditions, displayed these warnings: "Zombies ahead ... the end is near... run for cold climates!"

While city officials claimed to FOX News that the tampering could lead to jail time, nobody is going to get in trouble for warning the world about zombies. The company that owns the signs, Sterling Construction, would have to file a complaint with police for any legal action to be taken. Sterling owner Wayne Haggard told local KVUE-TV, "It's Austin. We have a sense of humor. Let it go."

Most of these signs, including the ones owned by Sterling, have a default password. Anyone can walk up to the sign, type the default into the control panel, and reprogram it.

There is a reason why some say default passwords are a hacker's best friend.

Read the article. >

Building Firewalls for Embedded Systems

Despite the fact that there are upwards of 120,000 new malware signatures identified every week, and that attacks on embedded systems are rapidly increasing, most embedded software developers fall into the trap of believing that their devices are safe. Using decade-old rationales, they explain that their devices are immune from malware because of their unique physical and architectural characteristics, such as the use of flash storage and non-x86-based processors.

The truth is, most embedded systems lack at least several of five essential operating security features.

A NEW Mocana white paper discusses a simple tool that can effectively safeguard embedded devices. It’s cheap, easy to implement, and well-understood... but almost never found in embedded systems. What is it? The firewall. Learn more about firewalls, along with information specific to the embedded system environment, including best practices for building embedded firewalls that are inexpensive, efficient and effective.

New Mobile Malware Silently Transfers Account Credit

ZDNet reports.

Five newly found variants of the Trojan-SMS Python Flocker mobile malware … allows users to transfer credit from the infected device by silently SMS-ing the providers credit transfer service with the desired amount of credit.

The scary part is:

For the time being, among the main reasons why we still haven’t witnessed an epidemic of mobile malware, is sadly because cybercriminals are making enough profit even without exploiting the fact that there are more people with mobile devices, than people with personal computers around the world.

Read the article. >

Hints from Mocana Engineering

Can I customize the seeding of Mocana random number generator?

Absolutely. Mocana FIPS 140-2 certified PRNG algorithms can use a default seeding algorithm, which can be disabled or supplemented by another entropy source. Two APIs are available for this purpose: MOCANA_addEntropyBit() and MOCANA_addEntropy32Bits().