Hardware Security – National Cyber Security Institute

Ultrasonic attacks on Speech recognition systems

Researchers out of Zhejiang University have done ultrasound experiments on Speech recognition systems such as Siri, Google now, Amazon’s Alexia, and other Speech recognition devices to see if they can get modulated voice commands to work in frequencies of 20KHz or higher. The University has named the method the DolphinAttack.

The activation commands that they tried were things like “OK Google”, “Alexa”, and “Hey Siri”. The commands they gave after activation were things like “Open dolphinattack.com” and “Call 1234567890”. The experiment was tested on 7 speech recognition systems on 16 different devices. The attack was successful on all systems and all devices from various distances.

Some of the things that affected the attack were what the command was, such as “Call 1234567890” had much better results than “open dolphinattack.com”. Another thing is the distance from the device that was being attacked. The furthest attack was on Siri on the Iphone 4 and on Amazon’s Alexa on echo. Those two devices registered commands from over 6 feet away. The third thing that effected the attack was background noise. On the street the command “turn on airplane mode” was only successful only about 30% of the time where in a cafe it worked about 80% of the time and in a quite office it worked 100% of the time. The one thing that didn’t seem to affect the attack was what language the command was spoken in.

Some of the proposed defenses against this sort of attack were both hardware and software based. The reseachers suggest that the mics in the phone be enhanced by suppressing acoustic signals in the ultrasound range. The software based defense they propose is that it looks at the features of real voice commands vs modulated commands which have distinct acoustic features.

Sources:

Pacemaker firmware update needed

Pacemaker firmware update needed on almost half a million pacemakers.

On Aug. 23^ed, 2017 the FDA has issued a recall on 465,000 pace makers for fear of being hacked. All the pacemakers in the recall are made by Abbott (formerly St. Jude Medical) the devices are listed below¹:

Accent
Anthem
Accent MRI
Accent ST
Assurity
Allure

The fix to this is simply go to your physician or cardiologist to get a firmware update to the device via radio-frequency. The update will take about 3 minutes and will operate in backup mode during the update. The new firmware is currently available for pacemakers already in place and is pre-loaded on devices manufactured after August 28, 2017.

The vulnerability that this firmware update fixes is access to the device by unauthorized users to access a patients device using equipment that is commercially available. This could be used to modify the programming of the implanted pacemaker and that could result in repaid battery deletion or setting the wrong pacing on a pacemaker causing harm to the patient. At the time of this writing there is no know reports of patient harm related to the security vulnerabilities.

Source:

https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm

Home Routers and Data collection.

Earlier this year Netgear put out a memo that the new firmware for their Nighthawk routers would start collecting analytic data of all network traffic that went through it. This data includes¹:

information regarding the router’s running status,
number of devices connected to the router,
types of connections,
LAN/WAN status,
WiFi bands and channels,
IP address, MAC address, serial number,
similar technical data about the functioning and use of the router and its WiFi network.

Now Netgear is saying that it collects this data only for

isolate and debug general technical issues,
improve router features and functionality,
improve the performance and usability of NETGEAR routers.

For example, such data may help NETGEAR get any early notification of Internet or WiFi disconnects in a firmware and help identify root causes in order to fix them quickly.¹

This isn’t too much of a problem if it is true but for the security cautious I recommend disabling this functionality because there is no reason for them to have all that data the issues they say they are looking into. Why would they need the IP address, MAC address or serial number of a connected device?

To opt-out you can do this at the beginning after installing the new firmware by checking the opt-out option after the firmware install. If you have already installed the firmware and didn’t opt-out then you still can do it now by following the steps below².

Launch a web browser from a computer or mobile device that is connected to the network.

Enter http://www.routerlogin.net.
A login window opens.
Enter the router user name and password.
The user name is admin. The default password is password. The user name and password are case-sensitive.
The BASIC Home page displays.
Select ADVANCED > Administration > Router Update.
The Router Update page displays.
Scroll down to the Router Analytics Data Collection section.
To enable router analytics data collections, select the Enable radio button.
To disable router analytics data collections, select the Disable radio button.
To view the type of data that might be collected, click the router analytics data link.
Click the Apply button.
Your settings are saved.

The other router company we are going to look at is ASUS and their router firmware asuswrt. They have a really neat function of being able to prioritize devices in your house using QOS service to make sure that streaming devices have network priority. This is nice to make sure that all of your videos and tv content is coming through smoothly but there is a huge catch. They collect and transmit data about websites you visit to Trend Micro if you use any of the feauters listed below that are apart of ASUSWRT³:

Apps/traffic Analysis
Bandwidth Monitor
Network Analyzer
Network Protection (AiProtection), blocks known malware domains
Parental Controls, including time scheduling
Quality-of-Service
Web History

When you use any of the above functions you will be presented with a EULA from Trend Micro to read and agree to. The end of the EULA you find the section to “Privacy” Below are some snipits of that EULA³:

“[…] certain information (“Forwarded Data”) to be sent to Trend Micro-owned or -controlled servers for security scanning and other purposes as described in this paragraph. This Forwarded Data may include information on potential security risks as well as URLs of websites visited that the Software deem potentially fraudulent and/or executable files or content that are identified as potential malware. Forwarded Data may also include email messages identified as spam or malware that contains personally identifiable information or other sensitive data stored in files on Your router. […]”

[…] “Trend Micro reserves the title, ownership and all rights and interests to any intellectual property or work product resulting from its use and analysis of Forwarded Data.”

The EULA also holds the devices owner responsible for notifying anyone else using the router that their network data may be recorded and shared with Trend Micro.

So for the two facts above I would recommend NOT even buying an ASUS router and if you already have one I recommend that you very quickly flash the firmware over to DD-WRT if compatible, you can check compatibility here: https://www.dd-wrt.com/wiki/index.php/Supported_Devices. If not compatible I recommend you go buy something else if you can

Sources:

https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
https://ctrl.blog/entry/review-asuswrt

TheShadowBrokers Data Dump of the Month club

Welcome to the TheShadowBrokers Data Dump of the Month

On May 15^th TheShadowBrokers group announced in a blog post that they were going to introduce a hack of the months club and compared it to a wine of the month type club. Where they will sell you a membership and you will get an unknown number and unknown type of exploits. It could be anything from web browser, router, and handset exploits and tools to compromised network data from North Korean nuke and missile programs.

On May 29^th the group Tweeted out a PGP singed message that tells you how to subscribe and pay and their price. The will be using ZEC (Zcash) for the transaction which is a new and supposedly more secure version of bit coin though they even admit they don’t necessarily trust it. The instructions are :

#1 – Between 06/01/2017 and 06/30/2017 send 100 ZEC (Zcash) to this z_address: zcaWeZ9j4DdBfZXQgHpBkyauHBtYKF7LnZvaYc4p86G7jGnVUq14KSxsnG mUp7Kh1Pgivcew1qZ64iEeG6vobt8wV2siJiq

#2 – Include a “delivery email address” in the “encrypted memo field” when sending Zcash payment

#3 – If #1 and #2 then a confirmation email will be sent to the “delivery email address” provided

#4 – Between 07/01/2017 and 07/17/2017 a “mass email” will be send to the “delivery email address” of all “confirmed subscribers” (#1, #2, #3)

#5 – The “mass email” will contain a link and a password for the June 2017 dump

The ZEC to USD is approximately at the time of writing 1 ZEC to US $235.71 on CoinGecko.com. So to join the club it will cost approximately us $23,571 for something that you don’t know what you are getting. This will obviously limit who gets first access to the tool since the average person doesn’t have thats sort of money laying around and even TheShadowBrokers admit this. They say in the PGP message that its for high rollers, hackers, security companies, OEMs, and governments.

So whats in it? Who knows but it will be interesting for sure when “thepeople” see what they have to lay bare to the world for such a steep price.

Sources: