Tag: attack

Wi-Fi is under attack

A huge vulnerability in Wi-Fi that fundamentally breaks the security we use to protect our wireless networks has just been exposed.

The exploit, revealed on Monday, breaches a newly found vulnerability in WPA2, the security protocol used to safeguard all modern Wi-Fi networks, and researchers say it could violate virtually any Wi-Fi network previously thought to be secure.

“The attack works against all modern protected Wi-Fi networks,” explains the security researcher who discovered the vulnerability, Mathy Vanhoef from Belgium’s KU Leuven university.

“The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.”

By taking advantage of the vulnerability in what is called a key reinstallation attack (KRACK), a hacker could read information supposed to be encrypted on a Wi-Fi network, intercepting potentially sensitive information like credit card numbers, passwords, photos, and messages.

In the worst case, Vanhoef says, it could be possible for someone to use KRACKs to inject and manipulate data on a compromised Wi-Fi network, hijacking devices to inject ransomware or other malware onto systems.

“Wow. Everyone needs to be afraid,” researcher Robert Graham of Errata Security, who wasn’t involved with the discovery, wrote in a blog post.

“It means in practice, attackers can decrypt a lot of Wi-Fi traffic, with varying levels of difficulty depending on your precise network setup.”

The good news in all this is that the hack can’t be executed online: any attacker trying to take advantage of the flaw needs to do so locally, to be within range of the wireless network they’re trying to breach.

That’s because the attack works by fooling a security layer in WPA2 called the four-way handshake, which determines whether devices seeking to join a Wi-Fi network have the right credentials.

When this happens, the handshake is supposed to generate a fresh encryption key to encrypt all subsequent traffic, but KRACKs manage to fool the network into reusing a previously issued encryption key.

“Essentially, to guarantee security, a key should only be installed and used once,” Vanhoef explains.

“Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice.”

In the researchers’ testing, the attack worked with varying levels of success against client devices running Apple, Windows, Android, and many other operating systems on compromised networks, and while websites and apps using HTTPS encryption were harder to breach, they weren’t always fool-proof.

Fortunately, the code that makes this attack possible hasn’t been publicly released – so it’s unlikely we’ll see a wave of hackers taking advantage of it straight away, because first they’d need to reverse-engineer how it works.

Before that happens, technology companies – who were given fore-warning of the vulnerability – are already busy patching their systems, and some of these patches are already available, which Vanhoef says we should all grab as soon as possible.

“Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack,” he explains in an FAQ about the new attack vector.

“Instead, you should make sure all your devices are updated, and you should also update the firmware of your router.”

Of great ongoing concern are the many ‘Internet of Things’ (IoT) devices and appliances now in use that are difficult to update or go unsupported by their manufacturers. These include things like Wi-Fi enabled home security cameras and televisions.

The vulnerability is detailed in a research paper available online, which is due to be presented at the ACM Conference on Computer and Communications Security in Dallas in November.

By Peter Dockrill for Science Alert

City of Joburg hit by malware

The City of Johannesburg has said it suspected that malware has infected one of the servers hosting its Web site, causing major downtime last week.

This is just one in a long string of woes for the city.

The billing system, inherited from the ANC when the DA won the metro, has been in crisis for some months. The City tried to fix it by rolling out a new system, which automatically requires payment on the 15th of the month unless rate payers ask for it to be the 28th, by way of e-mail or the call centre.

As a result of the change in date, as well as a lack of postal notices and SMS notices, many household have unintentionally fallen behind in payment – or worse, have not, but have been cut off anyway. Re-instatement of electricity is a costly and time-consuming exercise, and falling behind on payments can impact credit ratings.

Local councillors instructed their ward members to use the CoJ Web site to ensure they know what they owe and don’t fall behind on payments.

However, the city’s website – https://joburg.org.za/ – was inaccessible through browsers like Google Chrome for almost two days last week, due to a malware warning from Google.

When attempting to access the site, Google’s safe browsing warning turns users away, stating that it contains harmful content – including pages that “send visitors to harmful websites”.

The city said it was aware of the issue, and had an investigation underway.

“Preliminary indications suggest that one of the servers hosting the website may be infected with malware. It is also possible that the outage may be a result of corrupted code,” said the City of Johannesburg.

“Fortunately, the city’s customer data has not been compromised as it resides in separate servers.”

According to the ZACR’s records, the City of Johannesburg is the registrant of the domain, while Internet Solutions is the sponsoring registrar.

Although the issues with the site have since been fixed, it leaves many questioning what kind of security is in place for one of the city’s most important databases.

Source: MyBroadband; My Office News

Anonymous hacks SABC

The SABC’s Web sites were down on Sunday 12 June after hacktivist group Anonymous Africa hacked the sites and took them offline in retaliation for the national broadcaster’s decision to censor news coverage of protests.

Continue reading

An internationally co-ordinated fraud attack involving forged bank cards used at ATMs in Japan has stripped Standard Bank of about R300-million.

Standard Bank and authorities remained mum on the progress of investigations and the whereabouts of the syndicate, as investors appeared largely unconcerned by the bank’s loss.

Spokesman Ross Linstrom of Standard Bank, which made just more than R22-billion in headline earnings across the group in 2015, said on Monday a sophisticated and co-ordinated syndicate had created a “small number of fictitious cards” and proceeded to draw a total amount of R300-million from ATMs in Japan.

He said investigations were at a sensitive stage, but that bank customers would suffer no adverse effects if their details had been stolen and used in the Japanese fraud.

Japanese media have reported that about 100 individuals hit 1 400 ATMs in just three hours on a day when banks are closed for business, with one withdrawal transaction at each ATM up to the daily limit amount set in Japan.

According to Japanese media, no arrests have been made and the individuals who made the withdrawals may no longer be in the country.

The fraud fits an international trend involving hit-and-run withdrawal schemes in which fraudsters may be jetting into countries in different time zones to buy themselves time to collect the cash and run.

The South African Banking Risk Information Centre confirmed the Standard Bank matter was under investigation, and CEO Kalyani Pillay said the local industry would provide full support to both the bank and law enforcement, where possible.

“The industry’s card losses for 2015 were in the region of R778-million across all card types for South African-issued cards.

“This was a 4% decrease compared to 2014. Banks have robust systems in place to monitor and detect fraud, but some risks lie with bank clients themselves,” Pillay says

Southern African Fraud Prevention Services executive director Manie van Schalkwyk said his organisation stops about R3-billion in fraud every year.

“Identity fraud is declining, and the main reason is the use of biometrics,” he says.

Van Schalkwyk said banks were making use of various databases and methods to try keep up with and combat such fraud, as criminals continued to evolve their modus operandi.

By Brendan Peacock for www.bdlive.co.za

Kaspersky networks hacked

Kaspersky Lab yesterday announced that its internal networks were the victim of an advanced attack which attempted to steal information about its products and clients. According to the company’s blog post, the attack was complex and stealthy, exploiting several zero-day vulnerabilities.

Continue reading

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top