UNM4SK3D: Verizon, CIA, and Google Play
As if the net neutrality battle wasn’t bad enough, Verizon customers beware! It is estimated that as many as 14 million customer’s data was exposed after NICE Systems, a third-party vendor, mistakenly left the sensitive users’ details available on a server.
How did this happen, you ask? According to UpGuard director of cyber risk research Chris Vickery, who first disclosed the leak to Verizon back in June after discovering terabytes of customer data in an unprotected Amazon S3 repository that was publicly accessible, the data was exposed just by knowing the right URL. This means customer data was fully downloadable and configured to allow public access. The reasoning is unknown as to why Verizon has allowed NICE Systems, a 3rd party company, to collect call details of its users, however, records indicate that the insecure S3 repository was managed by an engineer at the company’s headquarters and that this repository was created to log customer call data and improve the efficiency of Verizon’s call-center operators. Compromised data from this exposure includes customer names, addresses, account details and PINs which are used to verify customers to call center agents.
“Possession of these account PIN codes could allow scammers to successfully pose as customers in calls to Verizon, enabling them to gain access to accounts — an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication,” explained UpGuard. Meanwhile, NICE is claiming this leak was due to human error and not a result of their products. Verizon, similarly, has put out a statement saying that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher, meaning that there was no ‘theft’ of the customer data. Still, this brings the privacy discussion back to the top of everyone’s mind, especially with the recently discovered connection between ‘Orange,’ a Paris-based popular telecommunication company, who also collects user data across Europe and Africa and NICE Systems. UpGuard warns of the risks of third-party vendors handling sensitive data, saying “NICE Systems’ history of supplying technology for use in intrusive, state-sponsored surveillance is an unsettling indicator of the severity of this breach of privacy.”
This offshore logging of Verizon customer information in a downloadable repository should be alarming to all consumers who entrust their private data to major US companies, only to see it shared with unknown parties. -UpGuard
Get the facts behind your online data. Read ‘Online Privacy was Never So Exposed: Trends and Measures for 2017.’
#wikileaks (yes, they’re still dripping).
The 16th batch of classified documents was released by Wikileaks on June 13th. The newest Vault 7 leak, ‘Highrise,’ reveals how CIA agents steal data from smartphones without the internet.
The ‘Highrise’ Android application, which works on Android versions from 4.0 through 4.3, was used for intercepting and redirecting SMS messages to a remote web server. Details in the leaked manual are dated back to December 2013, meaning the tool was most likely updated to reflect newer versions. The Hacker News explains, “In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, malware has an alternative way to send stolen data to the attackers- via SMS.” The problem working with SMS is that it becomes very difficult to sort and analyze all of the messages. That’s where ‘Highrise’ comes in. It works as an SMS proxy between the targeted devices and the server.
CIA agents install the ‘Highrise’ tool in an app called ‘ Tidecheck,’ which allows them to receive the compromised messages to a server. Once properly configured, the app runs in the background monitoring incoming messages, forwarding them to the server over a TLS/SSL secured Internet communication channel. According to the manual, HighRise isn’t necessarily a tool for installing on a target’s phone, but the app can be installed on the phones of CIA field operatives and “provide a secondary, encrypted communications channel between operatives and supervisors.” Unmentioned in the manual were details as to how the CIA was using this tool specifically.
There are a number of IOC tools that use SMS messages for communication and HighRise is a SMS proxy that provides greater separation between devices in the field (“targets”) and the listening post” by proxying “”incoming” and “outgoing” SMS messages to an internet LP. -CIA manual
Need deeper insight into proxies? Read ‘What They Never Told You About Proxies.’
It’s a hard day to be an Android user. ‘LeakerLocker,’ a creative but threatening ransomware has hit the Google Play store in the wake of WannaCry and Petya. This ransomware is like a crazy ex and threatens to leak your Internet history and private pictures.
Unlike traditional ransomware which encrypts files on a user’s device, this strain collects images, messages, and browsing history and claims they will release this information if a ransom of $50 is not paid. LeakerLocker was discovered in the GooglePlay store by researchers from McAfee. At current it has been reported in the Booster & Cleaner Pro and Wallpapers Blur HD apps, which each have thousands of downloads. Once installed by users, these apps load malicious code which, allow them to collect sensitive data when users grant permissions unknowingly during installation.
LeakerLocker locks the phone’s home screen and displays the following message:
All personal data from your smartphone has been transferred to our secure cloud.
In less than 72 hours this data will be sent to every person on your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50 (£38).
Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.
Researchers say this intrusive ransomware can “read a victim’s email address, random contacts, Chrome history, some text messages and calls, take a picture from the camera, and read some device information.” While both of those applications have been removed from the Play Store, researchers are warning Android users to be weary of LeakerLocker popping up in other apps.
Don’t fall victim to a ransomware attack. Read ‘Ransomware Protection’ for the best techniques to stay safe.
According to WhiteHat Security’s 12th Annual Application Security Statistics Report, the average time it takes to fix a high-risk vulnerability after its discovery is 196 days — 25 days longer than the average of 171 days in 2015.
Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.