SSD’s Security Disclosure weekly news recap — February 24th, 2021
This is SSD’s weekly security recap. In this weekly update, we’ll touch up on some of the latest trends and news in the cyber security world.
In this edition, we’ll talk about cyber hackers from North Korea indicted for stealing cryptocurrency, Clubhouse flaw allowing Chinese government eavesdropping, an interesting research into SimpliSafe Alarm System and a critical VMware CVE that had caught our attention.
North Korean Hackers Indicted for Stealing Cryptocurrency
Last week, the US DOJ indicted three North Korean citizens. These hackers belong to the Lazarus Group which targeted security researchers in the last few months and one of them is also connected to the Sony Pictures hack in 2014.
These three attackers are accused of taking part in many cyber attacks used to steal a total amount of 1.3 Billion dollars. Today we will discuss only one of this attacks where they created fake cryptocurrency trading platforms.
These platforms looked legitimate, tricking users to think they bought cryptocurrency but in actuality that money was sent to the North Korean government. The sum total of money stolen in this attack amounts to 112 million dollars in cryptocurrency.
These attacks show a consistent effort from the North Korean government to raise funds through cybersecurity attacks.
Chinese Government Listening on Clubhouse
Clubhouse has been gaining popularity lately thanks to celebrity users like Elon Musk. This app has been gaining popularity as a legitimate social media platform where users can meet in “rooms” and speak to each other using only audio messages.
Last week, this app has been accused for having a flaw that allows data from the app to go through Chinese servers, raising concerns of it reaching Chinese authorities. These concerns were raised due to the fact that the app uses Agora.io services, a Chinese based company.
Researchers at Stanford looked into the app security and assumed that hat users data isn’t being properly encrypted and so Chinese authorities can access it under claims of national security.
These claims made a Korean security researcher look at the developer documentation. After looking at the data, this researcher concluded that the concerns were correct since Agora doesn’t encrypt users’ ID and Session Tokens. He also discovered that an account takeover can also be made without the user’s knowledge.
Due to these findings Agora and Clubhouse have made patches protecting against eavesdropping and provided better encryption for users’ data.
SimpliSafe Alarm System Research
This is an interesting research made by Nick Miles and Chris Lyne into SimpliSafe Alarm System. It takes a look at the new SS3 alarm system, its hardware, encryption and a way to disable its security system.
These researchers wanted to look into the system due to some new updates to the system were made to prevent software-defined attacks to steal PIN codes. These kinds of attacks usually use some sort of extra hardware and software component to capture, modify or prevent the transmission of the message.
In his Kick Miles post, he had not only shown the encryption of the system but also how it could be bypassed. Doing this the researcher concluded that the system is hard to attack but by using better equipment an attacker could bypass the system’s encryption.
If you’ve found similar vulnerabilities in Xiaomi devices you can disclose them in a link here.
VMware RCE Vulnerability (CVE-2021–21972)
VMware is a company providing technological solutions from app modernization, networking, security and digital workspaces. vSphere client is a server management software that provides a centralized platform for controlling VMware’s environments, helping users to automate and deliver a virtual infrastructure across the hybrid cloud
This critical unauthenticated RCE was found by the researcher Mikhail Klyuchnikov from PT swarm in VMware’s vSphere Client and published on Tuesday. It could allow an attacker with network access to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
VMware had luckily released an update and a workaround correcting this vulnerability.
Want to Be Part of the News?
At SSD, we help security researchers turn their skills in uncovering security vulnerabilities into a career. Designed by researchers, for researchers, SSD provides the fast response and support needed to get zero-day vulnerabilities and disclosures reported to vendors and to get researchers the compensation they deserve. We help researchers get to the bottom of vulnerabilities affecting major operating systems, software, or devices.
We are constantly publishing our findings, intended on educating our global security researcher’s community. You can find more vulnerabilities on our Advisories page. If you have findings of your own you can send us your findings here using our report template.
