Connect with us

Cybersecurity

Is Your Webcam A Backdoor?

Published

on

While stories appear every day regarding the vulnerabilities of smart fridges and TVs, IoT technologies like webcams represent a far more desirable target for hackers.

Vectra Threat Labs, a research arm of Vectra Networks, detailed today how consumer-grade Internet of Things products – in this case, a Wi-Fi security camera – are hackable and programmable as “permanent backdoors.”

According to the Lab, this allows “potential attackers to remotely command and control a cyber attack without being detected by traditional security products.” A hacker could thus gain full-time access to a network without needing access to a laptop, workstation or server.

“Consumer-grade IoT products can be easily manipulated by an attacker, used to steal an organization’s private information and go undetected by traditional security solutions,” said Gunter Ollmann, CSO of Vectra Networks, in the company’s statement. “While many of these devices are low-value in terms of hard costs, they can affect the security and integrity of the network, and teams need to keep an eye on them to reveal any signs of malicious behavior.”

Vectra Threat Labs purchased a D-Link Wi-Fi webcam and successfully reprogrammed the approximately $30 camera to work as a backdoor. It functioned still like a camera.

“The irony in this particular scenario is that Wi-Fi cameras are typically deployed to enhance an organization’s physical security, yet they can easily become a network security vulnerability by allowing attackers to enter and steal information without detection,” said Ollmann.

The research provides a foundational framework for the case that consumer-grade networked devices can be hacked and, therefore, pose a threat to a home or organization’s overall security.

“The vast majority of people do not yet know or understand the hidden capabilities of the devices they are purchasing and deploying throughout their homes and businesses,” Ollmann told Hacked. “These hidden capabilities, and the methods of exploiting them are unfortunately not known to  hackers and are in the process of being used as tools to attain perpetual access and control of the networks they are deployed upon.”

Industry experts say that web-based cameras, and other consumer grade IoT products, feature similar designs, and thus similar vulnerabilities. While the consumer has acclimated to security products like firewalls for computers and smartphones, many other devices do not yet offer such security products.

Everyday consumer devices can be hacked and used as backdoors into the network to which they connect. Since it remained operational as a webcam, it would be nearly impossible to detect the breach in the D-Link camera, which is designed similarly to many mass-produced consumer-level electronics.

“Devices that can be easily attached to the network and remotely controlled or managed via the Internet tend to be soft targets,” Ollmann added. “It doesn’t help that many of the popular ‘small footprint’ operating systems popularly used for mass-produced network devices are poorly secured themselves.” D-Link shed more light on the vulnerability exposed by Vectra Threat Labs.

“[It] is a complicated and atypical hack that involves splitting the camera open by the potential hacker to gain access to the PCB and flash the camera manually,” a representative for D-Link told Hacked. “While the vulnerability is not a common occurrence and one that is difficult to protect against due to the modification of the device, D-Link is evaluating solutions including, signed and encrypted firmware, and more advanced methods using secure hardware elements to  prevent these types of vulnerabilities.”

Featured image from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 1 rated postsJustin O'Connell is the founder of financial technology focused CryptographicAsset.com. Justin organized the launch of the largest Bitcoin ATM hardware and software provider in the world at the historical Hotel del Coronado in southern California. His works appear in the U.S.'s third largest weekly, the San Diego Reader, VICE and elsewhere.




Feedback or Requests?

1 Comment

1 Comment

  1. Kushe Louise

    January 16, 2016 at 11:09 pm

    REMOTE LATEST 2016 NEW PHONE SPY HACKING SOFTWARE FOR MOBILE PHONES AND WINDOWS PC.

    This Hacking software is the latest and can work remotely without getting access to the phone.

    You can read messages, listen to calls, divert SMS, Viber, BBM, Whatsapps, Faebook, Skype message. Delete photos and call logs.

    With the software, you can monitor and know current location and know exactly where he/she is, listen to he/she calls and see who he/she is chatting with at real time.

    the software works remotely without getting access to the phone.

    Mobile phone spy, latest software spy, cell phone hacking, cell phone spy, Mobile phone tracking, spy phone, spy mobile.

    Contact us now for your own copy.

    Skype: harklodz

    http://yezlodz.do.am/

    Jabber: yezlodz@jabber.ru

    Email: yezlodz@gmail.com

You must be logged in to post a comment Login

Leave a Reply

Bitcoin

BlockState Interview Part One: Institutional Investment Framework Story

Published

on

The mainstream media narrative has shown an uncompromisingly negative bias towards institutional crypto investment of late and it only seemed fair that we got in touch with some people who have professional expertise in the field.

BlockState is a platform that aims to deliver a modular blockchain-based legal and technological infrastructure for financial institutions which combats the low interest and return rates offered by traditional asset classes.

We spoke to the three co-founders: Paul Claudius, Michael Weber and Samuel Brack regarding the nature of the project. In addition to how they met and how it all started, their current status, and their plans for the future.

BlockState in Brief

On their website, the BlockChain team states that their intention is to provide “a technological and legal bridge between blockchain technology and financial markets.”.

It is an infrastructural platform upon which organisations within these sectors build or inform their own solutions – and is unashamedly focused towards providing products for the institutional investment crowd.

On the One Hand…

When asked about the ethics, technological approach and modus operandi of BlockState, Managing Director Paul Claudius was eager to provide a comprehensive, dichotomised summary.

“On the one hand we are creating the basis for institutional investors to access the digital assets markets.

“Investment banks can’t simply open a wallet on their phone and start buying crypto-assets. They need a range of services and processes in place to make sure that they abide by regulation and their internal requirements.”

The BlockState consensus is that there are insufficient frameworks in place to mitigate the obstacles faced by companies unfamiliar with the many intricacies of the crypto-space at present.

This is not to mention the prohibitive nature of the past progression of technological and regulatory standards, which are largely non-standardized.

… And On the Other

The ‘other hand’ to which Paul refers to is the lack of blockchain or cryptocurrency integration at product or service levels within the institutional market.

For this reason: BlockState posits the second half of its service as an offering to:

“help institutions leverage blockchain to improve their existing processes… helping them tokenize financial products and using smart contracts to govern their execution… [to] save massive amount of resources while making their systems more transparent and efficient.”

In theory all transactions will be immutably recorded on the blockchain, which will ensure that all parties involved can access this data and that all transactions will be processed quickly.

Performance can distinguish a winning cryptocurrency from a useless dud.

The Three Musketeers

In addition to Paul Claudius, we got the opportunity to speak to fellow founding members Michael Weber and Samuel Brack.

Paul specialises in Strategy and Business Development, whilst Michael’s role is to take the lead on Product Development and Project Management duties. Their specialisms are Strategy and Business Development, and Product Development / Project Management (respectively).

Samuel Brack is the cryptocurrency brains of the operation and performs something of a hands-on position, donning the title of Chief Technology Officer. He sits in a more hands-on position, acting as Chief Technology Officer (CTO) for BlockState.

Before BlockState

Paul recalls that the executive leadership team had “all already knew each other” before the BlockState project even began.

Whilst he and Michael Weber had made acquaintance whilst studying together at the ESPC Europe business school, Michael had met up with Samuel Brack as they were co-founding partners on a prior blockchain based project entitled ‘Goodcoins’.

Whilst they have sold their stake in Goodcoins since, Samuel at least considers his time on the project to have equipped him a knowledge which has been brought forth to BlockState.

Beginners Luck?

On a more personal level: Paul Claudius described his first interaction with the world of cryptocurrency as being the moment in 2012 in which a friend had recommended Bitcoin to him as a potential investment.

He has not disclosed exactly how much Bitcoin he purchased in 2012 but if story is true, considering the token’s contemporary value of $13: Paul would have made a profit of a whopping 51614.53% on his investment. No matter the amount invested.

Products, Pains and Peers

Michael Weber (product lead and project management professional) broke down the trio of primary services / product lines that BlockChain focuses on as being “asset management, dept capital, and derivatives” – with a perceived overlap between the three.

This is as well as the ability for tailoring packages for clients from these tested specialisms.

If these products names appear distinctive yet simple, then you would be correct. Of course, this is one of the main objectives of marketing – however it does not help a company to distinguish itself from its peers.

“While most focus on very specific needs, our infrastructure integrates solutions at every level of the financial product lifecycle, from issuance to reporting always with a view to improving current products on the market.”

This isn’t an easy task however, with obstacles to full-automation rearing their heads alongside undesirably long payment clearance times,

“Some of the major pain points specific to the asset management and derivatives markets and resource consuming operations are settlement and clearing, which can take up to 30 days… with manual processes like getting signatures and manual transactions.”

With a Little Help From My Friends

The three musketeers of BlockState with whom we have already spoken are supposed to possess their own unique-yet-compatible inventories of skills and experience. If the team has any luck it will prove a winning combination.

Three men cannot rule an empire alone however and as the popular idiom goes: successful leaders fill the gaps in their expertise by surrounding themselves with knowledgeable advisors. Following this, BlockState boast a roster of advisors who may just fit the bill for now.

They include (according to Paul):

  • “Patrick Storchenegger, co-founder of the Ethereum Foundation in Zug, is our advisor on legal questions. He brings years of experience from blockchain, capital market law and international tax and business consultancy…
  • “Andrea Voinea, who helped to structure the first Gold Exchange Traded Fund, is a seasoned professional from the asset management market…
  • “Ludwig Schrittenloher, who spent nearly six years at Credit Suisse, offers a breadth of knowledge in DCM and structuring…
  • “[and] Martin Schröder, currently a Director in an investment firm, is an expert in derivatives and also very knowledgeable in capital markets and structuring.”

Estimated Time of ETN

Looking not to the past or present, but forward to what the future may hold for BlockState (or at least, what they plan to happen), we asked Paul Claudius some closing questions in an attempt to reach some conclusions on what may come next…

“At the end of September, we will launch the CTF15 Exchange Traded Note, and it will also be listed on a major European Stock Exchange – to be announced soon…”

An Exchange Traded Note (or ETN) is “a type of unsecured, unsubordinated debt security”

Final Words

Perhaps more exciting even is the fact that the team are currently in the process of preparing the launch of an ‘Equity Token Sale’, issued as part of the company’s equity in a public sale.

According to Paul, it will be “one of the first companies ever to tokenize their equity in a fully regulated and compliant manner, driving the adoption of security tokenization in the financial space.”

Paul, Simon and Michael parted our discussion by asking to remind readers of a forthcoming event at which all three will be attending: the Delta Summit in Malta, which takes place from October 3rd to the 5th.

Stay tuned for the second part of this interview coming soon: in which the team will deliver their commentary on recent news, the present situation; and future predictions on the market and industry.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.4 stars on average, based on 8 rated posts




Feedback or Requests?

Continue Reading

Bitcoin

Bitcoin Network Faced One-Two Punch of Inflation and DoS Threats

Published

on

Bitcoin Core has emerged seemingly unscathed from a major vulnerability that threatened to shut down parts of the network in a denial-of-service (DoS) attack. But apparently, the bug was even worse than originally thought. According to a Bitcoin Core Full Disclosure Report, the issue included an “inflation vulnerability,” one in which if seized upon could have bolstered the supply of bitcoin beyond the famous 21 million coin ceiling. By pouring more coins into the supply, the hackers would have diminished the value of the circulating bitcoins.

The decision to expose only the lesser extreme part of the bug to the public was deliberate. According to the report:

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.”

Double-Edged Sword

The strategy was a success and the bug is no longer a threat, as evidenced by more than 50% of the bitcoin mining hashrate having been upgraded to the patched nodes with no known attempts to “exploit this vulnerability.”

Here’s what we know, according to the report –

“A developer by the title earlz independently discovered and reported the vulnerability to the Bitcoin Core security contact email.”

Meanwhile, on social media, a contributor identified as a Bitcoin Cash developer who goes by the handle “Awemany” was cheered on Reddit for discovering and reporting the bug and cementing their place in “bitcoin’s history book.” Awemany in a blog post pointed to bitcoin developer Matt Corallo, whose 2016 pull request in an attempt to accelerate validation times led to what Awemany characterized as “one of the most catastrophic bugs in Bitcoin ever.”

The bottom line is that the bug was discovered and the threat has been lifted. It’s both a reminder of the risks associated with the consensus mechanism and a demonstration of good faith among the decision makers.

While it’s mostly the future of ETH that has been contemplated of late, given the plummeting of the No. 2 cryptocurrency’s value this year along with the confidence of investors, bitcoin has its own issues. In an exclusive interview with CCN, Sheffield Clark, who is at the helm of bitcoin ATM maker Coinsource, pointed to potentially “stagnant” mainstream adoption of bitcoin amid a lack of regulatory framework to help resolve issues like extreme volatility.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 62 rated postsGerelyn has been covering ICOs and the cryptocurrency market since mid-2017. She's also reported on fintech more broadly in addition to asset management, having previously specialized in institutional investing. She owns some BTC and ETH.




Feedback or Requests?

Continue Reading

Cyberespionage

North Korea is now Targeting Crypto Users with Macs

Published

on

AppleJeus Malware Hack

The Lazarus group has earned quite a reputation for themselves in cyber-security circles.

This group of North Korean hackers have been responsible for some of the most well known intrusions in the past few years. For example, they were behind the Sony Pictures hack in 2014, the Bangladesh central bank heist in 2016 and the Wannacry ransomware outbreak in 2017.

It is safe to say that these are quite effective operators.

However, with the popularity of cryptocurrencies, the Lazarus group has changed their attack vectors and are targeting every day users with Malware.

The latest report now has the hackers using MacOS malware to hoover up information from those cryptocurrency users who work on Macbooks.

“AppleJeus”

This was the first time that the Lazarus group has developed malware to target Mac users. Indeed, Mac operating systems are far less susceptible to Malware than Windows based systems.

It was a surprise for researchers at Kaspersky Lab to have learned about the latest Lazarus attempt to target users with there macOS malware. They have labelled it “AppleJeus”.

This was first spotted on machines that were being used by cryptocurrency company in Asia. Indeed, this is no coincidence as the Lazarus group has often targeted cryptocurrency related businesses and exchanges in South Korea.

How Does it Work?

AppleJeus hides itself inside the code of a seemingly legitimate piece of cryptocurrency trading software called Celas Trade Pro. The user will download the app from the website of the developer. When it is first downloaded, there are no signs that anything could be off. The app appears to operate normally.

Celas Trade Screenshot

Screenshot of Celas Trade, the offending program. Source: kaspersky labs

Once the app is installed on the device, it will request to update the software. This sort of request is present in authentic software and as such will not trigger any alerts. However, there is malicious code that is inside of this update.

The moment that the update is installed, it will scan the computer and gather as much information as possible. This will then be sent back the hacker’s server so that they can make a decision on whether the person is worth attacking.

If they think that there is valuable information (or cryptocurrency) on the machine then they will instruct the software to install a trojan called “Fallchill”. For those who do not know, Trojans are malicious malware that will install a “backdoor” into the machine

Fallchill is a particularly robust trojan and can gather a great deal of information from the machine. This includes data such as financial information, login credentials and of course, information about cryptocurrency trading accounts.

Once the hackers have this personal information, they can either access your online accounts or they can conduct other spear phishing attacks against you. It is indeed a troubling development and according to Vitaly Kamluk of Kaspersky:

“For macOS users this case is a wakeup call, especially if they use their Macs to perform operations with cryptocurrencies”

So now that you know North Korea is actively trying to get their hands on your cryptocurrency, how do you protect yourself?

Keeping Safe from AppleJeus

The most effetive way to protect yourself from this Malware is to make sure that you only download software that is well known and reputable. This of course goes without saying but it is far too often that relatively inexperienced cryptocurrency traders will avoid doing their research.

The researchers have recommended that people and businesses do not download the software of Celas Trade. Even though they appear to have a a good reputation and verified digital certificates, this cannot be fully trusted.

You should also consider investing in some effective anti-malware software that you should use to scan all files that you have downloaded. This should be done even if you trust the source because hackers have been known to infiltrate trusted websites.

Cryptocurrency Security 101

Even if you are unlucky enough to have your machine infected with crypto grabbing malware, basic crypto security best practices will still protect you.

If you do a great deal of online trading with your cryptocurrency then it is essential that you secure your accounts with 2 factor authentication. This way, you are at least able to reduce the number of attack vectors.

You should always secure your large cryptocurrency holdings in hardware wallet. This is because the wallets operate external from the machine and hence the trojan cannot read your private key information.

Caution and a healthy does of scepticism will protect you from the an unhealthy does of AppleJeus.

Featured Image via Fotolia.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5 (2 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 3 rated postsNic is an ex Investment Banker and current crypto enthusiast. When he is not sitting behind six screens trading Bitcoin, he is maintaining his numerous mining rigs.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending