About these ads

Archive

Posts Tagged ‘Apple’

Fake Leaked Memos And Closed BackDoors

January 15, 2012 Leave a comment

From an Information Security perspective this 2012 has begun with (too) many meaningful events, among which the most resounding so far, has been the alleged leak of portions of the source code belonging to several consumer and enterprise product by Symantec, a leading security vendor.

@YamaTough, a member of a hacking collective called “The Lords of Dharmaraja” (Dharmaraja is the Lord of Death and Justice in Hinduism) claimed paternity for an attack that, immediately after its execution, has unleashed a complicated story of Cyber Espionage full of twists and mysteries which has raised (and keeps on rising) many (un)resolved questions.

The Indian Mystery

Date

Event

Jan 5

@YamaTough, a member of an hacking group called, the Lords of Dharmaraja, leaks the source code of Symantec Endpoint Protection Enterprise Suite (SAVCE 10.2 and SEP11), approximately 5 years old. The source code was allegedly obtained from The hacking of Indian Military Servers.Symantec has admitted that “a segment of its source code used in two of our older enterprise products has been accessed”.

During the same operation the same hackers also leaked some other documents according to which:

  1. The Indian government has source code for Symantec’s AV software, albeit of 2006 vintage.
  2. The Indian government is strong arming cell phone manufacturers to provide back doors into their handsets (defined RINOA: RIM, Nokia and Apple).
  3. The Indian government is in possession of confidential internal communications from the US-China Economic and Security Review Commission (USCC).
  4. The Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.

Jan 12

In any case, although the leaked source code is real, it looks like the Lords of Dharmaraja faked the government memo (in order to attract more attention) since some emails there contained (and purportedly obtained by the RINOA backdoors) were allegedly stolen from the Indian Embassy on Paris and appear to have already been leaked on pastebin in December by the same hacker @YamaTough. There are also several doubts on the fact that activities of the USCC could be of any interest to Indian intelligence.

Jan 13

As an announced trail of the controversial Cyber Espionage affair, @YamaTough releases the source code of Norton Utilities. The author claims the leak is in support of the lawsuit between Symantec and Jame Gross, a US resident who is taking the company to court for spreading scareware. The full Source Code of Norton Antivirus is announced for Tuesday, Jan the 17th.

Not only, according to the hackers, the source code has been found on a server belonging to India Military Intelligence, but also, together with the links to the Source Code, the hackers posted an Internal Memo of India Military Intelligence entitled “Tactical Network For Cellular Surveillance”, containing potentially explosive information. According to this controversial memo “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices. Moreover it looks like the a CYCADA Team used the backdoors for espionage actions against the  U.S.-China Economic and Security Review Commission (USCC) and potentially against thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.

Although the implicated manufacturers firmly denied any connection, at first glance the hypothesis of a backdoor on our mobile companions seemed possible, also because it came immediately after another controversial event concerning mobile privacy, the infamous Carrier IQ rootkit found on many mobile devices.

A giant case of Cyber Espionage? Not actually! It looks like the whole story is showing an unpredictable conclusion (?). In the last days evidences are emerging that the Lords Of Dharmaraja faked the memo, maybe in order to obtain a greater attention on their operations. Although, as previously stated, Symantec has recognized parts of the source code on the leaked data, there are too many inconsistencies and incorrect information inside the memo, and also several of the emails allegedly obtained by mean of the RINOA backdoor had already been posted on December after the original attack made by the collective at the Indian Embassy in Paris (where the memo was leaked). Moreover, the letterhead on the memo comes from a military intelligence unit not involved in surveillance.

The mistery deepens, but in the meantime the Lords Of Dharmaraja keep on posting Symantec Code: Saturday Jan 14 the alleged Source Code of the Norton Utilities was released, the next Tuesday Jan 17, will be the turn of the full Norton Antivirus Source Code.

About these ads

Breaking: First Known Detection of Carrier IQ in Italy

December 12, 2011 2 comments

Update December 13: Carrier IQ issued an updated statement, new concerns for an endless saga…

I am proud to post here the first known detection in Italy of the infamous Carrier IQ software!

As you will probably know, everything started on Nov. 28, on the other side of the Atlantic, when Trevor Eckhart, an Android developer posted a video on YouTube showing the hidden software Carrier IQ interacting oddly with his mobile phone activity. Eckhart subsequently alleged his keystrokes and data were being collected without his permission.

Easily Predictable, speculation and accusations have immediately begun, concerning the kind of data collected by Carrier IQ and presumably transmitted to Wireless Mobile Operators: as a matter of fact subsequent investigations have shown that the Carrier IQ software is embedded on nearly every mobile phone and operator, at least in the U.S where concerns of consumer privacy led Massachusetts congressman Rep. Edward Markey to ask the Federal Trade Commission to investigate the company over concerns of consumer privacy.

But although many believed the software was logging keystrokes and collecting sensitive data, a subsequent more reasonable analysis carried on reversing the code, has shown a different scenario: the software “only” collects anonymized metrics data, although there are hooks inside the code to events such as keystrokes, possibly suggesting the implementation of this kind of functionality for future versions. Essentially the analysis confirmed the content of a statement by the company which attempted to clarify how information was being collected:

We measure and summarize performance of the device to assist Operators in delivering better service.
While a few individuals have identified that there is a great deal of information available to the Carrier IQ software inside the handset, our software does not record, store or transmit the contents of SMS messages, email, photographs, audio or video. For example, we understand whether an SMS was sent accurately, but do not record or transmit the content of the SMS. We know which applications are draining your battery, but do not capture the screen.

Nevertheless, since the clarifications did not mitigate the fact that Carrier IQ is s a potential risk to user privacy, and users may not choose to to disable it, As a consequence a bunch of Class Actions lawsuits have been filed against the main handset manufacturers and carriers including, besides the obvious Carrier IQ, AT&T, Sprint Nextel, T-Mobile USA, HTC, Apple, Samsung, and Motorola Mobility.

Of course European regulators could not remain indifferent, and started immediately to  investigate Carrier IQ. Germany’s Bavarian State Authority for Data Protection was the first to contact Apple, which publicly declared to have included Carrier IQ in earlier version of iOS, with support ceased with iOS 5 and completely removed for previous versions in future software updates. The German Example has immediately been followed not only by other  regulators in the U.K., France, Ireland and Italy, but also from organizations like BEUC, the European Consumers’ Organisation that defend the users’ right to be told how their data is used.

I was wondering if Europe’s concerns were exaggerated (since so far the scandal seemed to be contained in the U.S.) until a friend of mine decided to test one of the available Carrier IQ detection tools on his Samsung Galaxy Tab, which was purchased from 3, an Italian Mobile Operator belonging to the H3G Giant.

Of course the results are shown above: the tool detected the Carrier IQ software in an inactive state. The bad thing is that, although apparently inactive, my friend told me he was not able to remove the software following the different procedures available on the web even if he did not spend so much time in its removal. So far I can only show the screenshot but he told me he will give me his device for a deep analaysis (with caution since it is his work device).

Thinking at this strange encounter, I admit I could not help but think to Samsung’s official statement concerning Carrier IQ (and reported by Engadget):

Some Samsung mobile phones do include Carrier IQ, but it’s very important to note that it’s up to the carrier to request that Samsung include that software on devices. One other important point is that Samsung does not receive any consumer user information from the phones that are equipped with Carrier IQ.

Since it is up to the carrier to request the software to be included on Samsung devices, I presume that 3 could have decided to install it on all the devices for the Italian Market. I tested the tool on My HTC Desire and Sensation XE (both belonging to Telecom Italia Mobile) with no result.

Francesco Pizzetti, Italy’s Protection of Personal Data Guarantor will have a lot to do… meanwhile he opened an investigation into how Carrier IQ works and is checking Italian mobile phones to verify where the software is in use.

Mobile devices are more and more becoming inseparable companions for our personal and professional life, and deadly enemies for our privacy…

First Security Breach In The App Store

November 8, 2011 Leave a comment

It looks like the Judgment Day for iOS has finally arrived. Until today the robustness of the AppStore has always been considered one of the strengths of the Apple Model: unlike the Android Market, which is constantly under attack for its weak security model that allowed too many malicious users to upload malicious applications, a strict control policy had prevented, at least so far, the same destiny for the mobile Apple Application.

Unfortunately Charlie Miller, an old acquaintance of the Apple Supporters, thought that winning three Pwn2Owns in the last four years (2008, 2009 and 2011) exploiting practically every Apple Vulnerability was not enough. So he decided consequently to attack Cupertino directly inside its AppStore security model.

The story begins early last year, after the release of iOS 4.3 when the researcher became suspicious of a possible flaw in the code signing of Apple’s mobile devices.

As stated in the original article by Forbes:

To increase the speed of the phone’s browser, Apple allowed javascript code from the Web to run on a much deeper level in the device’s memory than it had in previous versions of the operating system. In fact, the browser’s speed increase had forced Apple to create an exception for the browser to run unapproved code in a region of the device’s memory, which until then had been impossible. (Apple uses other security restrictions to prevent untrusted websites from using that exception to take control of the phone.)

The next step was to discover a bug that allowed to expand that code-running exception to any application, and that is exactly what he did, but still this was not enough.

After discovering the bug, he submitted an App to the App Store exploiting the vulnerability. The App was approved and behaved as expected (actually a behaviour to which the victims of Android malware are quite familiar): the app was able to phone home to a remote computer downloading new unapproved commands onto the device and executing them at will, including stealing the user’s photos, reading contacts, making the phone vibrate or play sounds, or otherwise repurposing normal iOS app functions for malicious ends.

This method will be presented at the SysCan Conference in Taiwan next week even if a video demonstrations of the exploit is already available.

Last but not least: as a reward for discovering the bug, Apple has decided to revoke to Miller the Developer’s License.

Probably Android users will be the happiest to learn that, as stated by Miller:

Android has been like the Wild West. And this bug basically reduces the security of iOS to that of Android.

At least for one thing (security), iOS and Android are identical.

September 2011 Cyber Attacks Timeline (Part I)

September 15, 2011 5 comments

So here it is, also for this month, the first part of My Cyber Attacks Timeline covering the first half of September.

Apparently It looks like the wave of the Anonymous attacks that characterized August has stopped. Even if several isolated episodes occurred, their impact was slightly lower than the previous months.

Probably the most important security incident for this month was the Diginotar Hack, not only because the Dutch Certification Authority has been banned forever by the main browsers and OSes but also because all the authentication model based on CAs is under discussion. Moreover once again a cyber attack has been used as a mean of repression. This incident is a turnkey point for information security but in my opinion also the DNS hacks by Anonymous Sri Lanka and Turkguvenligi are noticeable since they reinforce the need for a quick adoption of DNSSEC.

For the first time not even the Linux Operating System (an open world) was immune from hackers: both the Linux Kernel and the Linux Foundation Web Sites were hacked during this month, two episodes that Penguin Lovers will remember for a long time.

Easily predictable an attack recalling 9/11 carried on against the Twitter Account of NBC News was also reported.

Other noticeable events: three huge data breaches were reported, four attacks with political motivations targeting India, Nigeria, Colombia, and the Russia Embassy in London were perpetrated and another security vendor (Panda Security) was indirectly targeted.

The remainder of the month was characterized by many smaller attacks (mostly defacements and data leaks) and an actress (Scarlett Johansson) was also victim of data leaks.

Useful Resources for compiling the table include:

And my inclusion criteria do not take into consideration simple defacement attacks (unless they are particularly resounding) or small data leaks.

Date Author Description Organization Attack
Sep 1

?

Kernel.org

The site of Kernel.org suffered a security breach leading which caused the server to be rooted and 448 credential compromised. Although it is believed that the initial infection started on August the 12th, it was not detected for another 12 days.


rootkit (Phalanx)
Sep 1
Apple, Symantec, Facebook, Microsoft, etc.

The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days,  posting the news and records of its exploits on Pastebin.


DNS Cache Snoop Poisoning
Sep 1 ?
Birdville Independent School District

Two students hack into their school district’s server and accessed a file with 14,500 student names, ID numbers, and social security numbers. Estimated cost of the breach is around $3,000,000.

?
Sep 2 Texas Police Chiefs Association

As usual happens on Fridady, Texas Police Chiefs Association Website is hacked by Anonymous for Antisec Operation. Hacker defaced their website and posted 3GB of data in retaliation for the arrests of dozens of alleged Anonymous suspects. According to Hackers the site has been owned for nearly one month.

SQLi?
Sep 2
EA Game Battlefield Heroes

One of the most famous games over the world Battlefield Heroes developed by EA Games is hacked by a hacker named “Why So Serious?” who leaks the User Login passwords on pastebin

SQLi?
Sep 2
vBTEAM Underground

Vbteam.info, the underground vBulletin Hacking website is hacked by “Why So Serious?“, who leaks 1400+ accounts of the Vbteam.info forum in pastebin.

SQLi?
Sep 3 Nomcat
Indian Government

An Indian Hacker named “nomcat” claims to have been able to hack into the Indian Prime Ministers Office Computers and install a Remote Administration Tool) in them. He also Exposes the Vulnerability in Income Tax website and Database Information.

SQLi?
Sep 4

Popular Websites: : Daily Telegraph, The Register, UPS, Vodafone

Popular websites including The Register, The Daily Telegraph, UPS, and others fall victim to a DNS hack that has resulted in visitors being redirected to third-party webpages. The authors of the hack, a Turkish group called Turkguvenligi, are not new to similar actions and leave a message declaring this day as World Hackers’ Day.


DNS Hijacking
Sep 5
Mobile App Network Forum

Mobile APP Network Forum is Hacked by “Why So Serious?”. He leaks over 15.000 accounts of the community (Forum) on Pastebin in two parts (Part 1 and Part 2).

SQLi?
Sep 5

European Union Institute For Energy and Transport

One of the Sub domain of European Union (Institute for Energy) is hacked and Defaced by Inj3ct0r. Hackers deface the web page, release some internal details and leave a message against Violence in Lybia and Russian influence in Ukraine.

http://ie.jrc.ec.europa.eu
Defacement
Sep 5  Cocain Team Hackers United Nations Sub Domain of Swaziland

United Nations Sub-Domain of Swaziland is hacked and defaced by Cocain Team Hackers. 

UN Logo
Defacement
Sep 5
Uronimo Mobile Platform

The Uronimo Mobile platform is hacked by Team Inj3ct0r. They leak the web site database and release on Pastebin internal data including Username, Hash Password, emails and Phone Numbers of 1000 users. Estimated Cost of the Breach is $214,000.


SQLi?
Sep 6 Comodo Hacker
Diginotar

The real extent of the Diginotar breach becomes clear: 531 bogus certificates issued including Google, CIA, Mossad, Tor. Meanwhile in a pastebin message Comodo Hacker states he own four more CAs, among which GlobalSign which precautionally suspends issuance of certificates.


Several Vulnerabilities
Sep 7 ?
Beaumont Independent School District

The superintendent of schools for Beaumont Independent School District announces that letters are being mailed to parents of nearly 15,000 of its 19,848 students to inform them of a potential breach of data that occurred recently. Inadvertently, private information including the name, date of birth, gender, social security number, grade and scores on the Texas Assessment of Knowledge and Skills (TAKS) exam of students who were in the third through 11th grades during the 2009-2010 school year–were potentially exposed.  Estimated cost of the breach is $3,210,000.


Human Mistake
Sep 7 ?
Stanford Hospital, Palo Alto, Calif.

A medical privacy breach leads to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes. The information stayed online for nearly a year from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork. Estimated Cost of The Breach is $4,280,000.

Human Mistake
  Sep 9 Comodo Hacker
GlobalSign

After suspending issuing certificates, GlobalSign finds evidence of a breach to the web server hosting the www website. The breached web server has always been isolated from all other infrastructure and is used only to serve the http://www.globalsign.com website.


?
Sep 9
 Comodo Hacker
Google

As consequence of the infamous Diginotar Breach Google advises its users in Iran to change their Gmail passwords, and check that their Google accounts have not been compromised. Google also indicates that it is  directly contacting users in Iran who may have been hit by a man-in-the-middle attack.


Man In The Middle
Sep 9
NBC News

The NBC News Twitter account is hacked and starts to tweet false reports of a plane attack on ground zero. The account is suspended and restored after few minutes.


Trojan Keylogger  via Email
Sep 9 ?
Samsung Card

Data of up to 800,000 Samsung Card clients may have been compromised after an employee allegedly extracted their personal information. The Breach was discovered on Aug. 25 and reported to police on Aug. 30. It is not clear what kind of information has been leaked, maybe the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed. Estimated cost of the breach is $171,200.000.


Unauthorized Access
Sep 10 ?
BuyVIP (Amazon Owned)

Although not officially confirmed, BuyVIP users received an e-mail informing that their database had been hacked. Apparently, the website had been offline for a couple days and it looks like that not only names and email addresses were retrieved, but also birth dates, real shipping addresses as well as phone numbers.


SQLi
Sep 11 ?
Linux Foundation

Few weeks after the kernel.org Linux archive site suffered a hacker attack, the Linux Foundation has pulled its websites from the web to clean up from a security breach. A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down for maintenance due to a security breach that was discovered on September 8, 2011.

Linux Foundation
SQLi?
Sep 11
AryansBook.com

Anonymous leaks the complete database from a well known nazi website AryansBook.com and posts the content on The Pirate Bay. This is a fight towards racism of any kind.

AryansBook
SQLi?
Sep 12 ?
Bitconitalk Forum

An unknown hacker uses a zero day flaw to steal email addresses, hashed passwords and read personal messages from the bitcointalk.org forum. Forum administrators said the attacker gained root access on 3 September and was able to run arbitrary PHP code not detected until the attacker injected “annoying JavaScript” into the forum pages a week later: the Javascript splashed actor Bill Cosby across the forums and replaced all references to BitCoin with CosbyCoin.

Bitcoin
0-day exploit in SMF
Sep 12 ?
Nigerian Government Website

Nigerian Government Website is hacked and defaced by Brazilian Hackers that leave a message in the main page.


Defacement
Sep 12 ?
Vacationland Vendors

A hacker gains unauthorized access to the card processing systems at Wilderness Waterpark Resort  and improperly acquires 40,000 credit card and debit card information. Estimated Cost of the Breach is $8,560,000.


N/A
Sep 12 X-Nerd Panda Security

Another Security Company Hacked: a hacker going by the name of X-Nerd hacks and defaces the Pakistan Server of a very well known security software website:  Panda Security.


SQLi?
Sep 12 ?
Russian UK Embassy

Just before Prime Minister David Cameron’s first visit to Moscow, the website belonging to the Embassy Of The Russian Federation in London was taken down by hackers. It seems as the attack was launched in sign of protest to the upcoming visit after a 5-year break in which no British leader went to Moscow.

DDoS
Sep 13 Cyb3rSec
thetvdb.com

Cyb3rSec dumps a list of 3500+ Accounts from the forum thetvdb.com.

SQLi?
Sep 13
top100arena.com

Albanian hackers belonging to Albanian Cyber Army exploit one of the biggest Game Arena site “Top100″ database using SQL injection attack. They leak the database on mediafire.

SQLi
Sep 14
President of Bolivia (presidencia.gob.bo)

SwichSmoke crew hacks the site belonging to President of Bolivia and dumps the leaked data on pastebin.

Various Exploits
Sep 14 ?
uTorrent.com

The uTorrent.com Web servers has been compromised and consequently the standard Windows software download was replaced with a type of fake antivirus “scareware” program.

  SQLi
Sep 14 ?
Bright House Networks

Bright House Networks, the sixth largest owner and operator of cable systems in the U.S., has sent a letter to customers warning that they may have been exposed after servers used to process Video on Demand (VOD) were breached.

  ?
Sep 14 ?
Scarlett Johansson

Also an actress may be victim of hackers: The FBI investigate reports that nude photos of a famous celebrity (allegedely Scarlett Johansson) have been leaked onto the web. The day before Twitter was flooded with messages claiming to link to naked pictures of her, which were allegedly stolen from her iPhone by a hacker earlier this year.

  ?
Sep 15 Stohanko
Various Sites

More than 101 sites, with huge amount of data and personal information which ranges from emails, phone numbers, to full names and addresses, have been hacked by an hacker dubbed Stohanko. At this link a list of the hacked sites and the links to dumped data.

?

The Dangerous Liaisons (Updated)

August 22, 2011 1 comment

Did you know that a smartphone might involve as many as 250,000 patent claims? You may easily understand why the $ 4.5 billion auction to buy 6,000 Nortel patents by the consortium formed by Apple, Microsoft, Research in Motion, Sony Ericsson and EMC was so cruel. You may also easily understand why Google, the loser of the Nortel auction, decided to react immediately acquiring Motorola and its patent portfolio made of more than 17,000 approved patents (and another 7,500 patents filed and pending approval) for the large sum of $ 12.5 billion.

Said in few words, the mobile arena is getting more and more agressive and cruel. For this reason, a litte bit for curosity, a little bit for fun, I decided to draw a chart (and a table) showing all the moves of the giant players in this mobile chessboard. Although deliberately incomplete (I did not show in the table the patent saga of NTP Inc. against the rest of the world and the settlement of Motorola vs RIM), it gives a good idea of the dangerous intersections involving partnership, fees, alliances and, most of all, lawsuits… With the strange paradox that some companies (read Apple and Samsung) are enemies before the court, but in the same time business partners.

While visualizing the idea I stumbled upon this similar graph showing the status of the mobile arena on 8 Oct 2010. I decided to use the same layout, omitting some informations, but updating it to the current date. The graph is a little bit confusing, but the confusion of the arrows reflects betten than a thousand words the real situation.

Anyway the war will not stop here: the next targets? Interdigital Inc. with its 8,800 patents  which are attracting several bidders such as Apple, Nokia and Qualcomm; and, most of all, Kodak, whose survival depends on the auction of the 10% of its patent portfolio (1,100 patents), valued as high as $3 billion which are vital to compensate the losses estimated in $2.5 billion.

As far as the table is concerned, in order to avoid repetitions, it only shows the status of the lawsuits and alliances from the perspective of Google, Apple and Microsoft. Enjoy your read and the 250,000 patent claims on your smartphone!

Company Filed Suit Against Has technological alliance with Filed Suite From:
  No one (at least so far!)

Of course Google licensees his Mobile OS to HTC and Samsung (in rigorous alphabetical order), and it is the driver for the impressive market share growthof Samsung and HTC.

In an effort to defend Android’s Intellettual Property “to supercharge the Android ecosystem and will enhance competition in mobile computing”, on Aug 15 2011, Google announced the intention to acquire Motorola Mobility with a $12.5 billion deal. Motorola has nearly 17,000 patents.

Aug 12 2010: Oracle has filed suit against Google for infringing on copyrights and patents related to Java,. Oracle claimed Google “knowingly, directly and repeatedly infringed Oracle’s Java-related intellectual property”. Android uses a light proprietary Java Virtual Machine, Dalvik VM, which, according to Oracle infringes one or more claims of each of United States Patents Nos. 6,125,447; 6,192,476; 5,966,702; 7,426,720; RE38,104; 6,910,205; and 6,061,520.

The case is in U.S. District Court, Northern District of California, is Oracle America, Inc v. Google Inc, 10-3561.

The lawsuit is still pending and will likely take several months. The trial between Oracle and Google is expected to begin by November and Oracle is seeking damages “in the billions of dollars” from Google.

On Aug 1 2011, the judge overseeing the lawsuit Oracle filed over the Android mobile OS has denied Google’s attempt to get a potentially damaging e-mail redacted.

Mar 2 2010: Apple sued HTC for infringing on ten patents, nine of which involve technologies which apply to the iPhone, while one involves the use of gestures, but only in a specific use case.

The suit has been filed in the U.S. District Court in Delaware , alleging twenty instances of patent infringement. The company also petitioned the US  ITC to block the import of twelve phones designed and manufactured by HTC.

On Jul 15 2011 Apple won a preliminary patent ruling in an early judgment before the US ITC, in which HTC was found to have breached two of 10 patents held by Apple.

On Aug 8 2011 ITC  announced to have dediced to review Apple’s patent infringement complaint against HTC.

Oct 31 2010: In response to Motorola lawsuit against Apple, Apple sued Motorola and Motorola Mobility for Infringment on several Multi-Touch patents infringments in the Wisconsin Western District Court with two distinct lawsuits. A total of six patents are involved in the two lawsuits.

On Nov 23, 2010: US International Trading Commission announced to review Apple patent case against Motorola.

Apr 18 2011: Apple filed suit against Samsung for copying the design of its iPad and iPhone with its smartphones and tablets.

Aug 10 2011: European customs officers have been ordered to seize shipments of Samsung’s Galaxy Tab computers after the ruling late on Tuesday by a German patents court.

In the last days Apple has been accused of presenting inaccurate evidence against Samsung.

Aug 24 2011: Samsung has been banned from selling some galaxy phones in the Netherlands. The ban is set to begin on October 13, but Samsung doesn’t seem to be taking it too hard.

On Jul 1 2011 the intellectual property of the Canada giant Nortel (in Bankrupt), involving 6,000 patents, was sold for $4.5 billion, in a dramatic auction, to a consortium formed by Apple, Microsoft, RIM, Sony, EMC and Ericsson. Google was the other competitor (and the big looser) for the deal. This event acted as a trigger for the acquisition of Motorola Mobility by Google.

On Aug 3 2011, In a post to the Official Google Blog, Google Senior Vice President and Chief Legal Officer David Drummond said that Apple, Microsoft, Oracle, and others have waged “a hostile, organized campaign against Android” by snapping up patents from Novell and Nortel and asking Google for high licensing fees for every Android device”, accusing them of Patent Bulying.

Curiously, Apple is one of the main technological partners of Samsung for displays and semi-conductors. Samsung produces Apple’s A4 systems-on-a-chip (SoC) and also the two companies collaborate for iPad displays (Apple is moving from LG to Samsung because oof quality issues of the former). Nevertheless the lawsuits between the two companies are compromising their relationships so that Apple is evaluating a new supplier (TSMC) for its A6 nexy generation chipset.

Oct 22 2009: Nokia sued Apple in Delaware court for infringing on  ten patents related to GSM, UMTS, and WLAN standards that Nokia states they established after investing more than EUR 40 billion in R&D over the last 20 years.

On Jun 14 2011 Apple agreed to pay between $300m and $600m to cover the 111m iPhones sold since its launch in 2007. Although the exact number was not specified, additional yearly fees could be part of the agreement.

On Jan 2010 Kodak sued Apple and RIM claiming Apple is infringing its 2001 patent covering technology that enables a camera to preview low-resolution versions of a moving image while recording still images at higher resolutions. The cases were filed in U.S. District Court in Rochester, N.Y., as well as the U.S. ITC.

On Apr 2010 Apple argues that some Kodak still and video camera products violate two of its patents

On Jul 2011: While Kodak’s claim is pending, the commission rules on Apple’s complaint and says Kodak’s digital-camera technology doesn’t violate Apple’s patents.

Oct 6 2010: Motorola sued Apple for patent infringement in three separate complaints; in district courts in Illinois and Florida and a separate complaint filed with the U.S. International Trade Commission. The suits covered 18 different patents, infiringed by Apple’s iPhone, iPad, iPod touch, and certain Mac computers.

The Motorola patents include wireless communication technologies, such as WCDMA (3G), GPRS, 802.11 and antenna design, and key smartphone technologies including wireless e-mail, proximity sensing, software application management, location-based services and multi-device synchronization.

Jan 12 2011: Microsoft has motioned for a summary judgment to block Apple from trademarking the phrase “app store,” as it filed with the U.S. Patent and Trademark Office (USPTO) on July 17, 2008.

Mar 30 2011: Microsoft filed a second objection to Apple’s enduring pursuit to trademark the phrase “app store hiring a linguist, Dr. Ronald Butters, to go head-to-head against Apple’s own hired linguist, Robert A. Leonard.

On Jul 1 2011 US ITC said Apple has violated two S3 Graphics Co. patents in its Mac OS X operating system, but not in the iOS platform. Although not directly related to Mobile, this ruling is meaningful since S3 has been acquired by HTC on Jul 6 2011 for $300 million in order to use their patents in the fight against Apple.

HTC expects final ruling on Apple-S3 graphics case in November.

On Aug 16 2011 HTC filed a new lawsuit against Apple in Delaware’s US District Court, in an escalation of the legal battle between the two smartphone giants. HTC accused Apple to have infringed three of HTC’s patents through its sale of devices including iPads, iPods, iPhones and Macintosh computers.

Oct 1 2010: Microsoft sued Motorola for patent infringement relating to the company’s Android-based smartphones. Microsoft filed its complaint with the International Trade Commission and in a Washington state district court. At issue are nine patents that deal with, among others, sending and receiving e-mail, managing and syncing calendars and contacts, and managing a phone’s memory.

Patent dispute will begin from Aug 21 2011, the hearing procedure can take up to 10 days, the judgment procedure is expected to reach the final verdict point only in March 2012.

Nov 9 2010: Microsoft sued again Motorola for charging excessive royalties on network technology used in Microsoft’s Xbox game system.

Feb 11 2011: a deal with the Devil, Microsoft and Nokia announce their plansto form a broad strategic partnership that would use their complementary strengths and expertise to create a new global mobile ecosystem.

Besides the alliances with Apple and RIM (see the corresponding cell), on May 12 2011 Microsoft has teamed up with HTC, Nokia and Sony Ericsson in Europe, filing a challenge seeking to invalidate Apple’s trademarks on the phrases “App Store” and “Appstore.”

Nov 11 2010: Motorola Mobility sued Microsoft with the U.S. District Courts for the Southern District of Florida and the Western District of Wisconsin alleging infringement of sixteen patents by Microsoft’s PC and Server software, Windows mobile software and Xbox products.

Motorola Mobility asked for the infringing devices to be barred from importation into the United States.

On Dec 21 2010, ITC has agreed to hear the complaint.


Looking Inside a Year of Android Malware

August 14, 2011 2 comments

As you will probably know my Birthday post for Android Malware has deserved a mention from Engadget and Wired. Easily predictable but not for me, the Engadget link has been flooded by comments posted by Android supporters and adversaries, with possible trolls’ infiltrations, up to the point that the editorial staff has decided to disable comments from the article. The effect has been so surprising that someone has also insinuated, among other things, that I have been paid to talk s**t on the Android.

Now let me get some rest from this August Italian Sun and let me try to explain why I decided to celebrate this strange malware birthday for the Android.

First of all I want to make a thing clear: I currently do own an Android Device, and convinced, where possible, all my relatives and friends to jump on the Android. Moreover I do consider the Google platform an inseparable companion for my professional and personal life.

So what’s wrong? If you scroll the malware list you may easily notice that the malware always require an explicit consent from the user, so at first glance the real risk is the extreme trust that users put in their mobile devices which are not considered “simple” phones (even if smart), but real extensions of their personal and professional life.

You might say that this happens also for traditional devices (such as laptops), but in case of mobile devices there is a huge social and cultural difference: users are not aware to bring on their pocket dual (very soon four) cores mini-PCs and are not used to apply the same attention deserved for their old world traditional devices. Their small display size also make these devices particularly vulnerable to phishing (consider for instance the malware Android.GGTracker).

If we focus on technology instead of culture (not limiting the landscape to mobile) it easy to verify that the activity of developing malware (which nowadays is essentially a cybercrime activity) is a trade off between different factors affecting the potential target which include, at least its level of diffusion and its value for the attacker (in a mobile scenario the value corresponds to the value of the information stored on the device). The intrinsic security model of the target is, at least in my opinion, a secondary factor since the effort to overtake it, is simply commensurate with the value of the potential plunder.

What does this mean in simple words? It means that Android devices are growing exponentially in terms of market shares and are increasingly being used also for business. As a consequence there is a greater audience for the attackers, a greater value for the information stored (belonging to the owner’s personal and professional sphere) and consequently the sum of these factors is inevitably attracting Cybercrooks towards this platform.

Have a look to the chart drawing Google OS Market share in the U.S. (ComScore Data) compared with the number of malware samples in this last year (Data pertaining Market Share for June and July are currently not available):

So far the impact of the threats is low, but what makes the Google Platform so prone to malware? For sure not vulnerabilities: everything with a line of code is vulnerable, and, at least for the moment, a recent study from Symantec has found only 18 vulnerabilities for Google OS against 300 found for iOS (please do no question on the different age of the two OSes I only want to show that vulnerabilities are common and in this context Android is comparable with its main competitor).

Going back to the initial question there are at least three factors which make Android different:

  1. The application permission model relies too heavily on the user,
  2. The security policy for the market has proven to be weak,
  3. The platform too easily allows to install applications from untrusted sources with the sideloading feature.

As far as the first point is concerned: some commenters correctly noticed that apps do not install themselves on their own, but need, at least for the first installation, the explicit user consent. Well I wonder: how many “casual users” in your opinion regularly check permissions during application installation? And, even worse, as far as business users are concerned, the likely targets of cybercrime who consider the device as a mere work tool: do you really think that business users check app permission during installation? Of course a serious organization should avoid the associated risks with a firm device management policy before considering a wide deployment of similar devices, most of all among CxOs; but unfortunately we live in an imperfect world and too much often fashion and trends are faster (and stronger) than Security Policies and also make the device to be used principally for other things than its business primary role, hugely increasing risks.

This point is a serious security concern, as a matter of fact many security vendors (in my opinion the security industry is in delay in this context) offer Device Management Solution aimed to complete the native Application Access Control model. Besides it is not a coincidence that some rumors claim that Google is going to modify (enhance) the app permission security process.

As far as the second point is concerned (Android Market security policy), after the DroidDream affair, (and the following fake security update), it is clear that the Android Market Publishing (and Security) model needs to be modified, making it more similar to the App Store. There are several proposals in this context, of course in this place is not my intention to question on them but only to stress that the issue is real.

Last but not least Sideloading is something that makes Android very different from other platforms (read Apple), Apple devices do not allow to install untrusted apps unless you do not Jailbreak the devices. Android simply needs the user to flag an option (By The Way many vendors are opening their Android devices to root or alternate ROMs, consider for instance LG which in Italy does not invalidate the Warranty for rooted devices) or HTC which, on May 27, stated they will no longer have been locking the bootloaders on their devices.

So definitively the three above factors (together with the growing market shares) make Android more appealing for malware developers and this is not due to an intrinsic weakness of the platform rather than a security platform model which is mainly driven by the user and not locked by Manufacturer as it happens in case of Cupertino.

July 2011 Cyber Attacks Timeline

August 2, 2011 5 comments

This awful infosec July is over, and finally we can sum up the Cyber Attacks reported during this month. I collected all the available information and inserted it inside the following chart. Where possible (that is enough information available) I tried to estimate the cost of the attacks using the indications from the Ponemon’s insitute according to which the average cost of a Data Breach is US $214 for each compromised record. The total sum (for the known attacks) is around $7.6 billion, mainly due to the “National Data Breach” of the South Korean Social Network Cyworld.

Approximately 16 attacks were directly or indirectly related to Antisec or Anonymous, they promised an hot summer and unfortunately are keeping their word…

Useful resources for compiling the (very long) chart were taken from:


1 http://www.zeropaid.com/news/94099/abhaxas-dumps-details-of-the-internal-florida-voting-database-online/
2 http://www.pcworld.com/article/235016/hackers_claim_apple_online_data_was_compromised.html
3 http://www.thehackernews.com/2011/07/fox-news-twitter-account-hacked-by.html
4 http://nakedsecurity.sophos.com/2011/07/05/sony-music-ireland-hackers/
5 http://news.cnet.com/8301-27080_3-20077268-245/sophisticated-attack-targets-two-energy-dept-labs
6 http://paulsparrows.wordpress.com/2011/07/08/dump-up-the-kids/
7 http://www.zeropaid.com/news/94250/abhaxas-hacks-floridas-voting-system-again/
8 http://www.v3.co.uk/v3-uk/news/2086749/anonymous-boasts-takedown-turkish-sites
9 http://www.theregister.co.uk/2011/07/08/patriotic_portuguese_hackers_hit_moody/
10 http://paulsparrows.wordpress.com/2011/07/09/another-fbi-contractor-hacked/5
11 http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html
12 http://www.hackersbay.in/2011/07/anonymous-shuts-down-ministry-of.html
13 http://www.kiplinger.com/securityfaq/
14 http://paulsparrows.wordpress.com/2011/07/12/another-one-bytes-the-dump/
15 http://paulsparrows.wordpress.com/2011/07/12/monsanto-hack-info-of-2500-employees-leaked/
16 http://www.thehackernews.com/2011/07/toshiba-database-hacked-and-user.html
17 http://paulsparrows.wordpress.com/2011/07/15/the-mother-of-all-breaches/
18 http://www.mirror.co.uk/celebs/news/2011/07/16/lady-gaga-website-hacked-and-fans-details-stolen-115875-23274356/
19 http://paulsparrows.wordpress.com/2011/07/19/the-lulzsec-boat-is-back-and-sails-under-the-sun/
20 http://news.cnet.com/8301-1009_3-20081405-83/anonymous-claims-to-have-breached-nato-security
21 http://www.cyberwarnews.info/2011/07/24/philippians-congress-hacked-by-bashcrew/
22 http://nakedsecurity.sophos.com/2011/07/22/anonplus-anonymouss-social-network-is-hacked/
23 http://paulsparrows.wordpress.com/2011/07/24/anonplus-hacked-again-by-syrian-group/
24 http://paulsparrows.wordpress.com/2011/07/25/italian-cyber-police-hacked/
25 http://austrianindependent.com/news/Business/2011-07-26/8537/ORF_hack_attack_worse_than_feared
26 http://www.koreaherald.com/national/Detail.jsp?newsMLId=20110728000881
27 http://paulsparrows.wordpress.com/2011/07/29/anonymous-claims-another-fbi-contractor-hacked/
28 http://paulsparrows.wordpress.com/2011/07/29/italian-anonymous-owned/
29 http://paulsparrows.wordpress.com/2011/07/31/its-a-cruel-summer/
30 http://www.thehackernews.com/2011/07/italys-police-it-network-vitrocisetit.html

Follow

Get every new post delivered to your Inbox.

Join 3,091 other followers