In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
It was a year where malicious hackers waged shockingly bold and, in some cases, previously unimaginable false flag attacks, crypto-jacking, social engineering, and destructive malware campaigns. But even with this backdrop of more aggressive and nefarious nation-state and cybercrime attacks in 2018, security researchers still found creative breathing room to pre-empt the bad guys with some innovative hacks of their own.
White-hat hackers including "tweenagers" this year cracked into high-profile targets such as in-flight airplane satellite equipment and simulated US election websites, as well as robotic vacuums. They also pwned social engineers and phishers by turning both their verbiage and artificial intelligence (AI) against them in the hopes of beating the bad guys at their own game and exposing the holes before they could be abused.
So forget about that failed bitcoin mining experiment, the Russians in your home router, and the weaponized PowerShell lurking in your network. Instead, take a few minutes to peruse some of the most innovative (aka cool) hacks by security researchers that we coveredthis year on Dark Reading.
Hacker on a PlaneIt took four years, but Ruben Santamarta finally proved his theory that the major vulnerabilities he first discovered in the firmware of satellite equipment and reported in 2014 could be abused to weaponize it. To do so, the IOActive researcher,from the ground, cracked into on-board Wi-Fi networks, saw passengers' Internet activity, and reached the planes' satcom equipment, all of which in his previous research he had concluded would be possible but had been met with some skepticism by experts. "Everybody told us it was impossible. But basically, it's possible, and we [now] have proof," Santamarta told Dark Reading prior to presentinghis new findings at Black Hat USA in August.
Santamarta said he found an alarming array of backdoors, insecure protocols, and network misconfigurations in satcom equipment affecting hundreds of commercial airplanes flown by Southwest, Norwegian, and Icelandair airlines. Although the vulnerabilities could allow hackers to remotely gain control of an aircraft's in-flight Wi-Fi, Santamarta was reassuring that there were no safety threats to airplanes given the way the networks are isolated and configured.
In addition, while scanning the Wi-Fi network on a Norwegian Airlines flight from Madrid to Copenhagen in November 2017, Santamartarevealed at Black Hat that he stumbled on actual malware : A backdoor was running on the plane's satellite modem data unit, and a router from a Gafgyt Internet of Things (IoT) botnet was reaching out to the satcom modem on the in-flight airplane and scanning for new bot recruits. Luckily, none of the satcom terminals on the plane were infected, but it was a wakeup call for possible threats to come for airlines.
Semantics Expose PhishersSocial engineering is one of the easiest and most foolproof ways to infect Patient 0 in a cyberattack, and not all phishing emails get trapped in a spam filter. So a pair of researchers devised a way to detect social engineers/phishers by "hacking" the language attackers use in their text: They built a tool that runs a semantic analysis to determine malicious intent, using natural language processing to identify sketchy behavior.
Ian Harris, professor at the University of California, Irvine, and Marcel Carlsson, principal consultant at Lootcore, basically exposed the attackers via the language they used in their text and spoken words converted to text. Harris and Carlsson's phisher-hacking tool detects in emails both questions looking for private data and nefarious commands which typically are signs of a possible social engineering attack. The tool can be used to flag malicious text messages and phone calls, too.
This word-hacking tool of sorts compares verb-object pairs in the text with a blacklist of randomly chosen phishing emails to analyze semantics and word choice.
"The reason why social engineering has always been an interest … it's sort of the weakest link in any infosec conflict," Carlsson told Dark Reading. "Humans are nice people. They'll usually help you. You can, of course, exploit that or manipulate them into giving you information."
Playing Mac-A-MalThe old adage of the Apple Mac's immunity to viruses propagated, in part, by marketing on Apple's own website until 2012 has fallen to the reality of malware writers increasingly targeting MacOS.
Pham Duy Phuc, a malware analyst with Netherlands-based Sfylabs BV, and Fabio Massacci, a professor at the University of Trento in Italy, decided to hack the painstakingly manual process of detecting and analyzing the growing ecosystem of malicious code targeting Macs. They developed a framework called Mac-A-Mal that blends static and dynamic code analysis to find and unmask the inner workings of Mac malware even the stealthiest variants.
Theirtool can operate undetected while it grabs malware binary behavior patterns, such as network traffic, evasion methods, and file operation. "It takes actual behavioral data of malware samples, executions, inside a sandbox," Phuc said.
The pair has discovered hundreds of new Mac malware samples with the tool. Half of all Mac malware on VirusTotal in 2017 were backdoors, they found, and most of the variants were adware.
'God Mode'Hardware hacking was hot in 2018. In a year that began with the revelation of the now-infamous Spectre and Meltdown flaws in most modern-day microprocessors and a mass scramble to mitigate their abuse, a researcher this summer revealed his chilling hack of a CPU security feature.
Researcher Christopher Domas found a way to break the so-called "ring-privilege model" of modern CPUs, giving him kernel-level control of the machine and bypassing software and hardware security. He demonstrated this at Black Hat USA during his "God Mode Unlocked: Hardware Backdoors in X86 CPUs" talk.
Domas shared thedetailson how he cracked into the ring and obtained "God mode" control of the machine via a hardware backdoor found in some machines and embedded x86 microprocessors. The backdoor was enabled by default on some systems, which he exploited to obtain kernel control. The good news: Domas said he believed only VIA C3 CPUs were vulnerable to this attack and not later generations of the processor.
His tool, Project Rosenbridge , is on GitHub for other researchers to experiment with. "This work is released as a case study and thought experiment, illustrating how backdoors might arise in increasingly complex processors, and how researchers and end-users might identify such features. The tools and research offered here provide the starting point for ever-deeper processor vulnerability research," he wrote on the site.
Robotic Vacuums Hoover DataFirst your fridge and now your vacuum cleaner. Researchers from Positive Technologies discovered