Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul   Sep »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for August 13th, 2014




    One resounding – but unsurprising – message from this year’s DEF CON conference in Las Vegas, Nevada was the increase in hacks against IoT devices.

    The lineup of hacked IoT devices was extensive. Many sessions focused on individual device hacks of consumer devices such as media players, IP cameras, cars, and home automation systems. Other sessions focused on industry-specific hardware such as traffic control systems, mesh camera networks, medical devices, and Industrial Control Systems (ICS)/SCADA. Other sessions focused on how to enumerate the devices and the implications of the data they collected.

    One very popular session – Hack All the Things: 20 Devices in 45 Minutes - ended up outdoing itself by covering 22 consumer oriented devices within its allotted time. The researchers – made famous by the Google TV Hack – reiterated the use of a hands-on approach, including physically cracking open the case, and tapping into key data signal interfaces on the devices circuit board to access points where the key data flows occurred.

    One very common example of these data signal interfaces is UARTs – Universal Asynchronous Receiver Transmitters – interfaces provided on the circuit board to allow manufacturers and service technicians to develop, prototype, test and even service these devices.

    Many device manufacturers don’t understand the security implications of exposing and labeling the data interfaces on their finished system boards. These can be useful if the devices have to be serviced in the future, but sometimes they’re still left on devices that are not meant to be repaired at all. Leaving the labels intact significantly cuts down the time taken for a hacker to reverse-engineer the device.

    This hands on approach, while requiring physical access to the device and a fair amount of hardware knowledge, can yield an extensive amount of information about the device’s attack surface. This includes critical information like passwords, keys, firmware images, privilege levels, as well as operating system and component versions (and their resultant vulnerabilities).

    An attacker can use the information gleaned from this process to enable remote and local attacks on users with the same vulnerable device installed. Depending on the information gathered, similar devices from the same manufacturer – or even other manufacturers – may also be affected if they share components and services.

    From a manufacturer’s perspective, a high profile vulnerability or hack of their device would provide plenty of motivation to get key security issues addressed. Unfortunately, many of the vendors of these devices are relatively small, and may not have sufficient resources to correct these issues in the best possible way.

    Thankfully, several of the presenters made note of the fact that they, along with other groups in the industry, are already reaching out to the device vendors. Groups like BuildItSecure.ly have been formed to help facilitate this important cooperation, and we believe that this healthy engagement between security researchers and manufacturers is key to ensuring the continued improvement of security in IoT devices.

    Check out our Internet of Everything buyer’s guide titled What to Consider When Buying a Smart Device. This discusses the things you need to know, from a security perspective, about buying smart devices. Doing your homework on these devices before buying them will save you more grief down the road.

     
    Posted in Internet of Everything | Comments Off



    Patch-Tuesday_grayMicrosoft has rolled out nine security bulletins for their August Patch Tuesday. Two bulletins are rated as Critical, while the rest are rated as Important. Microsoft Windows, Internet Explorer, Microsoft SQL Server, and Microsoft .NET Framework are some of the affected applications that these bulletins covered.

    One of the most notable bulletins in this month’s cycle is MS14-051, which addresses 26 vulnerabilities found in Internet Explorer. The other Critical bulletin is MS14-043, which resolves problems in Windows Media Center, a component of Microsoft Windows. The vulnerabilities resolved in these bulletins, if exploited, could lead to arbitrary code being run on affected systems. Many of these vulnerabilities are in older versions of Internet Explorer (versions 6-8), which

    The bulletins rated as Important covered a wide variety of applications, including Microsoft SharePoint Server, Microsoft SQL Server, and Microsoft Windows. It’s also worth noting that from this point forward, users of Windows 8.1 and Windows Server 2012 R2 must have installed the April update to these operating systems in order to receive security updates.

    Adobe also follows the same second-Tuesday-of-the-month patching cycle as Microsoft; they released released patches for vulnerabilities affecting Adobe Reader/Acrobat and Adobe Flash Player. These vulnerabilities are covered under the following CVEs:

    • CVE-2014-0538
    • CVE-2014-0540
    • CVE-2014-0541
    • CVE-2014-0542
    • CVE-2014-0543
    • CVE-2014-0544
    • CVE-2014-0545

    Users are highly recommended to update their Adobe Flash Player and Adobe Reader and Acrobat to its latest versions. Trend Micro Deep Security and Office Scan with Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities discussed in MS14-051 via the following DPI rules:

    • 1006175 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2823)
    • 1006176 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-2824)
    • 1006165 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4050)
    • 1006177 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4057)
    • 1006166 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4063)

    We encourage users to immediately apply these patches on their systems. For more information on these security bulletins, visit our Threat Encyclopedia page.

     
    Posted in Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice