Tuesday, 4 August 2015

This Computer Worm Could Break Into Your Apple Without You Even Knowing

There's a new type of worm that can break into Apple computers without being detected — and the creators say virtually the only way to get rid of it is to throw your laptop in the garbage.
Known as Thunderstrike 2, the worm was developed by security experts Xeno Kovah and Corey Kallenberg to raise awareness about Apple's security flaws. They say the worm is capable of spreading from one Mac to another, even if the computers don't share a network.
"[The attack is] really hard to detect… it's really hard to get rid of," Kovah told Wired, explaining that the worm embeds itself in a computer's firmware, the software that comes pre-installed and loads the operating system. "It's really hard to protect against something that's running inside the firmware… for most users that's really a throw-your-machine-away kind of situation," he said.
The problem is that Thunderstrike 2 can't be removed with software or traditional anti-malware programs; cleaning a machine requires programming the computer's chip. "Most people and organizations don't have the wherewithal to physically open up their machine and electrically reprogram the chip," Kovah said.
What makes Thunderstrike 2 so insidious is that it can spread between computers that aren't connected on the same network. To spread the worm, an attacker must first undermine the firmware on a Mac by sending malware through a phishing email or link. The malware could be programmed to infect the firmware — known as the Option ROM— of anything that's plugged into the computer, such as an Ethernet adapter. If that adapter were plugged into another computer, the malware would spread. When the second machine is turned on, the worm would spread to its firmware and become undetectable.
Kovah and Kallenberg say the implications of their discovery could have wide-ranging implications.
"Let's say you're running a uranium refining centrifuge plant and you don't have it connected to any networks, but people bring laptops into it and perhaps they share Ethernet adapters or external SSDs to bring data in and out," Kovah said. "Those SSDs have Option ROMs that could potentially carry this sort of infection. Perhaps because it's a secure environment they don't use Wi-Fi, so they have Ethernet adapters. Those adapters also have option ROMs that can carry this malicious firmware."
Kovah and Kallenberg say that the worm was developed to showcase vulnerabilities in Apple devices. They've notified Apple of their discovery, and the company has already fully patched one type of vulnerability and partially patched another, but three still remain unresolved.
This isn't the first time that Kovah and Kallenberg have revealed a gaping hole in computer security. Last year, they test a series of major PCs for a similar vulnerability and found that 80 percent — including brands like Dell, Lenovo, Samsung, and HP — were vulnerable to firmware worms.
"It turns out almost all of the attacks we found on PCs are also applicable to Macs," Kovah explained.
Kovah and Kallenberg plan to unveil their discovery in more detail on August 6 at the Black Hat security conference in Las Vegas. The goal is to push tech companies to take security more seriously.
"Some vendors like Dell and Lenovo have been very active in trying to rapidly remove vulnerabilities from their firmware," Kovah said.
"Most other vendors, including Apple as we are showing here, have not," he added. "We use our research to help raise awareness of firmware attacks, and show customers that they need to hold their vendors accountable for better firmware security."

Monday, 3 August 2015

Govt on porn ban: Did not mean to curtail internet freedom

As reactions to the government’s move to block porn sites rose to a crescendo on Monday, top communications ministry officials said it was merely meant to comply with the Supreme Court’s observations and not to curtail internet freedom.
“We are not a control-freak government and strongly object to the word Talibanisation,” communications minister Ravi Shankar Prasad said. “On the contrary, we are pushing for higher levels of internet use through Digital India.”
The Opposition had raised the T word to liken the restriction on porn sites to the ways of Afghanistan’s oppressive grouping.
According to data from Pornhub, one of the world’s biggest porn sites, India ranks in fifth place for the most daily visitors to the website. The website saw a total of 78.9 billion video views globally in 2014.
Prasad refused to go into the details of the action being taken, but a communications ministry official said an ombudsman could not be ruled out. “The ombudsman can hold discussions with parents’ associations, NGOs, journalists and other stakeholders on the issue,” said the official.
The Supreme Court, slated to take up the matter on August 10, had however issued no direction to block or ban porn sites. On the last date of hearing on July 8, a bench headed by Chief Justice of India HL Dattu had only asked the government to clarify its stand on a petition seeking to ban pornographic websites across India on the ground that they fuel crime against women.
“Such interim orders cannot be passed by this court. Somebody can come to the court and say, ‘Look, I am an adult and how can you stop me from watching it within the four walls of my room? It is a violation of Article 21 (right to personal liberty) of the Constitution.’ Yes, the issue is serious and some steps need to be taken… the Centre has to take a stand... let us see what stand the Centre will take,” Justice Dattu had observed.
Appearing for the Centre, additional solicitor general Pinky Anand had told the court the government was willing to take action against the “offending websites”.
The matter has been pending before the court since 2013. In an affidavit filed in August last year, the department of telecommunications had told the court it had constituted a cyber regulation advisory committee under the Information Technology Act to look into the issue.
Earlier, the Centre had expressed its inability to clamp down on such sites, saying it was technologically impossible.
It could well be."It is extremely easy to circumvent these blocks, using virtual private networks and proxies that anonymise your traffic," said Pranesh Prakash, policy director at the Centre for Internet and Society in Bengaluru.
A cursory Google search on how to unblock porn websites throws up millions of how-to and guides. These make a users’ web traffic anonymous by routing it through foreign servers.
The government can try to keep up with proxies and block them, too. But proxies change every day and there are dozens of functioning proxies to choose from.
But is it legal to circumvent blocks put in place by authorities by using VPNs and proxies? There is no law in India that prohibits viewing pornography, experts say. Section 67 of the Information Technology Act only deals with "publishing obscene information in electronic form".
This has been interpreted as a measure to criminalise the posting of pornographic content online. However, accessing that content privately – such as in one’s home – is not illegal, say experts.