Ho ho hosed: Asian biz malware pwns air-gaps, thousands of Androids CloudSek security bod Rahul Sasi says an Asian software development company is stealing sensitive defence software source code from air-gapped computers while also using a malicious Christmas app to hose thousands of Android handsets. The penetration tester found the onslaught from an unnamed software company that was actively …
"It's malicious Android Santa game app is still hosted on the Google Play Store and is capable of stealing "basically everything" from phones"
Just like every other Android App that requests access to contacts, sms, wifi, radio, sdcard contents etc. etc.
If a malicious app can jump air gapped systems, the system is not air gapped. Wifi, Blutooth indeed any connectivity to a device that accesses the Internet access does not constitute an air gapped system. Or does the term air gapped simply mean a box without a cat5 cable attached?
Don't these people realise that Santa will put them on the naughty list.
Or does the term air gapped simply mean a box without a cat5 cable attached?
The writers of the Stuxnet virus would probably disagree... about the air gap part. I doubt they care much about Santa's list.
"Air-gapped" means that the computers in question are not directly connected to outside networks. This does not mean that information cannot be moved to or from them (via sneakernet for example) or that the implementation was without flaw (e.g. it might be vulnerable to cross-talk attack through parallel copper cabling).
"If a malicious app can jump air gapped systems, the system is not air gapped. Wifi, Blutooth indeed any connectivity to a device that accesses the Internet access does not constitute an air gapped system."
If you read the linked post on the cloudsek.com site, it's explained more fully. The key part:
"One of the features was a USB module that is capable of collecting data from air-gapped systems [No internet access] . This module copies important data from an infected system to a plugged-in USB device till it reaches an infect machine that has got internet access."
Just like every other Android App that requests access to contacts, sms, wifi, radio, sdcard contents etc. etc.
Indeed. Many apps are clearly asking for stuff they've no business having.
But you want to see something really scary? Take a look at this page :-
If an app requests a dangerous permission listed in its manifest, and the app already has another dangerous permission in the same permission group, the system immediately grants the permission without any interaction with the user
I'm really not comfortable with that...
Vic.
Does it tell you in that prompt screen?
I found something at the bottom of the box when installing stuff from the Play Store. I forget the exact wording.
For many groups, this isn't the end of the world. But for some - like phone access - it can turn "app may look at your phone ID" into "app can make phone calls and use SIP"[1]. That's a worry...
Vic.
[1] "Phone" group access. Grant any permission, the rest come without your say-so.
"the separate desktop malware was hopping air-gapped machines"
I'd have a lot more belief in this report if it was explained just how the malware was jumping the gap.......as it stands (given the failure to actually name the offending company) the impression is rather that of an attention-seeking kiddy in class jumping up and down and saying "listen to me, listen to me". It all comes across as a small company - possibly a fake company - trying to attract attention and finance.
I don't doubt that air-gapped capable malware exists. But I don't believe the details in this report
Sounds like utter bollocks to me. I could have all the malware in the world on my phone, blasting out sounds, heating and cooling itself, or any other method of crossing an air gap, but unless the air-gapped device has associated receiving malware already on it, nothing is going to happen,
"the separate desktop malware was hopping air-gapped machines"
It's a company that, get this, produces multiple products. (I reluctantly use the word product)
Not that it even had to be. What happens if you connect your little android handset to that air gapped machine to charge it up? Yea. Nice gap you've got there.
Check the wikipedia link above, I was as clueless about this as anyone and I've heard most all forms of hacking. It has nothing to do with USB, or wifi, or bluetooth, rather the malware can use those for storage or for additional vectors. The cute thing about this new Air Gap covert communications channel is that it's relying on high frequency sounds emenating from the speaker for a return channel, and the open mic to provide the send channel to the hacked device. Apparently it can work up to 60' away. You just need some air for the sounds to travel in and another device capable of doing the dirty work nearby, and for the victim to not put a dummy plug into the mic-in or headphone ports. Unless this naughty santa app is using this uber sophisticated comm setup, me thinks our writer may be overusing this term. :)
I was thinking it had to with breaking into wifi-only devices for some reason, but this is much more interesting. It looks like these commhack boffins are also capable of using a standard computer's internal systems bus to generate cellphone-capable frequencies, again all without extra communications kit onboard.
Kind of reminds me of an older Casio(?) watch that had a light sensor in it and you could feed the watch data via flashing light coming out of the monitor. Also how the Nintendo Duck Hunt light gun worked via feedback from the monitor. Light and sound hacking, I love it! Hope my young user has not downloaded this naughty santa app! Good time of year for another talk about online safety.
Happy Holiday Hacking!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
