Topic

Vulnerabilities

A collection of 8 articles
Latest — Sep 5, 2024

Wi-Fi networks have seamlessly integrated into our lives, becoming as commonplace and expected as electricity flowing through an outlet. They're found everywhere: in homes, cafes, shopping centers, offices, public transport, and even in nature, with our phones often serving as personal hotspots. However, it's easy to overlook that Wi-Fi networks can be a vulnerable point through which cybercriminals might gain access to our devices.

In the context of home Wi-Fi, attackers often aim for personal data such as passwords, banking details, or personal information. Moreover, compromised home Wi-Fi networks can be leveraged for illicit online activities, including downloading pirated content or launching cyberattacks against other systems.

For business Wi-Fi networks, the stakes are higher. Attackers might target confidential corporate information, including financial records, customer data, or proprietary secrets, potentially disrupting business operations. Such breaches can lead to significant consequences, including data leaks, financial losses, or damage to the company's reputation.

The process of Wi-Fi hacking

Wi-Fi hacking can be as simple as a neighbor or someone in a nearby office building not wanting to pay for their internet and attempting to use someone else's. Their goal isn't necessarily malicious; often, they just need the router's password, which can be obtained using specialized hacking software. It's important to note that accessing a network without permission is illegal, and such software should only be used for testing the security of one's own network.

Wi-Fi hacking tools typically employ a brute force attack, trying every possible combination of letters and numbers to crack the password. The complexity of the password directly affects the time required to breach it.

In homes, routers connect a wide array of devices, making them a prime target for hackers. Gaining access to a router can open up numerous possibilities for malicious activities, such as data theft, surveillance, or even using the devices for DDoS attacks or covert cryptocurrency mining.

If direct password cracking fails, attackers might exploit security protocol vulnerabilities or create fake access points. For instance, vulnerabilities in WPA-2 security technology were exploited using Key Reinstallation Attacks (KRACK), and in 2024, new vulnerabilities were discovered in Wpa_supplicant software and the iNet Wireless Daemon (IWD).

Another method to gain network access involves social engineering, such as asking for the Wi-Fi password by pretending to be a client or employee.

Identifying a compromised network

The challenge of detecting a hacked network varies significantly between home and corporate environments due to the scale and complexity of the networks involved. For home networks, signs of unauthorized access can often be quite apparent. A sudden decrease in internet speed can indicate that outsiders are consuming bandwidth. Additionally, unfamiliar devices appearing in the router's connected devices list is a telltale sign of a security breach. These indicators are relatively easy to monitor and can quickly alert homeowners to potential security issues.

Corporate networks, however, present a more complex challenge. The sheer volume of devices and the breadth of network activity can obscure the signs of unauthorized access. Yet, there are nuanced indicators that IT professionals can monitor. Unexpected software installations can be a red flag, especially if the new software is unknown or unauthorized by the company's IT department. Similarly, unusual spikes in network traffic or abnormal data flows can indicate that an intruder is siphoning data or exploiting the network for malicious purposes. Monitoring for these signs requires a sophisticated approach, often involving advanced network monitoring tools and a keen understanding of normal network behavior to spot anomalies.

Fortifying Wi-Fi security: strategies and best practices

The first line of defense in network security is the router, serving as the gateway between the internet and the devices on the network. The market offers a wide range of routers, from basic models suitable for home use to advanced routers designed for the complex needs of businesses. The choice of router should be informed by the specific needs and security requirements of the user or organization.

For home networks, security experts advise against the complacency of sticking with the default settings provided by the router manufacturer. One of the simplest yet most effective security measures is changing the default password to a complex, unique one. This step alone can thwart a significant number of unauthorized access attempts. Renaming the network SSID to something generic that doesn't reveal personal information or the router model can also deter potential attackers. Additionally, disabling network discovery and enabling MAC address filtering can further secure the network by making it invisible to casual scans and ensuring that only devices with approved MAC addresses can connect.

Corporate networks require a more layered approach to security, given the higher stakes involved. Routers with advanced security features that can be integrated into a broader security framework are essential. These routers often come with the capability for regular security updates and can be configured to work with Security Incident and Event Management (SIEM) systems, providing real-time monitoring and analysis of security alerts generated by network hardware and applications. For businesses, the security of the router and the network it supports is not just about protecting data; it's also about safeguarding the company's reputation and financial well-being.

Beyond the technical configurations, both home users and businesses must adopt a proactive stance on network security. This includes staying informed about the latest security threats and trends, regularly updating router firmware and network security software, and educating all users about the importance of security practices such as using strong passwords and recognizing phishing attempts.

Conclusion

In 2024, the importance of securing our Wi-Fi networks cannot be overstated. The convenience and connectivity offered by these networks come with inherent risks, making them prime targets for cybercriminals. By understanding the methods employed by hackers and implementing robust security measures, individuals and businesses can significantly mitigate the risks associated with Wi-Fi usage. In the end, the key to safeguarding our digital domains lies in a combination of advanced technology, vigilant monitoring, and an unwavering commitment to cybersecurity.

The invisible connection: Unveiling Wi-Fi vulnerabilities and shielding strategies

Aug 15, 2024 — 4 min read

In May 2024, Microsoft introduced a new feature for Windows 11 called Recall. This feature allows users to "remember" everything they've done on their computer over the past few months. 

By typing general queries like "photo of the red car someone sent me" or "which Korean restaurant was recommended" into the search bar, users receive results that include links to applications, websites, or documents, along with thumbnail images of their computer screen at the moment they viewed the subject of the query.

How Recall works

To enable this advanced search, Recall takes screenshots of the entire screen every few seconds and saves them in a folder on the computer. These images are then analyzed by AI in the background, extracting information and storing it in a database, which is used for intelligent searches by the AI assistant.

Security concerns

Despite being performed locally on the user's computer, Recall has raised significant security concerns. Initially, the implementation of Recall was barely encrypted and accessible to any computer user. 

Under pressure from the cybersecurity community, Microsoft announced improvements to Recall before its public release, now delayed to late autumn 2024. However, even with promised enhancements, the feature remains controversial.

The risks of Recall

One of the primary risks of Recall is the aggregation of all sensitive data—medical diagnoses, password-protected conversations, bank statements, and private photos—in one place on the computer.

If an unauthorized person gains access or the machine is infected with malware, all this critical information can be stolen by copying a single folder. While stealing screenshots is more challenging due to their volume, the text-based information can be exfiltrated in seconds.

If an attacker manages to extract the database with screenshots, they can almost second-by-second reconstruct everything the user has done on their computer over the past few months. Recall can save up to 3 months of history if the allocated space (default is 10% of the storage, up to 150 GB) is not filled sooner.

The initial version of Recall stored screenshots and the database in an unencrypted format. Cybersecurity experts demonstrated how to bypass OS restrictions and access Recall's databases and screenshots. To address this, Microsoft promises to encrypt the databases and decrypt them "on the fly." However, the effectiveness of this implementation remains unverified, and decryption on the local computer may be straightforward.

Microsoft notes that passwords, financial data, and other sensitive information displayed on the screen will be saved in Recall's database. If Recall is not paused, only private windows in browsers like MS Edge, Chrome, Opera, or Firefox and DRM-protected data are excluded. Recovery codes, disappearing messages, or deleted emails will remain in the database, visible to anyone with access to the unlocked computer.

Managing Recall risks

Users who frequently store sensitive information, are legally required to protect work data, share their computer, suffer from aggressive monitoring, or find AI search unhelpful should disable Recall entirely. Opening settings can do this, navigating to Privacy & Security -> Recall & Snapshots, disabling Save Snapshots, and clicking Delete All to remove previously saved snapshots.

For users who don't want to disable Recall, it's crucial to configure it properly. Exclude applications and websites where sensitive information is viewed, such as banking sites, government services, insurance and medical organizations, password managers, work-related apps, and cryptocurrency-related sites.

Ensure comprehensive cybersecurity protection is installed, as specialized malware could steal months of activity history. Consider:

  • Enabling Bitlocker full-disk encryption.
  • Protecting accounts with strong passwords and biometric access.
  • Setting up and using screen lock when away from the computer.
  • Creating separate accounts or using guest accounts for other users.

Additional considerations

Recall's comprehensive data collection can significantly impact personal privacy. For individuals in challenging situations, such as dealing with overbearing managers or overly curious household members, the detailed activity logs provided by Recall can be particularly concerning. They might be used to track work efficiency, personal communications, and even personal movements over time, leading to potential misuse of sensitive information.

The very features that make Recall useful also make it a potential goldmine for cybercriminals. If cyber attackers gain access to Recall's data, they can gather extensive information about a user's activities, preferences, and sensitive data. This could lead to targeted phishing attacks, identity theft, and other forms of cybercrime. Moreover, the ability to reconstruct a user's activity timeline could be exploited for blackmail or surveillance purposes.

Initially, Microsoft intended for Recall to be enabled by default. However, public pressure led to a change, and now users must opt-in during Windows setup. This opt-in approach gives users control over whether they want to use Recall, but those receiving pre-configured systems, such as from workplaces, should check and manage Recall's settings themselves.

Currently, Microsoft states that Recall will be available only on Copilot+ computers equipped with a special NPU AI chip and Windows 11. However, experts have successfully run Recall on other computers, particularly those with ARM processors, and even on x86 architecture machines and Azure virtual machines. 

This indicates that Recall doesn't require unique hardware, suggesting it may soon be offered to all sufficiently powerful Windows computers. Given Microsoft's tendency to automatically activate new features, users might find Recall enabled without explicit consent.

Recall is not available on Windows 10 or earlier versions. On Windows 11, users can check for Recall by typing "Recall" in the Start menu search bar. If the application appears in the search results, it indicates that Recall is installed and requires configuration or disabling.

Final thoughts

While Microsoft's Recall promises to enhance user experience by providing a comprehensive search and recall capability, it also poses significant privacy and security risks. 

Users must remain vigilant, properly configure the feature, and implement strong cybersecurity practices to mitigate potential threats. Balancing the convenience of Recall with the need to protect sensitive information will be crucial as this feature rolls out more broadly.

Recall: Potential security nightmare

Jul 19, 2024 — 5 min read

The popularity of push notifications can be easily explained – marketers have noticed that customers are more likely to read short messages that don't need to be opened and are more likely to click on links contained within them. Therefore, various companies have long adopted and actively used this communication channel with customers. However, malicious actors use push notifications for phishing, spreading malware, and other cyber threats. This article discusses the schemes used by malicious actors, what service developers need to consider, and how not to become a victim of fraudsters.

How malicious actors use push notifications

A push notification resembles an SMS, consisting of a title and a short message, an icon with the sender's name, and it may also include an image and buttons to perform a certain action, such as clicking a link. Additionally, the differences between push notifications and SMS include that the latter are received on any model of mobile phone and are delivered through mobile operators. Receiving push notifications requires a smartphone that supports this feature, the installation of applications, and internet access. Users can manage notifications themselves: prohibit, fully allow, or partially allow. Push notifications are usually stored in the personal account on the website, in the application, or in the notification center if the phone is on iOS and in the notification log if you have Android 10 and above.

The most common methods include sending push notifications that masquerade as official notifications from banks, online stores, or other services to prompt users to enter personal data or bank card details on phishing sites. One of the freshest instances involved a victim showing their screen to fraudsters, who posed as a bank security service and saw all push notifications with confirmation codes, allowing them to rob the victim.

From the users' perspective, push notifications seem convenient. A person receives dozens of pushes a day – from media, banks, marketplaces, and messengers. The short texts inform about discounts, new stock arrivals, promotions, and reminders. Moreover, push notifications deliver alerts about funds being debited or credited, codes for authentication, and access to one's account or personal cabinet on various services and sites. Malicious actors exploit this – due to the large amount of incoming information and often, lack of attention, a victim of fraud can easily click on a link in a pop-up "push."

Among relatively new attack methods is the ‘Fatigue’ attack, another form of social engineering. The essence of this method is to send the user a large number of login confirmation requests, thereby catching him off guard and scattering his attention. Eventually, the person is likely to accept the request to eliminate the "spam" on their phone or decide that the system is broken and that they need to "press the button" to fix everything.

The attack targets users whose first factor, most often a password, has already been compromised, although this is not such a big problem, considering the size of leaked password databases. By overcoming the two-factor authentication system in this way, malicious actors penetrated some corporate systems of Uber, Microsoft, and Cisco, and in 2024, Apple users faced this issue. Since successful attacks on large corporations continue, it can be concluded that businesses are not yet ready to repel such attacks.

In late February 2024, The Washington Post published an article about a new method the FBI uses to surveil suspects using push notifications. The agency filed more than 130 orders to disclose data of push notifications in 14 states. This became possible thanks to a feature of "pushes." When a user registers in an app, Apple and Google servers create and store a unique identifier - the "push token." This token can later be used to identify a person using the app based on device information.

Data protection advocates are concerned that this capability poses a threat to users' privacy from both the state and malicious actors. To send a victim push notifications, a fraudster must infect the device with malware. For example, the banking trojan Ginp was discovered by Kaspersky Lab. In addition to the standard set of abilities for a banking trojan: transmitting the entire contact list to its owners, intercepting SMS, and overlaying the screen with fake pages, the malware uses fake push notifications to convince the victim to open a phishing page.

Recommendations for service developers

Before connecting push notifications to a service, it's recommended to study their weaknesses and plan for data protection from leaks. Limit the information transmitted to the push notification service, including metadata.

There are several security measures. Firstly, do not use Push notifications to access valuable digital resources. Instead, use other protection tools for login, such as TOTP or physical tokens with a built-in password generator or digital certificate.

Secondly, implement throttling mechanisms in server systems for sending Push notifications. A well-designed push factor should offer the user options to reduce automatic responses. For example, it displays several options with numbers, and the user must choose what they see on the device they are logging in from.

Thirdly, report attack attempts to SOC and make quick decisions on temporarily blocking compromised accounts. Also, the importance of encryption when working with push notifications cannot be overlooked. And remind users of cybersecurity rules to prevent illegitimate actions by malicious actors.

For user protection, developers should follow several principles:

Сontent validation
Before sending a notification, ensure it doesn't contain potentially dangerous links or requests;

Use of secure protocols
All communication between the app and server, as well as the push notification server, should use encryption (e.g., via HTTPS);

Regular updates and dependency control
Used libraries and dependencies should be regularly updated to avoid known vulnerabilities;

User education
Provide information about notification settings and the dangers of fraudulent messages.

Protection measures

To avoid becoming a victim of fraudsters, users need to follow several rules, including being vigilant not automatically accepting offers, and not thoughtlessly clicking on links from ‘Pushes’. For security when using push notifications, users should only download official bank apps from their official websites and avoid installing apps from unverified sources.

Be cautious with push notifications about transactions and password change requests – verify such information through official communication channels with the bank.

Push notifications can appear on device lock screens, allowing unauthorized access to information in push notifications if the device falls into the wrong hands. Add a screen lock and configure the allowable information to be displayed on the screen for push notifications.

It's better to simply disable unnecessary notifications, and delete unnecessary apps from the phone. When "pushes" can be sent by a limited number of services, it's easier to notice a suspicious message.

Wrapping up 

In summarizing our exploration into the realm of push notifications, it's evident that these alerts occupy a significant role in our digital ecosystem. They serve as efficient conduits for information, offering immediate updates on transactions, sales, and various notifications directly relevant to our daily activities. However, this convenience also presents an avenue for malicious entities to exploit, using these notifications as a means to deploy phishing attacks, distribute malware, or engage in identity theft.

Despite these vulnerabilities, there is a concerted effort from the development community to enhance the security and integrity of push notification systems. Through the adoption of encryption and the implementation of more rigorous security protocols, developers are creating a more resilient framework to protect users from potential threats. Additionally, there is an emphasis on user education, encouraging individuals to exercise discretion and vigilance when interacting with push notifications.

For users, adopting a proactive approach to digital hygiene can significantly mitigate the risks associated with push notifications. This includes verifying the authenticity of apps before downloading, being cautious about the personal information shared within apps, and utilizing the security features provided by their devices. Periodically reviewing and customizing notification settings can also prevent unauthorized access to sensitive information, further safeguarding against fraudulent activities.

Ultimately, push notifications represent a dual-faceted feature of modern technology – providing essential information swiftly while posing potential security risks. By fostering a culture of awareness and implementing robust security measures, both developers and users can navigate these challenges effectively. As we continue to integrate these notifications into our daily lives, maintaining a balance between convenience and security will be paramount. In doing so, users can leverage the benefits of push notifications without compromising their digital safety.

The art of deception: The threats hidden behind innocent notifications and how to prevent them

Jul 17, 2024 — 4 min read

The name "Bluetooth" is derived from the name of Harald Bluetooth, a king who was known for uniting Danish tribes in the 10th century. Similarly, bluetooth technology, developed in the late 1990s, was created as a wireless alternative to RS-232 data cables, unifying various communication protocols into a single universal standard. 

However, mass unification comes with its risks. Indeed, the recent discovery of a significant Bluetooth vulnerability across several operating systems, including Android, macOS, iOS, iPadOS, and Linux, has raised alarms in the tech community. 

This vulnerability, discovered by security expert Mark Newlin, opens the door to potential contactless hacking of devices without any action required from the device owner. It poses a serious threat, especially considering the widespread use of Bluetooth technology in modern devices. Today, we’ll be discussing some of Bluetooth’s vulnerabilities with the help of Newlin’s report. 

Counterfeit keyboards

The crux of the problem lies in the ability to compel a vulnerable device to establish a connection with a counterfeit Bluetooth keyboard, all without requiring user confirmation. This is achieved by circumventing the Bluetooth protocol's authentication checks, which, in specific implementations of Bluetooth stacks in popular operating systems, allow an attacker to exploit this inherent mechanism. Subsequently, this connection can be exploited to issue commands, granting the attacker the capability to perform actions on the compromised device on behalf of the user, without any additional authentication, such as a password or biometrics (e.g., fingerprint or facial recognition). Newlin, the security researcher who unearthed this vulnerability, emphasized that a successful attack does not necessitate a specialized setup; even a standard Bluetooth adapter on a Linux-based laptop can be used for exploitation.

It's worth noting that the attack's practicality is limited by the proximity requirement between the attacker and the victim, as Bluetooth connections typically have a short range. While this restricts mass exploitation, it does pose a potential threat to individuals who may be targeted by attackers for specific reasons.

Android 

Android devices have been subjected to rigorous scrutiny with regard to the aforementioned vulnerability. Newlin conducted tests on seven different smartphones running various Android versions, ranging from Android 4.2.2 to Android 14. Remarkably, all of them exhibited vulnerability to Bluetooth hacking. In the case of Android, the only prerequisite for a successful hack is that Bluetooth is enabled on the target device.

The researcher promptly alerted Google to this discovered vulnerability in early August. Consequently, Google has already developed patches for Android versions 11 to 14 and shared them with smartphone and tablet manufacturers that rely on this operating system. These manufacturers are expected to release corresponding security updates for their customers' devices in due course. It is imperative for users to install these patches as soon as they become available for their Android 11/12/13/14-based devices. For older Android versions, no updates will be forthcoming, leaving them perpetually susceptible to this attack. Thus, turning off Bluetooth remains a prudent precaution until the end of these devices' life cycles.

MacOS, iPadOS, and iOS

In the case of Apple's operating systems, the researcher had a more limited range of test devices at his disposal. Nonetheless, he was able to confirm the presence of the vulnerability in iOS 16.6, as well as in two versions of macOS: Monterey 12.6.7 (x86) and Ventura 13.3.3 (ARM). It is reasonable to assume that a broader spectrum of macOS and iOS versions, including their counterparts, iPadOS, tvOS, and watchOS, could potentially be susceptible to a Bluetooth-based attack.

Regrettably, Apple's enhanced security feature, known as Lockdown Mode, introduced in the past year, does not provide protection against this particular Bluetooth vulnerability. This applies to both iOS and macOS.

Fortunately, a successful attack on Apple's operating systems necessitates an additional condition, in addition to Bluetooth being enabled: the device must have the Apple Magic Keyboard paired with it. As a result, the risk of an iPhone being compromised through this vulnerability appears to be minimal.

Linux

This attack is also applicable to BlueZ, a Bluetooth stack that is included in the official Linux kernel. Newlin verified the Bluetooth vulnerability in various versions of Ubuntu Linux, including 18.04, 20.04, 22.04, and 23.10. The bug that enabled this attack was identified and patched in 2020 (CVE-2020-0556). However, the fix has been deactivated by default in most popular Linux distributions, with only ChromeOS having it enabled (based on information obtained from Google).

The Linux vulnerability discovered by the researcher is designated as CVE-2023-45866 and is rated at 7.1 out of a possible 10 (CVSS v3) with a "moderate" threat status, according to Red Hat. A successful exploit of this vulnerability requires just one condition to be met: Bluetooth discovery or connectivity must be enabled on the Linux device. The good news is that a Linux patch addressing this vulnerability is already available, so it is strongly recommended to install it as soon as possible if it has not been done already.

Final thoughts 

In conclusion, the discovery of a critical Bluetooth vulnerability affecting popular operating systems such as Android, macOS, iOS, iPadOS, and Linux highlights the ongoing risks associated with modern technology. However, it's essential to note that many of these companies have responded promptly to the issue, releasing patches and updates to address the vulnerability. This demonstrates their commitment to enhancing security for their users.

While this story underscores the constant vigilance required in the ever-evolving landscape of cybersecurity, it also serves as a reminder that hackers are not dormant, they continuously seek new vulnerabilities to exploit. As technology advances, the responsibility to remain proactive in protecting our devices and personal information becomes increasingly crucial.

Bluetooth vulnerability: Dangers and solutions in operating systems

Jul 12, 2024 — 4 min read

In the digital era, where the internet and electronic devices dominate every aspect of our lives, the importance of data security cannot be overstated. Zip archives, a common format for compressing and storing data, are no exception to the need for stringent security measures. Typically, passwords are employed to protect the contents of these archives. 

However, challenges arise when one forgets the password to a zip file or seeks to evaluate the robustness of their data encryption. 

This article delves into the motivations behind zip archive password cracking and the prevailing methods. Additionally, it offers valuable advice on safeguarding your data against unauthorized access.

Understanding the motivations for cracking zip archive passwords

The act of cracking zip archive passwords can stem from both legitimate and malicious intentions. On the legitimate side, the most common scenario involves individuals attempting to regain access to their own archives after forgetting the password. This forgetfulness is a natural human trait, especially when dealing with numerous passwords for different files and services. On the other hand, the conversation around archive cracking often highlights two main concerns. The first is the ability to crack a password-protected archive to retrieve its contents. The second, more alarming issue, involves exploiting vulnerabilities in the archiving software to gain unauthorized access to a user's computer system.

Fortunately, the current landscape of archive cracking offers a silver lining. Attackers are primarily limited to brute-force attacks, where they attempt to guess the password by trying numerous combinations. This method's effectiveness heavily relies on the complexity of the password. A sufficiently complex password can significantly enhance the security of your data. However, the situation becomes more complicated when considering the vulnerabilities within the archiving software itself. These vulnerabilities can be discovered periodically, making it imperative for users to keep their software updated to prevent potential exploitation by hackers.

Cybercriminals have various motivations for wanting to crack zip archives. These include gaining unauthorized access to confidential information, circumventing copyright protection, bypassing security restrictions and policies, and modifying or destroying data. Such actions can lead to significant breaches of privacy and financial loss. To mitigate these risks, it is advisable to use reputable archiving software and ensure that all necessary updates and patches are applied promptly.

Methods for cracking zip archives

Gaining access to a zip archive without the password involves eliminating and guessing. The unlimited password attempts feature of zip archives makes them vulnerable to brute-force attacks. Various tools and techniques are available for this purpose, each with its own set of strategies:

Full brute-force attack
This method is applicable when no information about the password is known. It involves trying every possible combination within a specified range, allowing for customization based on known password characteristics.

Brute-force attack with extended mask
When some information about the password's structure is known, this method allows for a more targeted approach, reducing the number of guesses needed.

Dictionary attacks
These are effective when the password is suspected to be a common word or phrase. Unfortunately, the tendency of users to choose simple, easily guessable passwords makes many archives vulnerable to this type of attack.

Tools such as John the Ripper, Advanced Archive Password Recovery, KRyLack ZIP Password Recovery, and ZIP Password Cracker Pro are among the most popular for cracking archive passwords.

Enhancing the security of zip archives

The relative ease with which zip archives can be cracked necessitates the adoption of additional protective measures. A robust password is the first line of defense, ideally incorporating a mix of characters, numbers, and symbols to increase complexity. Such passwords are significantly more challenging to crack, providing a strong barrier against unauthorized access.

Beyond passwords, the level of protection should be tailored to the value of the data being secured and the user's knowledge of information security. Encrypting files before sharing them over the internet adds an extra layer of security. For instance, using a zip archive with a strong password for encryption, and then sharing the password through a separate communication channel, can prevent unauthorized access even if the primary transmission method is compromised.

In addition to the fundamental security measures previously discussed, adopting advanced security practices can significantly enhance the protection of zip archives.

Implementing Multi-Factor Authentication (MFA) can dramatically increase the security of your zip archives. While not a standard feature for archive access, integrating MFA through secure storage solutions or encrypted file systems adds a critical security layer. MFA requires users to provide two or more verification factors to gain access, combining something they know (like a password) with something they have (such as a security token or a mobile phone confirmation). This method ensures that even if a password is compromised, unauthorized access to the archive remains highly unlikely.

While zip archives support password-based encryption, users seeking higher security levels should consider additional encryption layers. Tools like VeraCrypt or BitLocker offer robust encryption for files and folders, including zip archives. By encrypting the entire storage container that holds the zip archive, users can protect against both unauthorized access and more sophisticated attacks that target file-level encryption vulnerabilities.

Conducting regular security audits and vulnerability assessments of the systems storing zip archives can identify potential security weaknesses before they are exploited. This proactive approach involves scanning for vulnerabilities, assessing the risk level of identified vulnerabilities, and implementing necessary patches or security enhancements. Regular audits ensure that both the software used for archiving and the broader system environment remain secure against emerging threats.

Finally, educating users on security best practices plays a crucial role in safeguarding zip archives. This includes training on creating strong passwords, recognizing phishing attempts, and safely sharing sensitive information. A well-informed user is the first line of defense against many common cyber threats, making education a vital component of any comprehensive security strategy.

Final thoughts 

In conclusion, while zip archives offer a convenient means of compressing and storing data, their security is not infallible. Users must employ strong passwords, take advantage of encryption options, and keep their software up to date to protect their data effectively. Additionally, it's crucial to remember that unauthorized cracking of archives not only violates legal statutes but also infringes on the privacy and confidentiality of individuals. By adopting a proactive approach to data security, users can safeguard their information against the evolving threats in the digital landscape.

Securing the zip: Advanced strategies for archive protection in the digital age

Jul 5, 2024 — 5 min read

The counterfeiting of well-known apps remains a popular tool for spreading malicious software. For instance, in 2022, a counterfeit version of the popular messaging app WhatsApp tricked thousands of users into downloading it from unofficial sources, leading to the harvesting of personal data and intrusive ads. 

Cybercriminals employ various tactics to deceive users into downloading fake apps through email, dangerous websites, and social media. This article will provide recommendations to help you identify a fake app before downloading and completely remove it from your smartphone. Let's take a look today at the dangers they pose, their prevalence, and the steps you can take to protect yourself against these threats.

The dangers they pose

Installing malicious software on your phone can expose you to numerous threats, ranging from slowing down your device to spying on you. One of the most common risks is the theft of confidential and personal data. Malicious apps can steal your private information, such as contacts, photos, and messages, which can then be sold to other fraudsters or used for identity theft. Another significant threat is financial theft, where cybercriminals can access your financial information, such as banking apps and cryptocurrency wallets, to steal your money.

Malicious apps can also cause performance issues on your device, leading to slower operation, overheating, or rapid battery drain due to background processes. Additionally, these fake apps may display a large number of ads, known as adware, which can be intrusive and significantly reduce the usability of your device.

Spying is another critical threat posed by malicious apps. These apps can eavesdrop on your conversations, read your messages, and monitor your activities, severely compromising your privacy. If you use your smartphone for work, malicious apps can engage in corporate espionage by stealing corporate data, which can lead to potential business losses and security breaches.

The prevalence of fake apps

In recent years, these threats have become increasingly common. Some target a wide range of users, while others are more specific. Notable examples of malicious fake apps include counterfeit versions of WhatsApp and Telegram, spread through dozens of fake websites. Once installed, these fake apps intercepted victims' chat messages to steal their confidential information and cryptocurrency.

Another example is the spread of BadBazaar spyware disguised as Signal and Telegram by hackers linked to China. Both types of fake apps passed official verification and were available on Google Play and the Samsung Galaxy Store.

How to prevent fake apps from reaching your device

To reduce the likelihood of installing threats on your device, it is crucial to take several preventive measures. Always install the latest versions of your operating system and software, as threats often exploit vulnerabilities in older versions. Before downloading any app, verify the developer's reputation online and check for any reviews of the app to ensure its legitimacy. It's also essential to use official app stores, as they have strict vetting processes to prevent threats from reaching the platform.

Removing any apps you don't use can help you monitor what is on your device more effectively. Be cautious about clicking on links or attachments, especially if they appear in unsolicited social media messages or emails and offer to download something from third-party sites. Similarly, avoid clicking on ads on the internet, as they may be part of a scam aimed at redirecting you to a counterfeit app.

When installing new apps, be cautious when granting permissions that are unrelated to the app's functions, as this could be a sign of malicious software trying to access your data. Using biometric data for login instead of simple passwords in your accounts can also enhance your security.

Lastly, employing security solutions that provide enhanced protection with effective threat detection, blocking malicious websites, safeguarding online payments, and managing passwords. By following these steps, you can significantly reduce the risk of installing fake apps on your device and protect your personal and financial information from cyber threats.

It's also important to monitor unusual activity on your device if malicious software does manage to infiltrate it. For example, be alert if your battery drains faster than usual. Also, if your device runs slower, it may be due to malicious software. Pay attention to persistent pop-up ads, as this could indicate that you have installed adware. Watch for any unusual icons appearing on your screen.

10 additional tips and tricks 

1. Educate Yourself on Common Threats
Understanding the various types of malware and how they typically operate can help you stay vigilant. Common types include trojans, spyware, adware, and ransomware. Each has distinct characteristics and signs that can alert you to their presence.

2. Regularly Update and Patch Software
Make sure all your apps, not just the operating system, are regularly updated. Developers often release patches for known vulnerabilities, so keeping your software current is crucial in preventing exploitation by malicious actors.

3. Monitor App Permissions
Review the permissions of apps already installed on your device. Apps should only have access to the information and functions necessary for their operation. For instance, a flashlight app should not need access to your contacts or messages.

4. Utilize Multi-Factor Authentication (MFA)
Wherever possible, enable MFA for your accounts. This adds an extra layer of security, making it harder for unauthorized users to gain access even if they obtain your password.

5. Backup Your Data Regularly
Ensure you have regular backups of your important data. This practice can save you from losing vital information if your device is compromised. Use cloud services or external storage devices for these backups.

6. Be Skeptical of Free Offers
If an app promises something that seems too good to be true, it probably is. Be cautious of free versions of popular apps that offer the same functionality without any apparent revenue model. These could be traps to lure you into installing malware.

7. Use Strong, Unique Passwords
For each of your accounts, use a unique password that combines letters, numbers, and symbols. Avoid using easily guessable information like birthdays or simple sequences. Password managers can help you keep track of your passwords securely.

8. Regularly Scan Your Device for Malware
Use reputable antivirus and anti-malware software to scan your device regularly. These tools can detect and remove many types of malware before they cause significant harm.

9. Stay Informed on the Latest Threats
Cybersecurity is an ever-evolving field. Stay informed about the latest threats and trends by following trusted sources. This knowledge can help you recognize and avoid new types of attacks.

10. Use Secure Networks
Avoid using public Wi-Fi for sensitive transactions, such as online banking. Public networks can be less secure, making it easier for attackers to intercept your data. Use a virtual private network (VPN) to add a layer of security when connecting to public Wi-Fi.

Conclusion

Today, smartphones and tablets are our gateways to the digital world. But this world must be protected from unwanted guests. By following these simple steps and additional measures, your finances and personal data will be better protected. Stay vigilant, stay informed, and take proactive steps to secure your digital life.

By incorporating these practices into your daily routine, you can create a robust defense against the ever-present threat of fake apps and other forms of cybercrime. Your digital safety is paramount, and with the right knowledge and tools, you can navigate the digital world securely and confidently.

Identifying fake apps on your smartphone

Jun 28, 2024 — 4 min read

The world has grown accustomed to social media, where users upload millions of images and videos daily. However, not everyone realizes that an innocent-looking selfie at work could be used by malicious actors to break into a company or that a hotel photo might lead to blackmail.

With the advancement of technology and the expansion of geospatial information systems, cybersecurity threats have also increased, demanding more careful consideration of the data being published. This article explores what GEOINT is, how criminals use your photographs for their purposes, and why people scrutinize Google Maps.

What is GEOINT?

GEOINT, short for "Geospatial Intelligence," involves the analysis and use of imagery and geospatial information to gain insights into activities on Earth. It combines several disciplines: cartography, charting, image analysis, and imagery intelligence. While traditionally associated with the military, geospatial intelligence is increasingly utilized by civilian sectors, including telecommunications, transportation, public health, safety, and real estate, to enhance daily life quality. In broader applications, geospatial intelligence is used for emergency planning, crime and security monitoring, and protecting critical infrastructure.

Technological advancements have brought a new era in geospatial intelligence. The advent of powerful analytical software, ubiquitous geolocation data, far-reaching broadband connections, rapidly developing computational power, affordable cloud storage, advanced analytics, and artificial intelligence have all played a role in the revolution of geospatial intelligence.

GeoGuessing

In the context of geospatial intelligence, the phenomenon of geo guessing is worth mentioning. The term comes from the name of the browser game GeoGuessr, launched in 2013. The game uses Google Street View maps, requiring players to guess the location of a street/alley/highway worldwide by marking it on Google Maps. Since 2015, the game has also been available as an iOS app.

The game has become so popular that competitions and tournaments are held. In 2023, the GeoGuessr World Championship finals were held in Stockholm with a prize pool of $50,000. Clues include road markings, languages on signs and plaques, animals and people in the frame, and other details. The most professional players can recognize a location on the map by a 3D image within seconds, requiring extensive time studying maps.

How criminals use GEOINT

An example of careless handling of personal information is found in an interview with Michael Oren, a former Israeli ambassador to the U.S. Attentive viewers noticed a note with login credentials in the background during the shoot from his home. Imagine the damage a criminal could cause in such a situation. 

Be vigilant and cautious when sharing your photos on social media. Like any other information obtained through theft or leakage, data from open sources can be used by malicious actors. Here are some ways they exploit this information:

1. Phishing using geolocation
By determining your location, criminals can personalize phishing messages. For instance, if you're at a resort, you might not ignore a message supposedly from emergency services warning of dangerous weather conditions in the area.

2. Physical threats
Criminals can locate server centers or critical infrastructure and plan physical intrusions.

3. Espionage and surveillance
Malicious actors can use geodata to track people or organizations, monitor their movements, connections, habits, and even plans to exploit this information for their gain, such as crafting more convincing social engineering attacks or blackmail.

Overall, the use of geospatial intelligence by criminals poses a severe threat to data security, personal information, and critical infrastructure.

Law enforcement and GEOINT

On the flip-side, law enforcement agencies use GEOINT for investigations and apprehending criminals. For example, in 2019, Sacramento authorities arrested a drug dealer who sent potential buyers photos of marijuana on his hand. The fingerprints visible in the photo led to his identification. 

Photographs can indeed serve as evidence in criminal cases. In spring 2023, a data leak from the Pentagon put U.S. National Guard member Jack Teixeira under suspicion. An investigation revealed that the leaked photos were taken in his home, as the edges of the photographs matched the interior.

The most frequent method of geospatial intelligence is analyzing images or videos to determine their location. Almost anyone can conduct basic geospatial intelligence using the internet and various services. For example, a jealous wife might deduce from her husband's social media photos that he is not on a business trip but visiting a lover. 

Tools and services for GEOINT

Various services and tools are used for collecting data from open sources in geospatial intelligence. Here are some examples:

Google Maps. A web mapping platform from Google offering satellite photos, aerial photography, street maps, interactive street views in 360°, and real-time traffic conditions.

OpenStreetMap. An open collaborative project to create a free editable geographic database of the world.

Soar Earth. A service for collecting and exploring satellite images, aerial photographs, and drone images.

GeoHack Tools. This service provides a list of OSINT resources for the selected area on a map, including maps/satellite images, photographs, real-time weather, flight and maritime tracking, railways, peaks, and even fitness device data.

The range of geospatial intelligence tools is vast and continually expanding.

Final thoughts — protecting oneself 

As we have explored, even innocent photos shared on social media can be exploited by malicious actors, leading to severe consequences such as unauthorized access, blackmail, or even physical threats. To safeguard against these threats, it is essential to:

1. Be vigilant with personal information
Avoid sharing sensitive data in photos, such as login credentials or identifiable locations, that can be exploited by criminals.

2. Control privacy settings
Regularly review and adjust the privacy settings on social media platforms to limit the visibility of your posts to trusted individuals.

3. Use geotagging wisely
Disable geotagging on your devices when sharing photos publicly, as location data can be a significant security risk.

4. Leverage security tools
Utilize available security tools and services to monitor and protect against unauthorized use of geospatial data.

By taking these proactive steps, individuals and organizations can better defend themselves against the growing threats posed by the misuse of geospatial intelligence.

GEOINT and the Chamber of Secrets

Mar 31, 2022 — 5 min read

Which words pop into your head when creating a password for your new account on a website or on a social network? Safety? Privacy? Well, there’s some bad news for you here — in our digital world, hackers are clued-up on hacking any kind of password that you can think into existence, and as a matter of fact, it’s a global problem. Users of the internet can never be sure that their accounts are protected enough to prevent data theft. Even global organizations such as Facebook can be the subject of cyber-attacks. And we mention the social giant for good reason too — in March 2020, the British company Comparitech stated that the data of more than 267 million people was leaked.

Ergo, it’s of paramount importance to know which techniques cybercriminals use to hack your password and steal your private information. There are a great number of methods that hackers can use to deceive people in order to steal private credentials and data. That’s why, today, we’re going through the most common techniques that can be used, so you’ll be in the know and much more secure online as a result.

1. Phishing

The easiest and most common way of hacking someone’s password is phishing. There are plenty of techniques here: phishing can take the form of an email, an SMS, a direct message on a social media platform, or a public post on a website. Cybercriminals spread a link or attachment that hooks an internet user in. Pushing leads a victim to a fake log-in page where he or she has to enter their data. After hacking, the hackers get a variety of data that can be used for any purpose. This way, people get their sensitive information served on a silver platter. As this technique is one of the oldest ones in the book, most users are aware of such a ploy. Almost everyone knows that following a suspicious link on the internet is a sure way of compromising yourself. Indeed, that’s why emails from unknown addresses tend to fall straight into the spam box and we’re used to blocking unknown numbers.

2. Social engineering

This type of cyberattack is based on the mistakes and imprudence that come as standard with the human brain. A criminal tricks the victim by acting like he or she is a real agent of an official company. It might be a fake call from your bank or some kind of technical support branch. You’ll likely be asked to provide confidential data so that the ‘agent’ may investigate ‘suspicious activity’ on your bank account. Usually, social engineering is mostly successful in manipulating pensioners due to their often dull mental blade and trusting nature. This technique is quite widespread and is much easier than creating an entire fake website to phish someone’s password.

3. Brute force attack

Brute force attacks are best characterized by the long, heavy method of checking each possible password variant. This way is really time-consuming, so most hackers use special software to automate the process. Most of the time, such attacks are based on knowledge gained from previous cracks as users often reuse their passwords on multiple websites and platforms. Also, cybercriminals might try lists of common variations of letters and numbers. That’s why, to protect yourself from such attacks, you should use as many symbols as possible and create passwords from unconnected words and unpredictable alpha-numerical compilations. Alternatively, you could use a password manager to automate this struggle (nudge nudge).

4. Dictionary attack

The dictionary attack partly resembles the previous method (brute force attack), the main idea of such a cyber attack is to submit all possible password variations by taking words from the dictionary. It makes the process of researching the right combination easier due to the strict structure of the dictionary. Moreover, it takes less time to crack the password If the hacker knows some sensitive information about the victim, like the name of their child, pet, or favorite color, for instance. Indeed, predictable human nature is the reason why this is such an effective method. To eliminate the possibility of such a cyberattack, it’s worth mixing semantically unconnected words, numerals, and other symbols. The best way, of course, is to get a password manager (nudge nudge).

5. Rainbow table attack

Passwords stored on the victim’s computer are usually encrypted. The plain text is replaced by various strings (hashes) to prevent data leaks. This method is named ‘hashing’. However, this method doesn’t guarantee that the password won’t be cracked; hackers are very familiar with such multi-layer security. The ‘rainbow table’ is a list of passwords and their hashes that have already been acquired through previous attacks. Hackers try to decrypt hashes by figuring out the correct combination based on different variations from the rainbow table. As a result, the password’s code may be retrieved from the database, removing the necessity to hack it. A good way to mitigate the risks of such an attack is to use software that includes randomly generated data in the password before hashing it.

6. Spidering

Many companies base their passwords on the names of the products they produce to help their staff remember the credentials that they need to access corporate accounts. Spidering is a type of cyberattack that uses this information to hack the company’s system and exploit the obtained information for malicious purposes. They surf the sites of organizations and learn about their businesses. Then, this knowledge is used to make a list of keywords that can be exploited in brute force attacks. As this process is quite time-consuming, experienced hackers utilize automatic software such as the infamous ‘web crawler’.

7. Malware

Malware is a harmful kind of software created to steal private information from the computer that it has been installed on. The victim gives access to his or her computer by clicking on a link specially made by cybercriminals. While this technique has various forms, the most common are keyloggers and screen scrapers that take a video of a user's screen or screenshots when passwords are being entered. They then send this data to the hacker. Some kinds of malware can encrypt a system’s data and prevent users from accessing certain programs. Others can look through users’ data to find a password dictionary that can be used in a variety of ways.

The amount of techniques being used by hackers to crack our passwords is increasing exponentially. The more ways there are to prevent break-ins, the more work hackers ought to do to get around them. That’s why, you should leave it to us, Passwork, your neighborly password managing wizards, to lift the burden from your shoulders.

Password-cracking techniques used by hackers