Category Archives: Digital Security

Digital security is the process of protecting your online identity, data, and other assets from intruders, such as hackers, scammers, and fraudsters. It is essential for trust in the digital age, as well as for innovation, competitiveness, and growth. This field covers the economic and social aspects of cybersecurity, as opposed to purely technical aspects and those related to criminal law enforcement or national and international security.

In this category, you will find articles related to digital security that have a direct or indirect connection with the activities of Freemindtronic Andorra or that may interest the readers of the article published in this category. You will learn about the latest trends, challenges, and solutions in this field, as well as the best practices and recommendations from experts and organizations such as the OECD. You will also discover how to protect your personal data from being used and sold by companies without your consent.

Whether you are an individual, a business owner, or a policy maker, you will benefit from reading these articles and gaining more knowledge and awareness about this topic and its importance for your online safety and prosperity. Some of the topics that you will find in this category are:

  • How to prevent and respond to cyberattacks
  • How to use encryption and cryptography to secure your data
  • How to manage risks and vulnerabilities
  • How to comply with laws and regulations
  • How to foster a culture of security in your organization
  • How to educate yourself and others about this topic

We hope that you will enjoy reading these articles and that they will inspire you to take action to improve your security. If you have any questions or feedback, please feel free to contact us.

2024, Digital Security, Spying

Ivanti Zero-Day Flaws: Comprehensive Guide to Secure Your Systems Now

Posted on by FMTAD
Digital representation of Ivanti Zero-Day Flaws threatening cybersecurity in a futuristic cityscape
05
Feb

Ivanti Patches Two Critical Zero-Day Vulnerabilities, One Under Active Attack

Ivanti, a leader in endpoint and network management solutions, has patched two critical zero-day vulnerabilities, one of which was actively exploited by cybercriminals. Learn more about these vulnerabilities and how to protect your organization.

This sentence is under a slider that shows similar topics on the zero day.

The Ivanti zero-day flaws, written by Jacques Gascuel, inventor of cybersecurity solutions, of cyber-safety of sensitive data and of counter-espionage, deal with the subject of the Ivanti Zero Day 2024 vulnerabilities.

What are Zero-Day Flaws and Why are They Dangerous?

A zero-day flaw is a previously unknown vulnerability in software that hackers can exploit before the vendor becomes aware and devises a patch. These vulnerabilities are particularly perilous because there is no existing defense against their exploitation. Cybercriminals can use zero-day flaws to launch sophisticated cyberattacks, leading to unauthorized data access, system damage, and widespread security breaches.

Ivanti’s Two Zero-Day Vulnerabilities: CVE-2024-21888 and CVE-2024-21893

Ivanti’s announcement highlights two specific vulnerabilities:

  • CVE-2024-21888: This is a critical privilege escalation vulnerability found in the web components of Ivanti Connect Secure and Policy Secure (versions 9.x, 22.x). It allows malicious users to gain administrator privileges, thereby obtaining the ability to alter system configurations, access restricted data, and potentially introduce further malicious code into the network infrastructure.
  • CVE-2024-21893: Identified as a server-side request forgery (SSRF) flaw within the SAML component of Ivanti Connect Secure, Policy Secure (versions 9.x, 22.x), and Ivanti Neurons for ZTA, this vulnerability enables attackers to bypass authentication mechanisms to access restricted resources. This flaw is particularly concerning due to its active exploitation, which suggests a targeted approach by cybercriminals to leverage this vulnerability for malicious purposes.

Ivanti has acknowledged the targeted exploitation of CVE-2024-21893 and expressed concerns over the potential for increased malicious activities following the public disclosure of these vulnerabilities.

How to Protect Your Organization from Ivanti’s Zero-Day Flaws

In response to the discovery of these vulnerabilities, Ivanti has taken swift action by releasing patches for the affected products, including specific versions of Connect Secure and ZTA. The company strongly advises a precautionary factory reset of devices before applying the patches to eliminate any lingering threats from the system. Additionally, Ivanti recommends importing a mitigation file named “mitigation.release.20240126.5.xml” as a temporary countermeasure against these vulnerabilities.

To safeguard against these vulnerabilities, organizations are urged to apply Ivanti’s patches immediately, conduct a factory reset of devices prior to patching, and adopt a proactive cybersecurity posture. This includes regular software updates, comprehensive user education on cybersecurity best practices, and the implementation of robust security measures such as firewalls, intrusion detection systems, and regular security audits.

The Impact of Ivanti’s Zero-Day Flaws on the Cybersecurity Landscape

Since the beginning of 2024, the cybersecurity community has witnessed the disclosure of six zero-day vulnerabilities within Ivanti’s product lineup, with half of them being actively exploited. A study conducted by Volexity found that more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. These attacks have affected organizations from all sectors, including government agencies, Fortune 500 companies and cloud service providers .

CISA Issues Emergency Directive for Federal Agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive. It requires all federal agencies to apply Ivanti’s patches and mitigations, and report any compromise to the CISA. This directive is important because it shows the urgency and the severity of the situation, and its implications for the national and international security.

Mandiant Identifies Bypass Technique and Webshell Deployment

Mandiant, a cybersecurity firm, has identified a technique that bypasses the mitigation file and allows the deployment of a custom webshell named BUSHWALK. This webshell works by injecting malicious code into the legitimate web pages of Ivanti devices, and allows the attackers to execute commands and access files on the compromised systems. Mandiant has provided a detailed description of how this webshell works, how to detect it, and how to remove it. Mandiant has also clarified that this technique is distinct from the mass exploitation that followed the disclosure of the vulnerabilities.

UNC5221: The Threat Group Behind the Targeted Exploitation

Mandiant has also attributed the exploitation of the Ivanti zero-day flaws to a threat group named UNC5221, suspected to be linked to China. This group has targeted organizations from various sectors, including government agencies, Fortune 500 companies and cloud service providers . Mandiant has also revealed the tools and the malware used by this group, such as BUSHWALK, BLOODHOUND, CHOPSTICK and SLIGHTPULSE. These tools and malware are designed to perform reconnaissance, lateral movement, credential theft and data exfiltration on the compromised networks.

The Number of Victims and the Potential Consequences

According to the latest reports from Volexity and Mandiant, more than 1,700 Ivanti devices have been compromised worldwide, including nearly 100 in France. The sectors most affected by these intrusions include government, finance, healthcare, education, and technology. The potential consequences of these intrusions include unauthorized data access, system encryption by ransomware, installation of backdoors for persistent access, and execution of malicious code. Such incidents can lead to significant financial losses, reputational damage, operational disruptions, and legal implications for the affected organizations.

EviCypher and EviPass: Innovative Technologies to Protect Yourself from the Zero-Day Flaws

Facing the threat of the Ivanti zero-day flaws, there are innovative solutions to protect yourself effectively. These are the EviCypher and EviPass technologies, developed by Freemindtronic, a company specialized in pocket cybersecurity.

EviCypher is a NFC device that allows you to encrypt and decrypt messages securely and anonymously. You just need to slide your EviCypher card behind your smartphone for the message to be encrypted or decrypted. The system uses individual encryption keys, stored offline, in a non-volatile and physically secure memory. Thus, even if the message is intercepted by an attacker who exploits an Ivanti zero-day flaw, he will not be able to read it without the corresponding key.

EviPass is a mobile application that allows you to manage your passwords and credentials securely and conveniently. You just need to scan your EviPass card with your smartphone to access your online accounts. The application uses an OpenPGP encryption algorithm, based on public and private keys. The private keys are stored offline, in a non-volatile and physically secure memory. Thus, even if an attacker manages to access a compromised Ivanti device, he will not be able to steal the passwords and credentials without the EviPass card.

These two solutions offer a high level of security, based on the principle of “Air Gap”, which consists of creating a physical and digital barrier between the data and the attackers. They are also easy to use, without requiring any specific knowledge in cybersecurity. They are compatible with all digital communication systems, including those that use Ivanti products. They are protected by international patents, and manufactured in Andorra by Freemindtronic.

EviPass NFC NFC and EviPass HSM PGP: Freemindtronic’s Technologies for Password Management

EviPass NFC NFC and EviPass HSM PGP are two technologies developed by Freemindtronic for password management. EviPass NFC NFC is a technology that uses NFC cards to store and access passwords and credentials. EviPass HSM PGP is a technology that uses hardware security modules (HSM) to store and access passwords and credentials using the OpenPGP encryption algorithm. Both technologies are integrated into the EviPass mobile application, which allows users to manage their passwords and credentials securely and conveniently.

EviCypher NFC HSM and EviCypher HSM PGP: Freemindtronic’s Technologies for Message Encryption

EviCypher NFC HSM and EviCypher HSM PGP are two technologies developed by Freemindtronic for message encryption. EviCypher NFC HSM is a technology that uses NFC cards and hardware security modules (HSM) to encrypt and decrypt messages. EviCypher HSM PGP is a technology that uses hardware security modules (HSM) to encrypt and decrypt messages using the OpenPGP encryption algorithm. Both technologies are integrated into the EviCypher NFC device, which allows users to encrypt and decrypt messages securely and anonymously.

PassCypher and DataShielder: Freemindtronic’s Products that Incorporate EviCypher and EviPass Technologies

PassCypher and DataShielder are two products designed and manufactured by Freemindtronic that incorporate the EviCypher and EviPass technologies. PassCypher is a NFC device that connects to your smartphone or computer and allows you to access your online accounts using the EviPass technology. DataShielder is a NFC device that connects to your smartphone or computer and allows you to encrypt and decrypt messages using the EviCypher technology. With these products, you can benefit from the EviCypher and EviPass technology to protect your passwords, credentials and messages.

To learn more about these solutions, you can visit the Freemindtronic website or the Codeur blog, which present the features and benefits of EviCypher and EviPass.

Conclusion

In conclusion, the Ivanti zero-day flaws are dangerous vulnerabilities that can compromise the security and confidentiality of the users’ data. It is therefore important to protect yourself effectively against these flaws, by applying the patches provided by Ivanti, following the cybersecurity recommendations, and using innovative solutions like EviCypher and EviPass, developed by Freemindtronic. These solutions are integrated into innovative products, designed and manufactured in Andorra. Don’t wait any longer to protect yourself from the Ivanti zero-day flaws, and discover the EviCypher and EviPass solutions from Freemindtronic. What are your impressions on these products? Let us know in the comments below.

2024, Articles, Digital Security, News, Spying

How to protect yourself from stalkerware on any phone

Posted on by FMTAD
Woman holding a smartphone with a padlock icon on the screen, promoting protection from stalkerware.
26
Jan

How to Protect Yourself from Stalkerware

How to protect yourself from stalkerware: In today’s digital landscape, being mindful of stalkerware’s escalating threat is crucial. Take proactive measures to safeguard your privacy. Stalkerware, a malware type, lets unauthorized individuals stealthily monitor and control your smartphone.

To learn more about the potential dangers of stalkerware spyware.” Stay informed by browsing our constantly updated topics

How to Protect Yourself from Stalkerware written by Jacques Gascuel, the innovator behind advanced sensitive data security and safety systems, provides priceless knowledge on the topic of data encryption and decryption. Are you prepared to enhance your comprehension of data protection?

What is Stalkerware and Why is it Dangerous?

Stalkerware, including known programs like FlexiSpy, mSpy, and Spyera, tracks your location and accesses calls, messages, and photos. These programs can secretly activate your camera or microphone. To counter these invasions, safeguard your digital privacy from stalkerware. Physical access or being tricked into clicking malicious links; often in phishing emails, leads to stalkerware installation.

Who Uses Stalkerware?

Furthermore, abusive partners, stalkers, employers, or governments often use stalkerware. They exploit tools like FlexiSpy or Spyera to gain unauthorized access to personal information, track whereabouts, or monitor online activities.

How to Detect and Remove Stalkerware from Your Phone

To detect stalkerware, check for unusual apps or files. Monitor your phone bill for spikes in data usage or unexpected charges. Be cautious about what you click on, and keep your phone and apps updated. Consider well-known antivirus or security apps like Malwarebytes; Kaspersky Internet Security for added protection.

Signs of Stalkerware Infection

To detect stalkerware, you can follow these steps:

  • Check for unusual apps or files: If you notice any unfamiliar apps or files on your phone, it could be a sign that stalkerware is installed. Be sure to check the permissions for any apps you don’t recognize and uninstall any that seem suspicious.
  • Monitor your phone bill: Unusual spikes in data usage or unexpected charges could signal stalkerware installation. Contact your phone carrier to investigate.
  • Be cautious about what you click on: Don’t click on links or open attachments from unknown senders, as these could be used to install stalkerware on your phone.
  • Keep your phone and apps updated: Make sure your phone’s operating system and apps are up to date with the latest security patches. These updates often include fixes for vulnerabilities that could be exploited by stalkerware or other malware.
  • Use a reputable antivirus or security app: Antivirus and security apps can help to detect and remove stalkerware, as well as protect you from other types of malware.

In case you suspect the presence of stalkerware on your phone, you may attempt to remove it using one of the aforementioned methods. However, if you are not comfortable doing this yourself, you can take your phone to a professional for help.

Steps to Remove Stalkerware

  • Backup your data first
  • Perform a factory reset on your device
  • Change all your passwords post-reset

Protecting Sensitive Data from Stalkerware

Fortifying Sensitive Data with Freemindtronic’s Solutions

In the battle against stalkerware, safeguarding your sensitive data is paramount. Freemindtronic, an innovative Andorran cybersecurity company, offers cutting-edge solutions that not only protect your privacy but also fortify your data against prying eyes. Leveraging contactless encryption through an NFC hardware security module (HSM) and other secure storage media, these solutions make your secrets virtually inaccessible to tracking software.

EviCypher NFC HSM This module secures encryption keys from an externalized source, ensuring the protection of data on NFC devices. Its robust security shields against stalkerware and other cyber threats.

EviCypher HSM OpenPGP: Versatile and adaptable, it creates an HSM across various storage types, supporting keychains, keystores, SD, and USB OTG keys. Compliant with encryption standards and the OpenPGP encryption standard, it safeguards a wide array of sensitive data, including emails, documents, and photos.

EviPass: A hardware password manager that securely stores your passwords within a tamper-proof device, making it exceedingly difficult, if not impossible, for tracking software to pilfer your passwords from an NFC HSM or HSM PGP.

EviOTP: This OTP token manager, housed within an NFC HSM or HSM PGP, generates one-time passwords (TOTP or HOTP) for two-factor authentication. This additional layer of physical security thwarts token exploitation, fortifying the protection of your online accounts.

Seamless Integration Across Product Lines

Freemindtronic solutions provide an additional layer of defense against spyware and seamlessly integrate into various products.

Integration of Password Manager Technology

For instance, EviPasse HSM HSP, an advanced password manager technology, integrates seamlessly into the PassCypher HSM PGP product. It ensures the security of identification and authentication secrets in computer systems.

Enhanced NFC Security

Similarly, EviPass NFC HSM technology seamlessly embeds into the PassCypher NFC HSM product, securing NFC Android phones via NFC HSM.

Strengthening Authentication Security

Moreover, PassCypher NFC HSM takes it a step further by incorporating EviOTP technology to bolster the security of 2FA double authentication tokens on phones and computers.

Data Encryption Without Contact

EviCypher NFC HSM technology plays a vital role as an encryption key manager in DataShielder NFC HSM products. It enables users to encrypt sensitive email, SMS, MMS, and RCS data without contact. This offers effective protection against spyware like Stalkerware. Users physically outsource secrets from their phones or computers, ensuring data security against cyber threats.

Cornerstone of Data Security

As for EviCypher HSM PGP technology, it serves as the cornerstone of the DataShielder HSM PGP product on computer systems. It is also compatible with DataShielder NFC HSM. This simultaneous security ensures sensitive information on both phones and computers.

Comprehensive Security Suite

Finally, for ultimate versatility and mobility, DataShielder Defense, designed for civil and military use, encompasses these technologies and many others. This comprehensive suite strengthens data protection against physical and software espionage, identity theft, corruption of sensitive data, illicit extraction of secrets, and other threats. Thanks to its interoperability and backward compatibility, it works on all existing computer and telephone systems, with or without NFC.

How to Prevent Stalkerware from Infecting Your Phone

To prevent stalkerware from infecting your phone, you can follow these steps:

  • Be cautious about who has access to your phone: Don’t let people borrow your phone or have physical access to it if you don’t trust them.
  • Use strong passwords and security settings: Use a strong password, PIN, or biometric authentication to lock your phone and enable features like Find My Device or Find My iPhone in case your phone is lost or stolen.
  • Be careful what you click on: Be cautious of links or attachments that come from unknown or suspicious sources. Only download apps or files from trusted or official sources.
  • Keep your phone and apps updated: Make sure your phone’s operating system and apps are up to date with the latest security patches. These updates often include fixes for vulnerabilities that could be exploited by stalkerware or other malware.
  • Install a reputable antivirus or security app: Antivirus and security apps can help to protect your phone from stalkerware and other types of malware.

Consequently, following these steps helps protect against stalkerware.

If you suspect that you may have stalkerware installed on your device, look for these signs:

  • Sudden battery drain or overheating
  • Device turning on or off by itself or behaving strangely
  • Unusual spikes in data usage or unexpected charges on your phone bill
  • Unrecognized apps or files appearing on your device
  • Strange or unwanted messages, calls, or emails from unknown numbers or addresses
  • A sense that someone knows too much about your activities, location, or conversations

Detecting and Eliminating Stalkerware

Suspecting stalkerware’s presence calls for swift action to safeguard your privacy and security. Implement these steps:

  • Rely on Reputable Antivirus or Security Apps: Utilize antivirus or security apps like Malwarebytes, Kaspersky Internet Security, or Avast Mobile Security to detect and remove stalkerware.

  • Unmask Anomalous Apps or Files: If unfamiliar apps or files appear, suspect stalkerware’s presence. Scrutinize permissions for unrecognizable apps and uninstall those deemed suspicious.

  • Monitor Phone Bill for Unusual Activity: Detecting spikes in data usage or unexpected charges on your phone bill might indicate stalkerware. Investigate with your phone carrier.

  • Practice Caution with Clicks: Avoid clicking on links or opening attachments from unknown senders, as these might harbor stalkerware.

  • Stay Updated: Regularly update your device’s operating system and apps. Updates often include security patches that shield you from stalkerware.

  • Empower Yourself and Others: Educate yourself about stalkerware

Prevention is Crucial

To safeguard against stalkerware, focus on prevention. Here are some key tips:

  • Be cautious about who has access to your device: Don’t let people borrow your device or have physical access to it if you don’t trust them.
  • Use strong passwords and security settings: Use a strong password, PIN, or biometric authentication to lock your device and enable features like Find My Device or Find My iPhone in case your device is lost or stolen.
  • Be careful what you click on: Be cautious of links or attachments that come from unknown or suspicious sources. Only download apps or files from trusted or official sources.
  • Keep your device and apps updated: Make sure your device and all of your apps are up to date with the latest security patches and updates. This will help to protect against vulnerabilities that could be exploited by stalkerware or other malware.
  • Install a reputable antivirus or security app: Antivirus and security apps can help to detect and remove stalkerware, as well as protect you from other types of malware.

Resources for Stalkerware Victims

  • The Coalition Against Stalkerware: https://stopstalkerware.org/: The Coalition Against Stalkerware is an international organization that works to combat stalkerware. The coalition provides resources for victims of stalkerware, as well as advocates for stronger laws and regulations to protect people from stalkerware.
  • The National Network to End Domestic Violence: https://www.thehotline.org/: The National Network to End Domestic Violence is a US-based organization that provides resources for victims of domestic violence, including information on stalkerware. The organization also has a hotline that victims can call for support.
  • The Cyber Civil Rights Initiative: https://cybercivilrights.org/: The Cyber Civil Rights Initiative is a US-based organization that works to protect people from online abuse, including stalkerware. The organization provides resources for victims of online abuse, as well as advocates for stronger laws and regulations to protect people from online abuse.

Latest Research

In recent years, researchers have discovered several new methods for using stalkerware. For example, a new variant of stalkerware called Cerberus is capable of infecting devices over Bluetooth. Cerberus can then be used to track the victim’s location, record their calls and conversations, and even take photos and videos of them without their knowledge.

New Laws and Regulations

Subsequently, governments worldwide are enacting new laws. For example, the European Union has adopted a new directive that criminalizes the use of stalkerware in the EU. The United States has also taken steps to combat stalkerware, such as creating a new task force to investigate the use of stalkerware.

New Resources Available for Stalkerware Victims

In addition to the steps you can take to protect yourself from stalkerware, there are also a number of resources available to help victims of stalkerware. These resources offer support, advice, and legal assistance.

Stalkerware Survivors Share Stories of Trauma and Resilience

Sarah, a victim of stalking by her ex-boyfriend, shares her story:

I discovered the stalkerware only after noticing unusual patterns like battery drain and phone restarts. My ex-boyfriend was tracking my location, reading my messages, and even listening to my phone calls, causing me fear and distress. After reporting the stalkerware to the company’s IT department, they removed it and took action against my former partner.

John, a victim of workplace surveillance, reveals his experience:

My boss installed stalkerware to monitor my work hours, emails, and phone calls, making me feel controlled and distrustful. Discovering the stalkerware led me to report it to the company’s IT department, which removed it and disciplined my boss. While still employed, I’m now more cautious about who I trust.

Maria, a victim of government surveillance, describes her ordeal:

Similarly, the government tracked my activities using stalkerware.Seeking help from a human rights organization, I filed a complaint, received legal assistance, and had the stalkerware removed. Continuing my fight for justice, I’m now empowered to speak up.

How to Protect Yourself from Stalkerware: A Summary

Stalkerware is a serious threat to privacy and safety. By being aware of the risks and taking steps to protect yourself, you can help to prevent yourself from becoming a victim.

Here are some additional tips to help you stay safe from stalkerware:

  • Be aware of the latest stalkerware trends: Stalkerware developers are constantly finding new ways to infect devices. It’s important to stay up-to-date on the latest trends so that you can protect yourself.
  • Talk to your friends and family about stalkerware: The more people who are aware of the risks, the less likely it is that you will become a victim.
  • Support legislation to combat stalkerware: There are a number of laws and regulations being proposed to combat stalkerware. By supporting these laws, you can help make using stalkerware more difficult.

Follow these guidelines to effectively protect yourself from stalkerware and potential harm.

2024, Articles, Digital Security, EviKey NFC HSM, EviPass, News, SSH

Terrapin attack: How to Protect Yourself from this New Threat to SSH Security

Posted on by FMTAD
SSH handshake with Terrapin attack and EviKey NFC HSM
11
Jan

Terrapin Attack: How to Protect Your SSH Security

The Terrapin attack is a serious vulnerability in the SSH protocol that can be used to downgrade the security of your SSH connections. This can allow attackers to gain access to your sensitive data. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

Terrapin attack: CVE-2023-48795 SSH security vulnerability articles for in-depth threat reviews and solutions. Stay informed by clicking on our scrolling topics.

Shield Your SSH Security from the Sneaky Terrapin Attack written by Jacques Gascuel, inventor of sensitive data safety and security systems. Are you safeguarding your SSH connections? Stay vigilant against the Terrapin attack, a stealthy vulnerability that can compromise your SSH security and expose your sensitive data.

Protect Yourself from the Terrapin Attack: Shield Your SSH Security with Proven Strategies

SSH is a widely used protocol for secure communication over the internet. It allows you to remotely access and control servers, transfer files, and encrypt data. However, SSH is not immune to attacks, and a recent vulnerability OpenSSH before 9.6 (CVE-2023-48795) has exposed a serious flaw in the protocol itself. This flaw, dubbed the Terrapin attack, can downgrade the security of SSH connections by truncating cryptographic information. In this article, we will explain what the Terrapin attack is, how it works, and how you can protect yourself from it.

Why you should care about the Terrapin attack

The Terrapin attack is not just a theoretical threat. It is a real and dangerous attack that can compromise the security of your SSH connections and expose your sensitive data. The consequences of a successful Terrapin attack can be severe, such as:

  • Data breaches: The attacker can access your confidential information, such as passwords, keys, files, or commands, and use them for malicious purposes.
  • Financial losses: The attacker can cause damage to your systems, services, or assets, and demand ransom or extort money from you.
  • Reputation damage: The attacker can leak your data to the public or to your competitors, and harm your credibility or trustworthiness.

Therefore, it is important to be aware of the Terrapin attack and take the necessary measures to prevent it. In the following sections, we will show you how the Terrapin attack works, how to protect yourself from it, and how to use PassCypher HSM PGP and EviKey NFC HSM to enhance the security of your SSH keys.

A prefix truncation attack on the SSH protocol

The Terrapin attack is a prefix truncation attack that targets the SSH protocol. It exploits a deficiency in the protocol specification, namely not resetting sequence numbers and not authenticating certain parts of the handshake transcript. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it.

This manipulation allows the attacker to perform several malicious actions, such as:

  • Downgrade the connection’s security by forcing it to use less secure client authentication algorithms
  • Bypass the keystroke timing obfuscation feature in OpenSSH, which may allow the attacker to brute-force SSH passwords by inspecting the network packets
  • Exploit vulnerabilities in SSH implementations, such as AsyncSSH, which may allow the attacker to sign a victim’s client into another account without the victim noticing

To pull off a Terrapin attack, the attacker must already be able to intercept and modify the data sent from the client or server to the remote peer. This makes the attack more feasible to be performed on the local network.

Unveiling the SSH Handshake: Exposing the Terrapin Attack’s Weakness

The SSH Handshake Process

The SSH handshake is a crucial process that establishes a secure channel between a client and server. It consists of the following steps:

  1. TCP connection establishment: The client initiates a TCP connection to the server.
  2. Protocol version exchange: The client and server exchange their protocol versions and agree on a common one. Then, the algorithm negotiation takes place.
  3. Algorithm negotiation: The client and server exchange lists of supported algorithms for key exchange, encryption, MAC, and compression. Then, they select the first matching algorithm.
  4. Key exchange: The client and server use the agreed-upon key exchange algorithm to generate a shared secret key. They also exchange and verify each other’s public keys. Then, the service request is sent.
  5. Service request: The client requests a service from the server, such as ssh-userauth or ssh-connection. Then, the client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive.
  6. User authentication: The client authenticates itself to the server using a supported method, such as password, public key, or keyboard-interactive. Then, the channel request is sent.
  7. Channel request: The client requests a channel from the server, such as a shell, a command, or a subsystem. Thus, encrypted communication is enabled.

The Terrapin Attack

The Terrapin attack exploits a vulnerability in the SSH handshake by manipulating the sequence numbers and removing specific messages without compromising the secure channel integrity. This stealthy attack is difficult to detect because it doesn’t alter the overall structure or cryptographic integrity of the handshake.

For example, the attacker can eliminate the service request message sent by the client, which contains the list of supported client authentication methods. This forces the server to resort to the default method, typically password-based authentication. The attacker can then employ keystroke timing analysis to crack the password.

Alternatively, the attacker can target the algorithm negotiation message sent by the server, which lists the supported server authentication algorithms. By removing this message, the attacker forces the client to use the default algorithm, usually ssh-rsa. This opens the door for the attacker to forge a fake public key for the server and deceive the client into accepting it.

To illustrate the process of a Terrapin attack, we have created the following diagram:

Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw
Hackers exploit OAuth2 flaw to bypass 2FA on google accounts google account security flaw

As you can see, the diagram shows the steps from the interception of the communication by the attacker to the injection of malicious packets. It also highlights the stealthiness and the difficulty of detection of the attack.

Summery

The Terrapin attack is a serious threat to SSH security. By understanding how it works, you can take steps to protect yourself from it. Here are some tips:

  1. Make sure your SSH server is up to date with the latest security patches.
  2. Use strong passwords or public key authentication.
  3. Enable SSH key fingerprint verification.

How to protect yourself from the Terrapin attack: Best practices and tools

The Terrapin attack is a serious threat to SSH security, and it affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, and more. Here are some steps you can take to protect yourself from it:

  • Update your SSH client and server to the latest versions. Many vendors have released patches that fix the vulnerability or introduce a strict key exchange option that prevents the attack. You can check if your SSH software is vulnerable by using the Terrapin vulnerability scanner.
  • Use strong passwords and public key authentication. Avoid using weak or default passwords that can be easily guessed by the attacker. Use public key authentication instead of password authentication, and make sure your public keys are verified and trusted.
  • Use secure encryption modes. Avoid using vulnerable encryption modes, such as ChaCha20-Poly1305 or AES-CBC with default MACs. Use encryption modes that use authenticated encryption with associated data (AEAD), such as AES-GCM or Chacha20-Poly1305@openssh.com.
  • Use a VPN or a firewall. If possible, use a VPN or a firewall to encrypt and protect your SSH traffic from being intercepted and modified by the attacker. This will also prevent the attacker from performing other types of attacks, such as DNS spoofing or TCP hijacking.
  • Implement a strict security policy on your local networks. Limit the access to your SSH servers to authorized users and devices, and monitor the network activity for any anomalies or intrusions.

How to use PassCypher HSM PGP and EviKey NFC HSM to protect your SSH keys: A secure and convenient solution

A good way to enhance the security of your SSH keys is to use PassCypher HSM PGP and EviKey NFC HSM. These are products from PassCypher), a company specialized in data security. They offer a secure and convenient solution for generating and storing your SSH keys.

PassCypher HSM PGP is a system that embeds a SSH key generator, allowing you to choose the type of algorithm – RSA (2048, 3072, 4096) or ECDSA (256,384, 521), and ED25519. The private key is generated and stored in a secure location, making it inaccessible to attackers.

EviKey NFC HSM is a contactless USB drive that integrates with PassCypher HSM PGP. It provides an additional layer of security and convenience for users who can easily unlock their private SSH key with their smartphone.

To show how PassCypher HSM PGP and EviKey NFC HSM can protect your SSH keys from the Terrapin attack, we have created the following diagram:

SSH handshake process with Terrapin attack illustration
This image illustrates the Terrapin attack, a stealthy attack that exploits a vulnerability in the SSH handshake. The attacker can manipulate the sequence numbers and remove specific messages without compromising the secure channel integrity. This can lead to a variety of security risks, including password cracking and man-in-the-middle attacks.

As you can see, the diagram shows how this solution effectively protects your SSH keys from the Terrapin attack. It also shows the benefits of using a contactless USB drive, such as:

  • Enhanced security: The private key is physically externalized and protected with a contactless authentication mechanism.
  • Convenience: Easy unlocking with a smartphone.
  • Ease of use: No additional software required.
  • Industrial-grade security: Equivalent to SL4 according to the standard IEC 62443-3-3.

Safeguarding Your SSH Keys with a Contactless USB Drive: A Comprehensive Guide

If you’re seeking a comprehensive guide to securely store your SSH keys using a contactless USB drive, look no further than this detailed resource: [Link to the article ([https://freemindtronic.com/how-to-create-an-ssh-key-and-use-a-nfc-hsm-usb-drive-to-store-it-securely/])]

This guide meticulously walks you through the process of:

  1. Generating an SSH key pair leveraging PassCypher HSM PGP
  2. Protecting the private SSH key within the EviKey NFC HSM USB drive
  3. Unlocking the private SSH key employing your smartphone
  4. Establishing a secure connection to an SSH server using the EviKey NFC HSM USB drive

Alongside step-by-step instructions, the guide also includes illustrative screenshots. By adhering to these guidelines, you’ll effectively safeguard and conveniently manage your SSH keys using a contactless USB drive.

Statistics on the Terrapin attack: Facts and figures

Statistics on the Terrapin attack: Facts and figures

The Terrapin attack is a serious cybersecurity threat that affects SSH connections. We have collected some statistics from various sources to show you the scale and impact of this attack. Here are some key facts and figures:

  • The Shadowserver Foundation reports that nearly 11 million SSH servers exposed on the internet are vulnerable to the Terrapin attack. This is about 52% of all IPv4 and IPv6 addresses scanned by their monitoring system.
  • The most affected countries are the United States (3.3 million), China (1.3 million), Germany (1 million), Russia (704,000), Singapore (392,000), Japan (383,000), and France (379,000).
  • The Terrapin attack affects many SSH client and server implementations, such as OpenSSH, PuTTY, FileZilla, Dropbear, libssh, and more. You can see the complete list of known affected implementations here).
  • You can prevent the Terrapin attack by updating your SSH software to the latest version, using secure encryption modes, and enabling strict key exchange. You can also use the Terrapin vulnerability scanner, available on GitHub, to check your SSH client or server for vulnerability.
  • A team of researchers from the Horst Görtz Institute for IT Security at Ruhr University Bochum in Germany discovered and disclosed the Terrapin attack. They published a detailed paper and a website with the technical details and the implications of the attack. Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It lets hackers break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to do the following:

  • Update your SSH software to the latest version
  • Use two-factor authentication
  • Store your SSH keys securely
  • Use PassCypher HSM PGP and EviKey NFC HSM

Conclusion: How to stay safe from the Terrapin attack

The Terrapin attack is a serious threat to SSH security. It allows hackers to break into SSH servers by exploiting a vulnerability in the protocol. To protect yourself effectively, you need to update your SSH software, use two-factor authentication, store your SSH keys securely, and use PassCypher HSM PGP and EviKey NFC HSM. If you found this article useful, please feel free to share it with your contacts or leave us a comment.

2024, Articles, Digital Security

Kismet iPhone: How to protect your device from the most sophisticated spying attack?

Posted on by FMTAD
02
Jan
Kismet iPhone and Pegasus written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

Kismet iPhone and Pegasus: a deadly combo

Hackers can use Kismet iPhone to install Pegasus spyware on your iPhone. This spyware can access your data, activity, and conversations.

Kismet iPhone: How to protect your device from the most sophisticated spying attack using Pegasus spyware

Do you own an iPhone? Do you think it is safe and private? You might be wrong. Hackers have created a clever attack called Kismet iPhone that can infect your device with Pegasus, the world’s most powerful spyware, without you noticing. This spyware can steal your personal data, track your activity, and listen to your conversations. In this article, we will tell you how Kismet iPhone works, who is behind it, and how you can protect yourself from it.

What is Kismet iPhone?

Kismet iPhone is the name of the attack that hackers use to install Pegasus, the spyware, on iPhones. Kismet iPhone uses a technique called “watering hole”. It consists of infecting websites visited by the targeted users. These websites contain malicious code that detects if the user has an iPhone and which model. If so, the malicious code redirects the browser to a server that exploits zero-day flaws in iOS and Safari. These flaws allow to install Pegasus without the user noticing. Pegasus then runs in the background and communicates with a command and control server.

What is Pegasus?

Pegasus is the name of the spyware that Kismet iPhone installs on iPhones. Pegasus is one of the most powerful spyware in the world, developed by NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. Pegasus can access almost everything on the infected iPhone, such as messages, photos, contacts, location, calls, passwords and even conversations near the microphone. Pegasus can also activate the camera and the microphone remotely, and record the screen. Pegasus can bypass encryption and security features of apps like WhatsApp, Signal, Telegram, and others.

Who is behind Kismet iPhone and Pegasus?

Kismet iPhone and Pegasus are the work of NSO Group, an Israeli company that sells spyware to governments and intelligence agencies. NSO Group claims that its products are only used for legitimate purposes, such as fighting terrorism and crime. However, investigations have revealed that NSO Group has also targeted journalists, activists, lawyers, politicians and dissidents, violating their privacy and rights. NSO Group has been accused of being involved in the murder of Jamal Khashoggi, a Saudi journalist, and the hacking of Jeff Bezos, the founder of Amazon.

Examples of victims of Kismet iPhone and Pegasus

According to a report by Citizen Lab, a research group at the University of Toronto, Kismet iPhone and Pegasus have been used to spy on at least nine Bahraini activists between June 2020 and February 2021. The activists were members of the Bahrain Center for Human Rights, the Bahrain Institute for Rights and Democracy, and the European Center for Constitutional and Human Rights. They received text messages containing malicious links that attempted to infect their iPhones with Pegasus.

Another report by Amnesty International and Forbidden Stories, a non-profit media organization, revealed that Kismet iPhone and Pegasus have been used to target more than 50,000 phone numbers of people from various countries and professions. Among them were journalists, human rights defenders, lawyers, politicians, business executives, religious leaders, and celebrities. Some of the prominent names on the list were French President Emmanuel Macron, Pakistani Prime Minister Imran Khan, Indian opposition leader Rahul Gandhi, Moroccan journalist Omar Radi, and Mexican journalist Cecilio Pineda Birto.

A third report by The Guardian, a British newspaper, exposed that Kismet iPhone and Pegasus have been used to spy on the civil rights movement in the United States. The report found that at least 15 people who were close to the Black Lives Matter activist DeRay Mckesson had their phones hacked with Pegasus in 2016. The report also found that Alaa Mahajna, a lawyer who represented the family of George Floyd, had his phone hacked with Pegasus in 2020.

These examples show that Kismet iPhone and Pegasus are not only used to spy on criminals and terrorists, but also on innocent people who exercise their rights to freedom of expression, association, and assembly.

How to protect yourself from Kismet iPhone and Pegasus?

To protect yourself from Kismet iPhone and Pegasus, you need to update your iPhone with the latest version of iOS. Apple fixed the zero-day flaws exploited by Kismet iPhone in September 2020, making the attack ineffective. You also need to avoid clicking on suspicious links or visiting unsecured websites, which could be infected by malicious code. You need to use a VPN (virtual private network) to encrypt your internet connection and prevent potential spies from seeing your online activity. You can check if your iPhone has been infected by Pegasus by using a tool developed by Amnesty International, called MVT (Mobile Verification Toolkit).

Sources and downloads

If you want to learn more about the zero-day flaws used by Kismet iPhone and Pegasus, and how Apple fixed them, you can check the following sources:

If you want to check if your iPhone has been infected by Pegasus, you can download the following application:

  • MVT (Mobile Verification Toolkit)MVT (Mobile Verification Toolkit): this open source software allows you to analyze your iPhone and detect traces of Pegasus. It is available for Windows, Mac and Linux, and requires some technical knowledge to use it. You can follow the user guide on the official project site.

Conclusion

Kismet iPhone and Pegasus are two of the most sophisticated and dangerous cyberattacks that target iPhone users. They can compromise your device and your data, without you being aware of it. To protect yourself from these attacks, you need to keep your iPhone updated, be careful with what you click and visit online, and use a VPN. You can also use a tool to detect if your iPhone has been infected by Pegasus. If you want to know more about Pegasus, the most powerful spyware in the world, you can read our dedicated article here: Pegasus: the cost of spying with one of the most powerful spyware in the world

However, you should know that the zero-day risk is always present, and that the economic stakes are huge for the companies that exploit these flaws to spy on their competitors or their adversaries. That is why Freemindtronic has specialized in counter-espionage tecnologiescounter-espionage tecnologies, which allow you to protect your data and your privacy against malicious intrusions. If you are interested in these solutions, you can visit our Freemindtronic website and discover the different technologies of counter espionage.

2023, Digital Security

5Ghoul: 5G NR Attacks on Mobile Devices

Posted on by FMTAD
5Ghoul: 5G NR Attacks on Mobile Devices
29
Dec
5Ghoul Attacks on Mobile Devices written by Jacques Gascuel, inventor of sensitive data safety and security systems, for Freemindtronic. This article may be updated on this subject.

5Ghoul: A Threat to 5G Security

5G has benefits, but also risks. 5Ghoul is a set of 5G NR flaws that affect Qualcomm and MediaTek modems, used by most 5G devices. 5Ghoul can disrupt or make unusable smartphones, routers and modems 5G. In this article, we will see what 5Ghoul is, how it compares to other 5G attacks, and how to protect yourself with contactless encryption, which uses NFC.

Why the NFC hardware wallet with credit card manager is PCI DSS compliant

2020 Legal information

Freemindtronic’s NFC hardware wallets with credit card management are PCI DSS compliant
December 20, 2020
Cardokey NFC vCard Business: Edit, Read, and Import Contacts Seamlessly on iPhone.

2023 Articles Cardokey Eco-friendly EviSwap NFC NDEF Technology GreenTech

NFC Business Cards with Cardokey free for life: How to Connect without Revealing
November 8, 2023
Unitary Patent system European why some EU countries are not on board

2023 Articles Cyberculture EviCore HSM OpenPGP Technology EviCore NFC HSM Browser Extension EviCore NFC HSM Technology Legal information Licences Freemindtronic

Unitary patent system: why some EU countries are not on board
August 1, 2023

Andorran law

Llei 26/2014 del 30 d’octubre de patents
November 21, 2016
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Articles Crypto Currency Cryptocurrency Digital Security EviPass Technology NFC HSM technology Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
December 16, 2023

5Ghoul: How Contactless Encryption Can Secure Your 5G Communications from Modem Attacks

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems. These flaws allow to launch denial-of-service attacks or degrade the quality of the 5G network.

What is 5Ghoul?

5Ghoul is a set of 14 5G NR (New Radio) vulnerabilities, the protocol that governs the communication between 5G devices and base stations (gNB). Among these vulnerabilities, 10 are public and 4 are still confidential. They were discovered by researchers from the Singapore University of Technology and DesignSingapore University of Technology and Design.

The 5Ghoul vulnerabilities exploit implementation errors in Qualcomm and MediaTek modems, which do not comply with the specifications of the 5G NR protocol. They allow an attacker to create a fake base station, which pretends to be a legitimate one, and send malicious messages to 5G devices that connect to it. These messages can cause errors, crashes or infinite loops in the modems, resulting in denial-of-service attacks or degradations of the quality of the 5G network.

Which devices are affected by 5Ghoul?

The researchers tested the 5Ghoul vulnerabilities on 714 models of 5G smartphones from 24 different brands, including Lenovo, Google, TCL, Microsoft, etc. They also tested routers and modems 5G from various manufacturers. They found that the 5Ghoul vulnerabilities affect all 5G devices equipped with Qualcomm and MediaTek modems, which account for more than 90% of the market.

What are the impacts of 5Ghoul?

The impacts of 5Ghoul depend on the vulnerability exploited and the type of device targeted. The researchers classified the 5Ghoul vulnerabilities into three categories, according to their severity:

Level 1 vulnerabilities

Level 1 vulnerabilities are the most severe. They allow to render 5G devices completely unusable, by locking them in a state where they can neither connect nor disconnect from the 5G network. These vulnerabilities require a manual reboot of the devices to be resolved. Among the level 1 vulnerabilities, there is for example the CVE-2023-33043, which causes a crash of the Qualcomm X55/X60 modem by sending an invalid MAC/RLC message.

Level 2 vulnerabilities

Level 2 vulnerabilities are less critical, but still harmful. They allow to degrade the quality of the 5G network, by reducing the throughput, latency or stability of the connection. These vulnerabilities can be resolved by reconnecting to the 5G network. Among the level 2 vulnerabilities, there is for example the CVE-2023-33044, which causes packet loss on the MediaTek T750 modem by sending an invalid RRC message.

Level 3 vulnerabilities

Level 3 vulnerabilities are the least dangerous. They allow to disrupt the normal functioning of 5G devices, by displaying error messages, modifying settings or triggering alerts. These vulnerabilities have no impact on the quality of the 5G network. Among the level 3 vulnerabilities, there is for example the CVE-2023-33045, which causes an error message on the Qualcomm X55/X60 modem by sending an invalid RRC message.

How to protect yourself from 5Ghoul?

The researchers informed the manufacturers of Qualcomm and MediaTek modems of the 5Ghoul vulnerabilities, as well as the 5G network operators and the 5G device manufacturers. They also published a demonstration kit of the 5Ghoul vulnerabilities on GitHub, to raise awareness among the public and the scientific community of the risks of 5G NR.

To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, as soon as they are available. They must also avoid connecting to unreliable or unknown 5G networks, which could be fake base stations. In case of doubt, they can disable 5G and use 4G or Wi-Fi.

How 5Ghoul compares to other 5G attacks?

5Ghoul is not the first security flaw that affects 5G. Other 5G attacks have been discovered in the past, exploiting weaknesses in the protocol or in the equipment. Here are some examples of 5G attacks and their differences with 5Ghoul:

ReVoLTE

ReVoLTE is an attack that allows to listen to voice calls 4G and 5G by exploiting a vulnerability in the encryption of data. This vulnerability is due to the fact that some base stations reuse the same encryption key for multiple communication sessions, which allows an attacker to decrypt the content of the calls by capturing the radio signals.

It is different from 5Ghoul because it does not target the 5G modem, but the encryption of data. ReVoLTE also requires that the attacker be close to the victim and have specialized equipment to intercept the radio signals. ReVoLTE does not cause denial of service or degradation of the network, but it compromises the confidentiality of communications.

ToRPEDO

ToRPEDO is an attack that allows to locate, track or harass mobile phone users 4G and 5G by exploiting a vulnerability in the paging protocol. This protocol is used to notify mobile devices of incoming calls or messages. By sending repeated messages to a phone number, an attacker can trigger paging messages on the network, and thus determine the position or identity of the target device.

It is different from 5Ghoul because it does not target the 5G modem, but the paging protocol. ToRPEDO also requires that the attacker knows the phone number of the victim and has access to the mobile network. ToRPEDO does not cause denial of service or degradation of the network, but it compromises the privacy of users.

IMP4GT

IMP4GT is an attack that allows to degrade the quality of the 5G network by exploiting a vulnerability in the security protocol. This protocol is used to authenticate and encrypt the communications between 5G devices and base stations. By modifying the messages exchanged between the two parties, an attacker can mislead the network and the device on the level of security required, and thus reduce the throughput or latency of the connection.

It is different from 5Ghoul because it does not target the 5G modem, but the security protocol. IMP4GT also requires that the attacker be close to the base station and have equipment capable of modifying the messages. IMP4GT does not cause denial of service or crash of the modem, but it degrades the quality of the network.

SS7

SS7 is a set of signaling protocols used by mobile operators to establish and manage calls and messages between different networks. SS7 has existed since the 1970s and has not evolved much since, making it vulnerable to hacking attacks. By exploiting the flaws of SS7, an attacker can intercept SMS and voice calls, locate and track users, bypass two-factor authentication, or subscribe subscribers to paid services without their consent.

It is different from 5Ghoul because it does not target the 5G modem, but the signaling protocol. SS7 affects all types of mobile networks, including 5G, because it still uses SS7 for some functions, such as mobility management or compatibility with 2G and 3G networks. SS7 requires that the attacker has access to the signaling network, which is not easy to obtain, but not impossible. SS7 does not cause denial of service or crash of the modem, but it compromises the confidentiality and integrity of communications.

How and why to encrypt SMS, MMS and RCS without contact?

Contactless encryption is a method of protecting mobile communications that uses NFC (Near Field Communication) technology to establish a secure connection between two devices. NFC is a wireless communication protocol that allows to exchange data by bringing two compatible devices within a few centimeters of each other.

Contactless encryption relies on the use of an external device called NFC HSM (Hardware Security Module), which is a hardware security module that stores and manages encryption keys. The NFC HSM comes in the form of a card, a keychain or a bracelet, that the user must bring close to his phone to activate the encryption. The NFC HSM communicates with the phone via NFC and transmits the encryption key needed to secure the messages.

The technologies EviCore NFC HSM and EviCypher NFC HSM are examples of contactless encryption solutions developed by the Andorran company Freemindtronic. EviCore NFC HSM is a hardware security module that allows to encrypt SMS, MMS and RCS (Rich Communication Services) end-to-end, meaning that only the recipients can read the messages. EviCypher NFC HSM is a hardware security module that allows to encrypt multimedia files (photos, videos, audio, etc.) and share them via SMS, MMS or RCS.

Contactless encryption has several advantages over conventional encryption of mobile communications:

It offers a higher level of security, because the encryption key is not stored on the phone, but on the NFC HSM, which is more difficult to hack or steal.

It is compatible with all types of mobile networks, including 5G, because it does not depend on the communication protocol used, but on NFC.

It is easy to use, because it is enough to bring the NFC HSM close to the phone to activate the encryption, without having to install a specific application or create an account.

It is transparent, because it does not change the appearance or functioning of the messages, which remain accessible from the native application of the phone.

Statistics on 5Ghoul

How widespread are 5Ghouls? What are the trends and impacts of these flaws? Some statistics on 5Ghoul, based on sources and data that are a priori reliable.

5Ghoul: a threat to 5G devices

5Ghoul is a set of 5G NR vulnerabilities that affect Qualcomm and MediaTek modems, which are used by most 5G devices on the market. According to the researchers who discovered 5Ghoul, these vulnerabilities can cause denial-of-service attacks or network degradations.

  • How many 5G devices are affected by 5Ghoul? According to a report by Counterpoint Research, Qualcomm and MediaTek accounted for 79% of the global smartphone chipset market in Q3 2020. Qualcomm had a 39% share, while MediaTek had a 40% share. Assuming that all Qualcomm and MediaTek chipsets are vulnerable to 5Ghoul, this means that nearly 8 out of 10 smartphones are potentially at risk.
  • How many 5G NR vulnerabilities are known? According to the CVE (Common Vulnerabilities and Exposures) database. There are 16 CVE entries related to 5G NR as of April 2021. Four of them are ZeroDay vulnerabilities that have not been publicly disclosed nor fixed by the manufacturers. These vulnerabilities are classified as level 1 or 2, meaning that they can cause denial-of-service attacks or network degradations.
  • How many 5G attacks have been reported? According to the SANS Internet Storm Center, there have been no reports of 5Ghoul attacks in the wild as of April 2021. However, this does not mean that 5Ghoul is not exploited by malicious actors. The researchers who discovered 5Ghoul have developed a proof-of-concept tool called 5Ghoul-Scanner, which can detect and exploit 5Ghoul vulnerabilities. They have also released a video demonstration of 5Ghoul attacks.

Conclusion

5Ghoul is a security flaw that affects 5G modems from Qualcomm and MediaTek, which are used by most 5G devices on the market. 5Ghoul allows an attacker to disrupt the functioning of smartphones, routers and modems 5G, or even make them unusable. 5Ghoul stands out from other 5G attacks known, such as ReVoLTE, ToRPEDO, IMP4GT or SS7, by the fact that it targets the 5G modem, that it does not require secret information or specialized equipment, and that it causes denial-of-service attacks or degradations of the network. To protect yourself from 5Ghoul, 5G device users must update their modems with the latest security patches, and avoid connecting to unreliable or unknown 5G networks.

Articles, Crypto Currency, Cryptocurrency, Digital Security, EviPass Technology, NFC HSM technology, Phishing

Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

Posted on by FMTAD
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers
16
Dec
Ledger security breaches written by Jacques Gascuel, inventor specializing in safety and security of sensitive data, for Freemindtronic. This article will be updated with any new information on the topic.

Ledger security incidents: How Hackers Exploited Them and How to Stay Safe

Ledger security breaches have exposed the personal data and private keys of many users. Ledger is a French company that provides secure devices to store and manage your funds. But since 2017, hackers have targeted Ledger’s e-commerce and marketing database, as well as its software and hardware products. In this article, you will discover the different breaches, how hackers exploited them, what their consequences were, and how you can protect yourself from these threats.

Ledger Security Breaches from 2017 to 2023: How to Protect Your Cryptocurrencies from Hackers

Have you ever wondered how safe your cryptocurrencies are? If you are using a Ledger device, you might think that you are protected from hackers and thieves. Ledger is a French company that specializes in cryptocurrency security. It offers devices that allow you to store and manage your funds securely. These devices are called hardware wallets, and they are designed to protect your private keys from hackers and thieves.

However, since 2017, Ledger has been victim of several security breaches, which have exposed the personal data and private keys of its users. These breaches could allow hackers to steal your cryptocurrencies or harm you in other ways. In this article, we will show you the different breaches that were discovered, how they were exploited, what their consequences were, and how you can protect yourself from these threats.

Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)

The seed phrase is a series of words that allows you to restore access to a cryptocurrency wallet. It must be kept secret and secure, as it gives full control over the funds. In February 2018, a security researcher named Saleem Rashid discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to recover the seed phrase using a side-channel attack.

How did hackers exploit the breach?

The attack consisted of using an oscilloscope to measure the voltage variations on the reset pin of the device. These variations reflected the operations performed by the secure processor of the Ledger Nano S, which generated the seed phrase. By analyzing these variations, the attacker could reconstruct the seed phrase and access the user’s funds.

Simplified diagram of the attack

Figure Ledger Security Issues: The Seed Phrase Recovery Attack (February 2018)
Statistics on the breach
  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: February 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to an oscilloscope and measure the voltage variations on the reset pin. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.
  • Scenario of remote access: The attacker needs to trick the user into installing a malicious software on their computer, which can communicate with the device and trigger the reset pin. The attacker then needs to capture the voltage variations remotely, either by using a wireless device or by compromising the oscilloscope. The attacker can then use a software tool to reconstruct the seed phrase from the measurements.

Sources

1Breaking the Ledger Security Model – Saleem Rashid published on March 20, 2018.

2Ledger Nano S: A Secure Hardware Wallet for Cryptocurrencies? – Saleem Rashid published on November 20, 2018.

Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

The firmware is the software that controls the operation of the device. It must be digitally signed by Ledger to ensure its integrity. In March 2018, the same researcher discovered another breach in the Ledger Nano S, which allowed an attacker to replace the firmware of the device with a malicious firmware, capable of stealing the private keys or falsifying the transactions.

How did hackers exploit the Ledger Security Breaches?

The attack consisted of exploiting a vulnerability in the mechanism of verification of the firmware signature. The attacker could create a malicious firmware that passed the signature check, and that installed on the device. This malicious firmware could then send the user’s private keys to the attacker, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

Figure Ledger Security Flaws: The Firmware Replacement Attack (March 2018)

Statistics on the breach

  • Number of potentially affected users: about 1 million
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: March 20, 2018
  • Author of the discovery of the breach: Saleem Rashid, a security researcher
  • Date of publication of the fix by Ledger: April 3, 2018

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to connect the device to a computer and install the malicious firmware on it. The attacker can then use the device to access the user’s funds or falsify their transactions.
  • Scenario of remote access: The attacker needs to trick the user into installing the malicious firmware on their device, either by sending a fake notification, a phishing email, or a malicious link. The attacker then needs to communicate with the device and send the user’s private keys or modify their transactions.

Sources

: [Breaking the Ledger Security Model – Saleem Rashid] published on March 20, 2018.

: [Ledger Nano S Firmware 1.4.1: What’s New? – Ledger Blog] published on March 6, 2018.

Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

The printed circuit board is the hardware part of the device, which contains the electronic components. It must be protected against malicious modifications, which could compromise the security of the device. In November 2018, a security researcher named Dmitry Nedospasov discovered a breach in the Ledger Nano S, which allowed an attacker with physical access to the device to modify the printed circuit board and install a listening device, capable of capturing the private keys or modifying the transactions.

How did hackers exploit the breach?

The attack consisted of removing the case of the device, and soldering a microcontroller on the printed circuit board. This microcontroller could intercept the communications between the secure processor and the non-secure processor of the Ledger Nano S, and transmit them to the attacker via a wireless connection. The attacker could then access the user’s private keys, or modify the transactions displayed on the device screen.

Simplified diagram of the attack

figure Ledger Security Incidents: The Printed Circuit Board Modification Attack (November 2018)

Statistics on the breach

  • Number of potentially affected users: unknown
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: November 7, 2019
  • Author of the discovery of the breach: Dmitry Nedospasov, a security researcher
  • Date of publication of the fix by Ledger: December 17, 2020

Scenarios of hacker attacks

  • Scenario of physical access: The attacker needs to have physical access to the device, either by stealing it, buying it second-hand, or intercepting it during delivery. The attacker then needs to remove the case of the device and solder the microcontroller on the printed circuit board. The attacker can then use the wireless connection to access the user’s funds or modify their transactions.
  • Scenario of remote access: The attacker needs to compromise the wireless connection between the device and the microcontroller, either by using a jammer, a repeater, or a hacker device. The attacker can then intercept the communications between the secure processor and the non-secure processor, and access the user’s funds or modify their transactions.

Sources

  • [Breaking the Ledger Nano X – Dmitry Nedospasov] published on November 7, 2019.
  • [How to Verify the Authenticity of Your Ledger Device – Ledger Blog] published on December 17, 2020.

Ledger Security Breaches: The Connect Kit Attack (December 2023)

The Connect Kit is a software that allows users to manage their cryptocurrencies from their computer or smartphone, by connecting to their Ledger device. It allows to check the balance, send and receive cryptocurrencies, and access services such as staking or swap.

The Connect Kit breach was discovered by the security teams of Ledger in December 2023. It was due to a vulnerability in a third-party component used by the Connect Kit. This component, called Electron, is a framework that allows to create desktop applications with web technologies. The version used by the Connect Kit was not up to date, and had a breach that allowed hackers to execute arbitrary code on the update server of the Connect Kit.

How did hackers exploit the Ledger Security Breaches?

The hackers took advantage of this breach to inject malicious code into the update server of the Connect Kit. This malicious code was intended to be downloaded and executed by the users who updated their Connect Kit software. The malicious code aimed to steal the sensitive information of the users, such as their private keys, passwords, email addresses, or phone numbers.

Simplified diagram of the attack

Figure Ledger Security Breaches The Connect Kit Attack (December 2023)

Statistics on the breach

  • Number of potentially affected users: about 10,000
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: December 14, 2023
  • Author of the discovery of the breach: Pierre Noizat, director of security at Ledger
  • Date of publication of the fix by Ledger: December 15, 2023

Scenarios of hacker attacks

  • Scenario of remote access: The hacker needs to trick the user into updating their Connect Kit software, either by sending a fake notification, a phishing email, or a malicious link. The hacker then needs to download and execute the malicious code on the user’s device, either by exploiting a vulnerability or by asking the user’s permission. The hacker can then access the user’s information or funds.
  • Scenario of keyboard: The hacker needs to install a keylogger on the user’s device, either by using the malicious code or by another means. The keylogger can record the keystrokes of the user, and send them to the hacker. The hacker can then use the user’s passwords, PIN codes, or seed phrases to access their funds.
  • Scenario of screen: The hacker needs to install a screen recorder on the user’s device, either by using the malicious code or by another means. The screen recorder can capture the screen of the user, and send it to the hacker. The hacker can then use the user’s QR codes, addresses, or transaction confirmations to steal or modify their funds.

Sources

Ledger Security Breaches: The Data Leak (December 2020)

The database is the system that stores the information of Ledger customers, such as their names, addresses, phone numbers and email addresses. It must be protected against unauthorized access, which could compromise the privacy of customers. In December 2020, Ledger revealed that a breach in its database had exposed the personal data of 292,000 customers, including 9,500 in France.

How did hackers exploit the breach?

The breach had been exploited by a hacker in June 2020, who had managed to access the database via a poorly configured API key. The hacker had then published the stolen data on an online forum, making them accessible to everyone. Ledger customers were then victims of phishing attempts, harassment, or threats from other hackers, who sought to obtain their private keys or funds.

Simplified diagram of the attack :

Statistics on the breach

  • Number of affected users: 292,000, including 9,500 in France
  • Total amount of potentially stolen funds: unknown
  • Date of discovery of the breach by Ledger: June 25, 2020
  • Author of the discovery of the breach: Ledger, after being notified by a researcher
  • Date of publication of the fix by Ledger: July 14, 2020

Scenarios of hacker attacks

  • Scenario of phishing: The hacker sends an email or a text message to the user, pretending to be Ledger or another trusted entity. The hacker asks the user to click on a link, enter their credentials, or update their device. The hacker then steals the user’s information or funds.
  • Scenario of harassment: The hacker calls or visits the user, using their personal data to intimidate them. The hacker threatens the user to reveal their identity, harm them, or steal their funds, unless they pay a ransom or give their private keys.
  • Scenario of threats: The hacker uses the user’s personal data to find their social media accounts, family members, or friends. The hacker then sends messages or posts to the user or their contacts, threatening to harm them or expose their cryptocurrency activities, unless they comply with their demands.

Sources:
– [Ledger Data Breach: A Cybersecurity Update – Ledger Blog] published on January 29, 2021.

Comparison with other crypto wallets

Ledger is not the only solution to secure your cryptocurrencies. There are other options, such as other hardware wallets, software wallets, or exchanges. Each option has its advantages and disadvantages, depending on your needs and preferences. For example, other hardware wallets, such as Trezor or Keepser, offer similar features and security levels as Ledger, but they may have different designs, interfaces, or prices. Software wallets, such as Exodus or Electrum, are more convenient and accessible, but they are less secure and more vulnerable to malware or hacking. Exchanges, such as Coinbase or Binance, are more user-friendly and offer more services, such as trading or staking, but they are more centralized and risky, as they can be hacked, shut down, or regulated. Another option is to use a cold wallet, such as SeedNFC HSM, which is a patented HSM that uses NFC technology to store and manage your cryptocurrencies offline, without any connection to the internet or a computer. It also allows you to create up to 100 cryptocurrency wallets and check the balances from this NFC HSM.

Technological, Regulatory, and Societal Projections

The future of cryptocurrency security is uncertain and challenging. Many factors can affect Ledger and its users, such as technological, regulatory, or societal changes.

Technological changes

It changes could bring new threats, such as quantum computing, which could break the encryption of Ledger devices, or new solutions, such as biometric authentication or segmented key authentication patented by Freemindtronic, which could improve the security of Ledger devices.

Regulatory changes

New rules or restrictions could affect Cold Wallet and Hardware Wallet manufacturers and users, such as Ledger. For example, KYC (Know Your Customer) or AML (Anti-Money Laundering) requirements could compromise the privacy and anonymity of Ledger users. They could also ban or limit the use of cryptocurrencies, which could reduce the demand and value of Ledger devices. On the other hand, other manufacturers who have anticipated these new legal constraints could have an advantage over Ledger. Here are some examples of regulatory changes that could affect Ledger and other crypto wallets:

  • MiCA, the proposed EU regulation on crypto-asset markets, aims to create a harmonized framework for crypto-assets and crypto-asset service providers in the EU. It also seeks to address the risks and challenges posed by crypto-assets, such as consumer protection, market integrity, financial stability and money laundering.
  • U.S. interagency report on stablecoins recommends that Congress consider new legislation to ensure that stablecoins and stablecoin arrangements are subject to a federal prudential framework. It also proposes additional features, such as limiting issuers to insured depository institutions, subjecting entities conducting stablecoin activities (e.g., digital wallets) to federal oversight, and limiting affiliations between issuers and commercial entities.
  • Revised guidance from the Financial Action Task Force (FATF) on virtual assets and virtual asset service providers (VASPs) clarifies the application of FATF standards to virtual assets and VASPs. It also introduces new obligations and recommendations for PSAVs, such as the implementation of the travel rule, licensing and registration of PSAVs, and supervision and enforcement of PSAVs.

These regulatory changes could have significant implications for Ledger and other crypto wallets. They could require them to comply with new rules and standards, to obtain new licenses or registrations, to implement new systems and processes, and to face new supervisory and enforcement actions.

Societal changes

Societal changes could influence the perception and adoption of Ledger and cryptocurrencies, such as increased awareness and education, which could increase the trust and popularity of Ledger devices, or increased competition and innovation, which could challenge the position and performance of Ledger devices. For example, the EviSeed NFC HSM technology allows the creation of up to 100 cryptocurrency wallets on 5 different blockchains chosen freely by the user.

Technological alternatives

Technological alternatives are already available, such as EviCore NFC HSM, EviCore HSM OpenPGP, EviCore NFC HSM Browser Extension and the NFC HSM devices that work without contact, developed and manufactured by Freemindtronic in Andorra. These are new cyber security and safety technologies that use HSMs with or without NFC. They offer a wide range of security features to manage your cryptocurrencies and other digital assets. These technologies also offer the hardware management of complex and complicated passwords by EviPass NFC HSM, OTP (2FA) keys by EviOTP NFC HSM, Seed Phrases by EviSeed NFC HSM, and the creation of multiple cryptocurrency wallets on the same device.

Conclusion

Ledger, the French leader in cryptocurrency security, has faced several security breaches since 2017. As a result of these breaches, hackers could steal the private keys and funds of Ledger users. In response to these threats, Ledger reacted by publishing security updates, informing its users, and strengthening its protection measures. However, Ledger users must be vigilant and follow the recommendations of Ledger to protect themselves from these attacks. Despite these challenges, Ledger remains a reliable and secure device to manage cryptocurrencies, as long as the best practices of digital hygiene are respected. If you want to learn more about Ledger and its products, you can visit their official website or read their blog. Additionally, you can also check their security reports and their help center for more information.

Articles, Digital Security, EviCore NFC HSM Technology, EviPass NFC HSM technology, NFC HSM technology

TETRA Security Vulnerabilities: How to Protect Critical Infrastructures

Posted on by FMTAD
TETRA Security Vulnerabilities secured by EviPass or EviCypher NFC HSM Technologies from Freemindtronic-Andorra
27
Nov
TETRA Security Vulnerabilities by Jacques Gascuel: This article will be updated with any new information on the topic.

TETRA Security Vulnerabilities

Tetra is a radio communication standard used by critical sectors worldwide. But it has five security flaws that could expose its encryption and authentication. How can you protect your Tetra system from hackers? Read this article TETRA Security Vulnerabilities to find out the best practices and tips.

TETRA Security Vulnerabilities: How to Protect Critical Infrastructures from Cyberattacks

TETRA (Terrestrial Trunked Radio) is a radio technology that is used worldwide for critical communications and data, especially in the sectors of security, energy, transport and defense. But this technology, which has been kept secret for more than 25 years, hides serious security vulnerabilities, including a backdoor that could allow devastating cyberattacks.

What is TETRA?

TETRA is a European radio standard that was developed in the 1990s to meet the needs of professional mobile services, such as police, firefighters, emergency services, military, prison staff, etc. TETRA allows to transmit data and voice encrypted on frequencies ranging from 380 to 470 MHz, with a range of several kilometers.

TETRA is used by more than 2000 networks in more than 150 countries, according to the TETRA and Critical Communications Association (TCCA), which brings together the manufacturers, operators and users of this technology. Among the main manufacturers of TETRA radios, we find Motorola Solutions, Hytera, Airbus, Sepura and Rohill.

TETRA offers several advantages over other radio technologies, such as:

  • better sound quality
  • greater transmission capacity
  • greater security thanks to encryption
  • greater flexibility thanks to the possibility of creating communication groups
  • greater interoperability thanks to the compatibility of equipment

Source french: TETRA digital mode & F4HXZ – Blog radioamateur

What are the vulnerabilities of TETRA?

Despite its strengths, TETRA also has weaknesses, which have been revealed by a group of Dutch researchers from Radboud University Nijmegen. These researchers conducted a thorough analysis of the TETRA standard and its encryption algorithms, which were until then kept secret by the manufacturers and authorities.

The researchers discovered two types of major vulnerabilities in TETRA:

  • A backdoor in the encryption algorithm TEA1, which is used in radios sold for sensitive equipment, such as pipelines, railways, power grid, public transport or freight trains. This backdoor allows an attacker to decrypt the communications and data transmitted by these radios, and possibly to modify or block them. The backdoor exists since the creation of the algorithm TEA1, in 1998, and cannot be corrected by a simple software update. The researchers managed to extract the secret key of the backdoor by analyzing the binary code of the radios.
  • A weakness in the encryption algorithm TEA2, which is used in radios intended for professional mobile services, such as police, firefighters, emergency services, military or prison staff. This weakness allows an attacker to reduce the number of possible keys to test to decrypt the communications and data transmitted by these radios. The researchers estimated that it would take about 10 minutes to find the right key with a standard computer. This weakness was corrected by the manufacturers in 2016, but the radios that have not been updated remain vulnerable.

To find the backdoor in the TEA1 algorithm, the researchers used a technique called “differential analysis”, which consists of comparing the outputs of the algorithm for slightly different inputs. By observing the differences, they were able to identify a part of the code that was not normally used, but that was activated by a special condition. This condition was the presence of a secret key of 64 bits, which was hidden in the binary code of the radios. By analyzing the code, they were able to extract the secret key and test it on encrypted communications with the TEA1 algorithm. They were thus able to confirm that the secret key allowed to decrypt the communications without knowing the normal key of 80 bits. The researchers published their official report and the source code of the TETRA encryption algorithms on their website.

Source: https://cs.ru.nl/~cmeijer/publications/All_cops_are_broadcasting_TETRA_under_scrutiny.pdf

What are the risks for critical infrastructures?

The vulnerabilities identified in TETRA represent a danger for the critical infrastructures that use this technology, because they could be exploited by cybercriminals, terrorists or spies to disrupt or damage these infrastructures.

For example, an attacker could:

  • listen to the communications and confidential data of the security or defense services
  • impersonate an operator or a manager to give false instructions or orders
  • modify or erase data or commands that control vital equipment, such as valves, switches, signals or brakes
  • cause failures, accidents, fires or explosions

These scenarios could have dramatic consequences on the security, health, economy or environment of the countries concerned.

How to protect yourself from cyberattacks on TETRA?

The users of TETRA must be aware of the vulnerabilities of this technology and take measures to protect themselves from potential cyberattacks. Among the recommendations of the researchers, we can mention:

  • check if the radios used are affected by the vulnerabilities and ask the manufacturers for correction solutions
  • avoid using the algorithm TEA1, which contains the backdoor, and prefer safer algorithms, such as TEA3 or TEA4
  • use encryption keys that are long and complex enough, and change them regularly
  • set up verification and authentication procedures for communications and data
  • monitor the radio traffic and detect anomalies or intrusion attempts
  • raise awareness and train staff on cybersecurity and good practices

TETRA digital mode: how to transfer data via TETRA

TETRA (Terrestrial Trunked Radio) is a digital and secure radio communication standard used by emergency services, law enforcement, public transport and industries. TETRA uses a π/4-DQPSK phase modulation and a TDMA time division multiplexing to transmit voice and data on a bandwidth of 25 KHz per transmission channel. Each channel is divided into four timeslots, one of which is reserved for signaling in trunked mode (TMO).

TETRA allows file transfer via radio in two ways: by the packet data service (PDS) or by the circuit data service (CDS).

The PDS uses the IP protocol to transmit data packets on one or more timeslots. It offers a maximum throughput of 28.8 kbit/s per timeslot, or 86.4 kbit/s for three timeslots. The PDS can be used to send small files, such as images, text messages or forms.

The CDS uses the LAPD protocol to transmit data by circuit on a dedicated timeslot. It offers a constant throughput of 4.8 kbit/s per timeslot, or 19.2 kbit/s for four timeslots. The CDS can be used to send large files, such as documents, videos or maps.

The choice of the data service depends on the type of file, the size of the file, the quality of the radio link, the cost and the availability of radio resources. The PDS offers more flexibility and performance, but it requires a good signal quality and it can be more expensive in terms of battery consumption and spectrum occupation. The CDS offers more reliability and simplicity, but it requires a prior allocation of a timeslot and it can be slower and less efficient.

Securing TETRA file transfers with Freemindtronic’s EviCypher technology

However, both data services are subject to the TETRA security vulnerabilities that we have discussed in the previous sections. These vulnerabilities could allow an attacker to intercept, modify or corrupt the files transferred via TETRA, or to prevent their transmission altogether. Therefore, the users of TETRA must ensure the integrity and the confidentiality of the files they send or receive, by using encryption, verification and authentication methods. Freemindtronic’s EviCypher technology can be a valuable solution for encrypting data with post-quantum AES-256 from an NFC HSM with your own randomly generated keys before transferring them via TETRA. This way, even if an attacker corrupts the data transmitted by TETRA, they will not be able to decrypt the data encrypted by a product embedding

How to secure file transfers via TETRA with Freemindtronic’s EviCypher technology

La technologie EviCypher de Freemindtronic peut être une solution précieuse pour chiffrer les données avec AES-256 post-quantique à partir d’un HSM NFC avec vos propres clés générées aléatoirement avant de les transférer via TETRA. Ainsi, même si un attaquant corrompt les données transmises par TETRA, il ne pourra pas décrypter les données cryptées par un produit embarquant la technologie EviCypher NFC HSM technology, such as DataShielder NFC HSM or DataSielder Defense NFC HSM. These products are portable and autonomous devices that allow you to secure the access to computer systems, applications or online services, using the NFC as a means of authentication and encryption.

The management of encryption keys for TETRA

To use encryption on the TETRA network, you need an encryption key, which is a secret code of 80 bits, or 10 bytes. This key must be shared between the radios that want to communicate securely, and must be protected against theft, loss or compromise.

There are several methods to save and enter encryption keys for TETRA, depending on the type of radio and the level of security required. Here are some examples:

  • The manual method: it consists of entering the encryption key using the keyboard of the radio, by typing the 10 bytes in hexadecimal form. This method is simple, but impractical and unsafe, because it requires to know the key by heart or to write it down on a support, which increases the risk of disclosure or error. For example, a 80-bit key could be 3A4F9C7B12E8D6F0.
  • The automatic method: it consists of using an external device, such as a computer or a smart card, which generates and transfers the encryption key to the radio by a cable or a wireless link. This method is faster and more reliable, but it requires to have a compatible and secure device, and to connect it to the radio at each key change.
  • The EviPass method: it consists of using the EviPass NFC HSM technology which allows to generate, store and manage keys and secrets in a secure and independent NFC HSM device. This method is the most innovative and secure, because it allows to create keys higher than 80 bits randomly in hexadecimal base 16, 58, 64 or 85, to store them in a physical device protected by an access code and a robust AES-256 post-quantum encryption algorithm, and to transfer them by various contactless means, via a computer. This method does not require to know or write down the key, which reduces the risk of disclosure or error. For example, a 10-byte key of 80 bits could be 3F 8A 6B 4C 9D 1E 7F 2A 5B 0C.

The EviPass NFC HSM technology of Freemindtronic allows to create secure gateways between the NFC devices and the computer systems, using advanced encryption protocols, such as AES, RSA or ECC. The EviPass NFC HSM technology is embedded in the PassCyber NFC HSM product, which is a portable and autonomous device that allows to secure the access to computer systems, applications or online or offligne services, using the NFC as a means of authentication.

Conclusion

TETRA is a radio technology that was designed to offer secure and reliable communication to professional mobile services and critical infrastructures. But this technology, which has been kept secret for decades, presents vulnerabilities that could be exploited by cyberattackers to compromise these communications and infrastructures. The users of TETRA must be vigilant and take measures to protect themselves from these threats, by updating their equipment, choosing robust encryption algorithms, using strong keys, verifying and authenticating data and monitoring radio traffic. The EviPass NFC HSM technology of Freemindtronic can be an effective solution to strengthen the security of keys and secrets used for verification and authentication, by storing them in a secure and independent NFC device. The researchers who revealed the vulnerabilities of TETRA hope that their work will contribute to improve the security of communications in critical domains.

2023, Articles, DataShielder, Digital Security, EviCore NFC HSM Technology, EviCypher NFC HSM, EviCypher Technology, NFC HSM technology

FormBook Malware: How to Protect Your Gmail and Other Data

Posted on by FMTAD
FormBook Malware: how to protect your gmail and other data
23
Nov
Protect your Gmail Account FormBook malware – Jacques Gascuel: This article will be updated with any new information on the topic.

Secure Your Gmail from FormBook Attacks

FormBook is a malware that can steal your Gmail credentials, messages, and attachments. Learn how to use the Freemindtronic devices to encrypt your Gmail data and use passwordless and 2FA.

How to Protect Your Gmail Account from FormBook Malware

Introduction

Imagine that you receive an email from your bank, asking you to confirm your identity by clicking on a link. You open the link, and you find yourself on a page that looks like your bank’s website, but it is actually a fake. You enter your credentials, and you think you are done. But in reality, you have just given access to your bank account to hackers, who will use it to steal your money, or worse. This is what FormBook can do, a malware that can steal your sensitive data, and that Google cannot stop. In this article, we will explain what FormBook is, how it works, and how to protect yourself from this malware.

What is FormBook and why is it a threat?

FormBook is a malware that can record your keystrokes, take screenshots, and steal your passwords, cookies, and clipboard data. It can also download and execute other malicious files on your device.

FormBook is distributed through phishing emails that contain malicious attachments. These attachments are usually disguised as invoices, receipts, or shipping confirmations. When you open them, they ask you to enable macros or content. If you do, the malware will be installed on your device.

FormBook can target any web browser, but it has a special feature for Chrome. It can inject a fake Gmail login page into your browser, and trick you into entering your credentials. The malware will then send your Gmail username and password to a remote server controlled by the hackers.

FormBook is a threat because it can compromise your Gmail account and access your personal and professional information. It can also use your Gmail account to send spam or phishing emails to your contacts, or to access other online services that are linked to your Gmail account, such as Google Drive, Google Photos, or Google Pay.

How to protect yourself from FormBook?

Google has not yet found a way to detect and block FormBook. Therefore, you need to be extra careful when you use Gmail and other online services. Here are some tips to protect yourself from FormBook and other malware:

  • Do not open or download attachments from unknown or suspicious senders. If you are not sure about the legitimacy of an email, contact the sender directly or check the official website of the company or organization.
  • Do not enable macros or content in any document unless you trust the source. Macros are small programs that can run malicious code on your device.
  • Use a strong and unique password for your Gmail account and other online accounts. Do not reuse the same password for different services. Change your password regularly and use a password manager to store and generate your passwords.
  • Enable two-factor authentication (2FA) for your Gmail account and other online accounts. 2FA adds an extra layer of security by requiring a code or a device confirmation in addition to your password.
  • Use a reputable antivirus software and keep it updated. Antivirus software can scan your device for malware and remove it. You can also use a browser extension that can block malicious websites and pop-ups.

How to encrypt your Gmail messages and attachments with DataShielder NFC HSM

DataShielder NFC HSM is a device that allows you to encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021.

With DataShielder NFC HSM, you can encrypt and decrypt your data with AES-256 keys that are randomly generated and stored in the NFC HSM. You can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM. You can also use different keys for the message and the attachment.

To encrypt your Gmail message and attachment, you need to use the EviCrypt and EviFile applications that are embedded in the DataShielder NFC HSM. These applications allow you to encrypt and decrypt your data with a simple tap of your NFC phone on the DataShielder NFC HSM. You can also share your encrypted data with other users who have the same device and the same key.

By using DataShielder NFC HSM, you can protect your Gmail messages and attachments from FormBook or any other malware that can access your Gmail account. Even if your Gmail account is hacked, your encrypted data will remain encrypted and unreadable by the hackers. Only you and the authorized recipients can decrypt your data with the DataShielder NFC HSM.

How to protect your web Gmail account with passwordless and 2FA using PassCypher NFC HSM

Do you want to manage your web accounts with complicated and complex passwords that you do not need to know, remember, or type? If yes, then you should try PassCypher NFC HSM. This device uses the EviPass NFC HSM technology, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021.

With PassCypher NFC HSM, you can create and store your usernames and passwords of more than 256-bit in the NFC HSM. Moreover, you can store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

To use PassCypher NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass and EviOTP applications that are embedded in the PassCypher NFC HSM. These applications allow you to create, edit, and delete your web accounts and OTP secret keys with a simple tap of your NFC phone on the PassCypher NFC HSM.

By using PassCypher NFC HSM, you can secure your web accounts with passwordless and 2FA. You do not need to display, know, or type your username and password. You just need to tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your web account. You also do not need to check for a typosquatting attack, since the extension will verify the URL of the website before logging in. And you do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

How to protect your Gmail account from FormBook with PassCypher NFC HSM

FormBook is a dangerous malware that can access your Gmail account and other sensitive data. Google has not yet found a solution to stop it. Therefore, you need to be vigilant and follow the best practices to protect yourself from cyberattacks. One of them is to use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA.

By using PassCypher NFC HSM, you can protect your Gmail account from FormBook or any other malware that can access your web browser. Even if your web browser is hacked, your usernames and passwords will remain encrypted and inaccessible by the hackers. Only you can decrypt your Gmail account with the PassCypher NFC HSM. And even if the hackers manage to steal your session cookies, they will not be able to log in to your Gmail account without the 2FA code that is generated by the PassCypher NFC HSM.

To use PassCypher NFC HSM with your Gmail account, you need to follow these steps:

  • Create a Gmail account in the EviPass application on the PassCypher NFC HSM. You can use the default username and password, or you can generate a random and complex password with the EviPass application.
  • Enable 2FA for your Gmail account on the Google website.
  • Choose the option to use an authenticator app, and scan the QR code with the EviOTP application on the PassCypher NFC HSM. This will store your OTP secret key in the NFC HSM.
  • Log in to your Gmail account with the Freemindtronic extension on your web browser. Tap your NFC phone on the PassCypher NFC HSM and the extension will autofill and auto login your Gmail account. You will also see a pop-up window with the 2FA code that you need to enter on the Google website.

By following these steps, you can use PassCypher NFC HSM to secure your Gmail account with passwordless and 2FA. You can also use PassCypher NFC HSM with other web accounts that support 2FA, such as Facebook, Twitter, or Amazon. This way, you can protect yourself from FormBook and other malware that can access your web browser.

Recent statistics on FormBook

FormBook is a malware that was first discovered in 2016, but it remains very active and dangerous. According to the Check Point report on cybersecurity in 2022, FormBook was the third most widespread malware in 2021, attacking 5% of enterprise networks. It was also the most prolific infostealer malware, accounting for 16% of attacks worldwide.

FormBook spreads mainly through phishing emails that contain malicious attachments. These attachments are often RAR self-extracting archives, which are compressed files that can run malicious code when opened. The RAR files contain a legitimate document, such as a PDF or a Word file, and a hidden executable file, which is the FormBook malware. When the user opens the RAR file, the document is displayed, but the malware is also installed in the background.

FormBook can also spread through other methods, such as drive-by downloads, malicious links, or removable media. The malware can infect any Windows device, from Windows XP to Windows 10. The malware can also evade detection and removal by using various techniques, such as encryption, obfuscation, or anti-analysis.

Here are some recent statistics on FormBook, based on the data from Check Point and ANY.RUN:

  • FormBook was the most popular malware in August 2021, affecting 4.5% of organizations worldwide, followed by Trickbot and Agent Tesla, affecting respectively 4% and 3% of organizations worldwide.
  • FormBook was the fourth most common malware in 2020, according to the ranking of malware families by ANY.RUN. It accounted for 8% of the samples analyzed by the online sandboxing service.
  • FormBook was used in many phishing campaigns targeting various industries, such as defense, aerospace, health, education, finance, retail, etc. It was also used to attack Ukrainian targets during the war between Russia and Ukraine in 2022.
  • FormBook has a successor called XLoader, which appeared in 2020 and which is able to infect macOS users. XLoader is sold on the dark web for $59 for a Windows license and $49 for a macOS license.

Danger level of FormBook compared to other malware

FormBook is a very dangerous malware, because it can steal sensitive information, such as credentials, passwords, credit card numbers, 2FA codes, etc. It can also download and execute other malware, such as ransomware, banking trojans, spyware, etc. It can also remotely control the infected device and perform various malicious actions, such as deleting browser cookies, taking screenshots, restarting or shutting down the system, etc.

FormBook is also hard to detect and remove, because it uses advanced evasion techniques, such as code injection, string obfuscation, data encryption, anti-analysis, etc. It also changes frequently its name, path, and file extension, and uses random Windows registry keys to maintain its persistence.

To compare the danger level of FormBook with other known malware in its category, we can use the following criteria:

  • The number of organizations affected worldwide
  • The type and amount of information stolen
  • The ability to download and execute other malware
  • The ability to remotely control the infected device
  • The evasion techniques used
  • The ease of detection and removal

Here is a table that compares FormBook with other popular infostealer malware, such as Trickbot, Agent Tesla, LokiBot, and Raccoon:

Malware Number of organizations affected Type and amount of information stolen Ability to download and execute other malware Ability to remotely control the infected device Evasion techniques used Ease of detection and removal
FormBook 4.5% in August 2021 Credentials, passwords, credit card numbers, 2FA codes, screenshots, keystrokes, etc. Yes Yes Code injection, string obfuscation, data encryption, anti-analysis, etc. Hard
Trickbot 4% in August 2021 Credentials, passwords, banking information, personal data, etc. Yes Yes Code injection, string obfuscation, data encryption, anti-analysis, etc. Hard
Agent Tesla 3% in August 2021 Credentials, passwords, banking information, personal data, screenshots, keystrokes, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium
LokiBot 1.5% in August 2021 Credentials, passwords, banking information, personal data, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium
Raccoon 0.8% in August 2021 Credentials, passwords, banking information, personal data, etc. No Yes String obfuscation, data encryption, anti-analysis, etc. Medium

From this table, we can see that FormBook is the most dangerous infostealer malware, because it affects the most organizations, steals the most types of information, and can download and execute other malware. It is also the hardest to detect and remove, because it uses more evasion techniques than the other malware.

Forms of attacks of FormBook

FormBook can be delivered through different forms of attacks, depending on the delivery mechanism chosen by the malicious actor. Here are some forms of attacks of FormBook:

  • Phishing: FormBook can be sent by email as a malicious attachment, such as a Word, Excel, PDF, or ZIP or RAR file. The email can have a misleading subject, such as an invoice, a receipt, a contract, a job offer, etc. When the user opens the attachment, the malware runs and infects the device.
  • Exploitation of vulnerabilities: FormBook can exploit vulnerabilities in popular software, such as Microsoft Office, Windows, Adobe Reader, etc. For example, FormBook used the vulnerability CVE-2017-8570 in Microsoft Office to run malicious code from a RTF file. FormBook also used the vulnerability CVE-2021-40444 in Microsoft MSHTML to run malicious code from a CAB file.
  • Drive-by downloads: FormBook can be downloaded without the user’s knowledge when they visit a compromised or malicious website. The website can use a script or an exploit kit to trigger the download and execution of the malware on the user’s device.
  • Removable media: FormBook can be copied to removable media, such as USB drives, external hard drives, memory cards, etc. When the user connects the removable media to their device, the malware runs automatically and infects the device.
  • Social media: FormBook can be spread by messages or posts on social media, such as Facebook, Twitter, Instagram, etc. These messages or posts can contain links or images that redirect to malicious websites or infected files. When the user clicks on the link or image, the malware is downloaded and executed on their device.

Here is a type of formbook malware attacks image:

Type of Formbook MalwareAttacks

How PassCypher NFC HSM and DataShielder NFC HSM can protect you from FormBook attacks

PassCypher NFC HSM and DataShielder NFC HSM are two devices that use the EviPass NFC HSM technology from Freemindtronic, which is a contactless hardware password manager that won the Silver Medal for International Inventions in Geneva on March 2021. These devices can help you protect your web accounts and your Gmail messages and attachments from FormBook attacks, by using passwordless, 2FA, and encryption.

PassCypher NFC HSM can create and store your usernames and passwords of more than 256-bit in the NFC HSM. It can also store your OTP TOTP or HOTP secret keys in the NFC HSM to generate the 2FA code for your web accounts. The NFC HSM can store up to 100 web accounts and one pair of RSA-4096 keys.

DataShielder NFC HSM can encrypt and decrypt your Gmail messages and attachments with your own encryption keys that you create and store offline. It uses the EviCypher NFC HSM technology, which is a contactless hardware security module (NFC HSM) that won the Gold Medal for International Inventions in Geneva on March 2021. It can store up to 100 keys and one pair of RSA-4096 keys in the NFC HSM.

To use PassCypher NFC HSM and DataShielder NFC HSM, you need to install the Freemindtronic extension for your web browser based on Chromium or Firefox. This extension uses the EviCore NFC HSM Browser technology, which allows you to communicate with the NFC HSM via your NFC phone. You also need to use the EviPass, EviOTP, EviCrypt, and EviFile applications that are embedded in the PassCypher NFC HSM and DataShielder NFC HSM. These applications allow you to create, edit, delete, encrypt, and decrypt your web accounts, OTP secret keys, messages, and attachments with a simple tap of your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM.

By using PassCypher NFC HSM and DataShielder NFC HSM, you can secure your web accounts and your Gmail messages and attachments with passwordless, 2FA, and encryption. You do not need to display, know, or type your username, password, or encryption key. You just need to tap your NFC phone on the PassCypher NFC HSM or DataShielder NFC HSM and the extension will autofill, auto login, encrypt, or decrypt your web account, message, or attachment. You also do not need to use another device or application to generate the 2FA code, since the PassCypher NFC HSM will do it for you.

Here is a table that shows how PassCypher NFC HSM and DataShielder NFC HSM can protect you from different FormBook attack vectors, such as keylogger, password stealer, file transfer, screenshot, etc. I used a check mark or a cross mark to show visually what PassCypher NFC HSM and DataShielder NFC HSM protect.

 

FormBook PassCypher DataShielder
Keylogger ✔️ ✔️
Password stealer ✔️ ✔️
File transfer ✔️
Screenshot ✔️ ✔️
Remote control
Phishing ✔️ ✔️
Exploit kit
Drive-by download
Removable media ✔️
Social media

This table shows that PassCypher NFC HSM and DataShielder NFC HSM can protect your web accounts from FormBook’s keylogger, password stealer, and phishing, by using passwordless and 2FA. They can also protect your Gmail messages and attachments from FormBook’s file transfer and screenshot, by using encryption and decryption. DataShielder NFC HSM can also protect your data stored in computers or removable media, by using encryption and decryption. However, neither device can protect your device from FormBook’s remote control, exploit kit, drive-by download, or unsecured social media, which can compromise your system and your data. Therefore, you should also use an antivirus software and a firewall to prevent FormBook from accessing your device.

Digital Security, Technical News

Brute Force Attacks: What They Are and How to Protect Yourself

Posted on by FMTAD
Brute Force Attacks Cyber Attack Guide
01
Nov
brute force attacks by Jacques Gascuel: This article will be updated with any new information on the topic.

Everything You Need to Know About Brute-force Attacks

80% of cyberattacks are brute force attacks. This technique tests all combinations to find a system’s password, key, or URL. These attacks threaten the security of your data. How to protect yourself? What tools and practices should be adopted? This article explains.

Brute-force Attacks: A Comprehensive Guide to Understand and Prevent Them

Brute Force: danger and protection 80% of cyberattacks are brute force attacks. This technique tests all combinations to find the password, key, URL or hash of a system. These attacks threaten the security of your data. How to protect yourself? What tools and practices to adopt? This article explains:

  • Brute force types and methods : they vary according to the hackers’ method, the intrusion level and the application domain.
  • Brute force on electronic components : physical or electrical techniques are used to target chips or boards.
  • Brute force on passwords, keys, URLs and hashes : software or network techniques are used to access websites, online accounts, encrypted files, etc.
  • Brute force on phone systems : code or key techniques are used to hack landlines, mobiles or VoIP services.
  • Protection from brute force on devices and domains : encryption, authentication, masking, verification or correction techniques can help you strengthen your security.
  • Resistance evaluation of products or services to brute force : a scoring model based on the attack type and severity can help you assess the risk.

Types and Methods of Brute-force Attacks

There are several types and methods of brute force attacks, depending on the hackers’ method, the level of intrusion, and the domain of application.

Hackers’ Method

Hackers can use different methods to perform brute force attacks, depending on the type of data they want to obtain or modify. Here are the most common ones:

  • Simple brute force attacks: hackers try to guess the password of a user without using software, based on personal information or common passwords. These attacks work against users who have weak and easy-to-guess passwords, such as “password”, “1234567890”, or “qwerty”.
  • Dictionary attacks: hackers use software that tries passwords from a predefined list of common words, such as those from a dictionary or a database. These attacks are faster than simple ones but less effective against complex and random passwords.
  • Hybrid brute force attacks: hackers combine the previous two methods by adding variations to the dictionary words, such as numbers, symbols, or capital letters. These attacks are more sophisticated and can crack more robust passwords but they take more time and resources.
  • Reverse brute force attacks: hackers target the username rather than the password, assuming that the password is easier to guess or obtain by other means. These attacks are useful to access accounts that use the same username on multiple sites or services.
  • Distributed brute force attacks: hackers use multiple computers or devices connected to the Internet to perform brute force attacks simultaneously on the same target. These attacks are more powerful and harder to detect because they distribute the load and avoid security measures such as attempt limits or IP blocks.
  • Non-invasive faster than brute force attacks: hackers exploit weaknesses in the design or implementation of a system to reduce the number of combinations to test to find a secret information. For example, they can use a technique called “side-channel cube attack” to break AES encryption in less than 10 minutes with a laptop.
  • Analogous attacks: hackers use methods similar to brute force attacks but that do not test all possible combinations. For example, they can use a technique called “binary search attack” to guess a PIN code in less than 20 tries by exploiting the system’s response (correct/incorrect).

Level of Intrusion

Brute force attacks can also be classified according to the level of intrusion they involve:

  • Invasive attacks: hackers access physically the system or device they want to hack, using for example a keyboard, a USB stick, or a cable. These attacks are more dangerous because they can bypass software or network protections but they require proximity with the target and a risk of being caught.
  • Non-invasive attacks: hackers do not need to access physically the system or device they want to hack; they do it remotely via Internet or wireless network. These attacks are more discreet and easier to perform but they can be blocked by firewalls, antivirus software or secure protocols.

Domain of Application

Hackers’ objectives and motivations determine the domains where they apply brute force attacks. Here are some examples:

  • The civil domain: Hackers use brute force attacks to access personal or professional accounts such as emails, social networks, online banks or cloud services. They can steal sensitive information, impersonate identities, extort money or harm the reputation of the victims.
  • The defense domain: Hackers compromise national or international security by targeting military, governmental or diplomatic systems with brute force attacks. They can spy, sabotage, destabilize or provoke conflicts between countries.
  • The ethical hacking domain: Hackers test the security of systems or devices with brute force attacks by putting themselves in the attackers’ shoes. They can identify and report flaws, improve protections or train users.
  • The research domain: Hackers advance science and technology by exploring the limits of systems or devices with brute force attacks. They can discover new possibilities, innovate or create new products.

Brute-force Attacks on Electronic Components

Brute force attacks are not limited to passwords or encryption keys. They can also target electronic components that store or process data such as chips or integrated circuit boards. These attacks aim to access encrypted or protected information that is in the hardware using physical or electrical techniques.

Invasive Attacks

Invasive attacks are attacks that require direct access to the hardware and that involve modifying or destroying it. These attacks are often used to reverse engineer or extract data from chips or smart cards. Here are some examples:

  • Decapsulation: this technique consists of removing the outer layer of protection of a chip to expose the silicon and the internal layers. This can be done mechanically or chemically for example with nitric acid.
  • Deprocessing: this technique consists of removing progressively the internal layers of a chip to access the transistors and the connections. This can be done with chemicals lasers or focused ion beams (FIB).
  • Removal of the passivation layer: this technique consists of removing the insulating layer that covers the surface of a chip to allow electrical contact with the bonding wires (the thin connections between the chip and the package).
  • Reverse engineering: this technique consists of analyzing the structure and the functioning of a chip or an integrated circuit board to extract the source code the algorithms or the vulnerabilities.
  • Micro-probing: this technique consists of using micro-probes (metal needles) to connect directly to the internal components of a chip or an integrated circuit board and interfere with the signals or extract data.
  • Instantaneous memory attack: this technique consists of freezing a chip or an integrated circuit board to preserve the data that is in the volatile memory (RAM) after cutting off the power supply. This technique allows bypassing the mechanisms of automatic erasure of sensitive data in case of intrusion attempt.
  • Securing pairing algorithms against physical attacks: this technique consists of protecting pairing algorithms which are used for identity-based encryption against physical attacks that aim to modify the behavior of the hardware. This technique uses mathematical methods to detect and correct errors induced by physical disturbances.

Non-invasive Attacks

Non-invasive attacks are attacks that do not need direct access to the hardware but that use auxiliary or hidden channels to obtain or modify data on chips or integrated circuit boards. These attacks exploit the physical characteristics of the hardware such as power consumption electromagnetic field acoustic noise or temperature. Here are some examples:

  • Side-channel attack: this technique consists of measuring a physical parameter related to the functioning of a chip or an integrated circuit board to deduce information about the operations it performs or the data it processes. For example it is possible to guess an encryption key by analyzing the power consumption of a chip while it encrypts or decrypts a message.
  • Fault injection attack: this technique consists of provoking an error in the functioning of a chip or an integrated circuit board by sending it an abnormal signal such as an electric pulse a light wave or ionizing radiation. This technique allows modifying the behavior of the hardware revealing hidden information or bypassing protections.
  • Software flaw attack: this technique consists of exploiting a vulnerability in the software that controls the functioning of a chip or an integrated circuit board to access or modify sensitive data. For example it is possible to take control of a router by using a flaw in its firmware (the internal software that controls the functioning of the hardware).
  • Hidden channel attack: this technique consists of exploiting information that is not directly related to the functioning of the targeted system such as noise temperature or time. For example it is possible to guess the PIN code of a phone by listening to the sound produced by the keys when entering it.

Brute-force Attacks on Passwords Encryption Keys Hidden URLs and Hashes

Passwords encryption keys hidden URLs and hashes are data that serve to protect access or confidentiality of information on Internet. Hackers can try to guess them using brute force attacks which consist in testing all possible combinations until they find the right one. These attacks can have serious consequences such as identity theft account hijacking message decryption or website hacking.

Attacks on Passwords

Passwords are secret codes that users enter to authenticate on a website or an online service. Hackers can try to guess them using brute force attacks simple dictionary hybrid reverse or distributed as we have seen previously. These attacks can allow hackers to access users’ accounts and steal their personal financial or

professional information. To protect themselves from these attacks, users should choose strong and unique passwords, use a password manager, enable two-factor authentication, and avoid phishing emails.

Attacks on Encryption Keys

Encryption keys are data that are used to encrypt or decrypt messages or files. They can be symmetric (the same key is used for encryption and decryption) or asymmetric (two different keys are used: a public key for encryption and a private key for decryption). Hackers can try to guess them using brute force attacks simple or distributed, by testing all possible combinations until they find the right one. These attacks can allow hackers to read or modify confidential messages or files.

To protect themselves from these attacks, users should choose long and random encryption keys, use secure encryption algorithms, do not disclose or store their encryption keys in insecure places, and use secure protocols to exchange their encryption keys with their correspondents, such as the Diffie-Hellman protocol or the SSL/TLS protocol.

Another type of brute force attack targets the data stored in the volatile memory of devices, such as computers and phones. Volatile memory is a type of memory that loses its content when the power supply is cut off. This makes it vulnerable to brute force attacks that aim to extract sensitive data from it, using physical or software techniques. In this section, we will explain what are brute force attacks on volatile memory, how they work, what are the risks and how to prevent them.

Tools for brute force attacks

There are many tools available for brute force attacks on different protocols or services. Some are used for malicious purposes, others for penetration testing or security audit. Here is a non-exhaustive list of tools for brute force attacks:

  • Hashcat: Hashcat claims to be the world’s fastest and most advanced password recovery tool based on CPU. It supports five unique modes of attack for over 300 optimized hashing algorithms.
  • Flipper Zero: a multifunctional device that allows you to perform brute force attacks on RFID, NFC, Bluetooth systems, etc.
  • Gobuster: a tool written in Go that allows you to perform brute force attacks on web directories, DNS subdomains, S3 buckets or virtual hosts.
  • BruteX: a shell-based tool that allows you to perform brute force attacks on different services such as FTP, SSH, Telnet, RDP, VNC, etc.
  • Dirsearch: a tool written in Python that allows you to perform brute force attacks on web directories and files.
  • Callow: a tool written in C# that allows you to perform brute force attacks on web forms.
  • SSB: a tool written in Perl that allows you to perform brute force attacks on SMTP servers.
  • THC-Hydra: a popular tool that allows you to perform brute force attacks on more than 50 protocols such as HTTP, HTTPS, FTP, SSH, Telnet, SMB, etc.
  • Burp Suite: a suite of tools that allows you to perform penetration testing on web applications, including brute force attacks on web forms or HTTP parameters.
  • Patator: a tool written in Python that allows you to perform modular brute force attacks on different services such as HTTP, FTP, SSH, SMTP, etc.
  • Pydictor: a tool written in Python that allows you to generate custom lists for brute force or dictionary attacks.
  • Ncrack: a tool that allows you to perform fast and flexible brute force attacks on different services such as RDP, SSH, Telnet, HTTP(S), POP3(S), etc.

Brute force attacks on volatile memory: a data security risk

Volatile memory is a type of memory that loses its content when the power supply is cut off. This is the case for the random access memory (RAM) of computers and phones, which temporarily stores data and programs that are running. Volatile memory has an advantage: it erases the traces of computer activity in case of power outage or system shutdown. But it also has a drawback: it can be targeted by brute force attacks aiming to recover the sensitive data it contains.

A brute force attack is a method that consists of testing all possible combinations of a password, an encryption key or an access code, until finding the right one. Brute force attacks can be performed using specialized software, which exploits the computing power of computers or networks of machines. Brute force attacks can take a lot of time, depending on the complexity and length of the password, key or code to guess.

Brute force attacks on volatile memory are attacks that aim to extract data stored in the RAM of a computer or a phone, using physical or software techniques. For example, it is possible to cool down the RAM with liquid nitrogen, which allows to preserve its content for a few minutes after the system shutdown. It is then possible to transfer the RAM to another device, and use a brute force software to decrypt the data it contains. It is also possible to use malicious software that infiltrates the system and accesses the RAM, bypassing software or hardware protections.

Brute force attacks on volatile memory pose a risk for data security, because they can allow hackers to access confidential information, such as passwords, encryption keys, personal or professional data, etc. These information can then be used to compromise other systems or services, or to extort the victims. To protect against these attacks, it is recommended to use passwords or keys that are long and complex enough, to encrypt data stored in the RAM, and to update software and hardware to benefit from the latest security measures.

To sum up, brute force attacks on volatile memory are a serious threat for data security, as they can allow hackers to access confidential information, such as passwords, encryption keys, personal or professional data, etc. These information can then be used to compromise other systems or services, or to extort the victims. To protect against these attacks, it is recommended to use passwords or keys that are long and complex enough, to encrypt data stored in the RAM, and to update software and hardware to benefit from the latest security measures.

Attacks on Hidden URLs

Hidden URLs are web addresses that are hidden or modified to avoid being easily accessible or identifiable. They can be used to protect the privacy or security of a website or an online service. For example, a website may use a hidden URL to prevent being indexed by search engines or targeted by hackers. Hackers can try to guess them using brute force attacks simple or distributed, by testing all possible combinations until they find the right one. These attacks can allow hackers to access hidden or forbidden websites, such as illegal, malicious, or sensitive websites.

To protect themselves from these attacks, users should choose long, complex, and random hidden URLs, do not use predictable or easy-to-guess hidden URLs, do not share or publish their hidden URLs with other people or on other websites, and use encryption or authentication techniques to enhance the security of their hidden URLs.

Attacks on Hashes

Hashes are data that result from applying a mathematical function to a message or a file. They are used to verify the integrity or authenticity of a message or a file, by comparing it to the original hash. They can also be used to store passwords securely, by transforming them into irreversible hashes. Hackers can try to guess them using brute force attacks simple, dictionary, or hybrid, by testing all possible combinations until they find the right hash. These attacks can allow hackers to falsify or reveal messages or files.

To protect themselves from these attacks, users should choose secure hashing functions that do not have collisions (two different messages that produce the same hash) or preimages (a message that produces a given hash), use salting (adding a random data to the message before hashing) or peppering (adding a secret data to the message before hashing) techniques to make hashes more resistant to brute force attacks, do not store or transmit their hashes in insecure places, and use secure protocols to exchange their hashes with their correspondents, such as the HMAC protocol or the SSL/TLS protocol.

Brute-force Attacks on Phone Systems

Phone systems are devices that allow communication by voice or text, such as landlines, mobile phones (smartphones), or VoIP services. Hackers can try to hack them using brute-force attacks that consist of guessing codes or keys. These attacks can allow hackers to access data or services of a phone system, such as contacts, messages, calls, payments, or subscriptions.

Attacks on PIN Codes

PIN codes are secret codes of four digits that are used to unlock a mobile phone or a SIM card. Hackers can try to guess them using brute force attacks simple or analogous by testing all possible combinations until they find the right one. These attacks can allow hackers to access data or services of the mobile phone or the SIM card.

To protect themselves from these attacks users should choose random and unpredictable PIN codes that do not contain numerical sequences easy to guess such as “0000” “1234” or “4321”. They should not write or share their PIN codes with other people. They should activate the function of automatic locking of the mobile phone or the SIM card after a certain number of unsuccessful attempts. They should activate the function of automatic reset of the mobile phone or the SIM card after a certain number of unsuccessful attempts.

Attacks on IMEI Codes

IMEI codes are unique codes of 15 digits that identify a mobile phone. They are used to block a mobile phone in case of theft or loss. Hackers can try to guess them using brute force attacks simple or distributed by testing all possible combinations until they find the right one. These attacks can allow hackers to unlock a stolen or lost mobile phone and use it for malicious purposes such as making fraudulent calls sending unwanted messages or accessing personal data of the owner.

To protect themselves from these attacks users should note their IMEI codes and keep them in a safe place. They should not disclose their IMEI codes to unknown or suspicious people. They should report the loss or theft of their mobile phone to their operator and request the blocking of their IMEI codes. They should use a service of location or remote locking of their mobile phone in case of loss or theft.

Attacks BrutePrint

You will surely be amazed by our discoveries! These systems verify your identity on smartphones and other devices by using the unique patterns of your finger. But is their security level? In this study, we explore the weaknesses of these systems and how various actors, from cybercriminals to sovereign entities, can exploit them. We looked at 25 techniques for corrupting fingerprint authentication systems. We will also introduce an effective dual-use defense solution: DataShielder HSM solutions to protect your secrets and sensitive data even if this biometric authentication system becomes compromised. Click is here for more information Attacks BrutePrint.

Evaluation of Products or Services Resistance to Brute-force Attacks

To evaluate the resistance of products or services to brute force attacks we can use a scoring model based on the type and severity of possible attacks. The scoring model can be as follows:

  • For each product or service we identify the possible types of brute force attacks that can target it such as passwords encryption keys hidden URLs hashes PIN codes or IMEI codes.
  • For each type of brute force attack we assign a score from 1 to 5 according to the severity of the attack. The score can be based on the following criteria: the complexity of the attack the time required to perform the attack the impact of the attack on the confidentiality integrity or availability of the data or service and the likelihood of the attack to succeed.
  • We calculate the average score for each product or service by adding up the scores for each type of brute force attack and dividing by the number of types. The lower the score the more resistant the product or service is to brute force attacks.

For example let’s consider two products: a web application and a smartphone. The possible types of brute force attacks and their scores are as follows:

Type of brute-force attack Web application Smartphone
Passwords 3 2
Encryption keys 4 3
Hidden URLs 2 N/A
Hashes 3 N/A
PIN codes N/A 2
IMEI codes N/A 4

The average score for the web application is (3 + 4 + 2 + 3) / 4 = 3. The average score for the smartphone is (2 + 3 + 2 + 4) / 4 = 2.75. Therefore, according to this scoring model, the smartphone is more resistant to brute force attacks than the web application.

Statistics on brute force attacks

Brute force attacks are common and effective methods used by hackers to access systems protected by passwords or encryption keys. According to the IBM Cost of a Data Breach 2022 report, stolen or compromised credentials are the leading cause of data breaches and cost an average of $4.35 million to businesses worldwide in 2021. Brute force attacks are also increasing with the health crisis, which has encouraged remote work and online services. According to Cloudflare, the number of brute force attacks on RDP and SSH protocols increased by 400% between March and April 2020.

The duration and difficulty of a brute force attack depend on the length and complexity of the password or key to guess. According to Cloudflare, a seven-character password would take, at a rate of 15 million keystrokes per second, 9 minutes to crack. An eight-character password would take 4 hours, a nine-character password would take 8 days, and a ten-character password would take 463 days. It is therefore essential to use passwords or keys that are long and random enough to resist brute force attacks.

Real Cases of Brute-force Attacks

Brute force attacks are not only theoretical methods, but also real threats that have affected various domains, such as finance, health, politics, etc. In this section, we will present some examples of brute force attacks that have taken place in recent years, and show their consequences and lessons.

Brute force attacks on financial institutions

Financial institutions are often targeted by brute force attacks, as they store sensitive data and money. For instance, in 2019, a group of hackers used brute force attacks to access the online banking systems of several banks in Eastern Europe and Central Asia. They stole over $100 million from more than 40,000 accounts. The hackers used a software called Cobalt Strike, which allowed them to remotely control the infected computers and launch brute force attacks on the banks’ servers. They also used a technique called “ATM cash-out”, which enabled them to withdraw money from ATMs without using cards.

This case shows the importance of using strong passwords and encryption keys for online banking systems, as well as updating the software and hardware to prevent malware infections. It also shows the need for monitoring and alerting mechanisms to detect and stop brute force attacks in real time.

Brute force attacks on health systems

Health systems are also vulnerable to brute force attacks, as they store personal and medical data that can be used for identity theft or blackmail. For example, in 2020, a hacker group called Maze used brute force attacks to breach the network of Fresenius, Europe’s largest private hospital operator. They encrypted the data and demanded a ransom for its release. The attack affected the hospital’s operations and patient care, as well as its subsidiaries that produce dialysis products and blood transfusion devices.

This case illustrates the impact of brute force attacks on human lives and health services. It also highlights the need for securing the network and data of health systems, as well as having backup and recovery plans in case of an attack.

Brute force attacks on political systems

Political systems are not immune to brute force attacks, as they can influence the outcome of elections or policies. For instance, in 2016, a hacker group called Fancy Bear used brute force attacks to access the email accounts of several members of the Democratic National Committee (DNC) in the United States. They leaked the emails to WikiLeaks, which published them online. The leaked emails revealed internal conflicts and controversies within the DNC, and damaged the reputation of Hillary Clinton, who was running for president against Donald Trump.

This case demonstrates the power of brute force attacks to manipulate public opinion and interfere with democratic processes. It also underscores the need for protecting the email accounts and communications of political actors, as well as educating the public about cyber threats and misinformation.

How to Prevent Brute-force Attacks

Brute force attacks are a serious threat to the security and privacy of users, systems, and devices. Therefore, it is important to take preventive measures to avoid or mitigate their impact. Here are some general tips to prevent brute force attacks:

  • Use strong and unique passwords, encryption keys, hidden URLs, hashes, PIN codes, and IMEI codes. They should be long, complex, and random, containing letters, numbers, and symbols. They should not be based on personal or predictable information, such as names, dates, or phone numbers.
  • Use secure encryption algorithms and hashing functions. They should not have known or exploitable flaws or weaknesses, such as collisions or preimages. They should have enough entropy (degree of unpredictability) to resist brute force attacks.
  • Use secure protocols and techniques to exchange and store data. They should provide encryption, authentication, verification, correction, masking, or salting features. They should use secure channels and devices to transmit and store data.
  • Use security software and hardware to protect systems and devices. They should include firewalls, antivirus software, sensors, or locks. They should detect and block brute force attacks or trigger self-destruction or data erasure mechanisms.
  • Use ethical hacking and research to test and improve the security of systems and devices. They should identify and report vulnerabilities, flaws, or weaknesses. They should provide solutions, innovations, or products to enhance the security of systems and devices.

In conclusion

In this article, we have explored the topic of brute force attacks, also known as trial-and-error or exhaustive attacks. We have seen that brute force attacks are methods used by hackers to access systems protected by passwords or encryption keys, by testing all possible combinations until finding the right one. We have also seen that there are different types and methods of brute force attacks, depending on the hackers’ method, the level of intrusion, the domain of application and the tools used. We have focused on some specific types of brute force attacks, such as those on electronic components, passwords, encryption keys, hidden URLs, hashes and phone systems. We have also evaluated the resistance of products or services to brute force attacks, by presenting some real cases and some criteria to assess the security level. Finally, we have given some tips on how to prevent brute force attacks, by using long and complex passwords or keys, encrypting data, updating software and hardware, and using security tools.

Brute force attacks are a serious threat for data security and privacy, as they can allow hackers to access confidential information, compromise other systems or services, or extort the victims. Therefore, it is essential to be aware of the risks and the solutions to protect yourself from brute force attacks. If you want to learn more about this topic, you can check the sources that we have cited throughout this article.