The Category5.TV Newsroom

Here are the stories we're following for the week of Wednesday April 10, 2019

A piece of malware has been found on both iOS and Android that has been stealing contacts, audio, location data and more for several years.

A piece of malware has been found on both iOS and Android that has been stealing contacts, audio, location data and more for several years.

Researchers recently discovered a well-funded mobile phone surveillance operation that was capable of surreptitiously stealing a variety of data from phones running both the iOS and Android operating systems. Researchers believe the malware is so-called "lawful intercept" software sold to law-enforcement and governments.

Exodus, as the malware for Android phones has been dubbed, was under development for at least five years. It was spread in apps disguised as service applications from Italian mobile operators. Exodus was hidden inside apps available on phishing websites and nearly 25 apps available in Google Play. In a report published two weeks ago, researchers at Security without Borders said Exodus infected phones estimated to be in the "several hundreds if not a thousand or more."

Exodus consisted of three distinct stages. The first was a small dropper that collected basic identifying information about the device, such as the IMEI and phone number, and sent it to a command-and-control server. A second stage was installed almost immediately after the researchers’ test phone was infected with the first stage and also reported to a control server. That led researchers to believe all phones infected with stage one are indiscriminately infected with later stages.

Stage two consisted of multiple binary packages that implemented the bulk of the advanced surveillance capabilities. Some of the variants encrypted communications with self-signed certificates that were pinned to the apps. The binaries could also take advantage of capabilities available on specific devices. For instance, one binary made use of “protectedapps,” a feature in Huawei phones, to keep Exodus running even when the screen went dark, rather than be suspended to reduce battery consumption.

A third stage would attempt to let Exodus gain root control over an infected phone, typically though the use of an exploit dubbed DirtyCOW. Once fully installed, Exodus was able to carry out an extensive amount of surveillance, including recording phone conversations, extracting calendar events, record audio or video, or take photos at will, view the address book or calling log, read SMS messages, and more.

The researchers say their analysis of Exodus led to the discovery of servers that, in addition to Exodux, hosted an iOS version of the malware. The iPhone surveillance malware was distributed on phishing sites that masqueraded as mobile carriers.

The iOS version was installed using the Apple Developer Enterprise program, which allows organizations to distribute in-house apps to employees or members without using the iOS App Store. The apps masqueraded as mobile carrier assistance apps that instructed users to “keep the app installed on your device and stay under Wi-Fi coverage to be contacted by one of our operators.”

It’s not clear how many iPhones were infected by the iOS apps. The iOS variant isn’t as sophisticated as Exodus. Unlike Exodus, the iOS version wasn’t observed to use exploits. Instead, it relied on documented programming interfaces. It was nonetheless able to exfiltrate a variety of sensitive data.

The researchers reported their findings to Apple, who swiftly revoked the enterprise certificate. The revocation has the effect of preventing the apps from being installed on new iPhones and stopping them from running on infected devices.

Similarly, when they reported their findings to Google, the infected apps were removed from Google Play.

Source: arstechnica.com

Sent to us by: Roy W. Nash

Sony has created a colossal 16K screen which will soon be on display in Japan.

Sony has created a colossal 16K screen which will soon be on display in Japan.

Sony's display contains 16 times as many pixels as a 4K television and 64 times as many as a regular 1080p high definition TV, meaning it can show images in far more detail than normal.

This will let viewers stand close to the unit - which is longer than a bus - without its image looking blurred.

One expert said it would likely take decades for 16K tech to filter down to consumer products.

The 63-feet long by 17-feet high screen is currently being installed at a new research centre that has been built for the Japanese cosmetics group Shiseido in the city of Yokohama, south of Tokyo. It is so large it will stretch between the first and second floors.

Sony had previously designed a separate 16K display that went on show at Tokyo's Haneda Airport in 2014, but that looked like it was made up of dozens of smaller screens rather than presenting a single seamless picture.

The new "super-size" installation has in fact been created out of several modular panels, but because they do not have bezels they can be fitted together without any visible gaps to create the impression of being a single screen.

Sony calls the technology "Crystal LED", which is its brand name for micro-LED display tech. Samsung is also experimenting with the format.

For now, Sony is pitching a range of smaller, lower-resolution Crystal LED displays for use in office lobbies, car showrooms, cinemas and theme parks.

Since little 16K footage exists elsewhere, the firm has produced its own film for Shiseido showing life-size animal wildlife.

The development was announced by Sony at the National Association of Broadcasters trade show, which is being held in Las Vegas this week.

Source: www.bbc.com

Sent to us by: Roy W. Nash

A newly-discovered privilege-escalation flaw in the Apache web server allows malicious users to gain root access to the underlying OS.

A newly-discovered privilege-escalation flaw in the Apache web server allows malicious users to gain root access to the underlying OS.

Apache is the Internet’s most widely used Web server, and the vulnerability they just fixed makes it possible for untrusted users or software to gain unfettered control of the machine the software runs on.

With the exploit, the attacker could do just about anything. The vulnerability makes it possible for unprivileged scripts to overwrite sensitive parts of a server’s memory, and therefore a malicious script could exploit this to gain root privileges.

The vulnerability poses the most risk inside Web-hosting facilities that offer shared instances, in which a single physical machine serves content for more than one website. Typically, such servers prevent an administrator of one site from accessing other sites or from accessing sensitive settings of the machine itself.

If one of the users successfully exploits the vulnerability, they'll gain full access to the server, just like the administrator at the Web host.

Another risk is that this vulnerability allows other vulnerabilities to also gain root. An issue that previously had limited permissions would be able to be executed as root, allowing it to do absolutely anything with the server.

The vulnerability affects only Apache versions 2.4.17 to 2.4.38 when running on UNIX-like systems, and it's estimated that around 2 million servers are affected.

People who rely on Apache—particularly customers of hosts that provide shared instances—should ensure they’re running version 2.4.39.

Source: arstechnica.com

Sent to us by: Roy W. Nash

Astronomers have revealed the first ever image of a black hole that exists in a galaxy called M87, 500 million trillion km away.

Astronomers have revealed the first ever image of a black hole that exists in a galaxy called M87, 500 million trillion km away.

It measures 40 billion km across - three million times the size of the Earth - and has been described by scientists as "a monster".

The black hole was photographed by a network of eight telescopes across the world.

Details have been published today in Astrophysical Journal Letters.

Prof Heino Falcke, of Radboud University in the Netherlands said, "What we see is larger than the size of our entire Solar System. It has a mass 6.5 billion times that of the Sun. And it is one of the heaviest black holes that we think exists. It is an absolute monster, the heavyweight champion of black holes in the Universe."

He says, "Although they are relatively simple objects, black holes raise some of the most complex questions about the nature of space and time, and ultimately of our existence."

He goes on to say, "It is remarkable that the image we observe is so similar to that which we obtain from our theoretical calculations. So far, it looks like Einstein is correct once again."

Having the first image will enable researchers to learn more about these mysterious objects. They will be keen to look out for ways in which the black hole departs from what's expected in physics. No-one really knows how the bright ring around the hole is created. Even more intriguing is the question of what happens when an object falls into a black hole.

Prof Falcke had the idea for the project when he was a PhD student in 1993. At the time, no-one thought it was possible. But he was the first to realise that a certain type of radio emission would be generated close to and all around the black hole, which would be powerful enough to be detected by telescopes on Earth.

He also recalled reading a scientific paper from 1973 that suggested that because of their enormous gravity, black holes appear 2.5 times larger than they actually are.

These two previously unknown factors suddenly made the seemingly impossible, possible. After arguing his case for 20 years, Prof Falcke persuaded the European Research Council to fund the project. The National Science Foundation and agencies in East Asia then joined in to bankroll the project to the tune of more than £40m.

No single telescope is powerful enough to image the black hole. So, in the biggest experiment of its kind, Prof Sheperd Doeleman of the Harvard-Smithsonian Centre for Astrophysics led a project to set up a network of eight linked telescopes. Together, they form the Event Horizon Telescope and can be thought of as a planet-sized array of dishes.

A team of 200 scientists pointed the networked telescopes towards M87 and scanned its heart over a period of 10 days.

The information they gathered was too much to be sent across the Internet. Instead, the data was stored on hundreds of hard drives that were flown to a central processing centres in Boston, US, and Bonn, Germany, to assemble the information.

Source: www.bbc.com

Sent to us by: Bekah Ferguson