Researcher found 70% Wi-Fi networks in Tel Aviv are hackable

 by Waqason October 28th, 2021 in HackRead

While examining Wi-Fi networks in Tel Aviv, Israel, 70% or around three-quarters of home and small-scale office Wi-Fi network passwords were vulnerable to hacking using inexpensive hacking tools.

CyberArk’s security researcher made a startling discovery while examining Wi-Fi networks in Tel Aviv, Israel. According to the researcher Ido Hoorvitch, 70% or around three-quarters of home and small-scale office Wi-Fi network passwords were vulnerable to hacking using inexpensive hacking tools.

Network Routers Hackable with Inexpensive Tools

Hoorvitch gathered a sample of 5,000 network hashes from across the city with Wi-Fi sniffing gear to use for this examination. He then identified that the attack could be launched using a laptop and a Wi-Fi signal extender, which cost no more than $50. Moreover, he claims that the full hacking setup can be fitted into a backpack.

Then, a signal booster is used to run scripts to exploit the vulnerabilities previously identified in the Robust Security Network Information Element (RSNIF), which allowed him to extract hashed Pairwise Master Key Identifier or PMKID network keys without intercepting the traffic.

SEE: This map shows free WiFi passwords from airports worldwide

Hence, he could crack the passwords of most of the network router passwords through Wi-Fi sniffing and open-source hacking tools. Some of the other tools Hoorvitch used to hack Wi-Fi network routers include packet capture tools and hardware drivers that enable monitor mode when synced with the signal extender.

 

How The Hack Works?

Using the Wi-Fi sniffing setup, the researcher picked up hashed passwords for sampling while wandering across Tel Aviv metropolitan area. According to Hoorvitch, just this area houses over 3.9 million residents, and this indicates the high number of vulnerable devices.

“You can imagine what the numbers would have been had we not cut our research off at 5,000 Wi-Fi networks. And while this research was conducted in Tel Aviv, the routers that were susceptible to this attack — from many of the world’s largest vendors — are used by households and businesses worldwide,” he explained in a blog post.

Then the process of decoding the passwords began, which was an easy feat to accomplish since Israeli networks use the owner’s mobile phone number as the router’s password. He passed the hashed passwords with the Hashcat tool and could crack 2,200 passcodes out of 5,000.

SEE: Tesla cars can be remotely hacked using drone, WIFI dongle

Another pass allowed him to crack more passcodes, and by the end of the research, Hoorvitch had obtained around 3,559 valid passcodes out of 5,000 sniffed samples.

However, he discovered a problem with this attack method- that it worked only when Wi-Fi roaming was enabled on the targeted routers, and not all routers supported this feature. So, such routers weren’t susceptible to the PMKID attack.

“However, our research found that routers manufactured by many of the world’s largest vendors are vulnerable,” the researcher concluded.

How to Protect your Network Against PMKID Attack?

If you want to protect your networks, Hoorvitch suggests following best practices like using a lengthy and complex password and regularly updating the default login settings. In addition to this, you must update router firmware, turn off Wi-Fi Protected Setup, and disable WAP1 and WAP (Wi-Fi Application Protocol) specifications.

“The bottom line is that in a couple of hours and with approximately $50, your neighbor or a malicious actor can compromise your privacy and much more if you don’t have a strong password.”     

Trojan Source attack lets hackers exploit source code

 by Waqas on November 1st, 2021 in HackRead

Trojan Source attack impacts all popular programming language compilers, such as C, C++, C#, Java, JavaScript, Python, Rust, and Go.

A research paper published by Cambridge University researchers Ross Anderson and Nicholas Boucher, titled “Trojan Source: Invisible Vulnerabilities,” reveals details of a unique class of vulnerabilities that can be exploited to inject malware in the source code without getting detected.

According to the research, the malware can alter the source code’s defined logic, allowing a range of first-party and supply-chain risks. The issue lies in Unicode, a digital text encoding standard that enables computers to exchange information no matter which language is used.

Currently, Unicode defines over 143,000 characters in 154 different languages scripts and many non-script character sets like emojis.

 

About Trojan Source Attacks

This technique exploits the text-encoding standards’ subtleties, including Unicode, so as to produce a different source code, the tokens of which are logically encoded in a completely different order from the original one. This can create vulnerabilities that human code reviewers cannot perceive directly.

These vulnerabilities are classified as — CVE-2021-42574 and CVE-2021-42694 impact all popular programming language compilers, such as:

• Go
• C#
• C, C++
• Rust
• Java
• Python
• JavaScript

“The fact that the Trojan Source vulnerability affects almost all computer languages makes it a rare opportunity for a system-wide and ecologically valid cross-platform and cross-vendor comparison of responses,” the paper [PDF] read.

For your information, compiler programs are responsible for interpreting high-level human-readable source code into their lower-level representations that the OS can execute. These include object code, assembly language, and machine code.

How is Unicode Algorithm Exploited?

The core issue lies in the Bidi (bidirectional) algorithm of Unicode. This algorithm encourages support for left-to-right and right-to-left languages, such as English and Arabic, respectively. Moreover, it also features Bidi overrides to enable writing of left-to-right words within a right-to-left sentence or vice versa. Hence, it forces the left-to-right text to be used as right-to-left.

Unicode directionality formatting characters relevant to reordering attacks.

But while the compiler’s output is required to implement the source code correctly, any alterations generated by injecting Unicode Bidi override characters into strings and comments can yield a syntactically valid source code where the characters’ display order present a different logic from the actual one.

The Attack details

The source code files’ encoding is exploited to create targeted vulnerabilities instead of introducing logical bugs independently. This allows visual reordering of tokens in the source code. When rendered acceptably, the compiler is tricked into processing the code in a novel way, thus modifying the program flow. For instance, it can make a comment appear as a code.

Therefore, if Program A is anagrammed into Program B, the change in code logic would be subtle enough to remain undetected in further testing as an adversary can introduce targeted vulnerabilities, and these would remain hidden.

“You can use them in source code that appears innocuous to a human reviewer [that] can actually do something nasty. That’s bad news for projects like Linux and Webkit that accept contributions from random people, subject them to manual review, then incorporate them into critical code. This vulnerability is, as far as I know, the first one to affect almost everything,” wrote Ross Anderson.

Impact on The Supply Chain

These encodings can impact the supply chain because when invisible software vulnerabilities are injected into open-source software, it will eventually affect all users. Furthermore, researchers warned that Trojan Source attacks’ impact could be severer if an attacker uses homoglyphs to redefine pre-existing functions within an upstream package, thus, invoking them from a victim program.

“As powerful supply-chain attacks can be launched easily using these techniques, it is essential for organizations that participate in a software supply chain to implement defenses,” researchers warned.