Android Phones Can Get Hacked Just by Looking at a PNG Image

android mobile hack with image

Using an Android device?

Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps.

Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of Google’s mobile operating system, ranging from Android 7.0 Nougat to its current Android 9.0 Pie.

The vulnerabilities, identified as CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988, have been patched in Android Open Source Project (AOSP) by Google as part of its February Android Security Updates.

However, since not every handset manufacturer rolls out security patches every month, it’s difficult to determine if your Android device will get these security patches anytime sooner.

Although Google engineers have not yet revealed any technical details explaining the vulnerabilities, the updates mention fixing “heap buffer overflow flaw,” “errors in SkPngCodec,” and bugs in some components that render PNG images.

According to the advisory, one of the three vulnerabilities, which Google considered to be the most severe one, could allow a maliciously crafted Portable Network Graphics (.PNG) image file to execute arbitrary code on the vulnerable Android devices.

As Google says, “the most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.”

A remote attacker can exploit this vulnerability just by tricking users into opening a maliciously crafted PNG image file (which is impossible to spot with the naked eye) on their Android devices sent through a mobile message service or an email app.

Including these three flaws, Google has patched a total of 42 security vulnerabilities in its mobile operating system, 11 of which are rated critical, 30 high and one moderate in severity.

The technology giant stressed that it has no reports of active exploitation or in the wild abuse of any of the vulnerabilities listed in its February security bulletin.

Google said it has notified its Android partners of all vulnerabilities a month before publication, adding that “source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours.”

Let’s block ads! (Why?)

Link to original source

Get a Lifetime Subscription to Unlimited VPN for just $59.99 (5 Devices)

vpn fast secure unlimited

For all of the undeniable conveniences the Internet has brought us, it’s becoming an increasingly dangerous place to be.

Both individual hackers and entire government agencies are now able to hack into your computer or smartphone from across the globe and steal everything from your browsing history to your credit card numbers, and they’re often able to do so without your knowledge.

A Virtual Private Network (VPN) is the first and most important line of defense against these nefarious cyber attacks, and you should never surf the Web without one—regardless of whether you’re using a public or private connection.

VPN Unlimited is an award-winning service that provides unparalleled and unlimited browsing security across up to 5 devices simultaneously (iOS, Android, Mac OS X and Windows), and right now a lifetime subscription is available for 88% off at just $59.99.

Unlike most VPNs that offer security at the expense of browsing speed, VPN Unlimited secures your connection without hogging precious bandwidth.

vpn fast secure unlimited

This subscription grants you unlimited access to a growing number of super-secure servers in over 70 locations across the globe—including the USA, UK, Canada, Australia, and Hong Kong—and you’ll be able to utilize a wide variety of VPN protocols including IKEv2 and OpenVPN in order to optimize your connection based on your specific browsing needs.

You’ll also be able to protect your entire family’s online activity without restriction and use a variety of browsing tools such as Trusted Networks, Ping Test, and Favorite Servers to ensure that you’re making the most of your connection at all times.

This service even lets you bypass those obnoxious content filters when you travel overseas—meaning you’ll be able to keep up with your favorite streaming content on sites like Netflix and Hulu.

Safeguard your data and privacy online with a lifetime subscription to VPN Unlimited for just $59—88% off its usual price for a limited time.

Let’s block ads! (Why?)

Link to original source

Critical Zcash Bug Could Have Allowed 'Infinite Counterfeit' Cryptocurrency

zcash cryptocurrency hack

The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC).

Yes, infinite… like a never-ending source of money.

Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to be more anonymous than Bitcoin, as the sender, recipient, and value of transactions remain hidden.

In a blog post published today, the Zerocoin Electric Coin Company—the startup behind Zcash—revealed that one of its employees, Ariel Gabizon, discovered the vulnerability in its code on 1st March 2018, the night prior to his talk at the Financial Cryptography conference almost a year ago.

Gabizon contacted Sean Bowe, a Zcash Company’s cryptographer, immediately after discovering the counterfeiting vulnerability, as dubbed by the team, and the team decided to keep the flaw secret in order to avoid the risk of attackers exploiting it.

According to the company, only four Zcash employees were aware of the issue before a fix was covertly included in the Zcash network on 28th October 2018.

Besides this, since “discovering this vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess,” the company believes that no one else was aware of this flaw and that no counterfeiting occurred in Zcash.

Now, the Zcash team detailed all about the vulnerability on its official site to inform the broader public, which if exploited, would have allowed an attacker to print an infinite amount of Zcash tokens.

Details of the Catastrophic Zcash Vulnerability

According to the team, the counterfeiting vulnerability resided in the variant of zk-SNARKs—an implementation of zero-knowledge cryptography Zcash uses to encrypt and shield the transactions—which has independently been implemented by other projects.

Both Komodo blockchains and Horizen (previously known as ZenCash) suffered from the same issue and reportedly fixed it on their platforms after being notified by the Zcash team back in mid-November 2018 via an encrypted email.

The vulnerability was the result of a “parameter setup algorithm” that allowed “a cheating prover to circumvent a consistency check” and thereby transformed “the proof of one statement into a valid-looking proof of a different statement.”

Anyone with access to the multi-party computation (MPC) ceremony transcript, which is used to set up the privacy features for Zcash, would have been able to create false proofs, granting them the ability to create an unlimited amount of shielded coins.

Though the developers found no evidence of counterfeiting occurred in Zcash, they confirmed that the vulnerability had existed for years.

“The vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code,” the company writes.

Since Zcash is private, even if someone could have counterfeited Zcash in the past, there’s no way to find out. However, the Zcash Company argued that it “studied the blockchain for evidence of exploitation: An attack might leave a specific kind of footprint. We found no such footprint.”

Fixes for this vulnerability were implemented in the Zcash Sapling network upgrade in October 2018, and some, including former NSA whistleblower Edward Snowden, have applauded the team’s handling of the flaw.

Let’s block ads! (Why?)

Link to original source

How to Delete Accidentally Sent Messages, Photos on Facebook Messenger

unsend delete facebook messages

Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat?

Of course, you have. We have all been through drunk texts and embarrassing photos many times that we later regret sending but are forced to live with our mistakes.

Good news, Facebook is now giving us a way to erase our little embarrassments.

After offering a similar feature to WhatsApp users two years ago, Facebook is now rolling out a long-promised option to delete text messages, photos, or videos inside its Messenger application starting from Tuesday, February 5.

You Have 10 Minutes to Delete Sent Facebook Messages

The unsend feature allows users to delete a message within 10 minutes of sending it, for both individual and group chats.

Previously, Messenger offered the “delete” option that allowed users to only delete messages for them—but the recipient can still see the message. Now, the option includes two choices “remove for everyone” and “remove for you,” giving users more control over their already sent messages.

unsend delete facebook messages

The social network promised the unsend feature in Messenger after it was revealed last year that Facebook CEO Mark Zuckerberg had an option to “delete” messages that were sent on the messaging app.

As promised, the company has now made the unsend option available to all users.

Obviously, unsend does not mean unseen. If you send a message and the receiver see it immediately after receiving it, and before you think of deleting it, the unsend feature won’t help you.

But your quickest move might help you unsend the message so that it is not seen on the other side of the conversation.

Here’s How to Unsend Messages on Facebook Messenger

It is quite simple and straightforward.

  • Long press on the message you want to remove.
  • You will get both a standard emoji response window on the top of that message, as well as three options at the bottom of the screen: Copy, Remove, and Forward.
  • Selecting the Remove option will then display two options: “Remove for Everyone” and “Remove for You.”
  • You know what you have to do now. Tapping the “Remove for Everyone” option will remove the message from the chat so that nobody can see the message after that.

It should be noted that the unsend feature also works for removing photos and videos sent to a user.

Just like WhatsApp, Messenger will replace the removed chat bubble with a text message notifying everyone in the conversation that the message has been removed. But remember, you will have up to 10 minutes to remove the message after being sent.

The Remove for You option will function in the same way the previous Delete option works.

Facebook is not the first one to offer an “unsend” feature in its chat services, including WhatsApp and Messenger. Secure messaging app Telegram has also been allowing its users to remove messages since years.

Let’s block ads! (Why?)

Link to original source

Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs

remote desktop protocol hacking

You’ve always been warned not to share remote access to your computer with any untrusted people for many reasons—it’s basic cyber security advice, and common sense, right?

But what if I say, you should not even trust anyone who invites or offers you full remote access to their computers?

Security researchers at cybersecurity firm Check Point have discovered more than two dozen vulnerabilities in both open-source RDP clients and Microsoft’s own proprietary client that could allow a malicious RDP server to compromise a client computer, reversely.

RDP, or Remote Desktop Protocol, allows users to connect to remote computers. The protocol is usually used by technical users and IT administrators to remotely connect to other devices on the network.

RDP was initially developed by Microsoft for its Windows operating system, but there are several open source clients for the RDP protocol that can be used on Linux as well as Unix systems.

Check Point researchers recently conducted a detailed analysis of three popular and most commonly used RDP clients—FreeRDP, rdesktop, and Windows built-in RDP client—and identified a total of 25 security flaws, some of which could even allow a malicious RDP server to remotely take control of computers running the client RDP software.

FreeRDP, the most popular and mature open-source RDP client on Github, has been found vulnerable to six vulnerabilities, five of which are major memory corruption issues that could even result in remote code execution on the client’s computer.

[embedded content]

rdesktop, an older open-source RDP client that comes by default in Kali Linux distributions, has been found to be the most vulnerable RDP client with a total of 19 vulnerabilities, 11 of which could allow a malicious RDP server to execute arbitrary code on the client’s computer.

Though Windows built-in RDP client does not contain any remote code execution flaw, researchers discovered some interesting attack scenarios that are possible because the client and the server share the clipboard data, allowing the client to access and modify clipboard data on the server end and vice-versa.

“A malicious RDP server can eavesdrop on the client’s clipboard—this is a feature, not a bug. For example, the client locally copies an admin password, and now the server has it too,” researchers say while explaining the first attack scenario.

“A malicious RDP server can modify any clipboard content used by the client, even if the client does not issue a ‘copy’ operation inside the RDP window. If you click ‘paste’ when an RDP connection is open, you are vulnerable to this kind of attack,” reads the second attack scenario.

What’s more? In another video, researchers demonstrated how the clipboard attack using Microsoft’s RDP software could even allow malicious RDP server to trick client system into saving a malware file in Windows’ startup folder, which will automatically get executed every time the system boots.

Researchers reported the vulnerabilities to the developers of the impacted RDP clients in October 2018.

[embedded content]

FreeRDP patched the flaws as part of its v2.0.0-rc4 release and rolled out the software release to its GitHub repository less than a month after being notified.

Rdesktop patched the issues as part of its v1.8.4 release and rolled out the fix in mid-January.

Microsoft acknowledged the researchers’ findings but decided not to address the issues. The tech giant said: “We determined your finding is valid but does not meet our bar for servicing. For more information, please see the Microsoft Security Servicing Criteria for Windows (https://aka.ms/windowscriteria).”

However, Windows RDP client users can protect themselves against the attacks demonstrated by the researchers by merely disabling the clipboard-sharing feature, which comes enabled by default, when connecting to a remote machine.

Let’s block ads! (Why?)

Link to original source