• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Android Bitcoin Wallets Broken – WSWiR in Words

August 16, 2013 By Corey Nachreiner

Hacked Baby Monitors, Broken Bitcoins, and Apache Exploit Kits

By the time you see this on Friday, I’ll be hiking and camping in the Olympic National Forest. I’m taking a day off this week for an extended camping weekend. Unfortunately, that also means I did not have time to produce a full InfoSec summary video… but fear not.

In lieu of this week’s video, I’m leaving you with a written summary of the interesting security stories I would have covered this week. Check out the quick summaries below, and don’t forget to take a peek at the Extra Stories section for links to other interesting news:

  1. Exploit Kit Released for Apache Struts Framework – Struts is an open source framework for creating Java web applications, created by the Apache Software Foundation. A month ago, Apache released a patch for Struts to fix a number of highly critical vulnerabilities. This week, researchers at Trend Micro discovered that Chinese attackers have created and are sharing an automated toolkit designed to make it very easy to exploit these Struts flaw. Ultimately, the toolkit give attackers enough control that they can inject a malicious backdoor onto vulnerable Struts servers. I you are a web administrator who uses Struts, and you haven’t upgraded yet, you should do so immediately.
  2. Miscreants Troll a Toddler Via a Hacked Baby Monitor – This week, a story came out about parents who heard some hoodlums yelling and cursing at their two year old daughter via a Foscam brand baby monitor, which had allegedly been hacked.

    This isn’t too surprising. Over the years, researchers have discovered and shared many vulnerabilities in IP-based webcams like these Foscam cameras. The Foscam cameras in particular have suffered from directory traversal and cross-site scripting vulnerabilities, both of which could help attackers gain unauthenticated access to the administrative credentials for the cameras. Researchers have even released tools like getmecamtool, which attackers could use to inject malicious firmwares onto these cameras, allowing them to do all sorts of mischief. Finally, tools like Shodan make it dead simple for attackers to find thousands of potential victims easily.

    The good news is Foscam has patched many of these flaws. The bad news is average consumers don’t realize they need to update firmware for hardware devices. If you use any sort of IP-based webcam, I recommend you update its firmware regularly. By the way, there was a semi-happy ending to this baby trolling story. The toddler in question is  deaf, so all the yelling in the world didn’t bother her in the least.

  3. Flaw in Android Bitcoin Wallets results in Bitcoin Pickpocketing – If you use an Android-based Bitcoin wallet, it’s time to move your Bitcoin. According to an advisory this week, Android Bitcoin wallets are unsafe.

    Let me explain. Bitcoin relies on public/private cryptography to protect its virtual currency and transactions. This means that devices that support Bitcoin have to regularly generate public and private keys. The algorithms used to create these keys rely on an element of randomness. If you don’t add enough randomness to the equation, your keys become weaker and easier to predict. Computing devices rely on Randon Number Generators (RNG) to try and create random elements. Unfortunately, creating, random numbers on computer is a fairly difficult problem, since they are very ordered and systematic systems. Usually, computers can only generate psuedorandom numbers.Anyway, it turns out that most Android Bitcoin wallets rely on a particular Java class to create the random numbers necessary to generate private keys. More to the point, this Java class is not good at randomness. This means the private key it generates are much easier to crack than they should be… and this isn’t a theoretical flaw either. Attacker have already exploited it to steal at least 55 Bitcoin, which are worth over $5000 US dollars.

    So what can you do? If you use an Android Bitcoin wallet, you should at least temporarily setup a wallet on another device (preferably a traditional computer) and transfer all your Bitcoin to that wallet. Over the next few weeks and months, Android Bitcoin apps should update to fix this problem. Once they do, you can transfer your Bitcoin back to your Android device. As an Aside, there have also been a number of stories this week about governments and banks starting to look into Bitcoin regulation, and closing Bitcoin accounts. If you’re a Bitcoin user, you may want to consider that governments may try to start and regulate the currency.

Direct YouTube Link: http://www.youtube.com/watch?v=KVxUHCdVM9c (Runtime: 00:30)

Extra Stories:

  • Android malware uses Google Cloud Messaging as C&C – Securelist Blog
  • Research hacks wireless light bulbs (interesting, but ultimately not a huge issue) – Ars Technica
  • Chinese language Dalai Lama related site hijacked to server malware – Business Insider
  • Syrian Electronic Army hack more media sites via OutBrain – ITPro
  • Another Department of Energy data breach – The Verge
  • Joomla exploit circulating in the wild – Help Net Security

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Blackhat, botnet, Chrome, Defcon, FBI, Fort Disco, Hacking, Infosec news, javascript, Malware, NSA, password, password security, Security breach, Software vulnerabilities, SSL, TLS, Tor, Torsploit, trojan

Comments

  1. Alexander Kushnarev (Rainbow Security) says

    August 20, 2013 at 2:59 am

    Situation with compromized unique ID, used to register malware in Google Cloud Messaging Service (“Android malware uses Google Cloud Messaging as C&C” article) reminds me incidents with Developer IDs for Apple iOS…Similar logic. Thus, protection concept, makes use of developer profiles and different kind of random digital identificators are getting more weaker. No good. Not sure, but guess that next steps from developers will be: “confirm / update / re-sign your developer’s credentials N times per N days”, as well as creating globaly available “black lists” of compromized digital credentials…

    Reply
  2. ニューバランス 996 レディース says

    October 18, 2013 at 12:19 am

    Initially seem, it sounds as if the protection products and solutions companies are so advanced, this with no specialist knowledge it’s not actually possible to understand what sort of products and solutions you require. It might seem it is a great deal difficult so that you can evaluate precisely what solutions really exist, precisely what to get they can be utilised as well as what type fits your needs to pay for.
    ニューバランス 996 レディース http://www.bluedogglass.com.au/working/newblance.html

    Reply
  3. Elouise says

    November 30, 2013 at 9:57 pm

    Nice blog here! Also your website loads up fast! What
    host are you using? Can I get your affiliate link to your host?
    I wish my web site loaded up as quickly as yours lol

    Reply
  4. football says

    July 16, 2014 at 11:41 am

    That brings us to quite possibly the most intriguing match-up to that point
    of the season when Oregon comes to Rice-Eccles. Do you wear your
    own football package when actively playing football along with friends on the
    park or even wear your shirt casually around town or perhaps is this your
    ritual to wear your groups colors when going down to the pub.
    There are some excellent websites that offer live football matches, as well as live
    match scores, for one low price.

    Reply
  5. http://besthometheaterreceiver2014.com says

    September 24, 2014 at 8:15 am

    I am truly thankful to the holder of this website who has
    shared this wonderful post at here.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use