Kaspersky Lab researchers have examined publicly available hardware and software tools for covert password interception and discovered that a hacking tool can be created for as little as $20.
In an experiment professionals used a DIY Raspberry Pi based USB-device, configured in a specific way, and carrying no malicious software. Armed with this device, they were able to covertly collect user authentication data from a corporate network at a rate of 50 password hashes per hour.
The research started with a real story: in another investigation that Kaspersky Lab experts participated in, an insider (the employee of a cleaning company) used a USB-stick to infect a workstation inside a targeted organisation with malware. Upon hearing the story, Kaspersky Lab security enthusiasts became curious about what else could be used by insiders to compromise a targeted network? And, would it be possible to compromise a network without any malware at all?
They took a Raspberry-Pi microcomputer, configured it as an Ethernet adapter, made some additional configuration changes in the OS running on the microcomputer, and installed a few publicly available tools for packet sniffing, data collection and processing. Finally, the researchers set up a server to collect intercepted data. After that, the device was connected to the targeted machine and started to automatically feed the server with stolen credential data.
The reason why this happened was that the OS on the attacked computer identified the connected Raspberry-Pi device as a wired LAN adapter, and automatically assigned it a higher priority than other available network connections and – more importantly – gave it access to data exchange in the network. The experimental network was a simulation of a segment of a real corporate network. As a result, researchers were able to collect authentication data sent by the attacked PC and its applications, as they tried to authenticate domain and remote servers. In addition, researchers were also able to collect this data from other computers in the network segment.
Moreover, as the specifics of the attack allowed for intercepted data to be sent through the network in real time, the longer the device was connected to the PC, the more data it was able to collect and transfer to a remote server. After just half an hour of the experiment researchers were able to collect nearly 30 password hashes, transferred through the attacked network, so it is easy to imagine how much data could be collected in just one day. In the worst-case scenario, the domain administrator’s authentication data could also be intercepted should they log into their account while the device is plugged-in into one of the PCs inside the domain.
The potential attack surface for this method of data interception is big: the experiment was successfully reproduced on both locked and unlocked computers running on Windows and Mac OS. However, researchers were not able to reproduce the attack on Linux based devices.
“There are two major things that we are worried about as a result of this experiment: firstly – the fact that we didn’t really have to develop the software – we used tools freely available on the Internet. Secondly – we are worried about how easy it was to prepare the proof of concept for our hacking device. This means that potentially anyone, who is familiar with the Internet and has basic programming skills, could reproduce this experiment. And it is easy to predict what could happen if this was done with malicious intent. The latter is the main reason why we decided to draw public attention to this problem. Users and corporate administrators should be prepared for this type of attack”, said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab.
Although the attack allows for the interception of password hashes (a cipher-alphabetic interpretation of a plaintext password after it has been processed by a specific obfuscation algorithm), the hashes could be deciphered into passwords, since the algorithms are known or used in pass-the-hash attacks.
In order to protect your computer or network from attacks with help of similar DIY devices, Kaspersky Lab security experts recommend the following advice:
For regular users:
- On returning to your computer, check if there are any extra USB devices sticking out of your ports.
- Avoid accepting flash drives from untrusted sources. This drive could in fact be a password interceptor.
- Make a habit of ending sessions on sites that require authentication. Usually, this means clicking on a “log out” button.
- Change passwords regularly – both on your PC and the websites you use frequently. Remember that not all of your favourite websites will use mechanisms to protect against cookie data substitution. You can use specialised password management software for the easy management of strong and secure passwords, such as the free Kaspersky Password Manager.
- Enable two-factor authentication, for example, by requesting login confirmation or use of a hardware token.
- Install and regularly update a security solution from a proven and trusted vendor.
For system administrators
- If the network topology allows it, we suggest using solely Kerberos protocol for authenticating domain users.
- Restrict privileged domain users from logging into the legacy systems, especially domain administrators.
- Domain user passwords should be changed regularly. If, for whatever reason, the organisation’s policy does not involve regular password changes, be sure to change this policy.
- All of the computers within a corporate network have to be protected with security solutions and regular updates should be ensured.
- In order to prevent the connection of unauthorised USB devices, a Device Control feature, such as that available in the Kaspersky Endpoint Security for Business suite, can be useful.
- If you own the web resource, we recommend activating the HSTS (HTTP strict transport security) which prevents switching from HTTPS to HTTP protocol and spoofing the credentials from a stolen cookie.
- If possible, disable the listening mode and activate the Client (AP) isolation setting in Wi-Fi routers and switches, disabling them from listening to other workstation traffic.
- Activate the DHCP Snooping setting to protect corporate network users from capturing their DHCP requests by fake DHCP servers.
Besides intercepting the authentication data from a corporate network the experimental device can be used for collecting cookies from browsers on the attacked machines.
SA consumers buy 3.2m smartphones in Q1
Smartphone sales in South Africa grew by 12.4% year-on-year in the first quarter of 2018, reaching around 3.2 million units for the period.
However, the value of the smartphone segment increased by 22.8% as sales of entry-level devices to low- and mid-income consumers continued to drive the market, according to point of sale data from market research firm, GfK South Africa.
GfK South Africa’s data reveals that telecommunications retail enjoyed a strong start to the year, with revenue growing 22.4% year-on-year. The growing popularity of phablets and higher unit prices (as a result of a weaker rand) helped to drive this increase in revenue, against a backdrop of low or negative growth in many segments of the consumer technology market.
“The mobile device market showed good growth in the quarter, despite rising prices during the period under review,” says Norman Muzhona, Solutions Specialist for Telecommunications at GfK South Africa. “In addition to the exchange rate, the introduction of popular, new mid-tier devices by several leading vendors helped to drive higher retail revenues in the telecoms market.”
Information technology retail revenues for the quarter contracted 4.8% compared to 2017, largely because of decreasing monitor prices and a 38.9% decline in tablet revenues. However, desktop computer revenues grew 39% and mobile computing revenues grew 6.5% year-on-year, thanks to higher prices and increased sales of higher-end products.
Says Berno Mare, Solutions Specialist for IT, Office Equipment and Value Added Services: “Retailers introduced new computing devices priced in the R3000 band during the quarter and enjoyed surprisingly strong demand for these entry-level units.
“Telcos enjoyed robust growth in mobile computing retail sales, thanks to credit deals, subsidised contracts and attractive data offers. However, South African consumers are heavily indebted, which may dampen growth for the rest of the year.”
With consumers rapidly migrating to smartphones, sales of traditional mobile phones continued to decline, down 1.6% year-on-year to around 2 million for the quarter. However, the exchange rate and the introduction of higher-priced brands helped to drive a 8.9% year-on-year revenue increase in mobile phone revenues during the period under review.
This follows the 21% drop in mobile phone unit sales in the first quarter of 2016 compared to the same period in 2015. “Operators continue to lead the transition from feature phones to smartphones as they pursue higher data revenues,” says Muzhona. “The entry-level market for smartphones is fiercely competitive, and the minimum specs of lower cost smartphones is improving all the time.”
GfK South Africa expects the migration from mobile phones to smartphones to accelerate in 2018. However, it remains to be seen if the introduction of 4G-enabled, Voice-over-LTE-ready feature phones will have any impact on the South African mobile phone market.
Sectors of the consumer electronic market that showed strong growth for the first quarter of 2018 include loudspeakers—revenues up 21.6% year-on-year, thanks to demand of Bluetooth-enabled product—and ultrahigh definition (UHD) panel TVs—where revenues grew 33%, thanks to the growing affordability of the technology. UHD unit shipments were up 76%, while the average selling price of the products fell 24%.
Other market highlights for the first quarter of 2018 include:
- Photo category revenues were up 8.1% year-on-year.
- Small domestic appliance revenues grew 8%, following a 10.3% decline in Q1 2016 over Q1 2015. Hot air fryers sold well, as did kettles and toasters.
- Major domestic appliances showed small year-on-year growth over Q1 2016, despite a decline in average selling price in many sub-categories of this market. Cooling products continued to make the highest contribution to growth in this segment.
- Office Equipment revenues declined 18% year-on-year, led downwards by lower printer and cartridge sales volumes.
What kids want online
Kaspersky Lab’s latest report on the online activities of children – based on statistics received from its solutions and modules with child protection features – highlights children’s online activities and the importance of protecting them when online. For example, video content globally, comprised 17% of searches over the last months. Although many videos watched as a result of these searches may be harmless, it is still possible for children to accidentally end up watching videos that contain inappropriate content.
The report shows anonymised statistics from Kaspersky Lab’s flagship consumer solutions for Windows PCs and Macs that have the Parental Control module switched on and from Kaspersky Safe Kids, a standalone service for Windows, Mac, iOS and Android devices.
In South Africa, communication sites (such as social media, messengers, or emails) were the most popular pages visited by computers with parental controls switched on – with users in South Africa visiting these sites in 69% of cases over the previous 12 months. Software, audio, and video accounted for 17% of searches. Websites with this content have become significantly more popular since last year, when it was only the fifth most popular category globally at 6%. The top four is rounded off with electronic commerce (4.2%) and alcohol, tobacco, and websites about narcotics (3.9%), which is a new addition compared to this time last year.
The report presents search results on the ten most-popular languages* for the last 6 months. The data shows that the video & audio category – including requests related to any video content, streaming services, video bloggers, series and movies – are the most regularly ‘googled’ by children (17% of the total requests). The second and third places go to translation (14%) and communication (10%) websites respectively. Interestingly, games websites sit in fourth place, generating only 9% of the total search requests.
We can also see a clear language difference for search requests: for example, video and music websites are typically searched for in English, which can be explained by the fact that the majority of movies, TV series and musical groups have English names. Spanish-speaking kids carry out more requests for translation sites, while communication services are mostly searched for in Russian.
More than any other nationality, Chinese-speaking children look for education services, while French-speaking kids are more interested in sport and games websites. In turn, German-speaking requests dominate in the “shopping” category. The leading number of search requests for porn are in Arabic, and for anime are in Japanese.
“Kids in different countries have different interests and online behaviors, but what links them all is their need to be protected online from potentially harmful content. Children looking for animated content could accidentally open a porn video. Or they could start searching for innocent videos and unintentionally end up on websites containing violent content, both of which could have a long-term impact on their impressionable and vulnerable minds,” says Anna Larkina, Web-content Analysis Expert at Kaspersky Lab.
As well as analysing searches, the report also looks into which websites children visit or attempt to visit that contain potentially harmful content which falls under one of the 14 preset categories** for the last 12 months.
The mobile trend is again highlighted in the figures for computer games, which are now in fifth place locally on the list at 3%. As kids continue to show a preference for mobile games rather than computer games, this category will only continue to decrease in popularity on computers over the coming months and years.
“No matter what they are doing online, it is important for parents not to leave their children’s digital activities unattended, because there’s a big difference between care and obtrusiveness. While it is important to trust your children and educate them about how to behave safely online, even your good advice cannot protect them from something unexpectedly showing up on the screen. That’s why advanced security solutions are key to ensuring children have positive online experiences, rather than harmful ones,” adds Anna Larkina.
The Kaspersky Total Security and Kaspersky Internet Security consumer solutions include a Parental Control module to help adults protect their children against online threats and block sites or apps containing inappropriate content. In turn, the Kaspersky Safe Kids solution allows parents to monitor what their children do, see or search for online across all devices, including mobile devices, and offers useful advice on how to help children behave safely online.