Netizen Cybersecurity Bulletin: 8 August 2018 Edition

In this issue:

In this week’s issue, you’ll find information regarding the most current critical threats and preventative measures to lessen the chances of a breach.

  • Cracking WPA2
  • Popular Social Media Site Hacked by “SMS Intercept”
  • Is your printer spying on you? HP releases important patches.
  • How can Netizen Help?

Cracking WPA2

A new method of attack against cracking the famed secure wireless protection protocol has been discovered. This new method simplifies the cracking of WPA/WPA2 passwords on 802.11 networks. In the past an attacker would have to wait for a user to login in an effort to capture a full authentication handshake, whereas with this new method, would only have to obtain a single frame from the router; this can be obtained from the access point (AP) as it is a customary part of the protocol. The tool used to discover this vulnerability is known as Hashcat and will work on nearly all routers operating on 802.11i/p/q/r networks with roaming enabled.

An attacker would retrieve the Pairwise Master Key Identifier (PMKID), just by simply trying to authenticate and grabbing a single frame, which can then be cracked to retrieve the Pre-Shared Key (PSK) of the wireless network. Something else users should be aware of is that this does not mean cracking the wireless network password is easier. However, the process of acquiring a hash that can be attacked to get to the wireless password is much easier. The default PSK length generated by manufacturers can be cracked in as little as eight days.

Recommendations:

It is our recommendation that to protect keys from being simplified and cracked, that users create and implement their own keys rather than using one generated by the manufacturer (router by default). It is especially recommended that this key should be long, complex, and consist of numbers, camel-case lettering, and symbols.

Popular Social Media Site Hacked by “SMS Intercept”

The popular social media site Reddit has recently suffered a security breach by hackers bypassing two-factor authentication measures using a technique called SMS intercept. The attackers were able to access all of Reddit’s user data from 2007 and before, most of it including account credentials and email addresses.

Two-factor authentication, or 2FA as it is often referred to, is an extra layer of security called multi-factor authentication that requires in addition to a password, something that only that person would have on them. This could be either a security token, RFID tag, or the more popular method of using an SMS code sent to a cell phone. Using both of these together makes it much harder for potential hackers to gain access to a users account as it would require the physical access to the physical token.

Unfortunately, hackers have found that by spoofing a cell phone’s sim card they can claim access to any cell phone number they want. By doing so, they can intercept all SMS messages destined for the target’s phone. Hackers can then use this in order to obtain the necessary SMS codes sent by accounts setup with two-factor authentication to gain unauthorized access.

Recommendations:

  • Enforce multi-factor authentication whenever possible using physical security tokens rather than SMS codes.
  • Use a password manager to vary passwords used for different sites to minimize risk should one password be compromised.
  • Ensure important database information such as passwords is utilizing encryption-at-rest.

Is your printer spying on you? HP releases important patches.

Late last month, HP invited a select group of security researchers to hack their printers, with the rewards ranging from $500 to $10,000 per bug.  HP, who claims to provide “the world’s most secure printing” devices, told the researchers to hone in on firmware-level vulnerabilities in their July 31 Bug Bounty program.

And the researchers said ‘Challenge accepted!’

HP has released firmware patches this week that address two nasty security vulnerabilities make hundreds of HP Inkjet printers vulnerable to remote code execution. HP recommended applying firmware update patches “as soon as possible.”

Many people may think, “What could happen if someone hacked my printer?  Inappropriate print jobs?”  Yes, but that’s a minor risk.  Once the printer’s Operating System is compromised, it can be used as a launch point to scan the LAN for vulnerable PCs. If a vulnerable PC is found and compromised, it could be configured to serve as a proxy within the company firewall.  That’s a big risk.

HP’s security bulletin lists hundreds of printer models affected. Users can go to https://support.hp.com/us-en/drivers/printers and enter printer model names to determine whether there are patches available for your device.   If HP rushed these updates less than a week after their Bug Bounty program began, it’s likely they will provide more patches soon.

Other printer manufacturers offer similar lookups.  Like any connected device, printers need to have their operating system/firmware updated routinely as well.  Make sure your systems are updated appropriately.

How can Netizen help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.  We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management) certified company.

ISO

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s