Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

5 important security questions...


  • Please log in to reply
12 replies to this topic

#1 kingneil

kingneil

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 10 June 2015 - 08:23 PM

I have some important security questions that I would like answered.
 
1. If you were to strip down a web browser to remove all plugins and Javacsript... are there any browser exploits that would work...? Can it still be hacked..?
 
2. How would you go about downloading something like Tor or Tails properly, given that the NSA has packet injection systems like QUANTUMINSERT (see Snowden docs)..? Couldn't they just send you a fake version of Tor, which has spying built into it..?
 
3. Can the BIOS of a computer communicate with the network, or not...? I've heard about BIOS keyloggers, but how could the BIOS even transfer that keylogged data to anywhere else on the system...? Surely, unless the main operating system requested data from the BIOS, then it couldn't obtain it in the first place...? Surely the BIOS can't just push out this data over the network by itself...?
 
4. If you were to use a tool like DBAN to totally write over the hard drive, would that totally wipe out any viruses...? I guess this goes back to the question on whether viruses can really hide in BIOS or not...
 
5. If you were to use a recording app on a phone or computer, would this prevent someone listening to the microphone in the background... picking up background noise...?? I have noticed on a computer that a microphone can only be accessed by one application at a time... Like, if you use Audacity and Windows sound recorder at the same time, it won't let you.... So, if I had an app constantly recording in the background, would that prevent someone from using a hack to listen to me in the background...? 
 
Thanks


BC AdBot (Login to Remove)

 


#2 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:05:42 AM

Posted 10 June 2015 - 09:55 PM



1. If you were to strip down a web browser to remove all plugins and Javacsript... are there any browser exploits that would work...? Can it still be hacked..?

 

The browser itself may be vulnerable.  It's important to ensure that your device and all applications are kept up-to-date.  Remember, browser-based exploitation is only one attack vector in an exponentially growing methods of compromise.  Your underlying operating system maye be vulnerable; you may be running vulnerable versions of software, etc.  So yes, in general, you can still be hacked even if you take all of the proper steps to harden your browser.  Remember, we are layer 8 on the OSI model; we are the weakest link.  Don't forget that phishing and the social engineering category as a whole is the most dangerous; there are no patches for your mind other than to harden it with continuous education.

 

2. How would you go about downloading something like Tor or Tails properly, given that the NSA has packet injection systems like QUANTUMINSERT (see Snowden docs)..? Couldn't they just send you a fake version of Tor, which has spying built into it..?

 

Realistically, if the NSA wanted to know something about you (and you are in the US), it's likely that they actually already know it; or, rather, they will obtain that information regardless of whether you download anything.  That being said, I don't think the NSA as a whole is blindly using this technology to backdoor regular, every-day TOR downloads.  Even if they did, your browsing activity shouldn't matter to them; if you abide by the law, you have nothing to worry about.

 

3. Can the BIOS of a computer communicate with the network, or not...? I've heard about BIOS keyloggers, but how could the BIOS even transfer that keylogged data to anywhere else on the system...? Surely, unless the main operating system requested data from the BIOS, then it couldn't obtain it in the first place...? Surely the BIOS can't just push out this data over the network by itself...?

 

BIOS infections are extremely rare.  The sophistication of this malware and the skill-level of the author are exceptionally high.  I cannot answer all of your questions without speculation, but the BIOS is essentially a bunch of code to your OS.  To add components including networking, file system writing, etc. seems to be very unlikely due to the additional code required (thus increasing the BIOS' size).  For a BIOS keylogger to work, it would have to store the logs somewhere.  This is where my previous "file system writing" comment can be re-considered; as the BIOS would likely not support file system access/writing for all file systems due to the sheer amount of code required to do so.  But considering BIOS malware is at the firmware-level, and the most likely chance of receiving it is via a pre-infected device, it's not unlikely that the specific file system of the device was already taken into account, and who knows what else may reside on the previously-dirty device.

 

4. If you were to use a tool like DBAN to totally write over the hard drive, would that totally wipe out any viruses...? I guess this goes back to the question on whether viruses can really hide in BIOS or not...

 

No data removal software is perfect.  DBAN openly states that it cannot wipe SSDs.  Additionally, wiping your HDD is not good enough for BIOS malware (obviously) and wiping your HDD will not remove rootkits (that infect the MBR).  For rootkits, just delete the infected partitions and re-build.

 

5. If you were to use a recording app on a phone or computer, would this prevent someone listening to the microphone in the background... picking up background noise...?? I have noticed on a computer that a microphone can only be accessed by one application at a time... Like, if you use Audacity and Windows sound recorder at the same time, it won't let you.... So, if I had an app constantly recording in the background, would that prevent someone from using a hack to listen to me in the background...? 

 

That's ridiculous paranoia.  If someone has access to your computer, they'll just shut off your background application.  There are alternate methods of accessing your microphone and/or recording picture and sounds.  I wouldn't stress this too much, rather, I would focus on hardening your device and ensuring that you are following best practices when it comes to safeguarding your data and device(s).

 


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:42 AM

Posted 11 June 2015 - 12:43 AM

Just FYI... there is one BIOS malware in the wild - Mebromi - but it has a lot of signs and it cannot infect all BIOSes, only Award BIOS. Rootkits can be wiped out by complete destruction of the data on the hard drive.

#4 PresComm

PresComm

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 11 June 2015 - 06:56 AM

On the subject of HDD malware...

 

Aside from rootkits, there is HDD firmware malware, such as that used by Equation and being visited by researchers as we speak. And a format, repartition, wipe, etc. will not remove firmware malware. A flash of the HDD's firmware would be needed to remove it. Still, the chances of you running into that are slim. Very, very slim.

 

Readings:

 

https://blog.kaspersky.com/equation-hdd-malware/

http://www.malwaretech.com/2015/04/hard-disk-firmware-hacking-part-1.html


Edited by PresComm, 11 June 2015 - 06:57 AM.


#5 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:42 AM

Posted 11 June 2015 - 07:14 AM

IBM 5150 dual FD 20MG-HD 640BaseMem&386ExtMEM DOS 3.03, well-configured config.sys & autoexec.bat, WordPerfect/DOS, dBASE3/DOS, QuatroPro/DOS, and an happy user -- is one line of defense.

Seriously speaking, the best line of defense is a user who knows what projects, jobs, ThingsToDo, ie goals for, the computer is going to be used for, knows how to get the best software to accomplish the goals, knows how to get reasonable-priced and free security programs, knows how to make restorable OS and partition backups onto external media, and: have fun with the computer. Anything that actually goes wrong -- that's what expert forums such as BleepingComputer [and a few others] are for.

Edited by RolandJS, 11 June 2015 - 07:19 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#6 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 AM

Posted 11 June 2015 - 01:10 PM

1. Use Noscript and Malwarebytes anti-exploit. They work well both running on a system at the time. These two tools (Noscript is a browser add-on for firefox, malwarebytes anti-exploit is a program which adds a "defensive wall" "behind" the browser and "infront" of a regular antivirus) should make most drive-by and exploit attacks impossible. I haven't suffered any infections since the day I installed NoScript, malwarebytes anti-exploit provides extra protection incase I were to acidentaly allow something malicious. Both are great for ordinary users, though you will need to get used to sometimes having to make a few extra clicks when you visit certain sites to allow the scripts and objects needed to run videos and things. You should also make sure plugins are set to "ask to activate" (firefox) or "let me choose when to run plugin content" (chrome) or disabled entirely (for those you don't use at all). Noscript only works for firefox, there is no version for chrome or IE, but there are similar extensions which exist for chrome(though I don't know how good they are). The tips in answer to this first of your 5 questions are things which every-day users have very good reason to be concerned about.


2. The Tor site gives instructons on this. They have posted the digital signature hash of the tor download, if you think you need tor, and if you feel concerned about the (fairly unlikely) possibility of your download being compromised then just check the hash on the file you download against the hash on tor's website. The possibility of this sort of download compromise is not something you generally need to worry about as long as the download comes from a trustworthy website, tor's own website should be trustworthy. Always download programs, whatever program they might be, from the developer's/manufacturer's site and not via third party download sites.


5. If microphones and cameras concern you then your best option is to use a physical method to stop them, for the web cam make a little cardboard box with some carefully placed slits cut into it so it can "hook" over the top of the screen, this will obscure the camera so it can't see anything. For microphones place some sort of sound muffling material over them (whether this is easy depends on where the microphone is, whatever you do don't cover any ventilation holes though) and maybe build a white/pink-noise machine if you are really concerned. There are many online tutorials for making white/pink noise machines.

Edited by rp88, 11 June 2015 - 01:19 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:42 AM

Posted 11 June 2015 - 04:43 PM

Bios (firmware) virus's exist but are very rare. Researchers have demonstrated in a test environment proof-of-concept viruses that could modify the flash BIOS or install a rootkit on the BIOS of some systems so that it could survive a reformat and reinfected a clean disk. This type of malware exists primarily in-the-wild and is not generic...meaning it's vendor specific and cannot modify all types of BIOS. Although in February 2015, Kaspersky Labs reported "persistent, invisible espionage malware inside the firmware of hard drives compatible with nearly all major hard drive brands: Seagate, Western Digital, Samsung". This particular threat targeted government and military institutions, telecom and energy companies, nuclear research facilities, oil companies, encryption software developers, and media outlets.This is a quote from my Security Colleague, Elise who works with the Emsisoft Anti-Malware Research Team.

Firmware is typically a small piece of software coded directly into a device (for example a video card or DVD writer) necessary for the device to function correctly. This code is highly device-dependent, different manufacturers and different models all require specific firmware. For that reason a firmware infection is not only highly unlikely but also very impractical for a malware writer. Someone who wants to create a successful infection not only needs to make sure the malware stays on the system (by making it harder to detect and delete), but also that it is distributed on a large scale. Deploying a firmware rootkit on a large scale is close to impossible as you'd have to write a lot of different versions for different hardware models.


These articles explain the complexity of the UEFI (Unified Extensible Firmware Interface), secure boot protocol and exploitation.Fortunately, it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale. Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than a BIOS virus.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 kingneil

kingneil
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 June 2015 - 08:23 PM

OP here.

 

OK.... Some interesting responses.

 

The thing that I really want to know, above all, is whether you could use a 2nd recording app, to prevent a mic from being listened to in the background.

 

I have personally used systems like removing a mic, or smashing a mic with needles, and using an external plug-in mic.

 

But this is not practical for other people. They don't want to use a plug-in mic whenever they want to make a call.

 

So..... this is why I wanted to create some kind of app for Android/iPhone etc that essentially records in the background constantly, and deletes the recording constantly too... The purpose is to use up the mic all the time, so it can't be used by Spyware.

 

I just want to know whether this works, or whether it really is possible for mics to be used by 2 apps simultaneously anyway.

Thanks



#9 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:42 AM

Posted 13 June 2015 - 12:14 PM

I should guess it is possible for two programs to use the microphone at once, afterall it is just a source of information, I don't see any practical reason why multiple programs can't simultaneously view data coming from that same source at the same time.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:02:42 AM

Posted 13 June 2015 - 05:03 PM

So..... this is why I wanted to create some kind of app for Android/iPhone etc that essentially records in the background constantly, and deletes the recording constantly too... The purpose is to use up the mic all the time, so it can't be used by Spyware.


So the extra processes and battery drain would be acceptable how?

Since battery longevity is the number one factor for mobile operations according to numerous polls.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#11 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:09:42 PM

Posted 13 June 2015 - 10:32 PM

OP here.
 
The thing that I really want to know, above all, is whether you could use a 2nd recording app, to prevent a mic from being listened to in the background.
 
I have personally used systems like removing a mic, or smashing a mic with needles, and using an external plug-in mic.
 
But this is not practical for other people. They don't want to use a plug-in mic whenever they want to make a call.
 
So..... this is why I wanted to create some kind of app for Android/iPhone etc that essentially records in the background constantly, and deletes the recording constantly too... The purpose is to use up the mic all the time, so it can't be used by Spyware.
 
I just want to know whether this works, or whether it really is possible for mics to be used by 2 apps simultaneously anyway.

Thanks

Today miniature Electret microphones http://en.wikipedia.org/wiki/Electret_microphone are used in all types of mobile phones (Android/iPhone) and laptops.

Electret microphone. http://www.ti.com/lit/ug/tidu765/tidu765.pdf

To disable the in-built microphone in a laptop, just plugin a 3.5 mm male jack (as shown) gotimo1337328705895.jpg into the microphone socket on the laptop.

This will disconnect the internal in-built microphone in a laptop.

The some technique can be used to disconnect the internal electret microphone in mobile phones. Instead of, "They don't want to use a plug-in mic whenever they want to make a call" they plug it to disconnect the internal electret microphone from working, and the external plug-in mic, has NO microphone.

You can test this for yourself?
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#12 kingneil

kingneil
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 15 June 2015 - 06:11 PM

I just don't see how plugging in a jack would disconnect the microphone.

 

On the phone, the microphone is soldered to the motherboard.

 

How would plugging in a jack actually disconnect the mic...?

It can't physically lift the mic off of the board...

It's just a software thing, where the OS sees a new mic so switches over to that..

 

But it doesn't actually disconnect the mic, physically...

 

Maybe I'm wrong, but you'd have to explain to me how this would PHYSICALLY disconnect the mic, not just prompt the software to switch over.

Any software based solution is useless if the software is compromised.



#13 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:09:42 PM

Posted 15 June 2015 - 11:39 PM

I just don't see how plugging in a jack would disconnect the microphone.
 
On the phone, the microphone is soldered to the motherboard.
 
How would plugging in a jack actually disconnect the mic...?
It can't physically lift the mic off of the board...

It's just a software thing, where the OS sees a new mic so switches over to that..
 
But it doesn't actually disconnect the mic, physically...
 
Maybe I'm wrong, but you'd have to explain to me how this would PHYSICALLY disconnect the mic, not just prompt the software to switch over.

Any software based solution is useless if the software is compromised.

Hopefully this will help you?

Edutige EIM-003 external microphone for iPhone, Samsung Android OS. www.youtube.com/watch?v=0uCTpi95M0A


180%C2%B0%20Mic.jpg
180° External Microphone http://www.actionlifemedia.com/180mic

adapter.png
How to connect an external microphone/synthesizer/guitar to the Android/iOS device? http://www.warmplace.ru/docs/mobile_audio_input/


Disabling your cell phones mic for security. http://hackaday.com/2009/09/14/disabling-your-cell-phones-mic-for-security/
Cell phone privacy modification. http://www.stahlke.org/dan/phonemute/
FBI taps cell phone mic as eavesdropping tool. http://news.cnet.com/FBI-taps-cell-phone-mic-as-eavesdropping-tool/2100-1029_3-6140191.html


How can I disable the iPhone's microphone? https://apple.stackexchange.com/questions/34112/how-can-i-disable-the-iphones-microphone

Meet Russian tablet that beats hackers by physically disconnecting camera, mic. http://rt.com/news/170168-russian-hacker-proof-tablet/

BadBIOS: Malware whispers via mic & speakers to PCs disconnected from all networks? http://www.computerworld.com/article/2475363/malware-vulnerabilities/badbios--malware-whispers-via-mic---speakers-to-pcs-disconnected-from-all-ne.html

The NSA: https://www.nsa.gov/ia/_files/factsheets/macosx_10_6_hardeningtips.pdf
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users