Over 400 Popular Sites Record Your Every Keystroke and Mouse Movement

Web-tracking is not new.


Most of the websites log its users' online activities, but a recent study from Princeton University has suggested that hundreds of sites record your every move online, including your searches, scrolling behavior, keystrokes and every movement.



Researchers from Princeton University's Centre for Information Technology Policy (CITP) analyzed the Alexa top 50,000 websites in the world and found that 482 sites, many of which are high profile, are using a new web-tracking technique to track every move of their users.


Dubbed "Session Replay," the technique is used even by most popular websites, including The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, and WordPress, to record every single movement a visitor does while navigating a web page, and this incredibly extensive data is then sent off to a third party for analysis.



"Session replay scripts" are usually designed to gather data regarding user engagement that can be used by website developers to improve the end-user experience.

Watch video:-   👇👇👇

https://youtu.be/U9y3As01lSg


However, what's particularly concerning is that these scripts record beyond the information you purposely give to a website—which also includes the text you type out while filing a form and then delete before hitting ' Submit. '


"More and more sites use "session replay" scripts. These scripts record your keystrokes, mouse movements, and scrolling behaviour, along with the entire contents of the pages you visit, and send them to third-party servers," Princeton researcher Steven Englehardt wrote in a
blog post under the No Boundaries banner.



"Collection of page content by third-party
replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behaviour."


Most troubling part is that the information collected by session replay scripts cannot "reasonably be expected to be kept anonymous." Some of the companies that provide session replay software even allow website owners to explicitly link recordings to a user's real identity.



Services Offering Session Replay Could Capture Your Passwords

The researchers looked at some of the leading companies, including FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and Yandex, which offer session replay software services, and found that most of these services directly exclude password input fields from recording.

However, most of the times mobile-friendly login forms that use text inputs to store unmasked passwords are not redacted on the recordings, which ends up revealing your sensitive data, including passwords, credit card numbers, and even credit card security codes.

This data is then shared with a third party for analysis, along with other gathered information.


"We found at least one website where the password entered into a registration form leaked to SessionCam, even if the form is never submitted," the researcher said.
The researchers also shared a video which shows how much detail these session recording scripts can collect on a website's visitor.

World's Top Websites Record Your Every Keystroke

There are a lot of significant firms using session replay scripts even with the best of intentions, but since this data is being collected without the user's knowledge or visual indication to the user, these websites are just downplaying users' privacy.
Also, there is always potential for such data to fall into the wrong hands.


Besides the fact that this practice is happening without people's knowledge, the people in charge of some of the websites also did not even know that the script was implemented, which makes the matter a little scary.


Companies using such software included The Guardian, Reuters, Samsung, Al-Jazeera, VK, Adobe, Microsoft, WordPress, Samsung, CBS News, the Telegraph, Reuters, and US retail giant Home Depot, among many others.

So, if you are logging in one of these websites, you should expect that everything you write, type, or move is being recorded.















                                                                        Hacker news

Google Collects Android Location Data Even When Location Service Is Disabled

Do you own an Android smartphone?


If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google.

Google has been caught collecting location data on every Android device owner since the beginning of this year (that's for the past 11 months)—even when location services are entirely disabled, according to an investigation
conducted by Quartz.

This location-sharing practice doesn't want your Android smartphone to use any app, or turn on location services, or even have a SIM card inserted.


All it wants is to have your Android device to be connected to the Internet.




The investigation revealed that Android smartphones have been collecting the addresses of nearby cellular towers, and this data could be used for "Cell Tower Triangulation"—a technique widely used to identify the location of a phone/device using data from three or more nearby cell towers.

Each time your Android device comes within the range of a new cell tower, it gathers the cell tower address and sends this data back to Google when the device is connected to a WiFi network or has a cellular data enabled.

Since the component responsible for collecting location data resides in Android's core Firebase Cloud Messaging service that manages push notifications and messages on the operating system, it cannot be disabled and doesn't rely on what apps you have installed—even if you factory reset your smartphone or remove the SIM card.


When Quartz contacted the tech giant about this location-sharing practice, Google spokesperson replied: "We began looking into using Cell ID codes as an additional signal to further improve the speed and performance of message delivery."


Although it is still unknown how cell-tower data that helps identify a specific cell tower could have been helped Google improve message delivery, the fact that the company's mobile operating system is collecting location data is a complete violation of user's privacy.

Even in its privacy policy about location sharing, Google mentions that it will collect location information from devices that use its services, but has not indicated whether the company will collect data from Android devices when all location services are disabled.

"When you use Google services, we may collect and process information about your actual location," Google's privacy policy reads.

"We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide Google with information on nearby devices, Wi-Fi access points, and cell towers."

Moreover, this location-sharing practice is not limited to any particular Android phone model or manufacturer, as the tech giant was apparently collecting cell tower data from all modern Android devices before being contacted by Quartz.

Although the company said that it never used or stored this location data it collected on its users and that it is now taking steps to end this practice, this data could be used to target location-based advertisement when the user enters any store or restaurant.

According to Google, Android phones will no longer gather and send cell-tower location data back to Google by the end of this month.





 

                             Hacker news

Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer.

Now, Intel has admitted that these security vulnerabilities could "potentially place impacted platforms at risk."

The popular chipmaker released a security advisory on Monday admitting that its Management Engine (ME), remote server management tool Server Platform Services (SPS), and hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple severe security issues that place millions of devices at risk.


The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues in the operating system kernel for Intel ME Firmware that could allow attackers with local access to the vulnerable system to " load and execute code outside the visibility of the user and operating system. "



Systems using Intel Manageability Engine Firmware version 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by these vulnerabilities.


For those unaware, Intel-based chipsets come with ME enabled for local and remote system management, allowing IT administrators to remotely manage and repair PCs, workstations, and servers within their organization.


As long as the system is connected to a line power and a network cable, these remote functions can be performed out of band even when the computer is turned off as it operates independently of the operating system.


Since ME has full access to almost all data on the computer, including its system memory and network adapters, exploitation of the ME flaws to execute malicious code on it could allow for a complete compromise of the platform.

"Based on the items identified through the comprehensive security review, an attacker could gain unauthorised access to the platform, Intel ME feature, and third party secrets protected by the ME, Server Platform Service (SPS), or Trusted Execution Engine (TXE)," Intel said.

Besides running unauthorized code on computers, Intel has also listed some attack scenarios where a successful attacker could crash systems or make them unstable.

Another high-severity vulnerability involves a buffer overflow issue (CVE-2017-5711) in Active Management Technology (AMT) for the Intel ME Firmware that could allow attackers with remote Admin access to the system to execute malicious code with AMT execution privilege.

High Severity Flaws in Server Platform Service (SPS)AMT for Intel ME Firmware versions 8.x, 9.x, 10.x, 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by this vulnerability.

The worst part is that it's almost impossible to disable the ME feature to protect against possible exploitation of these vulnerabilities.

"The disappointing fact is that on modern computers, it is impossible to completely disable ME," researchers from Positive Technologies noted in a detailed blog post published late August. "This is primarily due to the fact that this technology is responsible for initialization, power management, and launch of the main processor."

Other high severity vulnerabilities impact TXE version 3.0 and SPS version 4.0, leaving millions of computers with the feature at risk. These are described as:



High Severity Flaws in Server Platform Service (SPS)

• CVE-2017-5706: This involves multiple buffer overflow issues in the operating system kernel for Intel SPS Firmware that could allow attackers with local access to the system to execute malicious code on it.

• CVE-2017-5709: This involves multiple privilege escalation bugs in the operating system kernel in Intel SPS Firmware that could allow an unauthorized process to access privileged content via an unspecified vector.

Both the vulnerabilities impact Intel Server Platform Services Firmware 4.0.x.x.


High Severity Flaws in Intel Trusted Execution Engine (TXE)

• CVE-2017-5707: This issue involves multiple buffer overflow flaws in the operating system kernel in Intel TXE Firmware that allow attackers with local access to the system to execute arbitrary code on it.

• CVE-2017-5710: This involves multiple privilege escalation bugs in the operating system kernel in Intel TXE Firmware that allow an unauthorized process to access privileged content via an unspecified vector.

Both the vulnerabilities impact Intel Trusted Execution Engine Firmware 3.0.x.x.


Affected Intel Products

Below is the list of the processor chipsets which include the vulnerable firmware:

• 6th, 7th and 8th Generation Intel Core processors
• Xeon E3-1200 v5 and v6 processors
• Xeon Scalable processors
• Xeon W processors
• Atom C3000 processors
• Apollo Lake Atom E3900 series
• Apollo Lake Pentiums
• Celeron N and J series processors

Intel has issued patches across a dozen generations of CPUs to address these security vulnerabilities that affect millions of PCs, servers, and the internet of things devices, and is urging affected customers to update their firmware as soon as possible.

The chipmaker has also published a Detection Tool to help Windows and Linux administrators check if their systems are exposed to any threat.











                                                                                                      Hacker news

A Hackers Search Engine Shodan

You might hear of Shodan before. Ever think how it actually works? Shodan is the search engine of
banner grabbing which was launched by John Matherly in 2003 as a search engine for finding linked devices to the internet. And today it is known as the most powerful search engine and named as hackers search engine.



Shodan shows the results by capturing banners from different various devices like Webcams, Routers, Servers, and SCADA . It captures the meta-data received in response from servers and this meta-data are called service banners. This information includes different important information like ISP's, Web servers (Apache, Nginx, IIS ....), location, encoding, compression and more ....


Even, It provides all of the information that could be very useful depending on how you want to use it. As scanning all 65536 ports takes a lot time which could slow down the process, shodan search for common ports like HTTP(80), FTP(21), SSH(22), TELNET(23), HTTPS(443), Sharing(445),
SIP (5060) .... on the target and then grab banners from the responses in return of actions performed on ports.




What you can use shodan for ?


Shodan can be used to find vulnerable systems, servers, routers with default username/password, Webcams, IP cams, SCADA systems, Databases, traffic lights, Vulnerable websites and more. Shodan maps are easy to navigate and provides higher accuracy. Also, shodan maps are more attractive than Google maps.


Shodan provides full services to its paid users. Anyway, it also provides its facilities to signed up users.

How to use shodan??👇

First thing you need to do is to go through Shodan Sign up form. Fill in the requirements and create a new user account here:👇👇👇

https://account.shodan.io/register


Uses

Go to shodan search menu and try to search something like apache, nginx etc. Here are some of the results for query: linksys

Now if i click on first result. It show me all of the grabbed results. What it is showing me is that it is somewhere located in the sea, maybe on a ship, it has two ports open 500 and 5060 and some classical information in the left column.

FILTERS


Shodan have different filters to apply for more accurate search results, though you can simply search for something like webcamxp in the search field. But it will give you different results depending on the situation. Filters could apply in case you want to find some specific service like Apache server in Bolivia , or like Default username/password cameras in US/Russia or even traffic lights in the USA. If you are already familiar with Google hacking Dorks , then this will be more straightforward to you. Let's see what filters we have in our dictionary:

• product: Value will be a service like apache and MySQL
• city: Value will be a city name
• country: Country to search
• hostname: Grab banners with given hostname
• net : Value will be an ip address
• geo: pass the coordinates of location
• os: search for specific operating system
• port: port to search
• before/after: search for specific timeframes

Examples (Google support shellvod)


The below filters will search for apache service in
pakistant

product:apache country:PK


geo filter search for devices according to the provided coordinates. Shodan maps provide you the facility of finding geo coordinates of a place. Open Shodan maps, select a place and then click on it. Coordinates will display as html title.

geo:'31.5497, 74.3436'

This will search of windows 7 operating system with port 445 open.

os:'windows 7' port:445

Now, lets try a big one. The following filter search for nginx server on port 80 in Dallas, USA

product:nginx city:'dallas' country:US port:8080 os:linux



Result

These are some of the examples.


 You can do more. Shodan allows users to share their results which help others know how to search for something on shodan. You can use Explore tab on shodan to get familiar with shodan.



Enhancements

Some awesome features of shodan are:

Firefox and Chrome extensions to directly
search through OMNI bar instead of first coming to shodan and then search

Data Export: You can directly export search results in a format for further analyzing.
More Features for paid users. Specific for Developers and Cyber Researchers


Maps: You can search directly for something on Shodan maps.



This is just the intro of Shodan and its basic usage. Its like whats happening at the back of hackers mind. One important thing to note is shodan works on banners which are received as responses from servers and other devices when some kind of request made to them. These responses could be changed, modified and faked and thus, in result providing False information.

How To Randomly Hack A w!-f! Router (wifi hacking part 1)

Source:-  Getty image. Support shellvod


Most of the routers used either in homes and offices left as they came with their default settings. Most importantly people often don't change username and password because they think all they need to secure their network is to change WPA passphrase and set the security to
WPA-2 maximum which is a totally wrong concept.



What are Routers?(Acc. To Wikipedia)

👉 Routers are intelligent devices that utilize algorithms to define the best route for the transmission of data. For more on Router:





Many Vendors are still producing these devices with default username/passwords. However many famous companies now configured their routers to set up a new password on its initial start and some companies put a randomly generated passcode at the back of device on a white sticker. But the actual fact is thousands of these devices are still vulnerable.


Routers are the part of the Internet. Hence, they can be scanned just like any other device which has an IP address or connected to the Internet. All you have to do is to put a scan range in your port scanner and find a vulnerable device with port 80 left opened. I'll use NMAP port scanner. Because NMAP likely provides the best results as compared to other scanners. Also, it is a hacker-friendly tool. Let's see the practical way.


METHOD

• Download NMAP
• Generate an IP Range or You can use Shodan
• Scan Your Target with a port scanner
• Login to Router

STEP 1

DOWNLOAD AND START NMAP

Download and Install NMAP from official website:

NMAP. NMAP stands for network mapper and comes with various scan techniques including stealth scan and Connectionless scan.

If you are using Kali, NMAP is already installed. You can start it from Applications -> Vulnerability Analysis -> nmap . We will use Zenmap, the graphical interface of nmap. After starting, its first look will be this:

STEP 2

SCAN FOR A TARGET

Now you can select your own range for scanning or you can generate one from browserling . Enter the range and click Generate.

If i say personally, this could take a lot of time to find out routers with open ports. You can use

shodan search engine. If you are not familiar with shodan. I encourage you to read this first:

Shodan link here

https://techgyanmantra007.blogspot.in/2017/11/a-hackers-search-engine-shodan.html?m=1

STEP 3

SCAN THE TARGETS

Open Zenmap and scan the targets. Enter the range in the target field with this format:

e.g. 244.137.150.10-233

Now Note down those IP addresses that have port 80 opened. These are the routers which we can access from our browser.

STEP 4

LOG IN

Open your favorite browser and type the IP address in the Omni and press [Enter]. After some time, you will see the router login page. Try the default credentials from the Vendor. In 60% cases, default credentials are used Or you can Crack the password with dictionary attack through Hydra. These are some of the Vendors with Router default username/password:

Dlink : admin/[blank]

Netgear: admin/password

Linksys : admin/admin

Tp-Link : admin/admin

Belkin: [blank]/[blank]

With a bit knowledge of default passwords, hacker could able to login to admin settings.

Want to read deleted messages on WhatsApp? Loophole discovered to access deleted texts

 Last month WhatsApp rolled out a feature to delete or recall the sent message within seven minutes of sending. This feature is useful when you send a wrong message to someone mistakenly in a hurry. So by this way sender can recall or delete the message before recipient reads.




But it seems some techies have found a way to read the deleted message on the recipient end. As per the report, Spanish Android blog Android Jefe has found a way to read the deleted messages on the recipient end.


new loophole will let any WhatsApp user see the deleted texts through the notification log that still exists on the receiver's smartphone. There are certain limitations to the loophole but any person aware of the loophole can exploit it to see the texts.



The notifications, even after being deleted on WhatsApp, are stored on the Android system. To access these notifications, the user can download a third party application called Notification History from Google's Play Store

      Download this app 👇👇👇

https://play.google.com/store/apps/details?id=com.androidsxlabs.bluedoublecheck





How to delete whatsapp messages after 7 minute????

  http://techgyanmantra007.blogspot.com/2017/11/how-to-delete-whatsapp-messages-7-minute.html

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

Remember BlueBorne?



A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.
As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and desktops are also vulnerable to BlueBorne.


BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks.


What's worse? Triggering the BlueBorne exploit doesn't require victims to click any link or open any file—all without requiring user interaction. Also, most security products would likely not be able to detect the attack.


What's even scarier is that once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.


These Bluetooth vulnerabilities were patched by Google for Android in September, Microsoft for Windows in July, Apple for iOS one year before disclosure, and Linux distributions also shortly after disclosure.

However, many of these 5 billion devices are still unpatched and open to attacks via these flaws.



20 Million Amazon Echo & Google Home Devices Vulnerable to BlueBorne Attacks
     

                  👇 Watch video 👇

https://youtu.be/g6ivGislWWo

IoT security firm Armis, who initially discovered this issue, has now disclosed that an estimated 20 million Amazon Echo and Google Home devices are also vulnerable to attacks leveraging the BlueBorne vulnerabilities.



If I split, around 15 million Amazon Echo and 5 million Google Home devices sold across the world are potentially at risk from BlueBorne.



Amazon Echo is affected by the following two vulnerabilities:

• A remote code execution vulnerability in the Linux kernel (CVE-2017-1000251)

• An information disclosure flaw in the SDP server (CVE-2017-1000250)

Since different Echo's variants use different operating systems, other Echo devices are affected by either the vulnerabilities found in Linux or Android.
Whereas, Google Home devices are affected by one vulnerability:


Information disclosure vulnerability in Android's Bluetooth stack (CVE-2017-0785)
This Android flaw can also be exploited to cause a denial-of-service (DoS) condition.



Since Bluetooth cannot be disabled on either of the voice-activated personal assistants, attackers within the range of the affected device can easily launch an attack.
Armis has also published a proof-of-concept (PoC) video showing how they were able to hack and manipulate an Amazon Echo device.



The security firm notified both Amazon and Google about its findings, and both companies have released patches and issued automatic updates for the Amazon Echo and Google Home that fixes the BlueBorne attacks.


Amazon Echo customers should confirm that their device is running v591448720 or later, while Google has not made any information regarding its version yet.














                                                                    Hacker news

Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities

It's Patch Tuesday—time to update your Windows devices.



Microsoft has released a large batch of security updates as part of its November Patch Tuesday in order to fix a total of 53 new security vulnerabilities in various Windows products, 19 of which rated as critical, 31 important and 3 moderate.


The vulnerabilities impact the Windows OS, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Scripting Engine, .NET Core, and more.

At least four of these vulnerabilities that the tech giant has now fixed have public exploits, allowing attackers to exploit them easily. But fortunately, none of the four are being used in the wild, according to Gill Langston at security firm Qualys.

The four vulnerabilities with public exploits identified by Microsoft as CVE-2017-8700 (an information disclosure flaw in ASP.NET Core), CVE-2017-11827 (Microsoft browsers remote code execution), CVE-2017-11848 (Internet Explorer information disclosure) and CVE-2017-11883 (denial of service affecting ASP.NET Core).


Potentially Exploitable Security Vulnerabilities


What's interesting about this month's patch Tuesday is that none of the Windows OS patches are rated as Critical. However, Device Guard Security Feature Bypass Vulnerability (CVE-2017-11830) and Privilege Elevation flaw (CVE-2017-11847) are something you should focus on.
Also, according to an analysis of Patch Tuesday fixes by Zero-Day Initiative, CVE-2017-11830 and another flaw identified as CVE-2017-11877 can be exploited to spread malware.

Also, according to an analysis of Patch Tuesday fixes by Zero-Day Initiative, CVE-2017-11830 and another flaw identified as CVE-2017-11877 can be exploited to spread malware.

"CVE-2017-11830 patches a Device Guard security feature bypass vulnerability that would allow malware authors to falsely authenticated files," Zero-Day Initiative said.

"CVE-2017-11877 fixes an Excel security feature bypass vulnerability that fails to enforce macro settings, which are often used by malware developers."


The tech giant also fixed six remote code execution vulnerabilities exist "in the way the scripting engine handles objects in memory in Microsoft browsers."


Microsoft identified these vulnerabilities as CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11871, and CVE-2017-11873, which could corrupt memory in such a way that attackers could execute malicious code in the context of the current user.

"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website," Microsoft said. "These websites could contain specially crafted content that could exploit the vulnerability."

17-Year-Old MS Office Flaw Lets Hackers Install Malware


Also, you should be extra careful when opening files in MS Office.
All versions of Microsoft Office released in the past 17 years found vulnerable to remote code execution flaw (CVE-2017-11882) that works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update.

However, due to improper memory operations, the component fails to properly handle objects in the memory, corrupting it in such a way that the attacker could execute malicious code in the context of the logged-in user.


Exploitation of this vulnerability requires opening a specially crafted malicious file with an affected version of Microsoft Office or Microsoft WordPad software, which could allow attackers to remotely install malware on targeted computers.


Adobe Patch Tuesday: Patches 62 Vulnerabilities


Besides fixing vulnerabilities in its various products, Microsoft has also released updates for Adobe Flash Player.
These updates correspond with Adobe Update APSB17-33 , which patches 62 CVEs for Acrobat and Reader alone. So, Flash Player users are advised to ensure that they update Adobe across their environment to stay protected.

It should also be noted that last Patch Tuesday, Microsoft quietly released the patch for the dangerous KRACK vulnerability (CVE-2017-13080) in the WPA2 wireless protocol.


Therefore, users are also recommended to make sure that they have patched their systems with the last month's security patches.

Alternatively, users are strongly advised to apply November security patches as soon as possible in order to keep hackers and cybercriminals away from taking control of their computers.


For installing security updates, just head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually..


Update with us..thanku stay safe..









                                                                         Hacker news

Google Begins Removing Play Store Apps Misusing Android Accessibility Services

Due to rise in malware and adware abusing Android accessibility services, Google has finally decided to take strict steps against the apps on its app platform that misuse this feature.

Google has emailed Android app developers informing them that within 30 days, they must show how accessibility code used in their apps is helping disabled users or their apps will be removed from its Play Store entirely.


For those who are unaware, Android's accessibility services are meant to help disabled people interact with their smartphone devices ( such as automatically filling out forms, overlaying content or switching between apps) by allowing app-makers to integrate verbal feedback, voice commands and more in their apps.



Many popular Android apps use the accessibility API to legitimately provide users with benefits, but over the past few months, we have seen a series of malware, including DoubleLocker ransomware, Svpeng , and BankBot, misusing this feature to infect people.
Researchers have even discovered an attack,
Cloak and Dagger, that could allow hackers to silently take full control of the infected devices and steal private data.


This feature that lets malicious apps hijack a device's screen has become one of the most widely exploited methods used by cybercriminals and hackers to trick unwitting Android users into falling victims for malware and phishing scams.


Google planned to resolve this issue with the release of its Android Oreo, but the new Android OS launched without changes in policy related to Accessibility services.


However, Google now appears to be putting an end to apps that use the accessibility services outside of their intended purpose.

"If you aren't already doing so, you must explain to users how your app is using the [accessibility feature] to help users with disabilities use Android devices and apps," part of the email sent out to developers reads.

"Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app."

An active thread on Reddit where developers and app users are complaining about this change suggests that this new move will also affect popular and legitimate apps like LastPass, Tasker, and Universal Copy that use accessibility feature for key features and not intended for disabled users.



Although 30 days is a short period of time for app developers to find workarounds, the developer of Tasker suggested an alternative way to replace the accessibility services with different code.

"I plan to replace app detection with usage stats API," Tasker's developers suggested their plans to proceed. "Unfortunately, this API started with API 21, so people using Tasker on a pre-Lollipop device won't be able to use app contexts anymore."

This new move will prevent abuse of the API that poses a potential security threat to Android users, but legitimate app developers have only 30 days to search for an alternative before their apps get kicked out of Play Store.

                               

                                                                Hacker news

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader

Think 100 times if you buy a Android phone👈

Another terrible news for OnePlus users.


Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets.

A Twitter user, who goes by the name "Elliot Anderson" ( named after Mr. Robot's main character ), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices.



The application in question is "EngineerMode," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device.


This APK comes pre-installed ( accidentally left behind) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5.



You can also check if this application is installed on your OnePlus device or not. For this, simply go to settings, open apps, enable show system apps from top right corner menu (three dots) and search for EngineerMode.APK in the list.

If it's there, anyone with physical access to your device can exploit EngineerMode to gain root access on your smartphone.



EngineerMode has been designed to diagnose issues with GPS, check the root status of the device, perform a series of automated 'production line' tests, and many more.


After decompiling the EngineerMod APK , the Twitter user found 'DiagEnabled' activity, which if opened with a specific password (It is "Angela", found after reverse engineering ) allows users to gain full root access on the smartphone—without even unlocking the bootloader.


Although the chance of this application already being exploited in the wild is probably low, it seems to be a serious security concern for OnePlus users as root access can be achieved by anyone using a simple command.

Moreover, with root access in hands, an attacker can perform lots of dangerous tasks on victim's OnePlus phone, including stealthy installing sophisticated spying malware, which is difficult to detect or remove.



Meanwhile, in order to protect themselves and their devices, OnePlus owners can simply disable root on their phones. To do so, run following command on ADB shell:

"setprop persist.sys.adb.engineermode 0" and "setprop persist.sys.adbroot 0" or call code *#8011#

In response to this issue, OnePlus co-founder Carl Pei said that the company is looking into the matter.



The Twitter user has promised to release a one-click rooting app for OnePlus devices using this exploit.


Stay connect with tech gyan stay safe.......thanku






                                                                                Hacker news

Apple iPhone X's Face ID Hacked (Unlocked) Using 3D-Printed Mask

Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple's Face ID facial recognition technology with a mask that costs less than $150.


Yes, Apple's "ultra-secure" Face ID security for the iPhone X is not as secure as the company claimed during its launch event in September this year.

"Apple engineering teams have even gone and worked with professional mask makers and makeup artists in Hollywood to protect against these attempts to beat Face ID," Apple's senior VP of worldwide marketing Phil Schiller said about Face ID system during the event.

"These are actual masks used by the engineering team to train the neural network to protect against them in Face ID."

However, the bad news is that researchers from Vietnamese cybersecurity firm Bkav were able to unlock the iPhone X using a mask.


Yes, Bkav researchers have a better option than holding it up to your face while you sleep.


Bkav researchers re-created the owner's face through a combination of 3D printed mask, makeup, and 2D images with some "special processing done on the cheeks and around the face, where there are large skin areas" and the nose is created from silicone

.
The researchers have also published a proof-of-concept video, showing the brand-new iPhone X first being unlocked using the specially constructed mask, and then using the Bkav researcher's face, in just one go.

"Many people in the world have tried different kinds of masks but all failed. It is because we understand how AI of Face ID works and how to bypass it.

"You can try it out with your own iPhone X, the phone shall recognize you even when you cover a half of your face. It means the recognition mechanism is not as strict as you think, Apple seems to rely too much on Face ID's AI. We just need a half face to create the mask. It was even simpler than we ourselves had thought."

              👇     WATCH VIDEO  👇

https://youtu.be/i4YQRLQVixM

Researchers explain that their "proof-of-concept" demo took about five days after they got iPhone X on November 5th. They also said the demo was performed against one of their team member's face without training iPhone X to recognize any components of the mask.


"We used a popular 3D printer. The nose was made by a handmade artist. We use 2D printing for other parts (similar to how we tricked Face Recognition 9 years ago). The skin was also hand-made to trick Apple's AI," the firm said.


The security firm said it cost the company around $150 for parts (which did not include a 3D printer), though it did not specify how many attempts its researchers took them to bypass the security of Apple's Face ID.

It should be noted that creating such a mask to unlock someone's iPhone is a time-consuming process and it is not possible to hack into a random person's iPhone.

However, if you prefer privacy and security over convenience, we highly recommend you to use a passcode instead of fingerprint or Face ID to unlock your phone.







                                                                     Hacker news

How to delete WhatsApp messages after 7 minute?

How to delete WhatsApp messages after 7 minute?


WhatsApp users were ecstatic with the news that the app added a much anticipated ‘unsend’ feature late last month.


The feature worked in the way that one can unsend a message within seven minutes of sending and the recipient would never see the message.

Follow step by step:-

1. Disconnect your phone’s Internet connection (Wifi and mobile data) – On an Android phone  go to your settings to turn off to be sure.

2. Stop the WhatsApp – close down the window.

Go to setting>apps>whatsapp>force stop

3. Change the date of your phone to the day before the message you want to delete was sent.

4. Open WhatsApp again and find the message you wanted to delete.

5. To unsend a message on WhatsApp all you need to do is hold down on the message and few options will pop up all you need to do is click delete then click delete for everyone.

6. Then go back and reset your date to the current date.

7. Reconnect to the internet.

What is the Difference between WPA2, WPA, WEP, AES, and TKIP?

Pretty much everywhere you go today, there is a WiFi network you can connect to. Whether it be at home, at the office or at the local coffee shop, there are a plethora of WiFi networks. Every WiFi network is setup with some kind of network security, either open for all to access or extremely restricted where only certain clients can connect.


When it comes to WiFi security, there are really only a couple of options you have, especially if you are setting up a home wireless network. The three big security protocols today are WEP, WPA, and WPA2. The two big algorithms that are used with these protocols are TKIP and AES with CCMP. I’ll explain some of these concepts in more detail below.


Which Security Option to Pick?
If you don’t care about all the technical details behind each one of these protocols and just want to know which one to select for your wireless router, then check out the list below. It’s ranked from most secure to least secure. The more secure option you can choose, the better.


If you’re not sure if some of your devices will be able to connect using the most secure method, I suggest you enable it and then check to see if there are any issues. I thought several devices would not support the highest encryption, but was surprised to find out they connected just fine.


1. WPA2 Enterprise (802.1x RADIUS)
2. WPA2-PSK AES
3. WPA-2-PSK AES + WPA-PSK TKIP
4. WPA TKIP
5. WEP
6. Open (No security)



It’s worth noting that WPA2 Enterprise doesn’t use pre-shared keys (PSK), but instead uses the EAP protocol and requires a backend RADIUS server for authentication using a username and password. The PSK that you see with WPA2 and WPA is basically the wireless network key that you have to enter when connecting to a wireless network for the first time.

WPA2 Enterprise is way more complex to setup and is usually only done in corporate environments or in homes very technically-savvy owners. Practically, you will only be able to choose from options 2 thru 6, though most routers now don’t even have an option for WEP or WPA TKIP anymore because they are insecure.


WEP, WPA and WPA2 Overview
I’m not going to go into too much technical detail about each of these protocols because you could easily Google them for lots of more information. Basically, wireless security protocols came about starting in the late 90’s and have been evolving since then. Thankfully, only a handful of protocols were accepted and therefore it’s much easier to understand.



WEP
WEP or Wired Equivalent Privacy was released back in 1997 along with the 802.11 standard for wireless networks. It was supposed to provide confidentiality that was equivalent to that of wired networks (hence the name).
WEP started off with 64-bit encryption and eventually went all the way up to 256-bit encryption, but the most popular implementation in routers was 128-bit encryption. Unfortunately, very soon after the introduction of WEP, security researchers found several vulnerabilities that allowed them to crack a WEP key within a few minutes.
Even with upgrades and fixes, the WEP protocol remained vulnerable and easy to penetrate. In response to these problems, the WiFi Alliance introduced WPA or WiFi Protected Access, which was adopted in 2003.


WPA
WPA was actually meant to just an intermediate remedy until they could finalize WPA2, which was introduced in 2004 and is now the standard used presently. WPA used TKIP or Temporal Key Integrity Protocol as a way to ensure message integrity. This was different from WEP, which used CRC or Cyclic Redundancy Check. TKIP was much stronger than CRC.
Unfortunately, to keep things compatible, the WiFi Alliance borrowed some aspects from WEP, which ended up making WPA with TKIP insecure also. WPA included a new feature called WPS (WiFi Protected Setup), which was supposed to make it easier for users to connect devices to the wireless router. However, it ended up having vulnerabilities that allowed security researchers to crack a WPA key within a short period of time also.


WPA2
WPA2 became available as early as 2004 and was officially required by 2006. The biggest change between WPA and WPA2 was the use of the AES encryption algorithm with CCMP instead of TKIP.
In WPA, AES was optional, but in WPA2, AES is mandatory and TKIP is optional. In terms of security, AES is much more secure than TKIP. There have been some issues found in WPA2, but they are only problems in corporate environments and don’t apply to home users.


WPA uses either a 64-bit or 128-bit key, the most common being 64-bit for home routers. WPA2-PSK and WPA2-Personal are interchangeable terms.


So if you need to remember something from all this, it’s this: WPA2 is the most secure protocol and AES with CCMP is the most secure encryption. In addition, WPS should be disabled as it’s very easy to hack and capture the router PIN, which can then be used to connect to the router. If you have any questions, feel free to comment. Enjoy!

KRACK AttAck : Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

Do you think your wireless network is secure because you're using WPA2 encryption?

If yes, think again!

Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications.

WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them.

Dubbed KRACK—Key Reinstallation Attack—the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos.

Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individual product, any correct implementation of WPA2 is likely affected.

According to the researchers, the newly discovered attack works against:

👉Both WPA1 and WPA2,           

👉Personal and enterprise networks,

👉Ciphers WPA-TKIP, AES-CCMP, and GCMP

In short, if your device supports WiFi, it is most likely affected. During their initial research, the researchers discovered that Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and others, are all affected by the KRACK attacks.

It should be noted that the KRACK attack does not help attackers recover the targeted WiFi's password; instead, it allows them to decrypt WiFi users' data without cracking or knowing the actual password.

So merely changing your Wi-Fi network password does not prevent (or mitigate) KRACK attack.

Discovered by researcher Mathy Vanhoef of imec-DistriNet, KU Leuven, the KRACK attack works by exploiting a 4-way handshake of the WPA2 protocol that's used to establish a key for encrypting traffic.

For a successful KRACK attack, an attacker needs to trick a victim into re-installing an already-in-use key, which is achieved by manipulating and replaying cryptographic handshake messages.

"When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value," the researcher writes.

"Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice."

The research , titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 , has been published by Mathy Vanhoef of KU Leuven and Frank Piessens of imec-DistriNet, Nitesh Saxena and Maliheh Shirvanian of the University of Alabama at Birmingham, Yong Li of Huawei Technologies, and Sven Schäge of Ruhr-Universität Bochum.

The team has successfully executed the key reinstallation attack against an Android smartphone, showing how an attacker can decrypt all data that the victim transmits over a protected WiFi. You can watch the video demonstration above and download proof-of-concept (PoC) code from Github.

"Decryption of packets is possible because a key reinstallation attack causes the transmit nonces (sometimes also called packet numbers or initialization vectors) to be reset to zero. As a result, the same encryption key is used with nonce values that have already been used in the past," the researcher say.

The researchers say their key reinstallation attack could be exceptionally devastating against Linux and Android 6.0 or higher, because "Android and Linux can be tricked into (re)installing an all-zero encryption key (see below for more info)."

However, there's no need to panic, as you aren't vulnerable to just anyone on the internet because a successful exploitation of KRACK attack requires an attacker to be within physical proximity to the intended WiFi network.

WPA2 Vulnerabilities and their Brief Details

The key management vulnerabilities in the WPA2 protocol discovered by the researchers has been tracked as:

• CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the four-way handshake.

• CVE-2017-13078: Reinstallation of the group key (GTK) in the four-way handshake.

• CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the four-way handshake.

• CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.

• CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.

• CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.

• CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.

• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake.

• CVE-2017-13087: reinstallation of the group key (GTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.

• CVE-2017-13088: reinstallation of the integrity group key (IGTK) while processing a Wireless Network Management (WNM) Sleep Mode Response frame.

The researchers discovered the vulnerabilities last year, but sent out notifications to several vendors on July 14, along with the United States Computer Emergency Readiness Team (US-CERT), who sent out a broad warning to hundreds of vendors on 28 August 2017.

"The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others," the US-CERT warned. "Note that as protocol-level issues, most or all correct implementations of the standard will be affected."

In order to patch these vulnerabilities, you need to wait for the firmware updates from your device vendors.

According to researchers, the communication over HTTPS is secure (but may not be 100 percent secure) and cannot be decrypted using the KRACK attack. So, you are advised to use a

secure VPN service —which encrypts all your Internet traffic whether it’s HTTPS or HTTP.

You can read more information about these vulnerabilities on the KRACK attack's dedicated website , and the research paper.

The team has also released a script using which you can check whether if your WiFi network is vulnerable to the KRACK attack or not.

                                                        Hacker news

Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

Nothing is free in this world.


If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam.


For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who uses them and not the one you desire to hack.


Now, a security researcher has spotted another hacking tool—this time a PHP script—which is freely available on multiple popular underground hacking forums and allows anyone to find vulnerable internet-connected IP Cameras running the vulnerable version of GoAhead embedded web-server.


However, after closely analysing the scanning script, Newsky Security researcher Ankit Anubhav found that the tool also contains a secret backdoor, which essentially allows its creator to "hack the hacker. "

"For an attacker’s point of view, it can be very beneficial to hack a hacker,"

"For example, if a script kiddie owns a botnet of 10,000 IoT and if he gets hacked, the entire botnet is now in control of the attacker who got control of the system of this script kiddie. Hence, by exploiting one device, he can add thousands of botnets to his army."

The rise of IoT botnet and release of Mirai's source code —the biggest IoT-based malware threat that emerged last year and took down Dyn DNS service —has encouraged criminal hackers to create their massive botnet either to launch DDoS attacks against their targets or to rent them to earn money.

As shown in the self-explanatory flowchart, this IoT scanning script works in four steps:

• First, it scans a set of IP addresses to find GoAhead servers vulnerable to a previously disclosed authentication bypass vulnerability ( CVE-2017-8225 ) in Wireless IP Camera (P2P) WIFI CAM devices.

• In the background, it secretly creates a backdoor user account ( username: VM | password: Meme123) on the wannabe hacker's system, giving the attacker same privilege as root.

• Script also extracts the IP address of the wannabe hacker, allowing script author to access the compromised systems remotely.

• Moreover, it also runs another payload on the script kiddie’s system, eventually installing a well-known botnet, dubbed Kaiten.

This tool is another example of backdoored hacking tools increasingly being distributed at various underground forums to hack the hacker.


In September, a backdoored Cobian RAT builder kit was spotted on multiple underground hacking forums for free but was caught containing a backdoored module that aimed to provide the kit's authors access to all of the victim's data.


Last year, we reported about another Facebook hacking tool, dubbed Remtasu , that actually was a Windows-based Trojan with the capability to access Facebook account credentials, but of the one who uses it to hack someone else.




                                                                HACKER NEWS