Tag: FBI

How to: reboot your router following urgent FBI warning about viruses.

Hundreds of thousands of Routers could be infected.

 

By Daniel Paez of Inverse.com

Even if your internet is running smooth and speedy, you still need to restart your router. On May 25, the Federal Bureau of Investigation issued a public service announcement to everyone with a router in their home or office warning that an unidentified group of cybercriminals may have mounted a large-scale attack on networked devices across the globe.

The FBI advised people to reboot their routers to “temporarily disrupt” the malware that could be infecting your device. The government agency also recommended you make sure your device is fully updated, secured using a strong password, and is encrypted.

Here’s a breakdown of what the FBI said happened and how you can reboot or reset your router, just in case your network was compromised.

 

In its warning, the FBI said that the agency didn’t yet know how or where the initial infections began, but the scope of that attack has grown significantly. Hundreds of thousands of home and office routers have been infected with malware known as VPNFilter.

“The actors used VPNFilter malware to target small office and home office routers,” stated the announcement. “The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”

Cybersecurity firm Symantec recently published a list of devices that are known to be more vulnerable to this type of attack. It went on to say that most of the devices that are targeted are known to use default passwords or have not been updated to the latest version of its firmware.

If you’ve ever had problems connecting to the internet and have called tech support, the person on the other end of the line likely had you unplug your router. Rebooting — or power-cycling — your router gives it a fresh start and is generally one of the first steps recommended when troubleshooting your network device.

The FBI states power-cycling could interrupt VPNFilter, though Symantec states that this type of attack can persist even after a reboot. If you own one of the devices that are known to be susceptible to VPNFilter, you might want to reset your router to factory settings. This will require you to set up your WiFi all over again, but better safe than sorry.

 

How to Reset Your Router to Factory Settings

  • Rebooting: Unplug your router from its power outlet, don’t just turn it off. Wait about thirty seconds before plugging it back in. Finally, give the device a couple of minutes to turn back on.
  • Reset: You’ll find a small button on the back of your device that is labeled “Reset.” Holding this down will remove all customizations including passwords, usernames, and security keys, effectively wiping everything other than the latest version of firmware from the device. This will restore your router to its factory settings. From there you’ll need to follow your router’s set up instructions or call your internet service provider for assistance to get back online.

 

How do you feel about the FBI’s warning? Do you have tips on protecting your router and home network? Sound off in the comments below!

0

Tales from the Orchard:Apple’s iOS 11.4 update with ‘USB Restricted Mode’ may defeat tools like GrayKey

The iOS 11.4 beta contains a new feature called USB Restricted Mode, designed to defeat physical data access by third parties — possibly with forensic firms like Grayshift and Cellebrite in mind.

 

“To improve security, for a locked iOS device to communicate with USB accessories you must connect an accessory via Lightning connector to the device while unlocked — or enter your device passcode while connected — at least once a week,” reads Apple documentation highlighted by security firm ElcomSoft. The feature actually made an appearance in iOS 11.3 betas, but like AirPlay 2 was removed from the finished code.

The change blocks use of the Lightning port for anything but charging if a device is left untouched for seven days. An iPhone or iPad will even refuse to sync with computer running iTunes until iOS is unlocked with a passcode.

USB Restricted Mode may be intended to impose a seven-day window on when digital forensics specialists like Grayshift can break into a device, at least using any simple techniques. Those firms will often employ a “lockdown” record from a suspect’s computer to create a local backup of iPhone data, skipping passcode entry.

iOS 11 already has some restrictions on lockdown records, namely automatic expiration, and full-disk encryption that renders them useless if a device is rebooted. The 11.3 update shrank the life of iTunes pairing records to seven days.

ElcomSoft suggested that connecting a device to a paired accessory or computer could extend the Restricted Mode window, and centrally-managed hardware may already have that mode disabled.

“If the phone was seized while it was still powered on, and kept powered on in the meanwhile, than the chance of successfully connecting the phone to a computer for the purpose of making a local backup will depend on whether or not the expert has access to a non-expired lockdown file (pairing record),” ElcomSoft elaborated. “If, however, the phone is delivered in a powered-off state, and the passcode is not known, the chance of successful extraction is slim at best.”

The exact details of the hacking techniques used by Cellebrite and Grayshift’s GrayKey have been kept secret, so it’s possible they may still work after iOS 11.4 is released. The companies could however resort to more extreme methods to get at data, such as removing the flash memory from the devices, copying them, and using the copies to attack the password.

 

What do think of Apple’s move to thwart hackers and the FBI? Sound off in the comments below!

0

Tales from the Orchard: FBI Hacker Says Apple Are ‘Jerks’ and ‘Evil Geniuses’ for Encrypting iPhones

An FBI forensic expert lambasted Apple for making iPhones hard to hack into.

 

By Lorenzo Franceschi-Bicchierai of Motherboard at Vice .com

 

Ever since Apple made encryption default on the iPhone, the FBI has been waging a war against encryption, complaining that cryptography so strong the company itself can’t break it makes it harder to catch criminals and terrorists.
On Wednesday, at the the International Conference on Cyber Security in Manhattan, FBI forensic expert Stephen Flatley lashed out at Apple, calling the company “jerks,” and “evil geniuses” for making his and his colleagues’ investigative work harder. For example, Flatley complained that Apple recently made password guesses slower, changing the hash iterations from 10,000 to 10,000,000.

That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.

“Your crack time just went from two days to two months,” Flatley said.

“At what point is it just trying to one up things and at what point is it to thwart law enforcement?” he added. “Apple is pretty good at evil genius stuff.”

On the other hand, Flatley repeatedly praised the israeli company Cellebrite, which sells hacking devices and technologies to law enforcement agencies around the world. Flatley said that they are the ones who can counter Apple’s security technology.

“If you have another evil genius, Cellebrite,then maybe we can get into that front,” he said, facetiously coughing as he said “Cellebrite.”

Flatley’s statements come a day after FBI director Christopher Wray renewed former director James Comey’s rhetorical war against encryption, calling it an “urgent public safety issue.”

Cybersecurity experts and civil liberties organizations, meanwhile, have long made the case that iPhone encryption keeps the average consumer’s data safe from hackers and authoritarian surveillance, a net benefit for society.

1

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: