Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.
The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and

IoT Security / Wireless Security

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.

The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Robert Herrera said.

Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.

The findings were presented at Black Hat USA 2024. A description of the two security defects is as follows -

*   **CVE-2023-50809** - A vulnerability in the Sonos One Gen 2 Wi-Fi stack does not properly validate an information element while negotiating a WPA2 four-way handshake, leading to remote code execution

*   **CVE-2023-50810** - A vulnerability in the U-Boot component of the Sonos Era-100 firmware that would allow for persistent arbitrary code execution with Linux kernel privileges

NCC Group, which reverse-engineered the boot process to achieve remote code execution on Sonos Era-100 and the Sonos One devices, said CVE-2023-50809 is the result of a memory corruption vulnerability in the Sonos One's wireless driver, which is a third-party chipset manufactured by MediaTek.

"In wlan driver, there is a possible out of bounds write due to improper input validation," MediaTek said in an advisory for CVE-2024-20018. "This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."

The initial access obtained in this manner paves the way for a series of post-exploitation steps that include obtaining a full shell on the device to gain complete control over the smart speaker in the context of root followed by deploying a novel Rust implant capable of capturing audio from the microphone within close physical proximity to the speaker.

The other flaw, CVE-2023-50810, relates to a chain of vulnerabilities identified in the secure boot process to breach Era-100 devices, effectively making it possible to circumvent security controls to allow for unsigned code execution in the context of the kernel.

This could then be combined with an N-day privilege escalation flaw to facilitate ARM EL3 level code execution and extract hardware-backed cryptographic secrets.

"Overall, there are two important conclusions to draw from this research," the researchers said. "The first is that OEM components need to be of the same security standard as in-house components. Vendors should also perform threat modeling of all the external attack surfaces of their products and ensure that all remote vectors have been subject to sufficient validation."

"In the case of the secure boot weaknesses, then it is important to validate and perform testing of the boot chain to ensure that these weaknesses are not introduced. Both hardware and software-based attack vectors should be considered."

The disclosure comes as firmware security company Binarly revealed that hundreds of UEFI products from nearly a dozen vendors are susceptible to a critical firmware supply chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.

Specifically, it found that hundreds of products use a test Platform Key generated by American Megatrends International (AMI), which was likely included in their reference implementation in hopes that it would be replaced with another safely-generated key by downstream entities in the supply chain.

"The problem arises from the Secure Boot 'master key,' known as the Platform Key (PK) in UEFI terminology, which is untrusted because it is generated by Independent BIOS Vendors (IBVs) and shared among different vendors," it said, describing it as a cross-silicon issue affecting both x86 and ARM architectures.

"This Platform Key \[...\] is often not replaced by OEMs or device vendors, resulting in devices shipping with untrusted keys. An attacker with access to the private part of the PK can easily bypass Secure Boot by manipulating the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx)."

As a result, PKfail permits bad actors to run arbitrary code during the boot process, even with Secure Boot enabled, allowing them to sign malicious code and deliver a UEFI bootkit, such as BlackLotus.

"The first firmware vulnerable to PKfail was released back in May 2012, while the latest was released in June 2024," Binarly said. "Overall, this makes this supply-chain issue one of the longest-lasting of its kind, spanning over 12 years."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer's memory that, in many cases, it may be easier to discard a machine than to disinfect it.

At the Defcon hacker conference tomorrow, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they're calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware. IOActive's researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.

Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still. In fact, for any machine with one of the vulnerable AMD chips, the IOActive researchers warn that an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity. For systems with certain faulty configurations in how a computer maker implemented AMD's security feature known as Platform Secure Boot—which the researchers warn encompasses the large majority of the systems they tested—a malware infection installed via Sinkclose could be harder yet to detect or remediate, they say, surviving even a reinstallation of the operating system.

“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there,” says Okupski. “It's going to be nearly undetectable and nearly unpatchable.” Only opening a computer's case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Nissim sums up that worst-case scenario in more practical terms: “You basically have to throw your computer away.”

In a statement shared with WIRED, AMD acknowledged IOActive's findings, thanked the researchers for their work, and noted that it has “released mitigation options for its AMD EPYC datacenter products and AMD Ryzen PC products, with mitigations for AMD embedded products coming soon.” (The term “embedded,” in this case, refers to AMD chips found in systems such as industrial devices and cars.) For its EPYC processors designed for use in data-center servers, specifically, the company noted that it released patches earlier this year. AMD declined to answer questions in advance about how it intends to fix the Sinkclose vulnerability, or for exactly which devices and when, but it pointed to a full list of affected products that can be found on its website's security bulletin page.

In a background statement to WIRED, AMD emphasized the difficulty of exploiting Sinkclose: To take advantage of the vulnerability, a hacker has to already possess access to a computer's kernel, the core of its operating system. AMD compares the Sinkhole technique to a method for accessing a bank's safe-deposit boxes after already bypassing its alarms, the guards, and vault door.

Nissim and Okupski respond that while exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux practically every month. They argue that sophisticated state-sponsored hackers of the kind who might take advantage of Sinkclose likely already possess techniques for exploiting those vulnerabilities, known or unknown. “People have kernel exploits right now for all these systems,” says Nissim. “They exist and they're available for attackers. This is the next step.”

IOActive researchers Krzysztof Okupski (left) and Enrique Nissim.Photograph: Roger Kisby

Nissim and Okupski's Sinkclose technique works by exploiting an obscure feature of AMD chips known as TClose. (The Sinkclose name, in fact, comes from combining that TClose term with Sinkhole, the name of an earlier System Management Mode exploit found in Intel chips in 2015.) In AMD-based machines, a safeguard known as TSeg prevents the computer's operating systems from writing to a protected part of memory meant to be reserved for System Management Mode known as System Management Random Access Memory or SMRAM. AMD's TClose feature, however, is designed to allow computers to remain compatible with older devices that use the same memory addresses as SMRAM, remapping other memory to those SMRAM addresses when it's enabled. Nissim and Okupski found that, with only the operating system's level of privileges, they could use that TClose remapping feature to trick the SMM code into fetching data they've tampered with, in a way that allows them to redirect the processor and cause it to execute their own code at the same highly privileged SMM level.

“I think it's the most complex bug I've ever exploited,” says Okupski.

Nissim and Okupski, both of whom specialize in the security of low-level code like processor firmware, say they first decided to investigate AMD's architecture two years ago, simply because they felt it hadn't gotten enough scrutiny compared to Intel, even as its market share rose. They found the critical TClose edge case that enabled Sinkclose, they say, just by reading and rereading AMD's documentation. “I think I read the page where the vulnerability was about a thousand times,” says Nissim. “And then on one thousand and one, I noticed it.” They alerted AMD to the flaw in October of last year, they say, but have waited nearly 10 months to give AMD more time to prepare a fix.

For users seeking to protect themselves, Nissim and Okupski say that for Windows machines—likely the vast majority of affected systems—they expect patches for Sinkclose to be integrated into updates shared by computer makers with Microsoft, who will roll them into future operating system updates. Patches for servers, embedded systems, and Linux machines may be more piecemeal and manual; for Linux machines, it will depend in part on the distribution of Linux a computer has installed.

Nissim and Okupski say they agreed with AMD not to publish any proof-of-concept code for their Sinkclose exploit for several months to come, in order to provide more time for the problem to be fixed. But they argue that, despite any attempt by AMD or others to downplay Sinkclose as too difficult to exploit, it shouldn't prevent users from patching as soon as possible. Sophisticated hackers may already have discovered their technique—or may figure out how to after Nissim and Okupski present their findings at Defcon.

Even if Sinkclose requires relatively deep access, the IOActive researchers warn, the far deeper level of control it offers means that potential targets shouldn't wait to implement any fix available. “If the foundation is broken,” says Nissim, "then the security for the whole system is broken."

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.

HID Global's keycards—the company's radio-frequency-enabled plastic rectangles that are inside hundreds of millions of pockets and purses—serve as the front line of physical security for hundreds of companies and government agencies. They can also be spoofed, it turns out, by any hacker clever enough to read one of those cards with a hidden device that brushes within about a foot of it, obtain an HID encoder device, and use it to write the stolen data to a new card.

Now a team of security researchers is about to reveal how one of HID's crucial protections against that cloning technique—secret cryptographic keys stored inside its encoders—has been defeated, significantly lowering the barrier to copying credentials that let intruders impersonate staff and unlock secure areas worldwide.

At the Defcon hacker conference later today, those researchers plan to present a technique that allowed them to pull authentication keys out of the most protected portion of the memory of HID encoders, the company's devices used for programming the keycards used in customer installations. Instead of requiring that an intruder get access to an HID encoder, whose sale the company attempts to restrict to known customers, the method the researchers plan to show on the Defcon stage now potentially allows HID's secret keys to be pulled out of any encoder, shared among hackers, and even sold or leaked over the internet, then used to clone devices with any off-the-shelf RFID encoder tool.

“Once the chain of custody is broken, the vendor no longer has control over who has the keys and how they’re used,” says Babak Javadi, cofounder of the security firm the CORE Group and one of the four independent researchers who found the new HID hacking technique. “And that control is what all the security depends on.”

The team of security researchers presenting HID’s vulnerabilities at Defcon: (from left) Kate Gray, Babak Javadi, Aaron Levy and Nick Draffen.Photograph: Roger Kisby

The researchers' method, presented publicly for the first time at Defcon, mostly affects the majority of HID's customers with lower-security installations of its products, and it isn't exactly easy to pull off. HID also says it’s been aware of the technique since sometime last year and that it’s quietly worked with many of its customers to help them protect themselves against the cloning technique over the last seven months. But the possibility of extracting and leaking HID's keys considerably raises the risk that hackers—now even those without HID encoders—will be able to surreptitiously scan and copy keycards, says Adam Laurie, a longtime physical security researcher and head of product security at electric-vehicle-charging firm Alpitronic, whom the Defcon speakers briefed on their research ahead of their talk. “If you get that crypto key out of the encoder, then you can derive any component of the system from it,” Laurie says. “It is literally the keys to the kingdom.”

The researchers' technique extracts HID's crucial authentication key out of an HID encoder's Secure Application Module—the most protected element of the encoder's memory—by reverse engineering the software that controls how an encoder interacts with a so-called “configuration” keycard. Those configuration cards are how HID and its customers move authentication keys between elements of the system, such as from encoders to the readers on doors and gates. Javadi uses the analogy of an armored car designated to pick up bags of cash from a bank's vault. “As it turns out, we found a way to fool the bank manager and fabricate the transfer orders that would allow that key transfer to take place,” says Javadi, “We basically took our own armored car—our own configuration card—to the vault, and it gave us the keys.”

(From left) An HID keycard, reader, encoder and configuration card.Photograph: Roger Kisby

Compared with that key extraction, the earlier step in an HID cloning attack, in which a hacker covertly reads a target keycard to copy its data, isn't particular challenging, Javadi says. Javadi, who often performs physical penetration testing for clients, says he's cloned HID keycards to surreptitiously break into customers' facilities, scanning the keycard of unsuspecting staffers with an HID reader hidden in a briefcase with the device's audible beep switched off for added stealth. “It takes a fraction of a second,” Javadi says.

An HID reader capable of pulling data off a keycard from 6 to 12 inches away is relatively large: a 1-foot-square panel. But in addition to hiding it in a briefcase, Javadi has also tested out secreting the reader inside a backpack or a pizza box to silently read a target's keycards. His team even hid one in a paper toilet seat cover dispenser to read the keycard of employees inside a bathroom stall. “We've gotten creative with it,” he says.

The researchers have demonstrated it’s possible to extract HID’s sensitive keys by plugging an encoder into a PC running their software that instructs the encoder to transfer the authentication keys from the encoder to a configuration card without encrypting them. A “sniffer” device that sits between the encoder and configuration card reads the keys, as shown here.Photograph: Roger Kisby

**A Complex Fix in Progress**

When WIRED reached out to HID, the company responded in a statement that it's actually known about the vulnerabilities Javadi's team plans to present since sometime in 2023, when it was first informed about the technique by another security researcher whom HID declines to name. While details of the researchers' key extraction technique will be presented publicly for the first time at Defcon, HID warned customers about the existence of a vulnerability that would allow hackers to clone keycards in an advisory in January, which includes recommendations about how customers can protect themselves—but it offered no software update at that time.

HID has since developed and released software patches for its systems that fix the problem, it says, including a new one that it intends to release “very soon” following the Defcon presentation. The company declined to detail what exactly this latest patch is for or why it was necessary after its previously released software updates, but stated that its timing is unrelated to the researchers' Defcon talk. “Once available, we recommend that customers implement these new steps as soon as they are able,” HID's statement reads.

HID and the team researchers who found its vulnerabilities both say that the cloning technique works most practically against the majority of HID's customers who use so-called “standard” or “shared key” implementations of systems. In those installations, a single set of keys extracted from an encoder could be used to clone keycards for hundreds of customers. So-called “elite” or “custom key” customers, on the other hand, use a unique key for their installation, so it would require hackers to obtain an encoder or extract an encoder's keys for that specific customer, a far more difficult prospect.

A trash bin of all the HID readers the researchers destroyed in the process of developing their technique.Photograph: Roger Kisby

The team presenting at Defcon say that they also found a method to convert an HID reader taken from a customer into an encoder, which would allow cloning of keycards that use those custom keys, too. But that method requires removing the reader from the wall of a customer's building, vastly raising any intruder's risk of being caught or foiled. As such, HID recommends that customers switch to that higher security—and more expensive—custom key implementation.

HID also points out that for many customers, stolen keycard data would only allow cloning if it's written to valid HID keycards. (“HID keycards are not hard to come by,” Javadi notes.) But that safeguard doesn't apply to a common situation in which HID customers' readers are configured to allow for the use of older keycard technologies. So HID recommends that customers also update their cards and disallow the use of older card types in their facilities.

Finally, HID says that “to its knowledge,” none of its encoder keys have leaked or been distributed publicly, and “none of these issues have been exploited at customer locations and the security of our customers has not been compromised.”

Javadi counters that there's no real way to know who might have secretly extracted HID's keys, now that their method is known to be possible. “There are a lot of smart people in the world,” Javadi says. “It’s unrealistic to think we’re the only people out there who could do this.”

Despite HID's public advisory more than seven months ago and the software updates it released to fix the key-extraction problem, Javadi says most of the clients whose systems he's tested in his work don't appear to have implemented those fixes. In fact, the effects of the key extraction technique may persist until HID’s encoders, readers, and hundreds of millions of keycards are reprogrammed or replaced worldwide.

**Time to Change the Locks**

To develop their technique for extracting the HID encoders’ keys, the researchers began by deconstructing its hardware: They used an ultrasonic knife to cut away a layer of epoxy on the back of an HID reader, then heated the reader to desolder and pull off its protected SAM chip. Then they put that chip into their own socket to watch its communications with a reader. The SAM in HID’s readers and encoders are similar enough that this let them reverse engineer the SAM’s commands inside of encoders, too.

Ultimately, that hardware hacking allowed them to develop a much cleaner, wireless version of their attack: They wrote their own program to tell an encoder to send its SAM’s secrets to a configuration card without encrypting that sensitive data—while an RFID “sniffer” device sat between the encoder and the card, reading HID’s keys in transit.

HID systems and other forms of RFID keycard authentication have, in fact, been cracked repeatedly, in various ways, in recent decades. But vulnerabilities like the ones set to be presented at Defcon may be particularly tough to fully protect against. “We crack it, they fix it. We crack it, they fix it,” says Michael Glasser, a security researcher and the founder of Glasser Security Group, who has discovered vulnerabilities in access control systems since as early as 2003. “But if your fix requires you to replace or reprogram every reader and every card, that's very different from a normal software patch.”

On the other hand, Glasser notes that preventing keycard cloning represents just one layer of security among many for any high-security facility—and practically speaking, most low-security facilities offer far easier ways to get in, such as asking an employee to hold a door open for you while you have your hands full. “Nobody says no to the guy holding two boxes of donuts and a box of coffee,” Glasser says.

Javadi says the goal of their Defcon talk wasn't to suggest that HID's systems are particular vulnerable—in fact, they say they focused their years of research on HID specifically because of the challenge of cracking its relatively secure products—but rather to emphasize that no one should depend on any single technology for their physical security.

Now that they have made clear that HID's keys to the kingdom can be extracted, however, the company and its customers may nonetheless face a long and complicated process of securing those keys again. “Now customers and HID have to claw back control—and change the locks, so to speak,” Javadi says. “Changing the locks is possible. But it’s going to be a lot of work.”

How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a "laptop farm" to help get North Koreans remote jobs with American and British companies.
Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional

National Security / Identity Theft

The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a "laptop farm" to help get North Koreans remote jobs with American and British companies.

Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional damage to protected computers, aggravated identity theft and conspiracy to cause the unlawful employment of aliens.

If convicted, Knoot faces a maximum penalty of 20 years in prison, counting a mandatory minimum of two years in prison on the aggravated identity theft count.

Court documents allege that Knoot participated in a worker fraud scheme by letting North Korean actors get employment at information technology (IT) companies in the U.K. and the U.S. It's believed that the revenue generation efforts are a way to fund North Korea's illicit weapons program.

"Knoot assisted them in using a stolen identity to pose as a U.S. citizen, hosted company laptops at his residences, downloaded and installed software without authorization on such laptops to facilitate access and perpetuate the deception, and conspired to launder payments for the remote IT work, including to accounts tied to North Korean and Chinese actors," the DoJ said.

The unsealed indictment said the IT workers used the stolen identity of a U.S. citizen named "Andrew M." to obtain the remote work, defrauding media, technology, and financial companies of hundreds of thousands of dollars in damages.

Recent advisories from the U.S. government have revealed that these IT workers, part of the Workers' Party of Korea's Munitions Industry Department, are routinely dispatched to live abroad in countries like China and Russia, from where they are hired as freelance IT workers to generate revenue for the hermit kingdom.

Knoot is believed to have run a laptop farm at his Nashville residences between approximately July 2022 and August 2023, with the victim companies shipping the laptops to his home addressed as "Andrew M." Knoot then logged into these computers, downloaded and installed unauthorized remote desktop applications, and accessed the internal networks.

"The remote desktop applications enabled the North Korean IT workers to work from locations in China, while appearing to the victim companies that 'Andrew M.' was working from Knoot's residences in Nashville," the DoJ said.

"For his participation in the scheme, Knoot was paid a monthly fee for his services by a foreign-based facilitator who went by the name Yang Di. A court-authorized search of Knoot's laptop farm was executed in early August 2023."

The overseas IT workers are said to have been paid over $250,000 for their work during the same time period, causing companies more than $500,000 in costs associated with auditing and remediating their devices, systems, and networks. Knoot, the DoJ noted, also falsely reported the earnings to the Internal Revenue Service (IRS) under the stolen identity.

Knoot is the second person to be charged in the U.S. in connection with the remote IT worker fraud scheme after Christina Marie Chapman, 49, who was previously accused of running a laptop farm by hosting multiple laptops at her residence in Arizona.

Last month, security awareness training firm KnowBe4 revealed it was tricked into hiring an IT worker from North Korea as a software engineer, who used the stolen identity of a U.S. citizen and enhanced their picture using artificial intelligence (AI).

The development comes as the U.S. State Department's Rewards for Justice program has announced a reward of up to $10 million for information leading to the identification or location of six individuals linked to the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) who were sanctioned in connection with striking critical infrastructure entities in the U.S. and other countries.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data.
The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."
It also

Vulnerability / Network Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data.

The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."

It also said it continues to observe weak password types used on Cisco network devices, thereby exposing them to password-cracking attacks. Password types refer to algorithms that are used to secure a Cisco device's password within a system configuration file.

Threat actors who are able to gain access to the device in this manner would be able to easily access system configuration files, facilitating a deeper compromise of the victim networks.

"Organizations must ensure all passwords on network devices are stored using a sufficient level of protection," CISA said, adding it recommends "type 8 password protection for all Cisco devices to protect passwords within configuration files."

It is also urging enterprises to review the National Security Agency's (NSA) Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.

Additional best practices include the use of a strong hashing algorithm to store passwords, avoiding password reuse, assigning strong and complex passwords, and refraining from using group accounts that do not provide accountability.

The development comes as Cisco warned of the public availability of a proof-of-concept (PoC) code for CVE-2024-20419 (CVSS score: 10.0), a critical flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users.

The networking equipment major has also alerted of multiple critical shortcomings (CVE-2024-20450, CVE-2024-20452, and CVE-2024-20454, CVSS scores: 9.8) in Small Business SPA300 Series and SPA500 Series IP Phones that could permit an attacker to execute arbitrary commands on the underlying operating system or cause a denial-of-service (DoS) condition.

"These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow," Cisco said in a bulletin published on August 7, 2024.

"An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level."

The company said it does not intend to release software updates to address the flaws, as the appliances have reached end-of-life (EoL) status, necessitating that users transition to newer models.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold.

When a bad software update from the security firm CrowdStrike inadvertently caused digital chaos around the world last month, the first signs were Windows computers showing the Blue Screen of Death. As websites and services went down and people scrambled to understand what was happening, conflicting and inaccurate information was everywhere. Rushing to understand the crisis, longtime Mac security researcher Patrick Wardle knew that there was one place he could look to get the facts: crash reports from computers impacted by the bug.

“Even though I am not a Windows researcher, I was intrigued by what was going on, and there was this dearth of information,” Wardle tells WIRED. “People were saying that it was a Microsoft problem, because Windows systems were blue-screening, and there were a lot of wild theories. But actually it had nothing to do with Microsoft. So I went to the crash reports, which to me hold the ultimate truth. And if you were looking there you were able to pinpoint the underlying cause long before CrowdStrike came out and said it.”

At the Black Hat security conference in Las Vegas on Thursday, Wardle made the case that crash reports are an underutilized tool. Such system snapshots give software developers and maintainers insight into possible problems with their code. And Wardle emphasizes that they can particularly be a fount of information about potentially exploitable vulnerabilities in software—for both defenders and attackers.

In his talk, Wardle presented multiple examples of vulnerabilities he has found in software when the app crashed and he combed through the report looking for the possible cause. Users can readily view their own crash reports on Windows, macOS, and Linux, and they're also available on Android and iOS, though they can be more challenging to access on mobile operating systems. Wardle notes that to glean insights from crash reports, you need a basic understanding of instructions written in the low-level machine code known as Assembly, but he emphasizes that the payoff is worth it.

In his Black Hat talk, Wardle presented multiple vulnerabilities he discovered simply by examining crash reports on his own devices—including bugs in the analysis tool YARA and in the current version of Apple's macOS operating system. In fact, when Wardle discovered in 2018 that an iOS bug caused apps to crash anytime they displayed the Taiwanese flag emoji, he got to the bottom of what was happening using, you guessed it, crash reports.

“We revealed conclusively that Apple had acquiesced to demands from China to censor the Taiwanese flag, but their censorship code had a bug in it—ridiculous,” he says. “My friend who originally observed this was like, ‘My phone is being hacked by the Chinese. Whenever you text me it crashes. Or are you hacking me?' And I said, ‘Rude, I wouldn’t hack you. And also, rude, if I did hack you, I wouldn’t crash your phone.’ So I pulled the crash reports to see what was going on.”

Wardle emphasizes that if he can find so many vulnerabilities just by looking at crash reports from his own devices and those of his friends, software developers need to be looking there, too. Sophisticated criminal actors and well-funded state-backed hackers alike are probably already getting ideas from their own crash reports. Over the years, news reports have indicated that intelligence agencies like the US National Security Agency do mine crash logs. Wardle points out that crash reports are also a valuable source of information for detecting malware, since they can reveal anomalous and potentially suspicious activity. The notorious spyware broker NSO Group, for example, would often build mechanisms into into their malware specifically to delete crash reports immediately upon infecting a device. And the fact that malware is often buggy makes crashes more likely and crash reports valuable to attackers as well for understanding what went wrong with their code.

“With crash reports, the truth is out there,” Wardle says. “Or, I guess, in there.”

Computer Crash Reports Are an Untapped Hacker Gold Mine

New research shows how known techniques for finding weaknesses in websites are actually practical in uncovering vulnerabilities, for better or worse.

Researchers have long known that they can glean hidden information about the inner workings of a website by measuring the amount of time different requests take to be fulfilled and extrapolating information—and potential weaknesses—from slight variations. Such “web timing attacks” have been described for years, but they would often be too involved for real-world attackers to utilize in practice, even if they work in theory. At the Black Hat security conference in Las Vegas this week, though, one researcher warned that web timing attacks are actually feasible and ripe for exploitation.

James Kettle, director of research at the web application security company PortSwigger, developed a set of web timing attack techniques that can be used to expose three different categories of vulnerabilities in websites. He validated the methods using a test environment he made that compiled 30,000 real websites, all of which offer bug bounty programs. He says the goal of the work is to show that once someone has a conceptual grasp on the types of information web timing attacks can deliver, taking advantage of them becomes more feasible.

“I’ve always kind of avoided researching timing attacks because it’s a topic with a reputation,” Kettle says. “Everyone does research into it and says their research is practical, but no one ever seems to actually use timing attacks in real life, so how practical is it? What I’m hoping this work will do is show people that this stuff does actually work these days and get them thinking about it.”

Kettle was inspired in part by a 2020 research paper titled “Timeless Timing Attacks,” which worked toward a solution for a common issue. Known as “network jitter,” the paper's moniker refers to time delays between when a signal is sent and received on a network. These fluctuations impact timing measurements, but they are independent of the web server processing measured for timing attacks, so they can distort readings. The 2020 research, though, pointed out that when sending requests over the ubiquitous HTTP/2 network protocol, it is possible to put two requests into a single TCP communication packet so you know that both requests arrived at the server at the same time. Then, because of how HTTP/2 is designed, the responses will come back ordered so that the one that took less time to process is first and the one that took longer is second. This gives reliable, objective information about timing on the system without requiring any extra knowledge of the target web server—hence, “timeless timing attacks.”

Web timing attacks are part of a class of hacks known as “side channels,” in which the attacker gathers information about a target based on its real world, physical properties. In his new work, Kettle refined the “timeless timing attacks” technique for reducing network noise and also took steps to address similar types of issues with server-related noise so his measurements would be more accurate and reliable. He then started using timing attacks to look for otherwise invisible coding errors and flaws in websites that are usually difficult for developers or bad actors to find, but that are highlighted in the information that leaks with timing measurements.

In addition to using timing attacks to find hidden footholds to attack, Kettle also developed effective techniques for detecting two other common types of exploitable web bugs. One, known as a server-side injection vulnerability, allows an attacker to introduce malicious code to send commands and access data that shouldn't be available. And the other, called misconfigured reverse proxies, allows unintended access to a system.

In his presentation at Black Hat on Wednesday, Kettle demonstrated how he could use a web timing attack to uncover a misconfiguration and ultimately bypass a target web application firewall.

“Because you found this inverse proxy misconfiguration you just go around the firewall,” he told WIRED ahead of his talk. “It's absolutely trivial to execute once you’ve found these remote proxies, and timing attacks are good for finding these issues.”

Alongside his talk, Kettle released functionality for the open source vulnerability-scanning tool known as Param Miner. The tool is an extension for the popular web application security assessment platform Burp Suite, which is developed by Kettle's employer, PortSwigger. Kettle hopes to raise awareness about the utility of web timing attacks, but he also wants to make sure the techniques are being utilized for defense even when people don't grasp the underlying concepts.

“I integrated all these new features into Param Miner so people out there who don't know anything about this can run this tool and find some of these vulnerabilities,” Kettle says. “It’s showing people things that they would have otherwise missed.”

Tricky Web Timing Attacks Are Getting Easier to Use—and Abuse

Cybercriminals have leaked records from National Public Data, a data scraping service that provides background checks.

Cybercriminals are offering a large database for sale that may include your data without you even being aware of its existence.

The stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group by the name of USDoD.

In April, a member of this group posted the database, which contains the data of some 2.9 billion people, up for sale for $3.5 million. Then, earlier this week, the 277 GB of data was offered for download for free on the notorious BreachForums by another member of the USDoD group.

USDoD member posted links to database

The database contains records that, among others, contain the fields:

*   First name
*   Last name
*   Middle name
*   Date of Birth
*   Address
*   City
*   County
*   State
*   Zip code
*   Phone number
*   Social Security Number

The publication of the data came a few days after a complaint was filed in the US District Court for the Southern District of Florida. The complaint against Jerico Pictures Inc, trading as National Public Data, accuses the defendant of failure to properly secure and safeguard the personally identifiable information (PII) that it collected as part of its regular business practices.

Jerico Pictures is a background check company that allows its customers to instantly search their database containing billions of records. The data in these records is scraped from non-public sources without knowledge or consent. A major problem with this is that the company has no ties with the victims, so most of them will have no idea that their data has been made public.

The plaintiff filed the complaint after they found out about the breach when an identity theft protection service notified him in July that their personal information had been compromised and leaked on the dark web.

This, while apparently some of the victims have already noticed the misuse of their Social Security Numbers.

One of the requests of the plaintiff is for the court to require National Public Data to purge the personal information of all the individuals affected and to encrypt all data collected going forward.

We have voiced our objections against data brokers in the past. The same is true for data scrapers like National Public Data, because, as we have seen, breaches at these data brokers can be combined with others and result in a veritable treasure trove of personal data ending up in the hands of cybercriminals. This database by itself qualifies as such a treasure trove and it is now available to every cybercriminal out there.

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Stolen data from scraping service National Public Data leaked online 

Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName().  A rogue administrator could inject malicious code.

**Concrete CMS Stored XSS in getAttributeSetName**

Low severity GitHub Reviewed Published Aug 8, 2024 to the GitHub Advisory Database • Updated Aug 8, 2024

GHSA-w6j6-w6jx-vf2r: Concrete CMS Stored XSS in getAttributeSetName

At Black Hat USA, security researcher Michael Bargury released a "LOLCopilot" ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling.

Source: Marcos Alvarado via Alamy Stock Photo

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Enterprises are implementing Microsoft's Copilot AI-based chatbots at a rapid pace, hoping to transform how employees gather data and organize their time and work. But at the same time, Copilot is also an ideal tool for threat actors.

Security researcher Michael Bargury, a former senior security architect in Microsoft's Azure Security CTO office and now co-founder and chief technology officer of Zenity, says attackers can use Copilot to search for data, exfiltrate it without producing logs, and socially engineer victims to phishing sites even if they don't open emails or click on links.

Today at Black Hat USA in Las Vegas, Bargury demonstrated how Copilot, like other chatbots, is susceptible to prompt injections that enable hackers to evade its security controls.

The briefing, Living off Microsoft Copilot, is the second Black Hat presentation in as many days for Bargury. In his first presentation on Wednesday, Bargury demonstrated how developers could unwittingly build Copilot chatbots capable of exfiltrating data or bypassing policies and data loss prevention controls with Microsoft's bot creation and management tool, Copilot Studio.

**A Red-Team Hacking Tool for Copilot**

Thursday's follow-up session focused on various risks associated with the actual chatbots, and Bargury released an offensive security toolset for Microsoft 365 on GitHub. The new LOLCopilot module, part of powerpwn, is designed for Microsoft Copilot, Copilot Studio, and Power Platform.

Bargury describes it as a red-team hacking tool to show how to change the behavior of a bot, or "copilot" in Microsoft parlance, through prompt injection. There are two types: A direct prompt injection, or jailbreak, is where the attacker manipulates the LLM prompt to alter its output. With indirect prompt injections, attackers modify the data sources accessed by the model.

Using the tool, Bargury can add a direct prompt injection to a copilot, jailbreaking it and modifying a parameter or instruction within the model. For instance, he could embed an HTML tag into an email to replace a correct bank account number with that of the attacker, without changing any of the reference information or altering the model with, say, white text or a very small font.

"I'm able to manipulate everything that Copilot does on your behalf, including the responses it provides for you, every action that it can perform on your behalf, and how I can personally take full control of the conversation," Bargury tells Dark Reading.

Further, the tool can do all of this undetected. "There is no indication here that this comes from a different source," Bargury says. "This is still pointing to valid information that this victim actually created, and so this thread looks trustworthy. You don't see any indication of a prompt injection."

**RCE = Remote "Copilot" Execution Attacks**

Bargury describes Copilot prompt injections as tantamount to remote code-execution (RCE) attacks. While copilots don't run code, they do follow instructions, perform operations, and create compositions from those actions.

"I can enter your conversation from the outside and take full control of all of the actions that the copilot does on your behalf and its input," he says. "Therefore, I'm saying this is the equivalent of remote code execution in the world of LLM apps."

During the session, Bargury demoed what he describes as remote Copilot executions (RCEs) where the attacker:

*   Exfiltrates data in advance of an earnings report to trade on that information
    
*   Makes Copilot a malicious insider that directs users to a phishing site to harvest credentials
    

Bargury isn't the only researcher who has studied how threat actors could attack Copilot and other chatbots with prompt injection. In June, Anthropic detailed its approach to red team testing of its AI offerings. And for its part, Microsoft has touted its red team efforts on AI security for some time.

**Microsoft's AI Red Team Strategy**

In recent months, Microsoft has addressed newly surfaced research about prompt injections, which come in direct and indirect forms.

Mark Russinovich, Microsoft Azure’s CTO and technical fellow, recently discussed various AI and Copilot threats at the annual Microsoft Build conference in May. He emphasized the release of Microsoft's new Prompt Shields, an API designed to detect direct and indirect prompt injection attacks.  

"The idea here is that we're looking for signs that there are instructions embedded in the context, either the direct user context or the context that is being fed in through the RAG \[retrieval-augmented generation\], that could cause the model to misbehave," Russinovich said.

Prompt Shields is among a collection of Azure tools Microsoft recently launched that are designed for developers to build secure AI applications. Other new tools include Groundedness Detection to detect hallucinations in LLM outputs, and Safety Evaluation to detect an application's susceptibility to jailbreak attacks and creating inappropriate content.

Russinovich also noted two other new tools for security red teams: PyRIT (Python Risk Identification Toolkit for generative AI), an open source framework that discovers risks in generative AI systems. The other, Crescendomation, automates Crescendo attacks, which produce malicious content. Further, he announced Microsoft’s new partnership with HiddenLayer, whose Model Scanner is now available to Azure AI to scan commercial and open source models for vulnerabilities, malware or tampering.

**The Need for Anti-"Promptware" Tooling**

While Microsoft says it has addressed those attacks with safety filters, AI models are still susceptible to them, according to Bargury.

He says in specific, there's a need for more tools that scan for what he and other researchers call "promptware," i.e., hidden instructions and untrusted data. "I'm not aware of anything you can use out of the box today \[for detection\]," Bargury says.

"Microsoft Defender and Purview don't have those capabilities today," he adds. "They have some user behavior analytics, which is helpful. If they find the copilot endpoint having multiple conversations, that could be an indication that they're trying to do prompt injection. But actually, something like this is very surgical, where somebody has a payload, they send you the payload, and \[the defenses\] aren't going to spot it."

Bargury says he regularly communicates with Microsoft's red team and notes they are aware of his presentations at Black Hat. Further, he believes Microsoft has moved aggressively to address the risks associated with AI in general and its own Copilot specifically.

"They are working really hard," he says. "I can tell you that in this research, we have found 10 different security mechanisms that Microsoft's put in place inside of Microsoft Copilot. These are mechanisms that scan everything that goes into Copilot, everything that goes out of Copilot, and a lot of steps in the middle."

**About the Author**

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Latest News