GOT(IT) #7: WPA2 vulnered, Android’s DoubleLocker ransomware, plus naval and aircraft military data stolen.

GOT(IT) 7 WPA2 breachedHow do you react that a world-wide used standard that has been compromised? Patches, patches everywhere.

GOT(IT) #7 got us a bit worried with one of its titles being the discovery of an attack that can compromise the WPA2 Wi-Fi security standard. But hey a few patches here and there and maybe a couple of us can rest easy.

That’s not all folks though, the DoubleLocker android ransomware raised the alarm, and a defense contractor lost secret data to military-grade airplanes. 

WPA2 Security Protocol Breached

GOT(IT) 7 WIFI PROTOCOL BREACHEDThis major IT panic-attack was discovered by Mathy Vanhoef from the KU Leuven University, proving an attacker can compromise a network using key re-installation attacks (or KRACKS, as it was named) against the 4-way handshake in the protocol.

We’re talking about the standard itself, thus all devices which make use of it are properly affected by it. There’s different variations of the attack,  but Vanhoef explained detailed the main concept of the attack on the official announcement website:

“It is achieved by manipulating and replaying cryptographic handshake messages. When the victim reinstalls the key, associated parameters such as the incremental transmit packet number (i.e. nonce) and receive packet number (i.e. replay counter) are reset to their initial value. Essentially, to guarantee security, a key should only be installed and used once. Unfortunately, we found this is not guaranteed by the WPA2 protocol. By manipulating cryptographic handshakes, we can abuse this weakness in practice”. 

KRACK potentially gives access to sensitive not-encrypted data, like credit cards, plus the possibility of injecting and manipulating malicious data in the network. As for the solutions, all major providers are working on device updated to patch the issue, plus giants like Microsoft already addressed the matter on this week’s updates.

So with patches on-the-way and massive updates like Microsoft’s, where does the risk stand? The risk stands on the implementation of said patches on outdated systems and mobile devices, consumer-grade users are a concern when it comes to proper patching of routers, and not-so-common systems. The risk spreads to Linux, Android, Windows, Apple’s OS, Lynksys, MediaTek, and so on.


Android DoubleLocker Ransomware

GOT(IT) 7 Android doublelocker

The Slovak security firm ESET recently discovered an Android ransomware with a quite ruthless attack: it’s capable of locking you out by changing the pin, it then encrypts your data, PLUS it does so by exploiting Android’s accessibility services.

The device is infected through a fake Flash Update, spread on malicious websites, and once launched it sets itself as the default Launcher app so whenever the Home button is pressed, the malware is activated.

DoubleLocker’s objective? The same as all ransomware, money. And for them, one reason wasn’t enough, so they gave users two reasons to cash their phones out: Not only it locks your Android, it encrypts all data and gives you a time-limit before all of them are lost.

Prevention is your best ally against this one, since currently only a factory-reset does the trick. So keep your heads up and your phone clean! That, or pay 0.0130BC for your files (about 54 bucks).


Secret F-35, P-8, and C-130 Technical Data Stolen

GOT(IT) 7 F-35 data stolen

The Australian Signals Directorate (ASD) lost 30 gigabytes of commercial and aerospace data on a 3-month long attack nicknamed “Alf’s Happy Mystery Fun Time”. This information was protected by the International Traffic in Arms Regulations, in charge of regulating the export of military technologies.

The event was reported by the Australian Cyber Security Centre (ACSC), who specified the attack started on July 2016 as it silently infiltrated the firm. For three months it went unnoticed, and apparently that gave the enough time to technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon Maritime patrol aircraft, the C-130 aircraft, and several Australian naval vessels.

The main cause of this attack was the lack of preparation the small firm had, with no DMZ protective network, no regular patching, and a year-long Helpdesk vulnerability the company had. However, the attacker wasn’t even bothered… Most credentials had the good ol’ ‘admin’-‘admin’. 


Tough week for the network industry. What comes next? Well a few weeks of patching, and lots of world-wide talks to discuss a new Wi-Fi security protocol.


Nicolas Poggi

Nicolas Poggi

Nicolas Poggi is the head of mobile research at Prey, Inc., provider of the open source Prey Anti-Theft software protecting eight million mobile devices. Nic’s work explores technology innovations within the mobile marketplace, and their impact upon security. Nic also serves as Prey’s communications manager, overseeing the company’s brand and content creation. Nic is a technology and contemporary culture journalist and author, and before joining Prey held positions as head of indie coverage at TheGameFanatics, and as FM radio host and interviewer at IndieAir.