Security of file-sharing Android app questioned, a new payment card skimmer found and hack of a French IT monitoring application discovered.
Welcome to Cyber Security Today. It’s Wednesday February 17th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
 |
 |
 |
Users of the Android version of a file-sharing app called ShareIt are being warned of vulnerabilities that could allow their data to be leaked to an attacker or their mobile device taken over. The warning comes from security vendor Trend Micro, which created a proof of concept attack to prove the vulnerabilities. It alerted the app developer, a company called Smart Media 4U Technology, three months ago but has got no response. As a result Trend Micro is releasing its findings now. ShareIt’s site in the Google Play store says the app has been downloaded a billion times.
Hackers continue to find new ways of stealing payment card data from point of sale devices in stores. Security reporter Brian Krebs reported a new one this week: A Bluetooth-enabled device that crooks fit on top of payment card terminals to skim off the data from credit and debit cards. People paying for goods with their cards don’t realize the device has been tampered with. The goal is to copy customers’ PIN numbers, as well as the data on the black stripe on the back of the card.
Then crooks can clone the card. It’s been known for some time that the data on the black stripe can be hacked, so payment card companies are switching to cards with a security chip that has encrypted data. It’s very hard to clone those cards. Fighting back, this new skimmer device blocks the payment terminal from reading the chip, so customers are forced to swipe their cards. Swiping reads the black stripe on the back. So this discovery is a warning: If for some reason the card reader in a store refuses to let you tap your card or won’t read the chip if you insert it in the bottom of the reader, don’t swipe the card. Either pay cash or say you won’t buy the product. There’s a good chance the card reader has been compromised.
Most listeners know about the hacking of SolarWinds’ Orion network monitoring software. Attackers suspected of being from Russia compromised software updates to install backdoors into Orion. That allowed the attackers to use Orion to get into computer systems of a number of organizations, including U.S. government departments. This week France’s information security agency said hackers believed to be from Russia were able to compromise a French-based corporate IT monitoring application called Centreon for three years. The security agency said the first French organization was victimized in 2017.
Most victims were information technology providers including web hosting firms. A Russian-based group dubbed Sandworm is suspected of being behind this attack. It isn’t clear if like the Orion incident the attackers installed a backdoor, or were able to find a vulnerability in Centreon to exploit. Centreon told Wired magazine that it had only just seen the report and couldn’t say if the vulnerabilities spotted had been corrected over the years by security patches.
UPDATE:
After this podcast was recorded Centreon issued a news release saying the compromised application described by the French security firm is an open-source version 2.5.2 that is “obsolete.” That version was released in November 2014. The statement says the security agency has confirmed only about 15 entities were the target of this campaign, and that they all use the older open-source version, Centreon, which has an office in Toronto, is currently contacting all of its paying customers and partners to assist them in verifying their installations are current. Centreon notes the security agency report confirms that Centreon didn’t distribute or contribute to spreading malicious code, as happened with Orion.
That’s it for today. Links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. And don’t forget to register for our security newsletter right here.