Welcome to Zero Day's Week In Security, our roundup of notable security news items for the week ending February 20, 2015. Covers enterprise, controversies, reports and more.
This week Lenovo poisoned its own PCs with dangerous Superfish adware, US and UK spies hacked SIM card manufacturer master keys to decrypt mobile data worldwide, Obama got encryption wrong, Netgear router issues could allow auth bypass, Android malware fakes phone shutdown to steal data, Kaspersky has reported that bank hackers stole over $1 billion, and much more.
- Lenovo's poisonous Superfish: Chinese hardware manufacturer Lenovo got caught Wednesday shipping consumer Windows laptops with adware that hijacks security by compromising all SSL connections, as well as inserting ads into search results. Lenovo said that Superfish was shipped on its notebook devices between September and December 2014, and when a user requested it be shut off, it was discovered the adware was only being disabled temporarily. Lenovo said Superfish is not a 'security concern' -- yet its own advisory marked it highly severe (as did EFF and others). LastPass made a Superfish checker so you can find out if you're affected, including helpful instructions on that to do if you are.
- In the wake of the discovery that Lenovo had surreptitiously installed the Superfish adware on consumer notebook products shipped between September and December, the Decentralized SSL Observatory reports it has found 44,000 man-in-the-middle certificates, all signed by the same Superfish root certificate.
I setup a hostile Apache webserver with the cracked Superfish CA cert. My infected laptop indeed connects w/o error pic.twitter.com/Dexo5dsS3U
-- Rob Graham (@ErrataRob) February 19, 2015
-- CERT/CC (@certcc) February 19, 2015
If you used a Lenovo computer to access patient health information I think, strictly speaking, you just had a HIPAA reportable breach.
-- Patrick McKenzie (@patio11) February 19, 2015
- Netgear, not great: A warning has been issued about what appears to be a serious security issue affecting several Netgear WiFi routers, and could result in hackers stealing sensitive information, including admin passwords and wireless keys. Details of the vulnerability were published (alongside proof-of-concept exploit code) by security researcher Peter Adkins, who explained that the flaw lay in the SOAP service embedded inside the vulnerable Netgear routers.
- Microsoft has opened its fifth global Cybercrime Satellite Centre in Singapore to support its cybercrime efforts in Asia-Pacific, which is increasingly a hot target for hackers. The facility is the third in the region where there are similar centers in Beijing and Tokyo, and will lend its services to Southeast Asian economies including India, South Korea, Australia, and New Zealand. The other two global sites are in Berlin and Washington, the latter of which was where the first was launched in November 2013.
- President Obama met with business leaders at a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University in Palo Alto, Calif. The president tried to walk a fine line on encryption, but the technical aspects of encryption actually are quite black and white, experts say, adding that the example Obama used to illustrate the risks of encryption doesn't match up with how tech companies are deploying the security measure for customers.
- SIM card spying goes nuclear: According to top secret documents made public Thursday, US and UK spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.
- On Monday at the Kaspersky Labs Security Analyst Summit, the firm unveiled research concerning the existence of a cyberattack team dubbed The Equation Group. The group, which Kaspersky Lab Global Research and Analysis Team (GReAT) members dub the "ancestor" of Stuxnet and Flame operators, has been in operation dating back to 2001 and possibly as early as 1996. A long list of almost superhuman technical feats illustrate Equation Group's extraordinary skill, painstaking work, and unlimited resources, including spiking conference CD's with very refined malware.
- Kaspersky researchers have discovered the theft of $1 billion from banks over the past two years. Researchers from the security firm, working together with the International Criminal Police Organization (Interpol), Europol and law enforcement agencies including the NHTCU have uncovered a two-year criminal operation which relieved banks of $1 billion worldwide.
- A particularly devious new strain of Android malware can make calls or take photos even if you shut the device down, according to security research firm AVG. To achieve this, the malware hijacks the shutting down process - making it appear as though your Android device is shutting down. You see the animation, the screen goes black, but the phone is actually still on.