iot | Page 2


During the process of analyzing android malware, we usually meet some APK samples which hide or encrypt their main logic code.  Only at some point does the actual code exist in the memory, so we need to find the right time to extract it.  In this blog, I present a case study on how to repair a DEX file in which some key methods are erased with NOPs and decrypted dynamically when ready to be executed. Note: All the following analysis is based on android-4.4.2_r1(KOT49H). Let’s start our journey! First, I open the classes.dex... [Read More]
by RSS Kai Lu  |  Apr 05, 2017  |  Filed in: Security Research
This year I again participated in the Insomni'hack conference held in Geneva, Switzerland. The conference started off with workshops, including mine on Android malware reversing - provided at cost. The workshop's virtual environment for reversing can be downloaded here from github. [Read More]
by RSS Axelle Apvrille  |  Apr 02, 2017  |  Filed in: Industry Trends & News
Going wireless with a customer’s network and cloud was once a leap. Now it’s simply the next step. According to Cisco’s latest Global Cloud Index, 92% of workloads will be processed in cloud data centers by 2020, and research from IDG shows worldwide spending on public cloud service will grow to more than $141B by 2019. As the use of the cloud grows, however, the potential attack surface becomes substantially larger and organizations are exposed to new risks. But that’s not all. While technology is evolving, so are customer... [Read More]
by RSS Amy Thompson  |  Mar 31, 2017  |  Filed in: Industry Trends & News
Today, Fortinet released our quarterly Threat Landscape Report for Q4 of 2016. The data in it was drawn from millions of security devices located around the world that analyze up to 50 billion threats a day. Which means that the conclusions and trends detailed in this report are based on over a trillion security events that occurred between Oct 1 and Dec 31, 2016. [Read More]
by RSS Derek Manky  |  Mar 28, 2017  |  Filed in: Security Research
A monthly review of some of the previous month's most interesting security research publications [Read More]
by RSS Axelle Apvrille  |  Mar 24, 2017  |  Filed in: Security Research
Ztorg, also known as Qysly, is one of those big families of Android malware. It first appeared in April 2015, and now has over 25 variants, some of which are still active in 2017. Yet, there aren't many technical descriptions for it - except for the initial Ztorg.A sample - so I decided to have a look at one of the newer variants, Android/Ztorg.AM!tr, that we detected on January 20, 2017. The sample poses a "Cool Video Player" and its malicious activity was so well hidden I initially thought I had run into... [Read More]
by RSS Axelle Apvrille  |  Mar 15, 2017  |  Filed in: Security Research
In the part 1 of this blog, we saw that Android/Ztorg.AM!tr silently downloads a remote encrypted APK, then installs it and launches a method named c() in the n.a.c.q class. In this blog post, we’ll investigate what this does. This is the method c() of n.a.c.q: This prints "world," then waits for 200 seconds before starting a thread named n.a.c.a. I'll spare you a few hops, but among the first things we notice is that the sample uses the same string obfuscation routine, except this time it is not... [Read More]
by RSS Axelle Apvrille  |  Mar 15, 2017  |  Filed in: Security Research
IoT security challenges include weak authentication and authorization protocols, insecure software, firmware with hard-coded backdoors, poorly designed connectivity and communications, and little to no configurability. Many devices were developed around chunks of commonly available and largely untested code, compounding security vulnerabilities across thousands of devices sold through dozens of manufacturers. And to make matters worse, IoT devices are often “headless,” with limited power and processing capabilities. This not only means they can [Read More]
by RSS Jonathan Nguyen-Duy  |  Mar 09, 2017  |  Filed in: Industry Trends & News
In the all-out war for data, the healthcare industry is getting hit the hardest. Experian’s fourth annual 2017 Data Breach Industry Forecast states that healthcare organizations will be the most targeted sector for attack, with new and sophisticated attacks emerging. If healthcare organizations and their IT teams aim to keep data safe, they need to take a step back to assess the overall security landscape and the security processes currently in place on a macro level. [Read More]
by RSS Susan Biddle  |  Mar 03, 2017  |  Filed in: Industry Trends & News
Tags: IoT healthcare
For the enterprise, we recommend a three phase approach to security based around learning what is on your network, dividing the network into separated segments, and then implementing appropriate security that provides critical protections without compromising functionality and interoperability. [Read More]
by RSS Anthony Giandomenico  |  Mar 02, 2017  |  Filed in: Industry Trends & News