whitenoise

technology notes… mobile and embedded.

Posts Tagged ‘rootkit

Kernel.org has been hacked.

leave a comment »

On Aug31 kernel.org broke the news that many of its servers have been compromised by unknown attackers. They broke in using a compromised user account and installed a rootkit that was silently monitoring user activity among other things. The gory details are best described here

Youve_Been_HackedIt should be pretty embarrassing when when this happens around the 20th anniversary  of Linux.

But the hack has made us all know some very important details about the integrity of kernel source
and the resilience of git itself against such attack.

Resilient Git For each file in the git repository a cryptographically secure hash is generated and the hash uniquely identified the content of that file along with its history.  So any modification into an old commit WITHOUT changing the hash is very difficult.
So from a source code perspective we could be fairly sure that no change could be injected onto it. This blog post at the Linux foundation explains it well.

However Aside from Git, kernel.org also hosts the signatures and some key components used to sign the kernel drops.
See the post here to know how the signing works. If the intruder got the private key ,then he could modify source (outside of git) and make tar archives and sign it.

This may be the reason ALL archives and patches hosted in kernel.org has been pulled down .Even the AOSP project  has pulled down its link ((link: http://android.git.kernel.org/) to the source code .So for now it is advisable not to take any of the archives hosted in the server until we hear an update on this.

I expect that the private key is updated and a new public key is put up here .Only then it would be safe to download the new kernels.

Damage control:
  Swift action has been taken on this .The passwords of all the users of the kernel.org (448 of them) have been reset . The attacker accessed the kernel.org using the credentials of one of the user. While all of this is happening the kernel source has temporarily moved to GitHub.

In the end,this entire episode has let many lay users(like me ) to learn more about git’s integrity and some insight on how the entire kernel.org release happens. Also there is no need for us to  worry about the kernel source being compromised now or even in the foreseeable future.

Advertisements

Written by sujai

September 6, 2011 at 12:17 am

Posted in technology, Uncategorized

Tagged with , , , , ,

On apps and security .

with 2 comments

While the appstore phenomena has brought is a lot of cool utilities to your smart phone, there are side effects too. Last week saw one of the most dramatic demonstration of what many have been fearing for sometime now. Malware on Smartphone!

And with some intelligent social engineering tricks, it could invade the ecosystem in the matter of days .

evil_android_thumb Several android web pages reported of a very powerful malware that got into the Android market place. Here is how the app installs the malware.

The malware publisher (goes by name Myournet) takes some of the  popular android games and then injects root exploits into the application package and republishes the apps back. All these are variants of the original popular apps, but but they are available FREE. Within days several users download the app and install it. A detailed report is here.

How it works: The malware actually installs a rootkit and ‘steals’ all personal information on your device and sends to a remote location. Besides the malware always opens up a backdoor with your device allowing more worms/malicious code to be run.  This blog post by a mobile security firm has the gory details.

Some points to note:
* The malware’s existence was not known by Google until someone posted about it in public domain .
* While Google was (somewhat) swift to respond , the damage was done. Private data from many phones have been sent to a nefarious user. Would have been very good if the app didn’t enter the ecosystem in the first place.
* Community to the rescue : Google responded by nuking the app with its kill switch. But then the first fixes came from members of XDA.

We can be happy that though the Android market is ‘open’ Google has put in some features in platform to recover back .

How about genuine apps ? Malware isn’t the only security threats to private data. The  Freedom to tinker website had a  blog post recently on the information shared by some of the popular Smartphone apps. The author had used sniffing tools like wire shark to sniff his Android phone.

F5T0XHAF04FMXU0.MEDIUM copy[19]The Android face book app sends stuff out in the open so anyone could read your posts..  It is also possible to make bogus posts, the author says. Some things to be careful of.

Wired’s ‘open’ edition: I’ll close this blog with a note about a recent Wired magazine issue that sums it up all.Some of the wired magazine  subscribers got a ‘very personal’ edition of their copy.   It had lot of information that Wired had gleaned about the subscriber!! The editors used online browsing history, electoral records and ‘social networks’. The magazine just shows how much information we expose unknowingly.

When they do this exercise the next time, they will have yet another ‘gold mine’ of private information -your ‘smart’ phone!

[Image credit : Mobilecrunch , Prohack]

Written by sujai

March 12, 2011 at 9:41 pm

%d bloggers like this: