01 November 2019

191101 WhatsApp installs new rootkit - part2 of the story

Reference:
https://zenosloim.blogspot.com/2019/07/190704-whatsapp-installs-new-rootkit.html

Part 2 of the story continues here:

https://www.theguardian.com/technology/2019/oct/29/whatsapp-sues-israeli-firm-accusing-it-of-hacking-activists-phones

https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup/facebook-sues-israels-nso-group-over-alleged-whatsapp-hack-idUSKBN1X82BE

Kaspersky has done its job.


12 September 2019

190912 Latest attack vector on digital payment systems

190912 Latest attack vector on digital payment systems

Sweden's top military and intelligence community considers Russia as main and closest military and national threat.
The contemporan history of Russian submarines "visit" to Sweden's waters is well-known.
As well as Sweden's preoccupation for Russian military presence in Baltic Sea.

If all above elements were not enough, Russia's latest Orlan drones included in the Leer-3 electronic warfare complex, should be a nightmare.
Why?

Leer-3 electronic warfare system can:
- jam cell phone base stations and act as their substitute.
- can monitor all incoming and outgoing traffic of cell phone stations.
- can remotely plug-in into the base stations and intercept their data flow.

Concrete implications:
- total disruption of Sweden's digital payment systems: almost all payment terminals are using the mobile network and cell-phone base stations
- total disruption of all Bankomat stations, hence no one in Sweden will be able to access own banking account and dispose of own money/cash
- localization and neutralization of any person in Sweden owing a mobile phone, even if phone is closed

In the light of these news, just wonder once again if Riksbanken plans for a so-called "e-krona" is realistic or just "inconscience".

At least, no one yet in Sweden tries or plans to drop the physical Swedish National ID-Card (ID-card, or Driving licence, or Company ID-Card) and replace it with a "mobile phone + Swedish Digital bank-ID".

However, many software developers still "dream" of e-kronan, unhackable and functionally even during military conflicts.
Still a dream imho, because even in near future, no economically sustainable mobile device can be bought by ordinary people.
Actual military communication systems are far too expensive to be accessible in portable form to ordinary citizens.
Forget any crypto system working on a mobile network.

previous reference:
181107 - Swedish Digital Bank-ID hacked again - How secure is e-krona - open letter to the Swedish State:
https://zenosloim.blogspot.com/2018/11/181107-swedish-digital-bank-id-hacked.html

Just "Google" for Orlan Leer-3, and you wil find why.

That is why the physical Swedish National ID-Card will exist for many years ahead.
And hope also for the Swedish "sedel + mynt" krona.
E-krona is a just a nice and naive dream, but in a world full of greed, aggresivity and non-humanism. A "Jungle of animals".
A dream which can easy transform in a nightmare for Swedish people and economy.

29 August 2019

190829 GDPR, Outsourcing and Microsoft Office 365 banned in German schools

190829 GDPR, Outsourcing and Microsoft Office 365 banned in German schools
=======================================================================

Recently in July 2019, German state authorities banned using of Microsoft Office 365 due to privacy concerns and security issues.
Microsoft answer and promise of moving cloud data from servers outside EU to others inside EU space is just a gimmick to circumvent recent GDPR legislation.

Why?

The proof is the quite recent scandal from Sweden, where internal databases of Transportation Ministry (Transport Styrelsen) and private sensitive data where accessed of unverified and unauthorised personal of IBM Romania in Bucharest.

How it happened? 
Simple. 
"Greed", "Cut costs", "Outsourcing" and "Cloud computing and storage" are the answers.

Transportation Ministry (Transport Styrelsen) has outsourced the maintenance of its databases to IBM Sweden in Stockholm.
Via IBM intranet, all sensitive data was accessible worldwide.

The mechanism is identical in Germany and in rest of Sweden, where any state authority or private company has outsourced its internal IT services and maintenance.
Technically inside affected customer, is drawn a physical paralel cabled network directly coupled/mapped to intranet of the external international company responsible for outsourcing services, circumventing totally actual EU GDPR legislation and compromising internal security of affected customer.
Or direct VPN links are established between intranet of company responsible for outsourced services and intranet of the customer.

The common element is one: all companies responsible for outsourcing services are located in USA.


04 July 2019

190704 WhatsApp installs new rootkit

190704 - WhatsApp installs new rootkit, yet undetected by all major security softwares

You thought WhatsApp has solved its "exploits" used by state intelligence communities from USA, Great Britain, Australia, Canada, New Zealand and Israel?
Nope.

You can also wonder if it was an exploit, or an "actively tolerated" backdoor ordered by NSA, GCHQ.
And "developed" with Israeli programmers support.

In any case, between 27 of june 2019 and 1 of july 2019, I managed to neutralize and identify a new type of Android rootkit, which was completely undetected by Symantec, Kaspersky, Avast/AVG, ESET.

The rootkit was detected by an indirect method which I will describe here. And eliminated also.

However, THANK YOU, USA, UK, Canada, Australia, New Zealand and especially Israel for the honour accorded to my person, and my swedish phone number: +46 720 329614.

I will technically describe how I detected and eliminated the rootkit, so that your programmers will "correct" the mistakes done, and improve your rootkit for better undetected use.

Same rootkit is also spread packaged with various popular softwares, made available via a "curiously tolerated by US authorities" piracy site, "forum.mobilism.org".

Used devices: 
Motorola G6 Plus rooted with latest Magisk, Xposed; 
Windows Desktop PC

Windows Software:
Symantec Endpoint Protection

Android Softwares: 
Kaspersky Mobile Antivirus AppLock & Web Security
Avast Antivirus Mobile Security & Virus Cleaner
ESET Mobile Security & Antivirus
Marcel Bokhorst NetGuard Pro
3C Battery Monitor Widget Pro
GSam Labs GSam Battery Monitor Pro

Install all needed softwares above.
Configure NetGuard Pro to block anything on Mobile Data and WiFi.
Install/reinstall WhatsApp or some of the softwares "released" on "forum.mobilism.org" between 27 june 2019 and 30 june 2019.
Assume your person is an "interesting profile" for The 5 Eyes Community (US+UK+CA+AU+NZ) or Israel.
It's enough your number is called or you make just one call.
Open WiFi. Keep it open few minutes. Then close WiFi.
Wait at least 12 hours, do not use the phone or the WiFi in it.
The rootkit will trigger itself, trying to send the logged data from your device.
There is a "bug" in the rootkit which will do the following: if it can not send logged data for at least 12 hours, because it is blocked by firewall (used latest version actual for the time period named - possible the author to be "bought" by the affected 5 Eyes + Israel - not sure if future versions will successfully block the rootkit), the rootkit will infect the process "com.motorola.modemservice", in practice "hammering" the phone modem, to be able to force-sending via mobile data, the logged data.
Not being able, this "hammering" will result in an indirect higher power consumption, detected by both 3C Battery Monitor Widget Pro and GSam Labs GSam Battery Monitor Pro.

Connect the phone to PC, and do a complete device scan via adb with Symantec Endpoint Protection.
As you guessed, Symantec being a US registered company, it will detect nothing.

Now do same full device scan (apps, apks, files, processes, memory) with ESET.
ESET is Slovakia native, but operates in USA, hence do not expect to detect something, confirmed.
Do not expect they will make public the evidence registered from my phone.

Now do same full device scan with Avast/AVG.
Czechia native, operating in USA, same result as ESET, nothing detected.
Do not expect they will make public the evidence registered from my phone.

Now the interesting part, use latest Kaspersky Mobile Antivirus AppLock & Web Security.
Unfortunately, Kaspersky is not able to detect the rootkit.
I do hope that Kaspersky will inspect their logs and identify my Motorola G6 Plus scanned by them, to create an identifying signature for the rootkit.
All evidence exists registered at Kaspersky.

So, no actual security software for Windows or Android was able to detect the rootkit.
Clear sign it is a new developed cyberweapon by USA, UK, CA, AU, NZ and Israel.

Eliminating the rootkit.
As no software was able to detect it, only solution was a factory reset of the phone.
Disabled automatically update/install from Google Play to avoid auto reinstalling previous installed softwares, including WhatsApp.
Be very cautious when installing pirated softwares from "forum.mobilism.org", the fact they are "tolerated" by USA authorities, says a lot.

Thinking of "Piracy", "Double Moral", "Money Laundering", "Criminal activities on internet", think of 2 things:
Who are the main "remained tax paradises" ? Mostly USA and UK colonies. (according to United Nation and Interpol statistics)
Which countries receive with open arms "fugitives tax-payers and money lounderers" as "strategic investors" ? UK, Israel. (according to United Nation and Interpol statistics)
This is double moral.




09 March 2019

Booz Allen Hamilton Software Reverse Engineering Analyst

Received offer to work as Software Reverse Engineering Analyst in Charlottesville USA. Unfortunately due to personal reasons and not willing to relocate from Sweden to USA, I said I was honoured to work with Booz Allen Hamilton, the famous company where Snowden worked.

07 November 2018

181107 - Swedish Digital Bank-ID hacked again - How secure is e-krona - open letter to the Swedish State

181107 - Swedish Digital Bank-ID hacked again - How secure is e-krona - open letter to the Swedish State

Stefan.Ingves@riksbanken.se
registratorn@riksbank.se
registrator.riksdagsforvaltningen@riksdagen.se
finansdepartementet.registrator@regeringskansliet.se

Reference:

Swedish Digital Bank-ID hacked again:
https://zenosloim.blogspot.com/2018/10/swedish-digital-bank-id-hacked-again.html

Swedish Digital Identification System BankID from Finansiell ID-Teknik BID AB byepassed on Android:
https://zenosloim.blogspot.com/2017/06/170607-swedish-digital-identification.html


In theory Swedish Digital Bank-ID should be unique, impossible to copy or restore on another device (smartphone, tablet, etc.)
In practice, despite permanent updates and higher security requirements, it is still hackable even on latest versions of Android and ... unrooted phones!
Hence the legitimate question: How secure is a non-cash payment system?

Risk factors: international conflicts, cyberwarfare, dependency of foreign powers, all affecting Sweden national independence as a sovereign state.

Above 2 reference articles just want to expose how vulnerable is a non-cash payment system based on Internet traffic, foreign powers and naive trust in completely digitally solutions.

Björn Eriksson already showed the danger of nedmonteringen av kontantsystemet in sk Kontant Uppröret.

All digital payment systems are based on US companies and Swedish private banks totally controlled by big foreign actors.
The duty of Sveriges Riksbank is to protect the interest of Swedish people and Swedish National Interests.
What happens in case of a military conflict or natural disaster which cuts the digital communication lines?

How can Swedbank or Nordea then guarantee a sustainable paying system for all swedish citizens?
How can VISA or Master Card guarantee a working payment system?
How can e-krona exist if communications are disrupted?
How can e-krona be used in foreign countries?
Unpleasant questions.

They all say today cash paying is too expensive! Really? Or todays banks greed is too big and the banking system has become an Overstate inside the State?
The actual banking system is not yet capable of having a 100% secure paying system and 100% secure digital identification system!
Yet the banking system is working fully for a total dependence of The National State versus Banking System!
This is no longer Democracy but a return to early stage of 1800 Capitalism.

It is the duty of Sveriges Riksbank and Swedish Government to guarantee a working all-situations payment system, totally independent from Private Banking System and Foreign powers. Only the existence of cash-payment system can guarantee the same freedom to all swedish ciitzens, independent of external conflicts, cyberwar, greedy foreign actors and states.
It is total madness and inconscience to believe in a cashless paying system, which is totally vulnerable and can make a country to lose its national independence.
Nathan Rothschild: "Give me control of a nation's money and I care not who makes its laws" is more actual than ever.


Zeno Sloim
IT Security Expert
LinkedIn: https://www.linkedin.com/in/zeno-sloim-6121a6136
IT Security Blog: https://zenosloim.blogspot.com/
Twitter: https://twitter.com/ZenoSloim
Email: zeno.sloim@gmail.com


10 October 2018

Swedish digital Bank-ID "hacked" again

It was last year when I managed to "hack" Swedish digital Bank-ID,  which is the most widespread digital identification and signing/certifying method in Scandinavia and other European countries.

Platform was Android 4.x Samsung Note 4 rooted.

Titanium Backup was used for hacking.

I cooperated with the Swedish company Finansiell Bank-ID AB, the developer and maintainer of the product.

The backdoor was corrected by eliminating Android 4.x as accepted OS, demanding at least Android 5.x and using TPM.

Well, it was sufficient for almost 1 year, until now.

Test platform was Android 6.x Samsung Note 4 rooted and Android 8.x Motorola G6 Plus rooted.

Swedbank latest version Android app and Finansiell Bank-ID latest version Android app. 

Test was done today 2018-10-10, against Finansiell Bank-ID auth server.

A special modified TWRP recovery was the "tool".

Conclusion:

It seems that new security demands must be asked and following the actual trend:

- SuperSU sold to bogus "chinese" company in USA and abandoned developing

- SuperSU totally eliminated from Google Play

- Huawei no-longer giving bootloader unlocking codes

It seems that it will be a harsh race between Rooting a device and using that device for banking operations or digital authentication.