An experienced CYBER SECURITY ANALYST dealing in transborder crimes on phones,computers,threat intelligence, bug hunting,.... White hat hacking and Repairing phones and reviewer of new technology gadgets
Friday, December 27, 2019
Thursday, December 12, 2019
A lot of fake phone entered African markets between September to December
Starting from mid September this year there has been entry of fake phones on the market in east and Central Africa. According to research I tentatively conducted on the boarders of DRC, Rwanda, Tanzania and one report finding from a friend in Burundi, a group of phones with the "TYPE ALLOCATION CODE" of 35551517.....All the phone with this TAC are fake. I have been wondering if BABT(British approval board for telecommunications) whose identifying number 35 is mostly used by phones made in China and Middle Eas, is aware of such fake phones using their identification number!
Chinese companies have gone an extra mile in the production of fake electronic products. It is worth here to note that, I do not mean that all products from China are fake! The issue of these fake phones on African markets are as result of a number of pronounced factors! !
One is corruption, most quality controlling organizations in Africa connive with some of the exporting companies to allow such fake products on our markets. This is very dangerous to the environment. Most of these phone run on fake micro chips especially spreadtrum which cannot operate for a very long time, these phones also are with weak PCBs, and in most cases such phones usually do not last for more than 3months without technical issues. Am actually worried for in the next 10years,African governments will again be yearning for loans to combat environmental hazards resulting from massive dumps of these fake electronic products.
There is another problem with chinese electronic manufacturing companies, they seem to produce few genuine products, and then later flood the markets with apparent similar but fake products so as to cut the cost of production. I think in China, there are other small companies that seem to copy and imitate other technology giants, and since they cannot afford market and production terms and conditions, they simply manufacture cheap products,using cheap resources .
In Uganda, I can extend my appreciation to UCC for setting up a link for testing whether ones product is fake!but it is better for UCC to get tough and force all phone exporting and importing companies to first test all their products.
https://www.ucc.co.ug/imei.php
Now you've to look at this example... This phone in the picture below has an IMEI of another different phone model which is an itel2090 yet for it is another model
These are phones owned by innocent citizens, they do know!!! So am warning UCC not to use this information to block their IMEIs, actually it is this UCC that should sit with UNBS to solve this and have them out of market ..!!!stop this bribery and help citizens, how do you allow such products on market, do you know the repercussions behind all these fake products ! For God and my country
Chinese companies have gone an extra mile in the production of fake electronic products. It is worth here to note that, I do not mean that all products from China are fake! The issue of these fake phones on African markets are as result of a number of pronounced factors! !
One is corruption, most quality controlling organizations in Africa connive with some of the exporting companies to allow such fake products on our markets. This is very dangerous to the environment. Most of these phone run on fake micro chips especially spreadtrum which cannot operate for a very long time, these phones also are with weak PCBs, and in most cases such phones usually do not last for more than 3months without technical issues. Am actually worried for in the next 10years,African governments will again be yearning for loans to combat environmental hazards resulting from massive dumps of these fake electronic products.
There is another problem with chinese electronic manufacturing companies, they seem to produce few genuine products, and then later flood the markets with apparent similar but fake products so as to cut the cost of production. I think in China, there are other small companies that seem to copy and imitate other technology giants, and since they cannot afford market and production terms and conditions, they simply manufacture cheap products,using cheap resources .
In Uganda, I can extend my appreciation to UCC for setting up a link for testing whether ones product is fake!but it is better for UCC to get tough and force all phone exporting and importing companies to first test all their products.
https://www.ucc.co.ug/imei.php
Now you've to look at this example... This phone in the picture below has an IMEI of another different phone model which is an itel2090 yet for it is another model
These are phones owned by innocent citizens, they do know!!! So am warning UCC not to use this information to block their IMEIs, actually it is this UCC that should sit with UNBS to solve this and have them out of market ..!!!stop this bribery and help citizens, how do you allow such products on market, do you know the repercussions behind all these fake products ! For God and my country
There is another security flaw on Intel processors
Altering Intel’s CPU voltages and frequency directly in the operating system is a feature that many users appreciate as it allows them to use all those software-based utilities that aid in overclocking. Now, this feature may not be as secure as previously anticipated.
Recently a team of cybersecurity experts proved that this particular feature can be exploited by threat actors that can cause substantial damage by aiming to hijack Intel SGX. For those who don’t know, Intel SGX
is an extremely critical and hardware-isolated space on new models of Intel CPUs responsible for encrypting sensitive data for protecting it from being stolen in case the system gets compromised.
The research team comprised of six European members from the University of Birmingham, KU Leuven, and the Graz University of Technology. The attack technique is dubbed Plundervolt and classified as
CVE-2019-11157 .
According to the team’s findings, the attack exploits the modern processor’s frequency and voltage adjustment feature, by controlling it in a way to generate errors in the system’s memory through flipping bits. This attack affects almost all those Intel Core Processors that are SGX-enabled including the Skylake generation .
However, the technique was identified and reported to Intel in June 2019 and now that the company has fixed the issue, the findings have been disclosed to the public.
Yesterday, Intel released the BIOS and microcode updates for addressing the Plundervolt issue and 13 other medium to high vulnerabilities. The updates make locking voltage a part of the default setting in the BIOS. Therefore,, if SGX is disabled or the CPU voltage is locked at the default value, the system will be safe from any threat.
The findings were reported first by ZDNet. The report states that using the Plundervolt vulnerability, threat actors can easily access information such as AES encryption keys stored in the chip’s SGX Enclave. This enclave is not separate from CPU’s memory but is protected by software encryption.
Once its security is breached, attackers can extract data from the enclave at a much faster rate than the previous attacks like Spectre and Meltdown. The attack mechanism is quite similar to the concepts behind CLKscrew and VoltJockey attacks, as it alters SGX bits to create errors and uses them to recreate data via a side-channel observation method.
The attack works on Intel’s 6th, 7th, 8th, 9th, and 10th-Gen Core processors as well as Xeon E3, v5, v6, E-2100 and E-2200, and doesn’t need host access with administrative or root privileges to be launched.
Yet, exploiting the vulnerability would have been tough if not impossible but it would need a combination of attacks and specify particular targets, claim the researchers. It is also noted that the attack cannot be launched in virtual environments, which means Intel’s data center customers are not at risk.
Recently a team of cybersecurity experts proved that this particular feature can be exploited by threat actors that can cause substantial damage by aiming to hijack Intel SGX. For those who don’t know, Intel SGX
is an extremely critical and hardware-isolated space on new models of Intel CPUs responsible for encrypting sensitive data for protecting it from being stolen in case the system gets compromised.
The research team comprised of six European members from the University of Birmingham, KU Leuven, and the Graz University of Technology. The attack technique is dubbed Plundervolt and classified as
CVE-2019-11157 .
According to the team’s findings, the attack exploits the modern processor’s frequency and voltage adjustment feature, by controlling it in a way to generate errors in the system’s memory through flipping bits. This attack affects almost all those Intel Core Processors that are SGX-enabled including the Skylake generation .
However, the technique was identified and reported to Intel in June 2019 and now that the company has fixed the issue, the findings have been disclosed to the public.
Yesterday, Intel released the BIOS and microcode updates for addressing the Plundervolt issue and 13 other medium to high vulnerabilities. The updates make locking voltage a part of the default setting in the BIOS. Therefore,, if SGX is disabled or the CPU voltage is locked at the default value, the system will be safe from any threat.
The findings were reported first by ZDNet. The report states that using the Plundervolt vulnerability, threat actors can easily access information such as AES encryption keys stored in the chip’s SGX Enclave. This enclave is not separate from CPU’s memory but is protected by software encryption.
Once its security is breached, attackers can extract data from the enclave at a much faster rate than the previous attacks like Spectre and Meltdown. The attack mechanism is quite similar to the concepts behind CLKscrew and VoltJockey attacks, as it alters SGX bits to create errors and uses them to recreate data via a side-channel observation method.
The attack works on Intel’s 6th, 7th, 8th, 9th, and 10th-Gen Core processors as well as Xeon E3, v5, v6, E-2100 and E-2200, and doesn’t need host access with administrative or root privileges to be launched.
Yet, exploiting the vulnerability would have been tough if not impossible but it would need a combination of attacks and specify particular targets, claim the researchers. It is also noted that the attack cannot be launched in virtual environments, which means Intel’s data center customers are not at risk.
What the hell is wrong with these online currency mining companies
3 of the BitClub Network mining pool have been arrested on fraud charges for operating a Ponzi scheme that has taken a total of $722 Million USD ($1,059,754,488 AUD) from its investors.
In an indictment from the New Jersey district court (), 5 names in total appear on the document, however 2 of the names have been redacted. The 3 persons in question that are named on the document are Matthew Brent Goettsche, Jobadiah Sinclair Weeks and Joseph Frank Abel.
All 3 named persons have been charged with conspiracy to offer and sell unregistered securities, with only Goettsche and Weeks being charged with conspiracy to commit wire fraud. The 2 redacted persons named on the document are still at large so their names with remain under seal until they have been arrested.
Between April 2014 and December 2019, the scammers released false statistics of their hash rates and returns to convince people to buy shares and invest in their BitClub Network mining pool, and offered bonuses for finding more victims to invest into the scam.
The indictment document includes transcripts of the conversations where the scammers discussed in detail and planed the entire operation.
Currently the BitClub promotional website and mining pool websites are still online and operating, which has the potential to scam unwitting persons that stumble across the sites and sign up.
In an indictment from the New Jersey district court (), 5 names in total appear on the document, however 2 of the names have been redacted. The 3 persons in question that are named on the document are Matthew Brent Goettsche, Jobadiah Sinclair Weeks and Joseph Frank Abel.
All 3 named persons have been charged with conspiracy to offer and sell unregistered securities, with only Goettsche and Weeks being charged with conspiracy to commit wire fraud. The 2 redacted persons named on the document are still at large so their names with remain under seal until they have been arrested.
Between April 2014 and December 2019, the scammers released false statistics of their hash rates and returns to convince people to buy shares and invest in their BitClub Network mining pool, and offered bonuses for finding more victims to invest into the scam.
The indictment document includes transcripts of the conversations where the scammers discussed in detail and planed the entire operation.
Currently the BitClub promotional website and mining pool websites are still online and operating, which has the potential to scam unwitting persons that stumble across the sites and sign up.
Saturday, November 30, 2019
Those who still believe in crypto currency should read this
South Korean cryptocurrency exchange Upbit has released an announcement to advise its customers that it has placed an “unscheduled suspension” on all deposit and withdrawals, due to the loss of 342,000 Ether (ETH) which equates to $52,479,900 (USD) at the time of writing.
In the statement, Lee Seok-woo, CEO of Dunamu (the exchange’s operator) claimed that the ETH were moved from the exchanges hot wallet to an unrecognised wallet “0xa09871AEadF4
994Ca12f5c0b6056BBd1d343c029” (Link bellow), He has also claimed that their clients funds were not contained within the breached wallet.
To avoid anymore unauthorised transactions from occurring, Upbit has moved all of its cryptocurrencies into offline cold wallets so the funds are no longer accessible to a malicious actor, If they where to breach or have breached the security of the exchange.
Upbit have stopped all deposit and withdrawals, and will not recommence transactions for 2 weeks while an investigation is performed. Currently there are no confirmed details as to how the unauthorised transactions were able to take place and whether or not the malicious actor was internal or external to the company.
CEO of Binance Changpeng Zhao (CZ) has made a public statement in relation to this security breach on his twitter page stating “We will work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.”
Upbit have also stated that they will cover all user assets with corporate funds, After making the claim that no user funds were effected, So there is clearly ‘fuckery afoot’.
You can find all relevant links
In the statement, Lee Seok-woo, CEO of Dunamu (the exchange’s operator) claimed that the ETH were moved from the exchanges hot wallet to an unrecognised wallet “0xa09871AEadF4
994Ca12f5c0b6056BBd1d343c029” (Link bellow), He has also claimed that their clients funds were not contained within the breached wallet.
To avoid anymore unauthorised transactions from occurring, Upbit has moved all of its cryptocurrencies into offline cold wallets so the funds are no longer accessible to a malicious actor, If they where to breach or have breached the security of the exchange.
Upbit have stopped all deposit and withdrawals, and will not recommence transactions for 2 weeks while an investigation is performed. Currently there are no confirmed details as to how the unauthorised transactions were able to take place and whether or not the malicious actor was internal or external to the company.
CEO of Binance Changpeng Zhao (CZ) has made a public statement in relation to this security breach on his twitter page stating “We will work with Upbit and other industry players to ensure any hacked funds that may make their way to Binance are immediately frozen.”
Upbit have also stated that they will cover all user assets with corporate funds, After making the claim that no user funds were effected, So there is clearly ‘fuckery afoot’.
You can find all relevant links
Friday, November 22, 2019
A phone and laptop manufacturing industry to be opened in Uganda today by his excellence YK museveni
Mighty Yoweri Kaguta Museveni,the president of the Republic of Uganda will in few hours from now officially open the first phone manufacturing and assembling plant in Uganda at Namanve Industrial Park.
This company will be producing 2000, Smart Phones 1500, laptops 800, Chargers 2000, USB cables 4000 and 4000 Ear phone.
This company will be producing 2000, Smart Phones 1500, laptops 800, Chargers 2000, USB cables 4000 and 4000 Ear phone.
Just pray for Africa!!! The space has be declared a military operational zone
The North Atlantic Treaty Organization (NATO) has identified space as an operational domain, alongside air, land, sea and cyber area, the alliance’s Secretary-General, Jens Stoltenberg, said.
"We have agreed that space should be a new operational domain for NATO alongside air, land, sea and cyber. Space is part of our daily life here on Earth. It can be used for peaceful purposes. But it can be also used aggressively", Stoltenberg told a news conference on the results of the NATO foreign ministers’ meeting in Brussels on Wednesday.
The alliance’s chief continued by explaining that satellites could be jammed, hacked or weaponized, which could lead to disrupted communications and affect various services and areas.
Moreover, space was essential to NATO’s defence and deterrence, such as the alliance’s ability to detect missile launches and gather intelligence, Stoltenberg argued.
Stoltenberg emphasized that NATO remained a defensive alliance and did not intend to put weapons in space, acting in line with international law.
"Making space an operational domain will help us ensure that all aspects are taken into account to ensure the success of our missions", the NATO chief noted.
While air, land and sea have been traditional operational domains for NATO, the cyberspace was recognized as such an area of the alliance’s defensive activities in July 2016.
Stoltenberg said earlier this week that the alliance, however, has "no intention to put weapons in space".
The US permanent representative to the alliance, Kay Bailey Hutchison, remarked that space was already playing a big role in communications and capabilities used by NATO. When asked whether an attack on a NATO member's satellite could trigger an Article 5 response from the alliance, Hutchison said that the article's concept was about "territory".
Article 5 of The North Atlantic Treaty envisages that an armed attack against one or more NATO member-state should be considered as an attack on all the allies"
"We have agreed that space should be a new operational domain for NATO alongside air, land, sea and cyber. Space is part of our daily life here on Earth. It can be used for peaceful purposes. But it can be also used aggressively", Stoltenberg told a news conference on the results of the NATO foreign ministers’ meeting in Brussels on Wednesday.
The alliance’s chief continued by explaining that satellites could be jammed, hacked or weaponized, which could lead to disrupted communications and affect various services and areas.
Moreover, space was essential to NATO’s defence and deterrence, such as the alliance’s ability to detect missile launches and gather intelligence, Stoltenberg argued.
Stoltenberg emphasized that NATO remained a defensive alliance and did not intend to put weapons in space, acting in line with international law.
"Making space an operational domain will help us ensure that all aspects are taken into account to ensure the success of our missions", the NATO chief noted.
While air, land and sea have been traditional operational domains for NATO, the cyberspace was recognized as such an area of the alliance’s defensive activities in July 2016.
Stoltenberg said earlier this week that the alliance, however, has "no intention to put weapons in space".
The US permanent representative to the alliance, Kay Bailey Hutchison, remarked that space was already playing a big role in communications and capabilities used by NATO. When asked whether an attack on a NATO member's satellite could trigger an Article 5 response from the alliance, Hutchison said that the article's concept was about "territory".
Article 5 of The North Atlantic Treaty envisages that an armed attack against one or more NATO member-state should be considered as an attack on all the allies"
US Top military Secret Facility Near Area 51 Emerges Online
The Tonopah Test Range is a restricted military polygon located in the vicinity of the eponymous town in the state of Nevada. It is currently used for nuclear weapons stockpile reliability testing, research and development of fusing and firing systems, as well as testing nuclear weapon delivery systems.
A YouTube blogger nicknamed TheArea51Rider yesterday uploaded a video in which he claims that he filmed an unidentified aircraft at a restricted test range southeast of Tonopah, Nevada.
In the video, the authenticity of which cannot be confirmed, the blogger recorded himself ostensibly nearby the military site, located in the vicinity of the notorious and highly-classified Area 51 . The YouTuber showed images of an open hangar with what appeared to be an aircraft inside. However, he failed to identify the vehicle, pondering whether it is some sort of new secretive military plane.
The Tonopah military site is a hotspot for various conspiracy theories surrounding the use of experimental and classified aircraft.
However, it is less popular among conspiracy theorists than the nearby Area 51 that attracts UFO enthusiasts who are convinced that the government is hiding the existence of extraterrestrial technology.
A YouTube blogger nicknamed TheArea51Rider yesterday uploaded a video in which he claims that he filmed an unidentified aircraft at a restricted test range southeast of Tonopah, Nevada.
In the video, the authenticity of which cannot be confirmed, the blogger recorded himself ostensibly nearby the military site, located in the vicinity of the notorious and highly-classified Area 51 . The YouTuber showed images of an open hangar with what appeared to be an aircraft inside. However, he failed to identify the vehicle, pondering whether it is some sort of new secretive military plane.
The Tonopah military site is a hotspot for various conspiracy theories surrounding the use of experimental and classified aircraft.
However, it is less popular among conspiracy theorists than the nearby Area 51 that attracts UFO enthusiasts who are convinced that the government is hiding the existence of extraterrestrial technology.
We're you safe with your camera!!! Just update your app
A few days ago, It was reported that the Facebook app was using the camera feature on certain versions of iOS without the user’s permission. Now, it has been discovered that a vulnerability in Google and Samsung’s Camera apps on Android enabled other apps to breach users’ privacy.
Apparently, this includes recording videos & call audios, capturing photos and extracting GPS data from the phone’s media data unauthorizedly while uploading it to a C&C server. Furthermore, subtle hacks such as the silencing of the camera’s shutter could also be implemented to further conceal any hidden activity.
Termed as CVE-2019-2234 ; the vulnerability has been disclosed by Checkmarx in coordination with both Google and Samsung alerting users, the former stating :
To understand how this entire process takes place without the user’s permission, it is to be noted that an app needs the following permissions for engaging in any of the aforementioned actions:
1. android.permission.CAMERA,
2. android.permission.RECORD_AUDIO,
3. android.permission.ACCESS_FINE_LO
4. android.permission.ACCESS_COARSE
However, in this particular case, it was discovered that merely having permission to access the storage region of the phone gave the apps unrestricted ability to use other features of the camera. Consequently, as the majority of apps rely on gaining storage permissions to operate, this allows a vast number of apps to have the potential to exploit this vulnerability.
Checkmarx has also put together a video to demonstrate such an exploit on a Google Pixel 2 XL with the help of a simple weather app.
To conclude, users can rest assured though knowing that Google has fixed the vulnerability via a Play Store update while simultaneously issuing a patch to all partner vendors.On the other hand, companies could take away a lesson of responding in the right way just like Google and Samsung did instead of downplaying any exposed flaws within their systems. This not only helps the ecosystem flourish but also helps users take precautions understanding the security limitations their devices may pose.
Apparently, this includes recording videos & call audios, capturing photos and extracting GPS data from the phone’s media data unauthorizedly while uploading it to a C&C server. Furthermore, subtle hacks such as the silencing of the camera’s shutter could also be implemented to further conceal any hidden activity.
Termed as CVE-2019-2234 ; the vulnerability has been disclosed by Checkmarx in coordination with both Google and Samsung alerting users, the former stating :
To understand how this entire process takes place without the user’s permission, it is to be noted that an app needs the following permissions for engaging in any of the aforementioned actions:
1. android.permission.CAMERA,
2. android.permission.RECORD_AUDIO,
3. android.permission.ACCESS_FINE_LO
4. android.permission.ACCESS_COARSE
However, in this particular case, it was discovered that merely having permission to access the storage region of the phone gave the apps unrestricted ability to use other features of the camera. Consequently, as the majority of apps rely on gaining storage permissions to operate, this allows a vast number of apps to have the potential to exploit this vulnerability.
Checkmarx has also put together a video to demonstrate such an exploit on a Google Pixel 2 XL with the help of a simple weather app.
To conclude, users can rest assured though knowing that Google has fixed the vulnerability via a Play Store update while simultaneously issuing a patch to all partner vendors.On the other hand, companies could take away a lesson of responding in the right way just like Google and Samsung did instead of downplaying any exposed flaws within their systems. This not only helps the ecosystem flourish but also helps users take precautions understanding the security limitations their devices may pose.
Subscribe to:
Posts (Atom)
-
With the widespread availability of the Internet today, there are still times when it may not be feasibly available. Be it on a flight, du...
-
msticpy is a package of python tools intended to be used for security investigations and hunting (primarily in Jupyter notebooks). Most ...
-
A new way for cybercriminals to create fake social media profiles and carry identity scams using Artificial Intelligence powered tool? A ...