Cybersecurity Highlights: Smartphone Attacks, Camera Breaches, and More

We have compiled the most significant cybersecurity news of the week.

Researchers Learn to Remotely Affect Smartphones via Charging

A team of researchers from the University of Florida and CertiK specialists have developed a new attack called VoltSchemer, which uses electromagnetic interference to control the behavior of a wireless charging device.

Three potential attack vectors were studied during the trials. 

In one scenario, researchers managed to heat paperclips near the smartphone to 280°C and ignite papers.

In another case, voltage manipulation led to data loss on USB drives and SSD.

The third type of attack used garbled voice commands to make Siri and Google Assistant initiate a call, open a website, and launch an app on the smartphone.

However, VoltSchemer sets a high bar in terms of the attacker’s skills and has several other limitations, making it impractical in real-world scenarios.

Wyze Smart Camera Glitch Allowed Thousands to Peek into Others’ Homes

On February 16, a glitch at the American smart camera developer Wyze’s AWS partner caused temporary connection issues. However, during the resolution process, thousands of users gained access to video streams from other homes.

2/16/2024 7:24 AM PT — We are aware of an issue with our AWS partner which has impacted device connection and caused login difficulties. We are taking steps to mitigate the problem on our end as we work with AWS to resolve the issue.https://t.co/jMQZrPQ8tg

— Wyze  (@WyzeCam) February 16, 2024

The company confirmed that about 13,000 customers saw foreign thumbnails in the app’s “Events” tab, and 1,504 users clicked on them. All affected camera owners were notified of the incident, though the exact number is undisclosed.

Wyze blames the issue on a third-party client caching library recently added to its systems. Reportedly, the sudden surge in connection demand led to a mix-up of device identifiers and user ID mappings.

To prevent similar situations, developers added an extra verification layer before accessing video content. A transition to a new client library capable of stable operation during “extreme events” is also planned.

F.A.C.C.T. Assisted Police in Dismantling SugarLocker Extortionists

Russian Interior Ministry officers, supported by F.A.C.C.T., tracked down and detained the SugarLocker (Encoded01) extortion group, active since 2021. 

Сотрудники МВД России при поддержке специалистов F.A.С.С.T. вычислили и задержали участников преступной группы вымогателей #SugarLocker: https://t.co/AoqVZAgQSi#шифровальщики #вымогатели pic.twitter.com/35X8aMOVDd

— F.A.C.C.T. (@F_A_C_C_T_) February 20, 2024

In early January 2022, F.A.C.C.T. experts discovered that some elements of SugarLocker’s infrastructure were located on Russian hosting services. A server configuration error by the criminals allowed the discovery of the ransomware’s control panel.

Authorities identified several group members who developed custom malware, created phishing sites for online stores, and drove traffic to popular scam schemes. They operated under the guise of a legitimate company, Shtazi-IT.

In January 2024, three SugarLocker members were detained. They face charges of creating and distributing malicious software.

Chrome Browser to Detect Malicious Device Scanners

Google developers announced a new Private Network Access feature for the Chrome browser. It will detect malicious sites scanning users’ local networks to attack vulnerable devices and servers.

The update will appear in Chrome 123, scheduled for release in March.

Chinese Infosec Company Documents Detailing Espionage Operations Leaked

Over 500 confidential documents from Shanghai-based infosec company i-SOON (Anxun), a contractor for China’s Ministry of Public Security, were leaked on GitHub, reports Hacker News.

Besides employee communications, the leaked files include descriptions of remote access trojans for Windows, Mac, iOS, and Android, services for DDoS, systems for de-anonymizing social media users, Wi-Fi hacking devices and software, and other espionage tools and devices.

According to media, Anxun is linked to attacks on the governments of India, Thailand, Vietnam, and South Korea, as well as some NATO systems.

The leak is suspected to have been organized by a disgruntled employee. An internal investigation is underway.

Unnamed Incident Leads to Data Leak of 500 Million Russians

Since the beginning of 2024, 510 million records about Russians have been leaked, with 500 million compromised in a single incident. This was reported by TASS citing a statement from Roskomnadzor’s deputy head, Milos Wagner. 

The official did not specify when the incident occurred or who was involved. The agency is conducting an investigation. 

Throughout 2023, RKN identified 168 personal data leaks, with about 300 million records about Russians exposed online. 

Also on ForkLog:

• Riot Platforms sued the US Department of Energy over information gathering.
• DeFi protocol Blueberry suspended operations due to an exploit.
• KuCoin users complained about fund freezes.
• Hackers stole $9.7 million from a Sky Mavis co-founder.
• MetaMask security notifications are now available across various networks.
• Experts discovered an airdrop-hunting scheme via GitHub.
• Police seized LockBit extortionist sites and arrested 200 cryptocurrency wallets.
• Media reported on North Korean hackers using AI.
• Rabby Wallet users fell victim to a scam app in the App Store.
• FixedFloat crypto exchange was hacked for $26 million.

Weekend Reading?

We discuss the features and risks of the new experimental ERC-404 token standard.