Password cracker built from 30 GPUs, Android user tracking, and other cybersecurity events

We have gathered the most important cybersecurity news of the week.

Experts uncover Android smartphone surveillance via Qualcomm processors

Qualcomm processors, without user knowledge, collect and transmit personal data. This was reported by researchers at Nitrokey.

See more

#Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker https://t.co/Cvnw0xQPoZ #privacy pic.twitter.com/2np6Ak4ChU

— Nitrokey.com (@nitrokey) April 25, 2023

Researchers tested several smartphones and found that, regardless of whether Google services were present, devices sent data to Izat Cloud, Qualcomm’s cloud storage address.

The transmission occurred over unencrypted HTTP, making it vulnerable to interception.

Among the data collected were a unique device identifier, the name and serial number of the chipset, XTRA software version, country and carrier code, OS type and version, brand and model of the smartphone, processor and modem uptime, a list of installed apps, and the IP address.

According to Nitrokey, such data collection without explicit user consent contradicts the GDPR. However, Qualcomm stated that this does not breach its privacy policy.

The US Treasury imposes sanctions on OTC traders working for Lazarus Group

The US Treasury identified three OTC-traders who conducted cryptocurrency trades worth tens of millions of dollars for the North Korean hacking group Lazarus Group.

See more

The U.S. Department of the Treasury’s #OFAC has just issued more sanctions targeting North Korea’s #crypto-enabled sanctions evasion activity. ??

Today OFAC sanctioned Wu HuiHui and Cheng Hung Man, China and Hong Kong-based OTC #cryptocurrency brokers…https://t.co/bLoqlVyMYo

— Jay «TechAdept» Laurence (@TechAdeptRDD) April 24, 2023

According to OFAC, the suspects from China and Hong Kong provided material support to the hackers and converted digital assets into fiat. They also helped procure certain goods for North Korea, including American software, devices and tobacco products.

Chainalysis researchers found that in their trades the traders used cryptocurrency mixers and decentralized exchanges.

В отношении фигурантов со стороны США и Южной Кореи, через которую проводилась часть сделок, введены санкции. Их криптовалютные адреса включены в SDN list.

A vulnerability discovered that can amplify DDoS attacks by 2,200 times

Researchers from Bitsight and Curesec uncovered a vulnerability in the Service Location Protocol (SLP) that could enable mass DDoS attacks with an amplification factor of 2,200.

See more

Great coverage of @Bitsight‘s research finding a new vulnerability in a legacy protocol. SLP Vulnerability Allows DoS Attacks With Amplification Factor of 2,200 — https://t.co/2P95m1ePgh via @SecurityWeek

— Bitsight (@BitSight) April 26, 2023

Using the 1997-era SLP, computers, printers, routers and other devices discover one another within local networks.

The vulnerability allows attackers to register arbitrary services on the SLP server, manipulating content and response size to achieve the maximum amplification — up to 2,200 times (the third-largest amplification in history).

According to the researchers, more than 2,000 organisations and 54,000 servers could be targeted.

Among the vulnerable devices are VMware ESXi hypervisors, Konica Minolta printers, IBM IMM equipment and Planex routers. The majority are located in the United States, the United Kingdom, Japan, Germany, Canada, France, Italy, Brazil, the Netherlands and Spain.

Experts warned of a substantial uptick in SLP-based DDoS attacks in the coming weeks.

Kevin Mitnick shows password cracker built from 30 RTX GPUs

The famed hacker, author, and information-security expert Kevin Mitnick shared on Twitter photos of a system designed to crack passwords.

See more

This is my new bad ass password cracker.
I have 24 4090’s + 6 2080’s all clustered running Hashtopolis.

Thanks to the awesome team at @KnowBe4 that set up and configured the servers for me.

Now to go crack some hashes :-))))))) pic.twitter.com/SZLFH2OtKL

— Kevin Mitnick (@kevinmitnick) April 21, 2023

The four-server setup comprises 24 NVIDIA GeForce RTX 4090 cards on the Ada Lovelace architecture and six RTX 2080 cards on the Turing line. The system will be used by the red team.

The assembly was conducted by KnowBe4, where Mitnick serves as Chief Hacking Officer.

Media reports China is developing a satellite hijacker

China is developing a cyberweapon capable of seizing control of adversary satellites, rendering them useless for data transmission and reconnaissance in wartime. The Financial Times reports, citing a U.S. intelligence assessment.

According to the outlet, the system would be able to imitate signals that enemy satellites receive from their operators, allowing either full hijack or triggering a fault at a critical moment.

The report states that such satellite takeover would render the satellites “ineffective in supporting communications, weaponry or intelligence, surveillance and reconnaissance.”

The document viewed by journalists was part of the leak, for which the FBI previously arrested 21-year-old U.S. Air National Guard airman Jack Teixeira.

Telegram blocked in Brazil

The Brazilian Supreme Court ordered Telegram’s operations suspended in the country for refusing to hand over data about neo-Nazi groups. Local media reported.

Authorities requested information as part of the investigation into the shooting at a school in Aracruz, in which four people were killed. According to them, a 16-year-old defendant interacted with anti-Semitic groups on Telegram.

Police were interested in the exact personal data of administrators and members of neo-Nazi channels, but the messenger did not comply.

Local providers will receive a letter ordering the suspension of Telegram’s operations. The app will also be required to be removed from local versions of Google Play and the App Store.

Commenting on the situation, Telegram founder Pavel Durov said the company’s mission is to “preserve privacy and freedom of speech worldwide.”

“We sometimes have to leave markets where local laws run counter to this mission or impose technically unfeasible requirements. The court in Brazil asked for data that is technically impossible to obtain”, said Durov.

Telegram intends to appeal the ruling.

Also on ForkLog:

• KuCoin identified the meme-token issuer.
• The court ordered the organizer of a Bitcoin pyramid Mirror Trading to pay $3.4 bn.
• Media reports about a search at the home of a former FTX top executive.
• Phishing ads for Lido, DefiLlama and Zapper led to losses of more than $4 mln.
• An expert found an address that created 114 “fraudulent” meme-tokens.
• Spanish police uncovered a crypto scam worth $110 mln.
• The Gibraltar court froze assets at Binance and other exchanges in search of $43 mln.
• DEX Merlin on zkSync Era was hacked for $1.82 mln. Later the platform vowed to return funds to victims.
• In South Korea, co-founder of Terraform Labs faced criminal charges.
• Google Authenticator update put users’ crypto assets under threat.
• US authorities will install a tracker on the phone of SBF.
• lawyers for Do Kwon asked to drop SEC charges.
• UniSat wallet for Bitcoin Ordinals stopped working due to attacks.
• KuCoin hacker accessed a cryptocurrency exchange’s Twitter account.
• Trust Wallet team patched a vulnerability in the wallet’s codebase.

What to read this weekend?

In the Kryptorium education section, we explain how deliberate manipulation of Google’s algorithms creates problems for recommendation systems.