Vulnerability at Binance, keyboard-logging attack, and other cybersecurity events

Here are the week’s most important cybersecurity news.

Two zero-day vulnerabilities hit dozens of Bitcoin-wallet providers

Fireblocks researchers found in the implementation of widely used cryptographic protocols GG18, GG20 and Lindell17 two zero-day vulnerabilities under the umbrella BitForge. The issue affected more than 15 wallet providers using multi-party computation (MPC), including Coinbase, ZenGo and Binance.

Both vulnerabilities allow attackers to recover seed phrases and steal assets.

The first of them affects GG18 and GG20 threshold-signature schemes, enabling several parties to generate keys and jointly sign transactions.

“Depending on the implementation parameters, the attacker can send a specially crafted message and extract key shards as 16-bit fragments, thereby obtaining the seed phrase in 16 repetitions,” Fireblocks explained.

The second vulnerability in the Lindell17 2PC protocol has a similar nature and allows the full private key to be extracted in roughly 200 signing attempts.

“The issue manifests in improper handling of interrupts by wallets. This forces them to continue signing operations, which inadvertently exposes bits of the private key,” the experts noted.

The vulnerabilities were first discovered in May 2023. By the time of writing, Binance, Coinbase and ZenGo had already fixed the issue.

Fireblocks researchers created a dedicated tool to test other wallet providers for risk due to the problematic MPC implementation.

Researchers hacked access to Tesla’s paid features

German researchers from the Technical University of Berlin developed a jailbreak technique for the infotainment systems in the latest Tesla models and unlocked paid features of the car, according to Bleeping Computer.

The attack used voltage fluctuations applied to the AMD processor, which serves as the root of trust for the system.

The resulting root privileges allowed researchers to extract a unique RSA key that Tesla uses to authenticate the car in the service network. They were also able to enable software-locked features, including seat heating and rapid acceleration.

The jailbreak authors notified the automaker of their findings. The company is working on remediation.

Interpol dismantled the Phishing-as-a-Service platform 16shop

During the operation, Interpol shut down the Phishing-as-a-Service platform 16shop, responsible for breaching more than 70,000 individuals in 43 countries.

Hackers sold phishing kits for between $60 and $150, targeting Apple, PayPal, American Express, Amazon and Cash App accounts. In these attacks, criminals stole email addresses, passwords, IDs, card data and phone numbers.

Law enforcement arrested the 21-year-old operator of 16shop and detained two of his accomplices in Japan and Indonesia.

Researchers developed an acoustic keystroke-reading attack

A group of British researchers developed a side-channel acoustic attack that can read keystrokes recorded on a phone with up to 95% accuracy.

To train the classifier, the researchers repeatedly pressed keys on a 2021 MacBook Pro, recording the sound on an iPhone 13 mini, and via Zoom and Skype. As a result they obtained spectrograms of the sound waves, visualising differences for each key.

The attack could lead to leakage of passwords, messages or other confidential information.

To protect data, researchers recommended changing typing style, using random passwords and applying software audio filters for keystrokes.

Zoom to start collecting user data for AI training

The videoconferencing service Zoom added to its terms of service a clause stating its intent to collect call content to train AI models, with no option to opt out of updates, Stack Diary reports.

However, the service assured users that they will be able to decide for themselves whether to enable AI features and share content during video conferences to improve the product.

According to the company, the data generated in the course of using the service will remain exclusively in Zoom’s possession.

Telegram blocked in Iraq

Iraq’s Ministry of Communications blocked the Telegram messenger “on national security grounds,” Reuters reports.

Previously the agency had repeatedly, but unsuccessfully, urged the app’s developers to shut down “platforms that leak data from official government agencies and citizens’ personal data.”

Representatives of Telegram did not comment on the blockage.

LitRes data breach

On August 5, an unknown hacker published LitRes e-book service user data, according to the Telegram channel “Information Leaks.”

More than 3 million rows containing first and last names, 590,000 unique email addresses and hashed passwords were publicly accessible.

The source claims the full dump contains 97 million rows.

Earlier, the same hacker leaked information for SberLogistics, the GeekBrains educational portal, and Delivery Club.

LitRes representatives confirmed the leak, saying that user payment information was not affected. The service began an audit and tightened data storage controls.

Also on ForkLog:

• Sam Bankman-Fried jailed before trial, Bloomberg reported a possible guilty plea by the former FTX CEO, and Sino Global filed a lawsuit against the exchange for $67 million.
• The XRP price on Gemini surged to $50. The community acknowledged a glitch.
• Argentina opened an investigation into Worldcoin, and at the company’s warehouses in Kenya, raids took place.
• Hackers stole over $900,000 through a vulnerability in the wallet-utility for Bitcoin wallets.
• Experts disputed Chainalysis’s evidence in the Bitcoin Fog case.
• The hacker sent part of the bounty to the Ukrainian Armed Forces.
• In South Korea, the head of the Bitsonic Bitcoin exchange was arrested.
• DEX Cypher lost $1m in a hack.
• The total value of stolen NFTs fell 31% in July.
• The Curve hacker returned part of the stolen assets, and the project team offered a $1.85 million reward for information about the hacker.

What to read this weekend?

In a special feature we outline the most common vulnerabilities in cryptocurrency wallets.