In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance.It’s clear that 2017 has been a year of high profile and wide reaching security vulnerabilities, with victims ranging from governments to Fortune 500 companies. While these vulnerabilities first became publicly known in 2017, they are likely to remain problems well into 2018, if not beyond. However, Protecting Your Business from Physical and Cyber Threats should always be a priority.
Despite the large number of attacks, a few vulnerabilities stood out in terms of the damage they did. Here are some of most problematic software vulnerabilities of 2017.
KRACK vulnerability in WPA2 protocol
In October, a vulnerability was discovered in WPA2 that allowed attackers to read encrypted information transmitted over secured Wi-Fi networks. The vulnerability is a flaw in the protocol design itself—not a specific vendor implementation.
When joining a network, the WPA2 four-way handshake allows for the possibility of a dropped packet before the handshake is completed. The third step of the four-way handshake—in which the encryption key is negotiated—may be rebroadcast to the client if the access point has not received an acknowledgement. As such, the client may receive the encryption key multiple times, and is expected to reinstall that key, resetting the incremental packet transit number (“nonce”) and receive reply counter.
RECOMMENDED POST: Top 4 Ways You Can Strengthen the Security of Your Smartphone
Attackers can take advantage of this behavior to replay, decrypt, or forge packets. Critically, this ability extends to TCP SYN packets, making it possible for attackers to hijack TCP connections, in functionally the same way attackers inject data on unprotected Wi-Fi networks.
Patching client devices is the highest priority in mitigating this vulnerability. Apple provided a patch for iOS devices in 11.1, and Google provided patches in the November 2017 security update, though this must be delivered as part of an Android platform update, not through Google Play services. Wireless routers and access points may require a vendor patch to protect against this vulnerability.
You might be interested in Reading this:What Makes A Good Social Security Disability Attorney?
EternalBlue and DoublePulsar
A group called the Shadow Brokers released documents and code detailing a number of vulnerabilities on April 14, 2017, after unsuccessfully attempting to auction them off to the highest bidder.
These include EternalBlue, a vulnerability in Microsoft’s implementation of the SMB1 protocol, allowing hackers to send maliciously coded packets which improperly grant them the ability to execute arbitrary code on a vulnerable computer. Relatively, DoublePulsar is a tool that allows attackers kernel-level access to Windows, and is used to load other malware.
These exploits and the corresponding proof-of-concepts which were released by the Shadow Brokers were developed by a group identified by Kaspersky Labs as the Equation Group
Broadcom SoC Wi-Fi stack vulnerabilities
Broadcom’s ubiquitous BCM43XX series Wi-Fi radio modules were found to “[lack] all basic exploit mitigations,” according to Google Project Zero researcher Gal Beniamini. While security practices were lacking in a variety of factors, the biggest threat from “Broadpwn” was the potential for an attacker on the same Wi-Fi network to force vulnerable devices to execute arbitrary code, using a specially crafted file.
Because of the relative monoculture of Wi-Fi radio modules, affected devices include most Apple devices (though variants of the same model may use Intel Wi-Fi modules instead), as well as Google’s Nexus 5, 5X, 6 and 6P phones, along with some variants of the Samsung Galaxy S7.
Silent Bob is Silent, among other Intel AMT exploits
Intel Active Management Technology (AMT) is commonly used in enterprise deployments for out-of-band management of personal computers. Because of the level of access that such a utility would require—given that it runs even during S3 sleep, it is considered Ring-3 level—AMT has become a high value target for security researchers.
In May 2017, a vulnerability was identified that allowed remote attackers to execute code inside AMT, potentially granting attackers full control of any affected system. Additionally, because of the attack vector, infections would be exceedingly difficult, if not impossible, to detect with standard security software. The vulnerability, in essence, can be exploited by sending an empty response when logging in to the admin account management system of AMT.
Additionally, the Serial-over-LAN function of AMT has been used in already compromised networks by the hacking group PLATINUM to exfiltrate documents.