Hackers can crash your Chrome and Firefox browser remotely using search suggestions

Researchers discover a way to crash Chrome and Firefox browsers on Linux PCs and Android smartphones

Imagine you are searching for a keyword on Google search using Chrome browser on your Android smartphone. The Chrome browser will immediately return the most plausible suggestions matching your search. Click on one of these search suggestions and suddenly you will find your Chrome browser has crashed.

This is due to a bug found out by security researchers from Nightwatch Cybersecurity. The researchers discovered that they can manipulate the search suggestions in a way to send big files to the browser and crash it. Their method relies on using the search suggestions feature that these browsers support. The researchers noted that the issue is not a software bug, but a design implementation that allows their attack to be executed.

Almost all of the current browsers have a search field or allow users to search via the URL address bar. Based on the search engines supported inside the browser, search suggestions can be shown as the user types their query. Nightwatch security researchers say that if the browser’s search engine provider doesn’t protect these search suggestions via an encrypted HTTPS channel, an attacker on the local network can intercept search suggestions queries and answer before the search provider.

PoC

Because browsers include multiple non-HTTPS search engines with insecure search suggestions endpoints, it would be possible for an attacker on the network level to intercept the traffic flowing between the browser and the search engine endpoints, and substitute their own. If a very large response is returned (2+ GBs), the browser can run out of memory and crash. This is due to the fact that browsers do not check for sizes in the search suggestions responses. Obviously, this is more of an issue for mobile devices which have lower memory than desktops.

For Android AOSP browser and Chromium, this issue appears to be directly tied to the processing code of search engine responses. For FireFox, this is a more generic issue around large XMLHTTPRequest responses, which is what the browser is using internally for search suggestions. Our bug reports with the vendors provide more details on which code is causing this. This re-enforces the fact network traffic SHOULD NEVER be trusted.

No malware

The researchers stated that though they could crash the browsers using the above method, they were unable to execute any malicious payload using this method. This means that the bug is more of a nuisance value than a threat.

Test results

The researchers tested their PoC on various devices using Chrome and Firefox and the results are give below :

• Android AOSP stock browser on Android (v4.4) – application crashes
• Chrome v51 on Android (v6.01) – application crashes
• Chrome v51 on desktop Linux (Ubuntu v16.04) – the entire computer freezes requires a reboot (this maybe to due to swapping being disabled with an SSD drive)
• FireFox v47 on desktop Linux (Ubuntu v16.04) and Android (v6.01) – application crashes

The researchers found that their exploit doesn’t affect Apple’s Safari v9.1 browser or Microsoft’s Edge and Internet Explorer 11.

The bug can be exploited in the wild providing a potential hacker has the following at his/her service

• The attacker must have control over DNS and the network traffic of the victim machine. This is most likely in cases of a rogue WiFi hotspot or a hacked router.
• Most browsers have rather short timeout for search engine suggestions response, not allowing sufficient time for the large response packet to be transferred over network
• Due to the very large response size needed to trigger this issue, it is only exploitable over broadband or local networks such as rogue WiFi hotspot

The researchers informed the respective browser developers about the flaw. However, the Android, Chrome, and Firefox security teams declined to classify this bug as a security issue.

SOURCE : TECHWORM

Ransomware in Android Nougat

Android Nougat is taking the fight to ransomware

Well, it's a start.

Google is upping the ante with security protocols on Android. The upcoming version, Android N, is going to stop ransomware from resetting a device’s password, claims security firm Symantec. According to the firm, a new condition has been added Android N’s code, which prevents ransomware from using the resetPassword API. Symantec noted that the API on Android Nougat can only be used to set a password, but can’t be used to reset the same. This would prevent ransomware to reset lock screen passwords on phones powered by Android Nougat.

However, Symantec noted that while malware will not be able to reset your device password, it can still set a password. Also, the firm wrote that this new feature would affect disinfector utilitites. “The new feature will also affect standalone disinfection utilities, which also depend on the “resetPassword()” API. A disinfector utility is an automated tool designed to help users whose devices are infected with malware. The disinfector not only should clean the malware but also reset the arbitrary password set by the threat during its infection routine. Before Android Nougat, the disinfector calls the resetPassword() API to achieve this functionality. However, with Android Nougat’s new restrictions, the disinfector’s ability to call that API is bound to fail. This is likely to affect a small percentage of users who use disinfectors,” wrote Symantec employee, Dinesh Venkatesan, in a blog post.

Ransomware has been a growing threat for Internet connected devices over the past few years. For the uninitiated, ransomware is a kind of malware that holds the users’ data hostage, asking for money to be paid in order to regain the same. It does so by changing access passwords on devices that are infected.

SOURCES: DIGIT.IN

The battle between Oracle and Google ..!

Oracle asks judge to find Google guilty of stealing Java

Oracle’s $9 billion fight with Google continues, looks like software giant’s mantra is ‘not to give up’

Oracle for the last six years has been involved in a legal battle with Google over intellectual property theft of the Java programming language by the search giant. It has been asking the court system to fine Google over $9 billion in damages for the theft. However, a federal jury in May considered Google had properly used the Java code under the “fair use” provision in U.S. copyright law and closed the case.

However, it looks like the software company is not ready to hang its boots yet. On July 6, Oracle filed a motion in San Francisco U.S. District Court again asking the same judge that threw the decision out back in May, to chuck the verdict. The company referred to the case law suggesting use is not legal if the user “exclusively acquires conspicuous financial rewards” from its use of the copyrighted material. Google, said Oracle, has earned more than $42 billion from Android. Therefore, Oracle is insisting that this isn’t actually fair use and is instead infringement.

Oracle wants the judge to stick to the narrower and more traditional applications of fair use, “for example, when it is ‘criticism, comment, news reporting, teaching … scholarship, or research.'”

On the other hand, Google has constantly argued that the Java code was free and open to all and that its use of the code was transformative.

During the recent case, Google argued that Sun Microsystems, which created Java in the 1990s long before it was bought by Oracle, had no issues with Google using the code without a license.

“We didn’t pay for the free and open things,” Larry Page, CEO of Google’s parent company Alphabet, testified during the trial.

Looking at the way things are shaping in this copyright infringement case, it appears like Oracle will probably be trying to pursue this case for at least another six years.

SOURCES : TECHWORM