alt=An illustration depicting China and the United States as the world's two largest economies, highlighting their global influence.
Cyber security
2024-10-28 Post a Comment

Chinese hackers said to have collected audio of American calls

The hackers are said to be part of a Chinese government-affiliated group that American researchers have dubbed Salt Typhoon.

By 

 and 

Chinese state-affiliated hackers have collected audio from the phone calls of U.S. political figures, according to three people familiar with the matter. Those whose calls have been intercepted include an unnamed Trump campaign adviser, said one of the people.

Sign up for Fact Checker, our weekly review of what’s true, false or in-between in politics.

The hackers are said to be part of a Chinese government-affiliated group that American researchers have dubbed Salt Typhoon and were able to collect audio on a number of calls as part of a wide-ranging espionage operation that began months ago, according to the people, who spoke on the condition of anonymity because a federal investigation is underway. The government is still seeking to determine how much audio the hackers have, one of the people said.

They were also able to access unencrypted communications, including text messages, of the individual, the people said. End-to-end encrypted communications such as those on the Signal platform are believed to have not been hacked, they said.

The development heightens concerns over the extent of the infiltration as the 2024 election is in high gear as well as the potential threat to long-term national security.

The FBI declined to comment on the matter.

The FBI and other U.S. agencies are still investigating the full extent and nature of the espionage campaign. The hackers targeted the phones of former president Donald Trump, who is running to regain the White House, and his running mate JD Vance, the New York Times first reported Friday. They were thought to have targeted information about call logs, and there is no evidence so far that the hackers listened in on calls of the two Republicans at the top of the ticket.

As previously reported, Democrats were also targeted in the hacking efforts, including the staff of Senate Majority Leader Charles E. Schumer (D-New York), according to another person familiar with the matter.

The Salt Typhoon group is also thought to have targeted the system that tracks lawful requests for wiretaps made by the federal government of carriers. The motive there could be to figure out who the FBI and other federal agencies have under surveillance, said people familiar with the matter.

The matter is so serious that the White House earlier this month set up an emergency multiagency team to ensure all relevant agencies have visibility into the investigation. The establishment of a “unified coordination group” triggers a separate mandatory investigation by a public-private Cyber Safety Review Board, which in this case will probe the lapses that led to the intrusions. The board is led by the Department of Homeland Security and includes cyber experts from industry. It’s unclear when the probe will begin, officials said.

The wide-ranging operation has involved at least 10 telecom companies, including major carriers such as AT&T, Verizon and Lumen.

At least one U.S. official was notified late last week that a personal cellphone had been accessed by the Salt Typhoon hackers, said one of the people familiar with the matter. The hackers were targeting phone logs, SMS text messages and other data on the device, said the person. It was not clear whether audio calls were successfully intercepted for that official, the person said.

read more
alt=Image illustrating steps to remove Safari from a Mac, highlighting a recent macOS vulnerability affecting privacy controls.
Cyber security
2024-10-19 Post a Comment

Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser

î „Ravie Lakshmanan

Microsoft Reveals macOS Vulnerability

Microsoft has disclosed details about a now-patched security flaw in Apple’s Transparency, Consent, and Control (TCC) framework in macOS that has likely come under exploitation to get around a user’s privacy preferences and access data.

The shortcoming, codenamed HM Surf by the tech giant, is tracked as CVE-2024-44133. It was addressed by Apple as part of macOS Sequoia 15 by removing the vulnerable code.

HM Surf “involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user’s data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent,” Jonathan Bar Or of the Microsoft Threat Intelligence team said.

Microsoft said the new protections are limited to Apple’s Safari browser, and that it’s working with other major browser vendors to further explore the benefits of hardening local configuration files.

Microsoft Reveals macOS Vulnerability

HM Surf follows Microsoft’s discovery of Apple macOS flaws like Shrootless, powerdir, Achilles, and Migraine that could enable malicious actors to sidestep security enforcements.

While TCC is a security framework that prevents apps from accessing users’ personal information without their consent, the newly discovered bug could enable attackers to bypass this requirement and gain access to location services, address book, camera, microphone, downloads directory, and others in an unauthorized manner.

The access is governed by a set of entitlements, with Apple’s own apps like Safari having the ability to completely sidestep TCC using the “com.apple.private.tcc.allow” entitlement.

While this allows Safari to freely access sensitive permissions, it also incorporates a new security mechanism called Hardened Runtime that makes it challenging to execute arbitrary code in the context of the web browser.

That said, when users visit a website that requests location or camera access for the first time, Safari prompts for access via a TCC-like popup. These entitlements are stored on a per-website basis within various files located in the “~/Library/Safari” directory.

The HM Surf exploit devised by Microsoft hinges on performing the following steps –

  • Changing the home directory of the current user with the dscl utility, a step that does not require TCC access in macOS Sonoma
  • Modifying the sensitive files (e.g., PerSitePreferences.db) within “~/Library/Safari” under the user’s real home directory
  • Changing the home directory back to the original directory causes Safari to use the modified files
  • Launching Safari to open a web page that takes a snapshot via the device’s camera and grab the location

The attack could be extended further to save an entire camera stream or stealthily capture audio through the Mac’s microphone, Microsoft said. Third-party web browsers don’t suffer from this problem as they do not have the same private entitlements as Apple applications.

Microsoft noted it observed suspicious activity associated with a known macOS adware threat named AdLoad likely exploiting the vulnerability, making it imperative that users take steps to apply the latest updates.

“Since we weren’t able to observe the steps taken leading to the activity, we can’t fully determine if the AdLoad campaign is exploiting the HM surf vulnerability itself,” Bar Or said. “Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique.”

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights