Two hackers showed how they can hack Nintendo’s handheld and console game devices to spread malware to whatever networks they are connected to.
At the Defcon security conference in Las Vegas, Ki-Chan Ahn (below) and Dong-Joo Ha (right) showed off a number of demos of how they could crack the Nintendo DS and Nintendo Wii and use them to upload malware. They said users don’t expect malware to be loaded on game console devices, so they could be taken advantage of more easily. (See our roundup of all Black Hat and Defcon stories.)
The researchers said they could spread malware in a number of ways. They could, for instance, inject a virus into a pirate version of a Nintendo game and upload it to torrent networks, where users download pirated games. They showed how they could play a game in a compromised Wii system.
They also found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now.
In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs. All that is needed is an embedded computer, networking, and input-output systems. A few of the demos failed because wireless networks weren’t functional.
Ahn is a student at Hanyang University in South Korea, majoring in electronics. Ha is a researcher at AhnLab, a security firm. Check out the video excerpts below:
As an increasingly robust aggregator of local reviews, Google Places is turning into a formidable opponent. Several years ago, Google paid Yelp for access to their huge database of reviews; however, eventually Yelp terminated the deal. All was well until Google started crawling Yelp’s pages for unlicensed content to populate Google Places. Adding insult to injury, Google often pushes Yelp’s data to the bottom of its review areas, favoring instead licensed partners like Zagat. Oh, what a tangled web of reviews we weave.
Beyond the professional veneer, there’s no question that Stoppelman feels burned.
The recent developments, he says, were unexpected:
“Well I think we were surprised because we hadn’t participated in Place Pages over the years. Like we were in sort of the precursor to Place Pages back in something like 2006 and then we left because we weren’t really happy in the direction it was going and we thought OK we’ll just show up in organic results and everybody is still happy. And then yeah, we found our content was showing up there and it is ranked dead last right now. I don’t think that’s sort of a permanent situation from what we gather from talking to Google, they are sort of headed in a new direction that which hopefully will be more positive.”
Yelp, of course, is not always the victim. The site has been criticized for ripping Foursquare’s techniques, with this year’s introduction of check-ins, leader boards, badges and the not-so-subtle “dukedom” honor. Now, Yelp is tiptoeing near Groupon’s turf, as it tests limited deals in cities like Sacramento. During our post-panel video interview, we got a chance to talk to Stoppelman about Google Places and Yelp’s budding rivalries with Foursquare and Groupon. See full video above— below are a couple key highlights:
On Check-Ins
-Android has been a particularly strong platform— the number of Yelp downloads grew 40% week over week for about a month. Now, its growing 15% week over week.
On Limited Sales
-Yelp will eventually roll out a product that will capitalize on its strength as a destination for time sensitive searches. “We have all this traffic, we have 35 million monthly visiting the site and so what could we do for people that are actually looking for a massage right now versus you know alerting them hey there’s this deal is available. So are there some interesting twists on just the Groupon model that we can apply because we’re Yelp.”
Well this is interesting. One of the key points at Apple’s recent press conference to discuss the iPhone 4′s antenna, was that the problem (called “attenuation”) is not unique to the iPhone 4. To highlight this, Apple showed videos of the problem on smartphones by rival companies. Those videos were then posted to a special antenna page on Apple’s website. Those videos are now gone.
As you can see on this page, the videos are nowhere to be found. Instead, the page now only shows the overview of the antenna design and test labs. A search of Apple’s website brings up a few of the landing pages where the videos used to be — here’s the Droid X one, for example — but now those just redirect to the antenna design page as well. Odd.
Here’s what else is interesting: the original page with these videos still does reside on the Canadian version of Apple’s website. Here’s you’ll find the videos for the BlackBerry Bold 9700, the HTC Droid Eris, the Motorola Droid X, the Nokia N97 Mini, the Samsung Omnia II, the iPhone 3GS, and the iPhone 4. However, the Asian version of Apple’s site has the videos removed as well.
The videos are still up on Apple’s official YouTube channel, but they are no longer featured, and are a little bit trickier to find.
We’ve reached out to Apple for an official response as to why they removed them from the website. Obviously, they caused quite a bit of controversy – with some rivals, like RIM (makers of the BlackBerry), even responding. Has the threat of lawsuits from rivals forced Apple to take them down? Or did they take them down due to some of the negative backlash they were receiving? Or perhaps Apple is simply trying to move on from the situation — but again, the antenna design and test lab page is still there (though it doesn’t call out rivals specifically).
At the top of this post, find what the /antenna site currently looks like in the U.S. Below, find what it used to look like — and still does for the Canadian version of the site.
Owners of a Sony Ericsson X10 Mini or a Mini Pro will be happy to know that the folks at xda-developers have been able to achieve root on these two Android devices. The root requires some familiarity with adb and terminal commands and apparently takes advantage of the same exploit used to root the DROID X, Devour, and other Android handsets. Hit the read link for the detailed instructions and head over toe xda-devs to link up with other SE owners. Happy Rooting!
Let’s call this a single source rumor. But the source is Paul Carr’s camera, so we feel pretty good about it. The picture was taken last night at the TechCrunch summer party at August Capital.
Tello, says our source (the camera), has raised $100,000 from angel investor Dave McClure, whose checks appear to have an imprint of the Twitter fail whale in the background. This is one of his first investments from his shiny new 500 Startups fund.
What’s Tello? We don’t actually know. Founder and CEO Joe Beninato was previously the CEO of Presto. We had a lot of fun with that one. Cofounder and CTO John Cwikla has experience at GameLayers, Doostang, Xoom and other startups.
The total size of this round is around $1 million, we hear.
Does a picture say a thousand words? I dunno. Someone please count them. More details as they come in.
Here’s our roundup of the week’s tech business news. First, the most popular stories published in the last seven days:
Android wallpaper app that takes your data was downloaded by millions — A questionable Android wallpaper app that collects your personal data and sends it to a mysterious site in China has been downloaded millions of times, according to data unearthed by mobile security firm Lookout. The firm described its findings at the Black Hat security conference in Las Vegas, which is where this week’s flood of security-related posts came from.
Researcher shows how to hack ATMs with “Dillinger” tool — Using tools dubbed Dillinger and Scrooge, a security researcher showed how to hack an automated teller machine in front of a crowd of hackers and security professionals.
12 years after original game, Blizzard’s Starcraft II goes on sale –Starcraft II: Wings of Liberty went on sale this week, some 12 years after the original game debuted. The game is likely to be one of the biggest sellers of the year and the first shot in the arm for the PC gaming market (aside from Facebook, of course) in a long time.
And here are five more articles we think are important, thought-provoking, or fun:
Just kidding: Google says China hasn’t walled off search — On Thursday, a Google status page which publicly tracks access to its services in China reported that there was full blockage, or that search was unavailable between 67 and 100 percent of the time. But now Google says access to its search properties is normal and hasn’t been blocked.
A security researcher showed in a live demo today how he can intercept cell phone calls on 80 percent of the world’s phones with just about $1,500 worth of equipment.
Chris Paget, who also showed yesterday how he can hack into radio frequency identification tags (RFID) from a distance, created a fake cell phone tower, or Global System for Mobile communications (GSM) base station. GSM is the protocol for 80 percent of the world’s phones and is used by T-Mobile and AT&T in the U.S. The demo was not, Paget said, a malicious attack in any way.
Military and intelligence agencies can intercept cell phone calls with their wiretapping technology. But Paget simply wanted to show how vulnerable the cell phone network is and how hackers could intercept calls for a small amount of money. He used a couple of large antennae (pictured with Paget) and a laptop with some other equipment.
“There’s a good chance you won’t even know about it when it happens,” Paget said during a talk at the Defcon security conference in Las Vegas. (See our roundup of all Black Hat and Defcon stories).
Paget’s system disables the encryption in the system, and the GSM network complies and never sends a warning message. Paget’s talk got some attention in advance because Federal Communications Commission authorities contacted him about his planned demonstration. They asked whether he would be violating wiretapping laws.
Paget consulted his legal help from the Electronic Frontier Foundation and decided to go forward with the live demo of cell phone call interception. He posted notices at the event saying he would be intercepting calls on the GSM network in the area during the talk. That gave him some legal protection.
In the demo, he turned on his interceptor and immediately had 15 people on his network. The interceptor he created could intercept phones in a small area covered by one cell site. Dozens more phones were intercepted in the course of the talk. He inserted a warning message saying that he was intercepting calls, and some phones displayed that they were on the Defcon 18 cell phone network during the interception. He could take over a give area by broadcasting a stronger signal that was available from AT&T or T-Mobile in that given area.
“It’s not particularly difficult to do,” he said.
Paget said that he could easily create a noise generator that could disrupt all calls in a given area. He chose not to do that demo, as it would have knocked out all cell phone coverage for most of Las Vegas, he said.
“I am not turning this on,” he said. “The thing about band jamming is there is no way to defend against it.”
Check out the video excerpt of Paget’s presentation:
The Magic Trackpad (if I must call it that) has generated some controversy on the TC network. MG thinks it signals the end of the mouse era. I think it’s a great tool but is being lauded by a group of people unfamiliar with decent mice (read: Mac users). I happen to love both Apple’s trackpads and great mice at the same time, but it seems to me that we’re overlooking the real conflict here. And as it turns out, mice and trackpads (magic or otherwise) are on the same side.
The next generation of input is already here; chances are you have it in your pocket. Yet, advanced as it is, there are fundamental shortcomings that will prevent it from completely supplanting the interfaces we’ve grown up with.
It wouldn’t be that hard for North Korea to build a cyber army to take on the U.S. in a war fought only in cyberspace. North Korea has an estimated cyber war budget of $56 million, and the cheap way it could attack the U.S. is by herding a bunch of compromised computers to do its bidding.
That’s the assessment by Charlie Miller (above, photoshopped into a photo with North Korea’s leaders), a veteran computer security tester whose accomplishments include hacking Apple’s operating system and the iPhone. He spoke at the Defcon security conference in Las Vegas today. (See our roundup of all Black Hat and Defcon stories).
Miller gave his talk the humorous name: “Kim Jong-Il and Me: How to build a cyber army to defeat the U.S.” It drew a big crowd of hackers and security researchers. He imagined what would happen if he were kidnapped by Kim Jong-Il’s secret agents and forced to make war on the U.S. While he made a lot of jokes, the topic is a serious one. Miller gave a serious talk on the subject before a group of NATO officials a few months ago, and he has done computer penetration work for the National Security Agency in the past.
The substance of his talk was corroborated in part by Gen. Michael Hayden, the former director of national security, who said in a talk on Thursday at the Black Hat security conference that, “You built cyberspace like the north German plain, and then you bitch when you get invaded.” He meant that the advantage in cyberspace goes to the attacker.
During a war, the internet would be degraded. It would therefore be important to control lots of computers to carry out attacks. That’s why botnets, or millions of compromised computers that can be remotely controlled by an attacker, are a big force multiplayer in a cyber army. Perhaps 100 million compromised computers would be needed.
“I think I could marshal a lot of botnets to do the job pretty easily, and make sure they are all over the world,” Miller said. “That way, you can’t snip off the communications that control them. Make it 100 times better than anything we have seen before.”
“It’s good to be North Korea because they can get around laws that prevent you from taking other computers,” he said. On top of that, North Korea doesn’t have that much to attack.
The big problem in a cyber war is attribution: who started it? You couldn’t tell if it were Russia or China. If you have millions of computers throughout the world, you can choose where the attack appears to emanate from. That would help a country like North Korea hide.
The cyber army would include botnet collectors, penetration testers who comb the networks for vulnerabilities, spies, developers of malware, technical consultants who sell their knowledge to the highest bidder, and others. The total estimated budget to do the job with about 600 people would be more like $45 million, well within North Korea’s current budget. It might take two years to assemble such a force.
With all that, you get all the tools you need to wage war. Of course, many of these people are in the U.S. and would be hard to commandeer by North Korea.
The logical way to get the botnets to be useful is to exploit a Zero Day bug (or one for which there is no known solution). On average, each Zero Day bug remains unpatched for 348 days. These serious bugs, which can be used to take over computers, are plentiful and stick around for a while.
Other means: logic bombs to take down the internet, pay criminals to hijack computers for you, use insiders to create back doors into security systems. Miller doesn’t think those ideas would work very well, since you probably couldn’t rely on them. A distributed denial of service (DDOS) attack would flood certain sites with too much traffic.
To protect against these attacks, Miller says, you would have to have redundancy of critical networks. During a war, the U.S. could briefly try to segregate its networks from the rest of the world, by putting filters on the web so that nothing bad gets through. Of course, that effectively accomplishes the isolation that would be the object of an attacker. It would be hard to filter out all of the botnets that would be using different attack methods.
There are hardened targets like the National Security Agency that ordinary botnets would have trouble penetrating. To breach them, Miller would do penetration testing, get in somewhere, and then take control. That would take considerable time.
Miller would target places such as electric power grids, the air traffic control system, and military networks. The latter could be penetrated if someone plugged a compromised universal serial bus (USB) device into a computer on the network.
“In these cases, you have to get people inside these networks,” he said. “You pay them off, get them into the network and then allow me to remotely attack it. With enough money, patience and time, it’s really hard to stop a skilled attacker.”
The lesson, Miller said, is that you have to detect the buildup of botnets and other tools of cyber war early and deal with them before they are used. If you wait too long, there will be nothing you can do about it.
Popular online storage solution Dropbox has just launched its BlackBerry client as a limted beta. The app, compatible with OS 5.0 devices, already was gobbled up by the 500 user slots for testing. Those that snagged a copy are reporting that the application is similar to the Android and iPhone client, but is still missing some key features like the ability to upload non-picture files, the ability to delete/move files, and the ability to manage folders. BlackBerry owners that are interested in the beta should keep checking the beta site as additional slots are apparently being added to meet this initial demand. If you manage to get in on the beta, hit us up in the comments with your first impressions.
Two hackers showed how they can hack Nintendo’s handheld and console game devices to spread malware to whatever networks they are connected to.
