June 16th update

1.

ADB.Miner and a continuing vulnerability

• Kevin Beaumont: Root Bridge — how thousands of internet connected Android devices now have no security, and are being exploited by criminals.

“Unfortunately, vendors have been shipping products with Android Debug Bridge enabled. It listens on port 5555, and enables anybody to connect over the internet to a device. It is also clear some people are insecurely rooting their devices, too.” He cites the following from Android’s developer portal:

“The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.”

• Catalin Cimpanu for Bleeping Computer: Tens of Thousands of Android Devices Are Exposing Their Debug Port. Not a new issue, as Qihoo implicated it in the spread of the Monero miner ADB.miner.

“The ADB.Miner worm exploited the Android Debug Bridge (ADB) … used for troubleshooting faulty devices …  some vendors have been shipping Android-based devices where the ADB over WiFi feature has been left enabled in the production version…”

• Commentary by Graham Cluley: Tens of thousands of Android devices are leaving their debug port exposed

2.

The Register: Apple will throw forensics cops off the iPhone Lightning port every hour

“Initially, Restricted Mode required a passcode after one week. But Apple confirmed yesterday that a plugged-in iPhone will require a passcode every hour for the data transfers to continue. … Since cracking the six-digit passcode may take up to 22 hours (or longer for a passphrase), then brute-force methods used by the cracking tools are likely to cease to work.”

3.

Josh Pitts, for Okta, goes into extensive detail about a “vulnerability [that] exists in the difference between how the Mach-O loader loads signed code vs how improperly used Code Signing APIs check signed code and is exploited via a malformed Universal/Fat Binary.” I can be Apple, and so can you – A Public Disclosure of Issues Around Third Party Code Signing Checks

For Bleeping Computer, Lawrence Abrams summarizes: Mac Security Tool Bugs Allow Malware to Appear as Apple Software.

John Leyden for The Register: Hello, ‘Apple’ here, and this dodgy third-party code is A-OK with us – “Subtle attack thwarts macOS code-signing process”

4.

Lukas Stefanko for ESET: Android users: Beware these popularity-faking tricks on Google Play
– “Tricksters have been misleading users about the functionality of apps by displaying bogus download numbers … …since unknown developer names are no use for popularity-boosting purposes anyway, some app authors have been setting fictitious, high numbers of installs as their developer names, in an effort to look like established developers with vast userbases.”

5.

Bloomberg: Apple Tries to Stop Developers From Sharing Data on Users’ Friends – “Apple Inc. changed its App Store rules last week to limit how developers use information about iPhone owners’ friends and other contacts, quietly closing a loophole that let app makers store and share data without many people’s consent.

6.

Bleeping Computer: New MysteryBot Android Malware Packs a Banking Trojan, Keylogger, and Ransomware

David Harley