your name your name

News Bytes

By Rahul Tulaskar 9th

July

2016

your name

>>>About Myself

lCompleted B.E from Mumbai

University in Computer Engineering .

lCurrently pursuing M.Tech from

K.J.Somaiya COE.

lAbout to start Internship at Tech

Mahindra.

your name

>>>Agenda

lTHE PENTAGON BUG BOUNTY

PROGRAM.

lHumming Bad Malware on Android.

lNew Target: SmartWatches.

lMiscellenous

your name

>>>Pentagon Bug Bounty

lFirst bug bounty program during April-May.

lDoD partnered with HackerOne.

lIP: Registration → Background checks →

Task allocation.

lNo Critical, Mission-Facing Systems Involved.

lLive Assets: DoD public websites.

your name

>>>Pentagon Bug Bounty

Total 138 vulnerabilities discovered.

First vulnerability discovered in just 13 minutes fron the

start of the PT.

Bounty organised due a damaging year for US

cyberdefenses.

In 2015 Russian hackers gained access to

unclassified Pentagon computer systems, with

sophisticated cyberattacks also targeting digital

infrastructure inside the White House.

Hackers linked to the Chinese government also stole

personal information from background checks on 21.5

million Americans.

your name

>>>Humming Bad Malware

lC1: attempts to gain root access on a device

with...rootkit .

lC2: If rooting fails → a fake system update

notification, tricking users into granting

Humming Bad system-level permissions.

lTarget: Android Jellybean to Marshmellow.

lYingmob – shares resources and tech. With an

analytics company.

your name

>>>Humming Bad Malware

lInjection of advertisements into victim's devices, which

when clicked, Yingmob gets paid.

l20 Million ads on a daily basis that achieve

approximately 2.5 Million clicks per day.

l The campaign generates $300,000 a month; proving

attacks can achieve financial self-sufficiency.

lSSP: rooting,downloading fake apps and display ad

banners.

lCAP:Fake IMEI injection,sending usage statistics to

C&C server and checks for plugin updates.

your name

>>>Target → SmartWatch

lMotive: Steal ATM PIN by reproducing

trajectories of hand movements.

lBackward PIN-Sequence Inference

algorithm .

l80% success rate on the first attempt,

and over 90% of the time with 3 tries.

lBinghamton University's paper titled:

lFriend or Foe?: Your Wearable Devices

Reveal Your Personal PIN

your name

>>>More about the paper

lhttps://www.semanticscholar.org/paper/Frie

nd-or-Foe-Your-Wearable-Devices-Reveal-

Your-Wang-

Guo/e867c843844a46d35434f01855d10d9

738757037

lTests were successful irrespective of the

hand position and orientation.

lNo Concrete Solution to counter this form

of eavesdropping.

your name

>>>Miscellenous

lSolarin Cellphone → Sirin Labs.

lDDOS at Compusoft

→http://www.csoonline.com/article/3085159/data-

breach/the-story-of-a-ddos-extortion-attack-how-one-

company-decided-to-take-a-

stand.html?utm_content=buffer95b7e&utm_medium=soci

al&utm_source=linkedin.com&utm_campaign=buffer#tk.rs

s_all

l palantrir:

https://www.buzzfeed.com/williamalden/how-hired-

hackers-got-complete-control-of-

palantir?utm_term=.foMbAj3a32#.veydPwg2gq

your name

>>>References

lhttps://blog.checkpoint.com/wp-

content/uploads/2016/07/HummingBad-Research-

report_FINAL-62916.pdf

lhttp://thehackernews.com/2016/07/android-malware-

china.html

lhttp://www.defensenews.com/story/defense/innovation/

2016/05/18/hack-the-pentagon-bug-bounty-payouts-

coming-soon/84556770/

lhttps://hackerone.com/blog/hack-the-pentagon-results

lhttp://www.cnet.com/news/malware-from-china-infects-

over-10-million-android-users-report-says/

your name

>>>THE END

THANK YOU !!!!!