Apply Apple Critical Update (iOS 9.5.3) Now

Apple recently released a critical security update (iOS 9.3.5) addressing three security vulnerabilities, for which there are known exploits. It is strongly recommended that iPhone and iPad users perform this update asap. You may not have yet received a prompt to perform the update, but the update is available on your device(s) via Settings -> General -> Software Update. More information about the vulnerabilities is available below.

Background:
Recently, a foreign government affiliated “cyber-war” company exploited a set of three zero-day vulnerabilities (dubbed ‘Trident’) in Apple’s iOS version < 9.3.5 to spy on a prominent human rights activist. The vulnerabilities, when exploited, can allow the malicious actor(s) to decrypt and steal emails, text messages, call logs, as well as remotely activate the phone’s microphone among other invasions of privacy and device compromises. Apple released an update several hours later that patches the vulnerabilities.

Targets:
While this security bulletin affects the internet community as a whole, the Trident spyware has been seen to specifically target high profile individuals such as political activists and be used against anyone to compromise access and device privacy. In this case, evidence exists where a political dissident and internationally renowned human rights defender Ahmed Mansoor was sent a suspicious text message claiming to have “New secrets about torture of Emiratis in state prisons” with a link. The link in the text message would have compromised the phone. However Ahmed Mansoor, cautious as he was, instead alerted a technology laboratory that works with human rights activists. This lab is called CitizenLab and together with Lookout Mobile Security, they traced the source of the compromise attempt as well as noted the effects of the mobile malware.

Source:
The source was traced to NSO Group Technologies Ltd. “NSO Group, based in Herzelia, Israel […], develops and sells mobile phone surveillance software to governments around the world. The company describes itself as a ‘leader’ in ‘mobile and cellular Cyber Warfare,’ and has been operating for more than six years since its founding in 2010.” – CitizenLab

Extent of Effects:
According to CitizenLab, the Trident spyware would effectively allow the malicious actor to gain complete control over the target phone by jailbreaking it remotely. After jailbreaking the device, the attacker essentially has full and unrestricted access to almost everything the device contains or processes including but not limited to:

– Calls made by phone, WhatsApp and Viber, SMS messages, as well as messages and other data from popular apps like Gmail, WhatsApp, Skype, Facebook, KakaoTalk, Telegram, and others
– A wide range of personal data, such as calendar data and contact lists, as well as passwords, including Wi-Fi passwords. (above list taken from CitizenLab)

The malware also has the ability to persist throughout patches of individual applications since the compromise affects the operating system layer underneath.

Recommendations:
Update any and all Apple iOS devices to the latest version 9.3.5 or greater.

References:
Ahmed Mansoor – https://www.hrw.org/tag/ahmed-mansoor
CitizenLab’s full analysis – https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
https://wp.nyu.edu/itsecurity/category/alerts/
Lookout Security’s analysis – https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
Apple’s patch notes (iOS v.9.3.5) – https://support.apple.com/en-us/HT207107
Ars Technica news article – http://arstechnica.com/apple/2016/08/apple-releases-ios-9-3-5-with-an-important-security-update/

 

 

SHH….Top Secret!

Click here to view the latest OUCH! newsletter, focusing on ENCRYPTION.

Encryption makes your data unreadable to others and is CRITICAL to security.

As always, please don’t hesitate to contact the IT Service Desk at 978 934 4357 should you have security related questions or concerns!

Take 5 minutes to secure your account and ensure your privacy with Google.

Google has a set of online tools available for quickly checking and modifying your account settings.

Start by going to myaccount.google.com where you can manage “Sign-in & security”, “Personal info & privacy” and ‘Account Preferences”. Towards the bottom of the page, you can “Get Started” with a  “Security Checkup” which will walk you through setting recovery options, checking connected devices and account permissions. The “Privacy Checkup” tool will show you what you have shared using your Google+ profile and the types of information collected to personalize your Google experience. Settings include allowing people to search for your name, number and other information, photo settings including geographic locations and managing web & app activity.

Be sure to take some time to review what Google collects and what you want made available for people to see. You might be surprised what you find as your existing settings!

Proofpoint Secure Email

secure_emailBy leveraging the Proofpoint appliances we have today, which are responsible for scanning messages for spam and viruses, we are able to provide UMass Lowell users with the ability to send encrypted email whenever necessary.  Proofpoint works seamlessly with our existing email Exchange servers as it encrypts email leaving the University’s private networks and heads out onto the Internet. Continue reading

Making “Digital Spring Cleaning” an Annual Ritual

Last week, the National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB) announced that they are encouraging consumers to put cybersecurity top of mind by urging them to make digital devices an additional target of their spring cleaning activities. Let’s encourage students, faculty, staff, family, and friends to make a thorough “digital spring cleaning” an annual ritual. Internet users can get a fresh start with their online life by keeping all machines clean, purging their online files, enhancing security features and ensuring that their online reputation shines.

Continue reading

The anatomy of a cyber attack

Click here to watch a video which outlines how a cyber attack occurs.  Although this story is fictitious, the methods are real and commonly used by cyber attackers.

As always, please don’t hesitate to contact the IT Service Desk at 978 934 4357 should you have security related questions or concerns.