This Week In Security: What’s Up With Whatsapp, Windows XP Patches, And Cisco Is Attacked By The Thrangrycat

Whatsapp allows for end-to-end encrypted messaging, secure VoIP calls, and until this week, malware installation when receiving a call. A maliciously crafted SRTCP connection can trigger a buffer overflow, and execute code on the target device. The vulnerability was apparently found first by a surveillance company, The NSO Group. NSO is known for Pegasus, a commercial spyware program that they’ve marketed to governments and intelligence agencies, and which has been implicated in a number of human rights violations and even the assassination of Jamal Khashoggi. It seems that this Whatsapp vulnerability was one of the infection vectors used by the Pegasus program. After independently discovering the flaw, Facebook pushed a fixed client on Monday.

Windows XP Patched Against Wormable Vulnerability

What year is it!? This Tuesday, Microsoft released a patch for Windows XP, five years after support for the venerable OS officially ended. Reminiscent of the last time Microsoft patched Windows XP, when Wannacry was the crisis. This week, Microsoft patched a Remote Desktop Protocol (RDP) vulnerability, CVE-2019-0708. The vulnerability allows an attacker to connect to the RDP service, send a malicious request, and have control over the system. Since no authentication is required, the vulnerability is considered “wormable”, or exploitable by a self-replicating program.

Windows XP through Windows 7 has the flaw, and fixes were rolled out, though notably not for Windows Vista. It’s been reported that it’s possible to download the patch for Server 2008 and manually apply it to Windows Vista. That said, it’s high time to retire the unsupported systems, or at least disconnect them from the network.

The Worst Vulnerability Name of All Time

Thrangrycat. Or more accurately, “😾😾😾” is a newly announced vulnerability in Cisco products, discovered by Red Balloon Security. Cisco uses secure boot on many of their devices in order to prevent malicious tampering with device firmware. Secure boot is achieved through the use of a secondary processor, a Trust Anchor module (TAm). This module ensures that the rest of the system is running properly signed firmware. The only problem with this scheme is that the dedicated TAm also has firmware, and that firmware can be attacked. The TAm processor is actually an FPGA, and researchers discovered that it was possible to modify the FPGA bitstream, totally defeating the secure boot mechanism.

The name of the attack, thrangrycat, might be a satirical shot at other ridiculous vulnerability names. Naming issues aside, it’s an impressive bit of work, numbered CVE-2019-1649. At the same time, Red Balloon Security disclosed another vulnerability that allowed command injection by an authenticated user.

Odds and Ends

See a security story you think we should cover? Drop us a note in the tip jar!

Stick Your Own Samples In The Cheetah SpecDrum

The Sinclair ZX Spectrum was a popular computer in the 8-bit era, and particularly so in its homeland of the United Kingdom. It was known more for its low cost than its capabilities, but it gained many add-ons over the years. One of those was the Cheetah SpecDrum, which turned the Spectrum into a rudimentary drum machine. [PianoMatt] wasn’t happy with the original drum samples, so he set about loading a custom kit into the SpecDrum.

The SpecDrum software initially came with extra sample tapes, so [PianoMatt] knew it was an achievable task to load in custom samples. Starting by loading the software in an emulator, the RAM was then exported as raw data and loaded up in Audacity. After some experimentation, it was determined the samples were stored in 8-bit format at a sample rate of approximately 20 kHz. With this figured out, it was then possible to load replacement samples directly into RAM through the emulator.

However, this wasn’t enough for [PianoMatt]. Further digging enabled him to reverse engineer the format of the replacement sample tapes. Armed with this knowledge, [PianoMatt] then generated his own tape, complete with proper headers and labels for each drum sound.

It’s a tidy effort to bring a more modern sound to a now positively ancient piece of hardware. We’d love to hear a track with drums courtesy of the SpecDrum, so we’ll keep an ear out on Soundcloud. Mucking around with old sound hardware is a popular pastime in these parts – we’ve even seen people go so far as to build bespoke Sega chiptune players from scratch. 

Paperclip Breadboard

TV’s MacGyver would love the breadboard arrangement we saw recently: it uses paperclips and crimping to make circuits that can be more or less permanent with no soldering. The basic idea is simple. A cardboard base has a piece of paper affixed. Metal paperclips are bent straight and glued to the paper using PVA glue (you know, like ordinary Elmer’s; hot glue would probably work, too). You could probably salvage wires out of old house wiring that would work for this, too.

The scheme uses two sizes of paper clips. Large ones are made straight and form the rails, while small paperclips make connections. The rails are bent to have a little “ear” that pushes into the cardboard base to hold them still. A little glue stabilizes them. The ears poke out the back, so the author suggests covering them with duct tape, hot glue, or another piece of cardboard. Using the top of a shoebox would also solve the problem.

Continue reading “Paperclip Breadboard”