Possible Spyware On Samsung Phones

[Editor’s note: There’s an ongoing back-and-forth about this “spyware” right now. We haven’t personally looked into it on any phones, and decoded Wireshark caps of what the cleaner software sends home seem to be lacking — it could be innocuous. We’re leaving our original text as-run below, but you might want to take this with a grain of salt until further evidence comes out. Or keep us all up to date in the comments. But be wary of jumping to quick conclusions.]

Samsung may have the highest-end options for hardware if you want an Android smartphone, but that hasn’t stopped them from making some questionable decisions on the software they sometimes load on it. Often these phones come with “default” apps that can’t be removed through ordinary means, or can’t even be disabled, and the latest discovery related to pre-loaded software on Samsung phones seems to be of a pretty major security vulnerability.

This software in question is a “storage cleaner” in the “Device Care” section of the phone, which is supposed to handle file optimization and deletion. This particular application is made by a Chinese company called Qihoo 360 and can’t be removed from the phone without using ADB or having root. The company is known for exceptionally bad practices concerning virus scanning, and the software has been accused of sending all information about files on the phone to servers in China, which could then turn all of the data it has over to the Chinese government. This was all discovered through the use of packet capture and osint, which are discussed in the post.

These revelations came about recently on Reddit from [kchaxcer] who made the original claims. It seems to be fairly legitimate at this point as well, and another user named [GeorgePB] was able to provide a temporary solution/workaround in the comments on the original post. It’s an interesting problem that probably shouldn’t exist on any phone, let alone a flagship phone competing with various iPhones, but it does highlight some security concerns we should all have with our daily use devices when we can’t control the software on the hardware that we supposedly own. There are some alternatives though if you are interested in open-source phones.

Thanks to [kickaxe] for the tip!

Photo from Pang Kakit [CC BY-SA 3.0 DE (https://creativecommons.org/licenses/by-sa/3.0/de/deed.en)]

The Strain Of Flu Shot Logistics

Did you get a flu shot this year? How about last year? In a world of next-day delivery and instant downloads, making the yearly pilgrimage to the doctor or the minute clinic feels like an outdated concept. Even if you get your shots free at the office, it’s still a pain to have to get vaccinated every year.

Unfortunately, there’s really no other way to deal with the annual threat of influenza. There’s no single vaccine for the flu because there are multiple strains that are always mutating. Unlike other viruses with one-and-done vaccinations, influenza is a moving target. Developing, producing, and distributing millions of vaccines every year is a massive operation that never stops, or even slows down a little bit. It’s basically Santa Claus territory — if Santa Claus delivered us all from mass epidemics.

The numbers are staggering. For the 2018-19 season, as in last year, there were 169.1 million doses distributed in the United States, up from 155.3 million doses the year before. How do they do it? We’re gonna roll up our sleeves and take a stab at it.

Continue reading “The Strain Of Flu Shot Logistics”

Hackaday Links: July 7, 2019

Like modular synths? Sure you do, and you need another hole to throw money into! For the last few months, Supplyframe has been hosting synthesizer and electronic music meetups in San Francisco. This week, the HDDG/Piqued meetup will have a great talk with the creator of VCV Rack. VCV Rack is an Open Source, virtual, modular synthesizer — basically a bunch of Eurorack modules inside a computer and it costs a whole lot less. The talk is this Thursday evening in SF. You should come!

The W600 is a new module (you can get it from Seeed, although it’s produced by Winner Micro in various formats) that is basically an ESP32, except it uses an ARM Cortex-M3 instead of a Tensilica core. [ultratechie] recently got their hands on one of these modules and got started with MicroPython. This seems like a capable module and it’s only three dollars, but will that be enough to catch up to the ESP32?

Purple gorilla enters art gallery. At the Het Nieuwe Instituut in Rotterdam there is a new exhibit featuring the, ‘destructive beauty of the computer virus’. The curators are detailing the historical progress of the computer virus from innocent DOS viruses to Melissa to Stuxnet and ransomware.

USB C has been around for a while, but 2019 is the year everything started to become USB C. Case in point: the Raspberry Pi 4. The only problem is that the Raspberry Pi Foundation messed up their implementation of USB C. Not a problem, because here’s how you design a USB C power sink. Basically, you give each CC line its own resistor. Don’t even think about it, just copy the USB C spec. You don’t know more about USB C than the people who designed it, and you’re not really saving a ton of money by deleting one resistor. Just copy the spec.

35C3: A Deep Dive Into DOS Viruses And Pranks

Oh, the hijinks that the early days of the PC revolution allowed. Back in the days when a 20MB hard drive was a big deal and MS-DOS 3.1 ruled over every plain beige PC-clone cobbled together by enthusiasts like myself, it was great fun to “set up” someone else’s machine to do something unexpected. This generally amounted to finding an unattended PC — the rooms of the residence hall where I lived in my undergrad days were a target-rich environment in this regard — and throwing something annoying in the AUTOEXEC.BAT file. Hilarity ensued when the mark next booted the machine and was greeted with something like an inverted display or a faked hard drive formatting. Control-G was good to me too.

So it was with a sense of great nostalgia that I watched [Ben Cartwright-Cox]’s recent 35C3 talk on the anatomy and physiology of viruses from the DOS days. Fair warning to the seasoned reader that a sense of temporal distortion is inevitable while watching someone who was born almost a decade after the last meaningful release of MS-DOS discuss its inner workings with such ease. After a great overview of the DOS API elements that were key to getting anything done back then, malware or regular programs alike, he dives into his efforts to mine an archive of old DOS viruses, the payloads of most of which were harmless pranks. He built some tools to find viruses that triggered based on the system date, and used an x86 emulator he designed to test every day between 1980 and 2005. He found about 10,000 malware samples and explored their payloads, everything from well-wishes for the New Year to a bizarre foreshadowing of the Navy Seal Copypasta meme.

We found [Ben]’s talk a real treat, and it’s good to see someone from the current generation take such a deep dive into the ways many of us cut our teeth in the computing world.

Continue reading “35C3: A Deep Dive Into DOS Viruses And Pranks”

Source Of Evil – A Botnet Code Collection

In case you’re looking for a variety of IRC client implementations, or always wondered how botnets and other malware looks on the inside, [maestron] has just the right thing for you. After years of searching and gathering the source code of hundreds of real-world botnets, he’s now published them on GitHub.

With C++ being the dominant language in the collection, you will also find sources in C, PHP, BASIC, Pascal, the occasional assembler, and even Java. And if you want to consider the psychological aspect of it, who knows, seeing their malicious creations in their rawest form might even give you a glimpse into the mind of their authors.

These sources are of course for educational purposes only, and it should go without saying that you probably wouldn’t want to experiment with them outside a controlled environment. But in case you do take a closer look at them and are someone who generally likes to get things in order, [maestron] is actually looking for ideas how to properly sort and organize the collection. And if you’re more into old school viruses, and want to see them run in a safe environment, there’s always the malware museum.

Françoise Barré-Sinoussi: Virus Hunter

It was early 1983 and Françoise Barré-Sinoussi of the prestigious Pasteur Institute in Paris was busy at the centrifuge trying to detect the presence of a retrovirus. The sample in the centrifuge came from an AIDS patient, though the disease wasn’t called AIDS yet.

Barré-Sinoussi and Montagnier in 1983
Barré-Sinoussi and Montagnier in 1983, Image source: Le Globserver

Just two years earlier in the US, a cluster of young men had been reported as suffering from unusual infections and forms of cancer normally experienced by the very old or by people using drugs designed to suppress the immune system. More cases were reported and US Centers for Disease Control and Prevention (CDC) formed a task force to monitor the unusual outbreak. In December, the first scientific article about the outbreak was published in the New England Journal of Medicine.

By May 1983, researchers Barré-Sinoussi and Luc Montagnier of the Pasteur Institute had isolated HIV, the virus which causes AIDS, and reported it in the journal Science. Both received the Nobel prize in 2008 for this work and the Nobel prize citation stated:

Never before have science and medicine been so quick to discover, identify the origin and provide treatment for a new disease entity.

It’s only fitting then that we take a closer look at one of these modern detectives of science, Françoise Barré-Sinoussi, and what led to her discovery.

Continue reading “Françoise Barré-Sinoussi: Virus Hunter”

Museum Shows Off Retro Malware

There’s some debate on which program gets the infamous title of “First Computer Virus”. There were a few for MS-DOS machines in the 80s and even one that spread through ARPANET in the 70s. Even John von Neumann theorized that programs might one day self-replicate. To compile all of these early examples of malware, and possibly settle this question once and for all, [Mikko Hypponen] has started collecting many of the early malware programs into a Museum of Malware.

While unlucky (or careless) users today are confronted with entire hard drive encryption viruses (or worse), a lot of the early viruses were relatively harmless. Examples include Brain which spread via floppy disk, the experimental ARPANET virus, or Elk Cloner which, despite many geniuses falsely claiming that Apples are immune to viruses, infected Mac computers of the 80s. [Mikko] has collected many more from this era that can be downloaded or demonstrated in a browser.

Retrocomputing is an active community, with users keeping gear of this era up and running despite it being 30+ years old. This software, while malicious at the time, is a great look into what the personal computing world was like in its infancy. And don’t forget, if you have a beige computer from a bygone era, you can always load up our Retro Page.

Thanks to [chad] for the tip!