Category: Technology

Protect Your Android Phone from the Latest MMS Bug

Yesterday, security researchers discovered a critical flaw that affects almost all Android phones, that’s about one billion smartphones worldwide if you want to quantify. The scary part is that attackers only need to know your phone number in order to take over your device! There’s a good chance, rather it’s almost certain that your device is also vulnerable. Don’t panic, though, this post is about how you can easily guard your phone against this Stagefright bug, but a bit of background first.

It works by exploiting a security hole in Stagefright library, which is used by Android OS to render incoming videos embedded within an MMS. Thus, attackers can remotely send a specially-crafted MMS to your number, and upon retrieval, a malicious code embedded in it can silently become a part of your phone. Heck, it can even stealthily remove any traces of the received MMS and much more.

Solution

First one will disable the transmission of any sort of MMS, the second involves stopping your messaging app from automatically downloading/retrieving incoming MMS, as that’s when the code gets executed.

Disable sending/receiving of all MMS messages:

  1. Open Settings > More > Mobile Networks. You will get to the first screen above.
  2. Tap “Access Point Names”.
  3. Choose the APN which handles your MMS settings
  4. At the details screen, tap APN to change the value of APN to any random string. Don’t forget to write down the existing value, as you’ll need it to restore MMS functionality

I recommend this method if you don’t use MMS messaging and are not expecting any incoming MMS either.

Disable auto-retrieve in your Messaging app:

The exact steps depend on the messaging app that you’re using. Here are the screenshots of Hangouts and Messenger (messaging client in Lollipop) app:

For Messenger:

  1. Go to Settings > Advanced and disable auto-retrieve

For Hangouts:

  1. Slide the drawer
  2. Go to Settings > SMS > and ‘uncheck Auto Retrieve MMS’.

Apply updates from your phone manufacturer

Note that the above fixes are temporary solutions. For a permanent fix, contact your phone manufacturer, see if they have any update on offer and how you can apply it. For rooted phones, the consequences can be particularly severe if a successful exploitation occurs.

This bug is not in the wild yet, that is, there are no reports of it being exploited at a mass scale, partly because the researchers who discovered it haven’t released a proof-of-concept yet.

They’re going to present it at Black Hat USA on August 5th though, and there’s a possibility of attacks emerging after that so apply the fixes or updates as soon as possible!

Google.com.pk Hacked — Technical Details

Google.com.pk (Google Pakistan) website was hacked early morning today, and from the last several hours is still inaccessible. This domain gets all the traffic from Pakistan; people get redirected to it if a Pakistani IP opens Google.com.

Not only Google, other big names like Yahoo, Microsoft Pakistan and Apple are also apparently “hacked”. The domains Microsoft.pk, Yahoo.pk and Apple.pk remain inaccessible.

Turkish hacking group/individual “Eboz” has claimed responsibility by uploading a defaced page. The question, however is, were they all really “hacked“? Nope, not really. Let’s analyze a few things.

Performing a simple WHOIS lookup on Google.com.pk reveals the following DNS records, as of 9PM PST:

DNS records

name class type data time to live
google.com.pk IN A 127.0.0.1 3600s (01:00:00)
google.com.pk IN NS dns2.freehostia.com 3600s (01:00:00)
google.com.pk IN SOA
server: dns1.freehostia.com
email: support@freehostia.com
serial: 1353750918
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 86400
3600s (01:00:00)
google.com.pk IN NS dns1.freehostia.com 3600s (01:00:00)
google.com.pk IN MX
preference: 10
exchange: mbox.freehostia.com
3600s (01:00:00)

 

As you can see, the NS records, responsible for resolving a domain name to IP address have been changed freehostia.com’s nameservers. It’s a free web hosting provider, and Google, Apple or other affected big brands surely won’t be using a free hosting service!

What this reveals is that the hackers managed to take control of the domain registrar/registry and changed the DNS records. In this case, .pk domain names are handled by PKNIC.

It’s important to note that this doesn’t mean those hackers actually gained access servers of these companies. It’s highly unlikely! Rather, they just pointed the domain names to their own DNS records and people accessing these websites were redirected to the pages setup by hackers.

Google.com.pk is not opening because the IP address to which it points has been changed to 127.0.0.1. That’s a local loop IP address and if you try to open it, you just access your own computer’s port 80.

DIY: Mini UPS for DSL Modem and WiFi Routers

Load shedding and power outages: For those who can’t live without their computers and internet for any or no reason, this situation can be a nightmare.

This is a rough, simple and not a sophisticated solution, but works in keeping your devices powered on! It can power not only DSL/WiFi routers, but also any other appliance that can work at 9V or 12V. Keep the internet alive, and use it on your laptop or cell phone, 24×7!

I use it to power my DSL router and a TP-Link WiFi router. PTCL DSL router’s ratings are 12VDC 500mA, TP-Link’s 9VDC 700mA.

That’s why I’ve taken two outputs.

Circuit Diagram – DIY UPS for DSL Modem/WiFi Router:

UPS for DSL Modem/WiFi Router
Click to Enlarge

Parts:

  • One 12V 7AH lead acid battery.
  • One 16 or 18V laptop charger, max 2-2.5A current to charge the battery.
  • Five 1N5404 diodes.
  • One LM338T linear voltage regulator with a heatsink.
  • One 0.1uF ceramic capacitor.
  • One 1uF electrolytic capacitor (note the polarity of capacitor).
  • Two resistors. R1 = 2.6kOhm, R2= 250 Ohms.

Things that you need to note:

  • Make sure you check the specs of your appliances, in this case, router/modem first.
  • If you are only using a single router, just remove the respective part from circuit diagram. E.g., if you are using a 12V router, you don’t need those 4 diodes and 9V output jack.
  • You need to attach a DC pin to the outputs of the circuit. The same pin that is connected to your adapters, which go into your modem. Now, you don’t need that adapter. Just buy the same pin from market.
  • You can give input from a laptop charger of 16V to 18V. Keep in mind the current rating of the charger, as higher current ratings can damage the battery quite quickly. Even 2A current is too much for a battery of 7AH. It should be around 700mA, but that will also cause slow charging.
  • You must also attach a heatsink with LM338T IC. It gets extremely hot during operation!

I used a veroboard to build the circuit. You can use either that (will have to solder things), or use a breadboard.