Touchscreens: Attack from the charging socket via „Ghost Touch“
Researchers from Technical University Darmstadt and Zhejiang University in Hangzhou carried out attacks on capacitive touchscreens via charging cables and power supply units and thus uncovered a new attack possibility on mobile devices. In the experimental setup, a compromised public charging station was assumed to be the starting point of the attack. A manipulated USB charging socket was used, whose power supply can be controlled remotely. The attacker measures the sampling frequency of the touchscreen via the charging connection in order to adapt the attack signal to it.
Beyond that, no data connection is necessary. A sophisticated attack signal is injected into the GND line, i.e. the ground line, via the charging line. The attack signal, which is injected via the USB interface, affects the power supply and is converted into a noise signal due to the lack of filtering. With the help of these noise signals, three different attack effects can be achieved, which are related to the typical structure of capacitive screens. The researchers succeeded in creating targeted ghost touches without physical contact. The screen could be manipulated in such a way that it no longer reacts to real touches.
Do you want to know more about this attack? We have gathered some insightful sources for you:
- WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens (computer.org)
- Touchscreens: Attack from the charging socket – TU Darmstadt (tu-darmstadt.de)
- WIGHT: Wired Ghost Touch Attack on Capacitive Touchscreens (youtube.com)
Attackers move quickly to exploit
Software vulnerabilities remain a key avenue of initial access for attackers according to the 2022 Unit 42 Incident Response Report. While this underscores the need for organizations to operate with a well-defined patch management strategy, we have observed that attackers are increasingly quick to exploit high-profile zero-day vulnerabilities, further increasing the time pressure on organizations when a new vulnerability is disclosed.
The 2022 Unit 42 Incident Response Report analyzes more than 600 incident response cases conducted over the past year alongside in-depth interviews with incident response experts to identify key patterns and trends that can be used by defenders to prioritize where and how to deploy protections. The report also covers how attackers gain initial access, which software vulnerabilities are most frequently exploited by attackers, which industries are targeted and how attacker behavior shifts around zero-day vulnerabilities.
Security updates Samba: Attackers could change admin passwords
Attackers could exploit vulnerabilities in Samba to gain access to systems, in some cases on a wide scale. Updated versions provide a remedy.
Samba makes Windows functions such as file and printer services available across platforms as a domain controller. Due to security problems in the handling of keys, attackers could, for example, change passwords of admins. It is also possible to provoke crashes.
The most critical vulnerability (CVE-2022-32744 „high“) is the kpasswd service. Attackers could encrypt requests with their own key at this point, which are accepted. It should be possible to change the passwords of other users via this method. If this happens to an admin account, it could lead to a complete domain takeover. The remaining vulnerabilities are rated with the threat level „medium“. Attackers could target this for DoS attacks or data leaks. The developers claim to have resolved the security issues in Samba 4.16.4, 4.15.9 and 4.14.14.
Be on the safe side and update!
For more insights on the topic, feel free to check some of our trusted sources below:
- Samba AD users can forge password change requests for any user
- Samba AD users can bypass certain restrictions associated with changing passwords
- Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request
- Samba AD users can crash the server process with an LDAP add or modify request
- Server memory information leak via SMB1
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.