Cursed wallpaper android Can Crash Your Phone Easily

So first off, remember the Unc0ver vulnerability/jailbreak from last week? In the 13.5.1 iOS release, the underlying flaw was fixed, closing the jailbreak. If you intend to jailbreak your iOS device, make sure not to install this update. That said, the normal warning applies: Be very careful about running out-of-date software. Apple Sign In

An exploit in Apple’s web authentication protocol was fixed in the past week. Sign In With Apple is similar to OAuth, and allows using an Apple account to sign in to other sites and services. Under the hood, a JSON Web Token (JWT) gets generated and passed around, in order to confirm the user’s identity. In theory, this scheme even allows authentication without disclosing the user’s email address.

So what could go wrong? Apparently, a simple request for a JWT that’s signed with Apple’s public key will automatically be approved. Yeah, it was that bad. Any account linked to an Apple ID could be trivially compromised. It was fixed this past week, after being found and reported by [Bhavuk Jain]. The Cursed Wallpaper

So when someone posts an image on twitter and warns everyone to *never* use it as your phone wallpaper, what’s the logical thing to do? Apparently, it’s only appropriate to immediately set it as your phone’s wallpaper, and then complain that it renders your phone unusable. So what’s going on?

The image in question uses a special color-space that the Android UI isn’t equipped to handle. That particular picture has a color value over 255, which is out of bounds, causing a crash in the UI. Once the Android UI has crashed, it’s impossible to change the wallpaper, leading to a crash loop. A few users were able to switch out their wallpapers in the few moments between crashes, but the surest way to clean up the mess is to manually remove the image using something like TWRP.Exim and CVE-2019-10149

This vulnerability is one that keeps on giving. We talked about CVE-2019-10149 just about a year ago. This week, the NSA published a warning (PDF) that certain state actors are actively exploiting this Exim bug.

For a quick refresher, the Exim mail server is the most popular mail server on the net. CVE-2019-10149 is a clever exploit that tricks a vulnerable server into trying to send an email to a specially crafted address, hosted at a malicious mail server. When the target machine tries to send a bounceback message, the malicious server sends a byte every four minutes, forcing the connection to stay open for a week. This strategy ensures that the vulnerable code is hit. When the message is finally sent, the payload embedded in the email address is evaluated and executed.

The NSA warning specifies the Russian GRU as the culprit, acting under the name Sandworm. There’s likely quite the story behind how the current attacks were discovered to be of Russian origin. As none of the indicators of compromise are directly tied to the GRU, we’ll just have to take the NSA’s word for it, but of course, they’re not going to make public how they get their counter-intel either.

In further GRU news, the UK has officially attributed to them a series of attacks on the country of Georgia. These attacks shut down the Georgian power grid, encrypted hard drives (ransomware), and directly damaged financial systems. And just last month, the German government attributed hacks on their parliament to one particular GRU officer: Dmitriy Badin.

Attributing cyberattacks to a particular actor is always tricky, especially when savvy foreign intelligence agencies that don’t want to get caught are behind the work, but the fact that multiple government agencies are converging on the same conclusions is more persuasive. The German evidence, collected over five years and pointing to a particular agent, is particularly so. Stolen Nuclear Missile Secrets?

Our final story comes from Sky News, who breaks the news that Westech International was hit with a ransomware attack. As you may have guessed, this section’s title is Betteridge’s Law in action, albeit ironically.

So what really happened, and why is the “nuclear secrets” angle almost certainly bunk? First off, Westech isn’t a huge engineering firm, and they haven’t worked on designing any nuclear weapons systems. Go to their website, and look at the contracts they have and the services they offer. Telecommunications, maintenance, and logistics planning.

Secondly, we know that the ransomware attack hit the machines doing their payroll. Classified information is subject to a strict set of rules in the US. It’s only to be kept and used in a Sensitive Compartmented Information Facility (SCIF). Computers containing classified information are never to be connected to the unsecured network. There is even a dedicated Secret Internet Protocol Router Network (SIPRNet) that is only for secure communications and only accessible from a SCIF. All this to say, if a ransomware attack can ex-filtrate data back to an attacker, then somebody royally messed up in a way that often leads to jail time. It’s a long way from payroll to nuclear secrets. Rooting Your AT&T Gateway

[Andrew Dupuis] had an Arris Fiber Gateway provided by AT&T, and like many a hacker, he wasn’t satisfied. Before we dive all the way into the rabbit-hole, we should point out that AT&T is charging $10 a month for this device, and refuses to let their customers use their own hardware instead. [Andrew] believes that this probably violates FCC rules. In any case, he wanted to run his own gateway instead of being locked into AT&T’s. The fiber connection uses 802.1x security on the physical connection, which also serves to lock customers into the official hardware. If a user could extract the 802.1x certificates, they could replace the official AT&T gateway with their own hardware, which is the point of the writeup.

The exploit itself starts with a firmware downgrade, back to a version that still contains the vulnerability. The vulnerability? A REST server intended for troubleshooting and debugging. A bit of work later, and the hardware is rooted, with a telnet server just waiting for you. It shouldn’t be very surprising, the OS under the hood is a standard embedded Linux. The first order of business is to disable the auto-update function, to avoid getting locked back out of the device.

[Andrew] explains how to properly secure the gateway, and re-tune it for better performance, good ideas if you intend to continue using it in your network. The real goal here is to extract the certificates. I’m not sure how much of a surprise it should be, but it seems that every device uses the same security certificates, and [Andrew] was kind enough to share the copy he extracted.

[Andrew] sent this in on the Hackaday Tipline. If you have research to share or come across something you think we should cover, be sure to let us know about it!

The ‘cursed’ Wallpaper Photo Could Crash Your Phone If You Save It

A “cursed” picture of an idyllic lake is creating havoc with smartphones that run Google’s Android system.

The wallpaper image, which shows a pretty sunset on a lake surrounded by mountains and forest, has a hidden bug in the coding, which is causing phones to crash.

When the image is saved as a wallpaper, it activates the bug and bricks the device. The phone may appear to be working but it will keep crashing and display an error screen.

Samsung’s Galaxy range and Google’s own Pixel handset have been hardest hit by the bug but OnePlus and Nokia also reportedly been affected.

The bug was highlighted on Twitter by a user calling themselves “Ice universe”.

“WARNING! Never set this picture as wallpaper, especially for Samsung mobile phone users!

“It will cause your phone to crash! Don’t try it! If someone sends you this picture, please ignore it,” the tweet says.

The image appears to affect devices running Android 10 – the latest version of the OS.

According to a developer who spoke to tech site Android Authority, the bug arises because the Android system can’t handle the color space – how the system assigns colors to images – and sends the phone into an infinite loop of processing.

“The main issue right here is that SystemUI only handles sRGB images for the wallpaper and doesn’t have any check against non-sRGB wallpapers,” the site explained.

“This can lead to a particular crash in the ImageProcessHelper class, as a variable used to access an array goes over the array bounds.”

Although it may be difficult to fix, there are a couple of potential solutions to fixing your phone.

If your phone will boot into safe mode, you may have just enough time to set the wallpaper back to something normal and safe.

Or go into the bootloader and factory reset your phone.

Google has been made aware of the problem and may issue a firmware update to tackle it.

A new version of Android (Android 11) is in the pipeline for release this year that may address the problem.

Watch Out: This Serene Wallpaper Crashes Android Devices

This image, now edited and cropped, originally had an improperly coded color profile, which crashed Android devices when installed as a wallpaper. — Twitter/@UniverseIce

A serene sunset over a lake might not seem like the most sinister image, though one such image is causing Android phones to crash when setting as wallpaper.

Twitter user Ice Universe discovered the bug, warning that the image was being shared widely on the microblogging service, and added that editing the image appeared to resolve the issue.

Unfortunately, many Twitter users instead experimented with the image to see what was causing the issue and instead ended up bricking their phone.

Android Central explained that the so-called “cursed image” was caused by an improperly coded color profile, which when set as a wallpaper crashes the phone’s Android System User Interface.

Those who’ve crashed their phones can fix it by either booting their phone into safe mode and changing the wallpaper, or using a custom recovery app to access the phone’s data and purge the wallpaper data.

If both solutions are not accessible, users could factory reset their phones.

Recently, a string of specific characters was found to cause iOS devices to crash if received via text, either through Messages, Mail or other apps

A similar bug hit iOS devices in 2018, using an Indian language character, in Telugu, that crashed the device and rendered messaging apps which displayed said characters inaccessible.

This latest image glitch however appears to affect only Android devices, with Android Central reporting that it hit multiple brands of devices and even Android emulators.

Download For Test ( Please Use Emulator For It !)

Download For Test ( Please Use Emulator For It !)