[ad_1]
When a bad Software Updates From security company CrowdStrike Inadvertently creating global digital chaos Last month, the first signs that Windows computers were Blue Screen of Death. As a website and service decline As people scrambled to understand what was happening, conflicting and inaccurate information was everywhere. Longtime Mac security researcher Patrick Wardle was eager to understand the crisis, and he knew there was one place to find the facts: crash reports from computers affected by the vulnerability.
“Even though I’m not a Windows researcher, I was intrigued by what was going on, and there was a lack of information,” Wardle told Wired. “People were saying it was a Microsoft problem because Windows systems would blue screen, and there were a lot of crazy theories. But it had nothing to do with Microsoft. So I looked in the crash reports, and to me, that’s the ultimate truth. If you look there, you can find the root cause long before CrowdStrike comes out and tells the truth.”
At the Black Hat security conference in Las Vegas on Thursday, Wardle said crash reports are an underutilized tool. Such system snapshots give software developers and maintainers insight into possible problems in their code. In particular, they can be a fountain of information about potentially exploitable vulnerabilities in software for both defenders and attackers, Wardle stressed.
During his talk, Wardle walked through several examples of software vulnerabilities he found when an app crashed and he went through the reports looking for possible causes. Users can easily view their crash reports on Windows, macOS, and Linux, as well as Android and iOS, though accessing them on mobile operating systems can be more challenging. Wardle noted that to get insights from crash reports, you need a basic understanding of instructions written in low-level machine code, known as assembly, but stressed that it’s worth it.
In his Black Hat talk, Wardle described several vulnerabilities he discovered by examining crash reports on his own devices, including vulnerabilities in the analysis tool YARA and in the current version of Apple’s macOS operating system. In fact, when Wardle discovered the iOS bug causes apps to crash every time they display the Taiwan flag emojiYou guessed it, he found out what was going on through crash reports.
“We eventually revealed that Apple had acquiesced to China’s demands to censor the Taiwanese flag, but there was a bug in their censorship code — it was ridiculous,” he said. “My friend who initially discovered this said, ‘My phone is hacked by the Chinese. Every time you text me, it crashes. Or are you hacking me?’ I said, ‘Rude, I’m not hacking you. And, rude, if I hacked you, I wouldn’t crash your phone.’ So I pulled out the crash reports to see what was going on.”
Wardle stressed that if he could find so many vulnerabilities just by looking at crash reports from his own and his friends’ devices, software developers need to pay attention to them, too. Sophisticated criminals and well-funded state-sponsored hackers may have been inspired by his own crash reports. Over the years, news reports have suggested that intelligence agencies For example, the National Security Agency Mining crash logs. Crash reports are also a valuable source of information for detecting malware, as they can reveal unusual and potentially suspicious activity, Wardle noted. NSO GroupFor example, they often build mechanisms into their malware specifically to delete crash reports as soon as they infect a device. Malware often has vulnerabilities that make crashes more likely, and crash reports are valuable to attackers, helping them understand what went wrong with their code.
“With the incident report, the truth is out there,” Wardle said. “Or, I think, the truth is out there.”
[ad_2]
Source link
