Prompt Injection, CISA, Patch Tuesday – PSW #861

The vulnerability sounds strange, a command injection (authenticated) in the Telnet service. Of course, listeners are now asking why Telnet, which is intended to allow the user to execute commands, suffers from a command injection vulnerability. I believe the original intent of the Telnet service on the Zyxel router models affected was to limit which commands could be run, but implemented very poorly, allowing the user to run any OS command. The vulnerable routers are no longer supported, but a quick search reveals these are DSL modem type routers which likely were provided by the ISP. So, hopefully the ISPs have replaced them all (unlikely given many observed attacks in the wild for this vulnerability).

Spoiler: An attacker can send malicious firmware to the heater that allows for physical attacks, in this example, constantly turning the heater on and off again. The microcontroller turned out to be a Realtek chip similar to an ESP8266. The big takeaways are: 1) Use secure communications protocols to send/receive firmware updates 2) Use the security features available in the platform such as Secure Boot, which would make tampering very difficult. The manufacturer did neither of these things, and the product has since been recalled. I'm not rushing out to buy a smart space heater anytime soon...

We covered this before, just flagging as a resource for interesting firmware and hardware reversing tips as the author states: "This blog post isn’t just about fixing a broken audio player—it’s about peeling back the layers of its firmware, finding hidden exploits, a backdoor and unlocking code execution."

When the compiler saved the day: "We often hear of all the failings of software and vulnerabilities and mitigation bypasses, and we felt we should take this opportunity to highlight the opposite. In this case, modern compiler features, static analysis via -Wstringop-overflow and strong mitigation via FORTIFY_SOURCE, saved the day. These should always be enabled by default. Additionally, those compiler warnings are only useful if someone actually reads them."

"BADBOX is a newly discovered botnet targeting both off-brand and well-known Android devices—often with malware that potentially came pre-installed from the factory or further down in the supply chain. Over 190,000 infected devices have been observed so far, including higher-end models like Yandex 4K QLED TVs. Using Censys, I identified a suspicious SSL/TLS certificate common to BADBOX infrastructure, revealing five IPs and numerous domains, all using the same certificate and SSH host key. This strongly indicates a single actor controlling a templated environment. The sheer scale and stealthy nature of BADBOX underscore the critical need to monitor supply chain integrity and network traffic." - Well, BADBOX is not new, its been tracked for some time and unique in that it comes pre-installed on many Android devices. What is interesting is that this research hints that it is controlled by a single threat actor and the scope is 190,000 infected devices, most of which will be around for a long time as detection is hard for this type of device (IoT) and in this environment (the home typically). We talk about botnets that have far less instances, yet BADBOX just carries on its merry way and someone is profiting from it, somewhere, how long before we can take this thing down?

After several researchers have looked at this firmware, they all (pretty much) came to the same conclusion that this was not a hidden backdoor but just very poor security for firmware updates and data security/privacy. These patient monitors are still not great at security and should not be used. I'm also curious how or if they passed FDA...

This looks really neat, I had not heard of Ludus before, but it looks amazing for a lab environment for security testing! More information here as well: https://gitlab.com/badsectorlabs/ludus

Google has fixed this attack that is being called "Prompt Injection and Delayed Tool Invocation" - The video in the article explains it very nicely, basically you can implant "memories" in AI responses and Gemini would save them and then use that as data for future prompts.

You may read this headline and believe that this is just something to do with the Steam Deck (and you would be wrong). You may start reading this article and make all sorts of other assumptions and (like me) get lost in some (or all) of the technical details. Even with some knowledge of UEFI, its a deeply technical post and also very well done. Side note: Ivan is awesome and we've known each other for longer than we'd like to admit. Now, on to the important part. There is one sentence that really struck me: *"And voila. With a bit of engineering, we can build a useful tool to monitor everything that runs on the machine in a transparent way for the OS..." - This is most important part. Attackers exploiting this vulnerability can monitor everything on the system. Not only that, but do that independently of the OS (because your pwnage happens pre-os). My fear: If someone pwns a system in this way we'd never find them.

I will also add we got patches from Microsoft, Fortinet, and Ivanti this week. All of these contained critical vulnerabilities, some even being exploited in the wild. Here's the list:

• https://www.amd.com/en/resources/product-security.html
• https://www.intel.com/content/www/us/en/security-center/default.html
• Microsoft: I like this one: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21194 (Also reported by Quarkslabs)
• https://www.fortiguard.com/psirt (This one has IoCs: https://www.fortiguard.com/psirt/FG-IR-24-535)
• https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs - This was just for Connect Secure, I believe other products also got some patches.

I picture this being said by the boss in Office Space, holding his coffee cup, saying "Yea, if you just go ahead and...where feasible, eliminate this class of defect by developing new software using memory-safe languages, using secure by design methods, and implementing the best practices supplied in this Alert."* That'd be swell!

Our beloved father, brother, son, cousin, friend, and coworker Wayne Crowder experienced a sudden stroke in the final days of January 2025. During testing, it was confirmed that the stroke and other symptoms he has experienced for the last few months were due to an aggressive and life-altering brain tumor. He is struggling with the aftereffects of his stroke at this time, while also preparing for the prognosis and treatment of a rare brain tumor.

DOGE fed sensitive data from across the Education Department into Azure AI to probe the agency’s programs and spending. The DOGE team plans to replicate this process across many departments and agencies, accessing the back-end software at different parts of the government and then using AI technology to extract and sift through information about spending on employees and programs, including DEI initiatives.

Individuals with higher levels of education are just as likely to fall for misinformation as those with a lower level of education. Older adults are actually better than younger adults at distinguishing between true and false headlines. Republicans are more likely to fall for misinformation than Democrats.

The strongest effect in the meta-analysis was the influence of familiarity. When participants reported having already seen a news headline, they were more likely to believe it was true. This finding underscores the danger of repeated exposure to misinformation, particularly on social media.

Key Risks Identified: Unencrypted Data Transmission Weak & Hardcoded Encryption Keys: Uses outdated Triple DES encryption, reuses initialization vectors, and hardcodes encryption keys, violating best security practices Insecure Data Storage: Username, password, and encryption keys are stored insecurely, increasing the risk of credential theft. Extensive Data Collection & Fingerprinting: The app collects user and device data, which can be used for tracking and de-anonymization. Data Sent to China & Governed by PRC Laws

They started with an off-the-shelf base model, then fine-tuned it through distillation, a process to extract the “reasoning” capabilities from another AI model by training on its answers.

To train s1, the researchers created a dataset of just 1,000 carefully curated questions, paired with answers to those questions, as well as the “thinking” process behind each answer from Google’s Gemini 2.0 Flash Thinking Experimental. Training s1 took less than 30 minutes using 16 Nvidia H100 GPUs.

Huge investments may still be necessary to push the envelope of AI innovation. Distillation has shown to be a good method for cheaply re-creating an AI model’s capabilities, but it doesn’t create new AI models vastly better than what’s available today.

The NSA is planning a "Big Delete" of websites and internal network content that contain any of 27 banned words, including "privilege," "bias," and "inclusion" in order to obey Trump's anti-DEI orders. All NSA websites and internal network pages that contain banned words will be deleted. This will affect serious infosec content referring to "privilege escalation" and others. The NSA is trying to identify mission-related sites before the "Big Delete" is executed but appears to lack the personnel to do so.

The United Kingdom issued a secret order last month requiring Apple to create a backdoor for government security officials to access encrypted data. The British government's undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies.

The core target is Apple’s Advanced Data Protection, which is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud, making it so that even Apple cannot access that information. If Apple does comply, users should consider disabling iCloud backups entirely. Perhaps most concerning, the U.K. is apparently seeking a backdoor into users’ data regardless of where they are or what citizenship they have.

The Linux kernel runs in a PDF file loaded into your browser. This works through a RISC-V emulator compiled into JavaScript.

The CyberTruck is 17 times more likely to have a fire fatality than a Ford Pinto.

Between 1970 and 1980, 3,173,491 Ford Pintos were produced. Its famously flawed gas tank behind the rear bumper caused 27 fiery deaths with its knowingly negligent design.

My best estimate is that 34,438 CyberTrucks have been delivered to customers as of Jan 1, 2025. In 2 crashes and 1 incident in their first full year on American roads, the Cybertrucks burned 5 occupants who died.

I look forward to the Cybertruck being governmentally crash-tested by the NHTSA, which it has not been thus far. Until then, I can’t recommend sitting in one.

Paul: Conflicting reports on this story, only 3 people died (still terrible), speed was a factor, and the fire chief reports that it was unlikely the batteries caught fire: https://www.nbcnews.com/news/us-news/fiery-tesla-cybertruck-crash-dead-injured-california-bay-area-rcna182121