QBOT BANKING TROJAN COLLECTS EMAILS IN OUTLOOK TO EXTRACT USERS’ SENSITIVE DATA

Posted on August 28, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/28/qbot-banking-trojan-collects-emails-in-outlook-to-extract-users-sensitive-data/

Information security specialists consider the most dangerous security threats to be those that receive constant updates. An example of this is the Qbot banking Trojan (also known as Qakbot and Pinkslipbot), which has been wreaked havoc for more than ten years thanks to its developers continually updating it. Qbot has multiple malicious features, among which are:

• Theft of information from infected systems (email addresses, passwords, bank details, etc.)
• Installing other malware variants
• Connecting to malware drivers to bank transactions from the victim’s IP
• Hijacking legitimate email conversations to spread the infection to other users

Last March, Check Point Research specialists detected an attack campaign using Qbot that ran until June; as the experts anticipated, the operators of this campaign paused their activities (allegedly to carry out subsequent attacks), however, these hackers reappeared unexpectedly less than a month after the hiatus.

At the end of July, experts detected the return of Emotet, one of today’s most dangerous Trojans, with which they managed to infect about 5% of the companies worldwide. In some of these infections experts also detected an updated version of Qbot, which contained a new command and control infrastructure, as well as updated techniques for malware spreading. Most of these infections were detected in the United States and Europe, mainly affecting public organizations, militia, manufacturing, among others, mentioned Check Point Research experts.

Despite the multiple updates received by this Trojan, specialists consider that the most important stage of the infection process remains the use of malicious emails. The following is a diagram describing the infection process detected on the new Qbot update:

Although at first glance the use of malicious emails does not seem to show something innovative, experts detected that the operators of this campaign were able to hijack email conversations (as mentioned at the beginning). Apparently, conversations can be hijacked using “Email Collector“, a module recently added to Qbot. The following images show examples of malicious emails:

As you can see, these messages contain a URL that redirects users to a ZIP with a malicious Virtual Basics Script (VBS) file. Experts detected hundreds of different URLs used in this campaign, most of them redirecting to compromised WordPress sites or created specifically for these purposes.

Although it didn’t look like a sophisticated hacking campaign, the new version of Qbot has dangerous capabilities that could put any organization’s IT infrastructure at risk, so companies will have to remain alert to any attempted attack.

A CYBER CRIMINAL IS SELLING ACCESS TO 900 CITRIX SERVERS OF BIG COMPANIES WORLDWIDE

Posted on August 28, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/28/a-cyber-criminal-is-selling-access-to-900-citrix-servers-of-big-companies-worldwide/

A new finding on dark web has put the security teams of hundreds of companies in alert. Specialists report that an unidentified user is selling access to more than 900 Citrix Systems deployments. Affected organizations include a U.S.-based cooperative bank, as well as government organizations, telecommunications and IT services companies around the world.

Citrix Systems is an American company dedicated to the development of software solutions for virtualization, computer network construction, and cloud computing services, including open source developer Xen. Today, more than 230,000 organizations around the world use some of Citrix’s solutions, mentioning the company’s latest reports. The following are some screenshots shared by the seller:

The company has yet to comment on this, although it is highly probable that this information will be confirmed in the coming days, in the same way that it has happened in similar incidents. Neither is known any detail about the vendor or about the method used to compromise the accesses of the affected organizations.

A few weeks ago, another user of hacking forums on darknet disclosed the sale of a database allegedly owned by Citrix that contained about 2 million records of the company’s customers. The database, identified as citrix_leads_vivo, was on sale for 2.15 Bitcoin (about $20,000 USD at the current exchange rate).

HACKERS CAN DUPLICATE YOUR HOUSE KEYS JUST BY LISTENING TO THEM WITH A SMARTPHONE

Posted on August 21, 2020 Updated on August 21, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/20/hackers-can-duplicate-your-house-keys-just-by-listening-to-them-with-a-smartphone/

Technological implementations can show security flaws that no one would expect, as mentioned by specialists from an ethical hacking course. An example of this is recent research that shows that it is possible to copy the key of a lock by simply listening to the sound it produces when inserting into the lock.

According to specialists, this only requires a smart doorbell (or failing that a smartphone) and a 3D printer.

Although this looks like a sci-fi story, hackers claim that it is possible to use signal processing software to capture the sounds produced by the key and determine its exact shape. Subsequently, using the 3D printer, it will be possible to create an identical key, mentioned by the specialists of the ethical hacking course.

After conducting research, Sounadrya Ramesh, a computer specialist at the National University of Singapore, and her team found a way to bring this to reality. The first thing that is required is to record the sound that produces a key when entering the lock. For obvious reasons, this requires being close to the target.

Once this sound is recorded the SpiKey interference software is used, which filters the signal to decipher each strong metal click as the key ridges hit with the lock mechanisms. According to the experts of the ethical hacking course, these clicks are essential to determine the shape of the lock, since the time spent between each of them allows the software to calculate the distances between the edges of the key, something known to the locksmiths as “bit depth”.

Using this information, SpiKey creates the three most likely key designs. It is worth mentioning that the initial combinations yield more than 300 thousand possible results, so this is highly efficient software. In a recently released video, Ramesh details this procedure.

This is another finding in a field where there has been no major research, although they represent a significant risk vector. For example, a high-speed video of plant top objects or fry bags can be used to extract vibrations and reconstruct the sound around these objects.

ACTIVE DIRECTORY (AD) DCSHADOW ATTACK PROTECTION

Posted on August 21, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/20/active-directory-ad-dcshadow-attack-protection/

The most dangerous malware variants are those that receive constant updates, improving their capabilities to compromise attacked systems, as mentioned by experts from a computer security course. Mimikatz is an open source post-exploit tool used in Windows credential-based attacks. A couple of years ago its developers included DCShadow, a feature of the lsadump module that allows threat actors to gain persistent privileged access in Windows Server Active Directory (AD), as well as cover traces of the attack.

AD attacks are very common, as AD controls security on most systems where it is deployed. When malicious hackers gain privileged access to AD, they can also compromise servers and devices joined to the AD domain.

When it comes to DCShadow attacks, any Windows device joined to the AD domain is registered as a domain controller (DC) by creating two new objects in the domain configuration partition. This attack can be performed from Windows 10 and, although Windows 10 cannot be a DC, DCShadow tricks the AD implementation into thinking that Windows 10 is actually a DC, the experts of the computer security course mention.

While these attacks are a growing trend in the cybercrime world, it is possible to implement some measures to prevent them. Security firm Petri researchers mention that the best way to prevent these attacks is to prevent malicious hackers from gaining privileged access to the target system, which is possible by some methods described below.

Workstations with privileged access

It is highly recommended that you use only domain administrator credentials (and other high-privileged accounts) on workstations with the necessary security measures. These Privileged Access Workstations (PAWs) are isolated from the public Internet.

Delegation of privileges for minor tasks

User and group management can be easily performed by other users besides the administrator; the best thing is that it is not necessary to grant privileged access to the domain, according to experts in the IT security course.

Protecting accounts with Windows tools

Credential Guard, a Windows Defender tool, provides additional protection for domain accounts, isolating credentials in an area that the system kernel cannot access. Other tools such as Credential Guard require a device to support virtualization-based security (VBS).

Privileged identity

A privileged identity management (PIM) solution can help organizations monitor and control privileged access to AD. Windows Server 2016 Shadow Directors and short-lived AD groups help enterprises take control of Active Directory when used with a specially reinforced AD forest for management.

These mechanisms, in conjunction with activity logging and appropriate security monitoring, should allow domain administrators to mitigate the risk of attack.

IN 2020 HARD-CODED USERNAMES & PASSWORDS FOUND IN CISCO VIRTUAL WIDE AREA APPLICATION SERVICES (VWAAS). PATCH NOW

Posted on August 21, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/20/in-2020-hard-coded-usernames-passwords-found-in-cisco-virtual-wide-area-application-services-vwaas-patch-now/

Cloud security course specialists revealed the finding of a critical vulnerability in Cisco Virtual Wide Area Application Services (vWAAS), a virtual deployment for both enterprise and service provider, that accelerates commercial applications delivered from virtual and private private cloud infrastructure. According to the report, the successful exploitation of these flaws would allow threat actors to gain full control of the target system.

Below is a brief overview of the reported flaw, in addition to its identification key and score according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-3446: The presence of hard-coded credentials in Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS) would allow unauthenticated remote malicious hackers to access the affected system.

According to cloud security course experts, successful exploitation of this flaw could compromise the vulnerable system altogether.

Vulnerable Cisco Wide Area Application Services versions are: 6.0(1), 6.1(1), 6.2(1), 6.2(3), 6.2 (3a), 6.2(3b), 6.2(3c), 6.2(3e) 31, 6.2(3e) 40, 6.3(1), 6.4(1), 6.4(3d). This vulnerability affects Cisco ENCS 5400-W and CSP 5000-W series devices if you are running Cisco vWAAS with versions 6.4.5 or 6.4.3d of images packaged with NFVIS and earlier.

This is considered a critical vulnerability and received a CVSS score of 8.5/10.

While cloud security course specialists mention that the flaw can be exploited by remote threat actors over the Internet, attempts to exploit actively or any malware related to the attack have not yet been detected. Updates are ready, so administrators of affected deployments are encouraged to update as soon as possible.

HOW A HACKER TOOK OVER A BUSINESS VIA CHANGING THE GOVERNMENT RECORDS OF THE COMPANY

Posted on August 21, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/20/how-a-hacker-took-over-a-business-via-changing-the-government-records-of-the-company/

The absence of authentication mechanisms on some online platforms can pose serious problems for your users. Experts from an ethical hacking course detail how an entrepreneur from Volusia County, Florida, was the victim of a fraud variant due to the few security measures on a government website.

Blair Burk, owner of Medical Facilities Construction Group, a company that builds and provides maintenance service to medical practices, claims that a hacker entered his company’s state records, modifying the information and removing his name from these records. “This man came in and said he was the president of my company. I can’t even understand what happened,” the victim says.

However, the company’s profile in the Florida Division of Corporations, in charge of the official registration of local companies, mentions that the owner is an individual named Nicolas Carioti, originally from South Florida. Apparently, someone hacked the official records, stored in Sunbiz.org: “I never thought anyone could just get into the system and change this information,” Burk adds.

This is itself a very serious thing, although experts from the ethical hacking course mention that the worst was missing. After consulting with the platform managers, Burk discovered that their information was not protected with passwords or some other authentication requirement, so any user could change their official corporate records: “It’s something that’s allowed, there’s nothing that can prevent it. If you ask those responsible, they say they’re sorry, but that only lawmakers can change the situation.”

Burk only received a government alert via his email informing him of the change in corporate records. The employer fears that the individual who modified this information will try to make a profit at the expense of his company, such as applying for a bank loan, drafting a contract, or some other variant of bank fraud.

Tommy Orndorf, expert in an ethical hacking course, analyzed what happened to Burk, mentioning that it is possible to make changes to these profiles without the use of passwords or any other form of verification: “These platforms must have some verification mechanism, not use only an email,” the specialist says.

Upon consultation, the Florida Division of Corporations mentioned that Burke’s complaint had already been addressed and the flaws on its website were corrected. However, the affected user is still afraid that someone might infiltrate these records: “It took me three days to fix this and I don’t want to go through a similar situation again,” Burke concludes.

2020’S TOP 25 MOST DANGEROUS SOFTWARE VULNERABILITIES

Posted on August 21, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/21/2020s-top-25-most-dangerous-software-vulnerabilities/

The Common Weakness Enumeration (CWE) vulnerability categorization system has released its TOP 25, where the most common and dangerous security flaws of the past two years meet. According to information security training specialists, CWE considers listed flaws to be highly dangerous due to their ease of operation, their ability to operate, and how often a related attack occurs.

For the creation of this list, CWE considered the information available on systems such as Common Vulnerabilities and Exposures (CVE), the Common Vulnerability Scoring System (CVSS), as well as the information available in the National Vulnerability Database (NVD).

Below is a brief description of the reported flaws, as mentioned by the information security training specialists:

Experts mention that the main difference between this TOP 25 and the previous one is the move to exploiting specific flaws instead of class-level flaws. Although these class-level flaws can still be seen in the list, their rankings dropped considerably. Specialists believe that this trend will continue in the near future.

In the list, flaws at class level CWE-119 (inadequate restriction of operations within buffer limits), CWE-20 (incorrect input validation), and CWE-200 (sensitive information exposure) lowered some points. On the other hand, specific errors such as CWE-79 (incorrect disable entry in the generation of web pages) have shown a noticeable increase, as mentioned by the specialists of the information security training.

The flaws that increased your scores the most in the most recent list are:

• CWE-522 (Inadequately Protected Credentials): from #27 to #18
• CWE-306 (Lack of Critical Function Authentication): from #36 to #24
• CWE-862 (Lack of authorization mechanisms): from #34 to #25
• CWE-863 (Incorrect Authorization): from #33 to #29

As you can see, these flaws reside in some of the most difficult areas to analyze in a computer system. On the other hand, specialists believe that the user community has improved their analytics and protection capabilities, significantly reducing the incidence of multiple security flaws.

The flaws that lowered your chart scores the most are:

• CWE-426 (Unreliable Search Path): from #22 to #26
• CWE-295 (Incorrect Certificate Validation): from #25 to #28
• CWE-835 (Loop with unreachable output condition): from #26 to #36
• CWE-704 (Wrong type conversion): from #28 to #37

This TOP 25 can be very useful for developers, researchers and users, as it represents an ideal report of the most consistently encountered flaws, in other words, it is a representation of cybercriminal trends.

PHILADELPHIA SEPTA TRANSPORT SYSTEM SUFFERS RANSOMWARE ATTACK

Posted on August 14, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/12/philadelphia-septa-transport-system-suffers-ransomware-attack/

The Southeastern Philadelphia Transportation Authority (SEPTA) has confirmed the detection of a malware attack on its servers. According to pentesting course specialists, the incident has prevented SEPTA from sharing relevant information about the trips since Monday. The report was published by The Philadelphia Inquirer.

Local authorities began an investigation after SEPTA reported some technical problems over the weekend, although they eventually had to turn to the Federal Bureau of Investigation (FBI) and outside cybersecurity experts. As an incident handling method, SEPTA shut down multiple systems that operate in real time, in addition to its payroll and remote timing systems.

SEPTA announced that SEPTA Key, the user’s card to enter the transport system, was not compromised during the incident: “We are doing our best to address this situation, we hope we will not have to close our systems again,” the authority says. Specialists from the pentesting course assure that SEPTA is not the only organization affected, although additional details have not been revealed.

How long the SEPTA systems will be affected is still unknown, as the variant of malware used by threat actors has not been disclosed, although specialists think it may be a ransomware attack. Users of the public transport system began to detect some failures on Monday morning, reporting the incidents on social networks, a situation that lasted until last Tuesday.

The recommendation for customers is to consult the printed schedules or request reports from the personnel at the affected stations until the information systems can be restored. This incident occurred at an inconvenient time, as people are returning to their daily activities after the period of isolation due to the pandemic, and any damage to public transport systems ends up affecting users.

According to pentesting course experts, last year, cybercriminals led SEPTA to close an online store that sold tickets and merchandise. Hundreds of customers are likely to have been victims.

RUSSIAN SIM CARDS ALLOW SPOOFING ANY PHONE NUMBER IN THE WORLD

Posted on August 14, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/13/russian-sim-cards-allow-spoofing-any-phone-number-in-the-world/

Phone fraud has more and more variants and more complex resources, specialists from a cyber security consulting company report. A few days ago a reporter recounted how he contacted a special SIM card seller, allegedly of Russian origin, used to impersonate any phone number without the target user being able to identify the fraud.

In the report, published by Motherboard, the researcher mentions that he managed to contact an individual who claims to control a website specialized in the sale of these SIM cards from Russia. The individual phoned the investigator using one of these cards, as mentioned above, this chip allowed him to forge any phone number: “It’s very easy to trick a user into pretending to call from a bank or simply to prevent the caller ID from recording the actual phone number,” the seller states.

These tools are known by various names among the cybercriminal community, whether “Russian SIM cards”, “encrypted chips”, “blank SIM card”, among other names, mention specialists of the cyber security consulting company. While the operation is the same, the researcher states that in some variants of the attack criminals also employ real-time voice manipulation methods or addition of background noise (street ambient sound, offices, among others). In addition, these SIM cards can be acquired in conjunction with data exposed in data breach incidents to deploy targeted attacks.

While these blank SIM cards are not illegal on their own, their use is clearly a crime, as the operators of these campaigns impersonate individuals and organizations, and they use information exposed in security incidents for malicious purposes. The National Crime Agency (NCA) recently reported the confiscation of multiple of these Russian SIM cards as evidence in an investigation.

According to specialists from the cyber security consulting company, encrypted phone vendors (whether legitimate firms or black market vendors) also offer these Russian SIM cards, so users of encrypted devices also have the ability to impersonate the phone numbers of any person or organization they want. According to motherboard researcher, these SIM cards work seamlessly in countries such as Colombia, the United Kingdom, Morocco, Mexico, and the United States.

In a video recently posted on YouTube, a seller showed how to forge phone numbers with these SIM cards. The seller wrote a series of digits on a phone, followed by an asterisk and the number to be impersonated. Soon after, a second phone showed the number impersonated.

The world’s most popular SIM card for cybercrime

Although many vendors mistakenly claim that these kinds of tools provide complete protection against government investigations, they are a widely used resource by cybercriminals in multiple parts of the world. On the other hand, Matt Horne, deputy director of investigations at the NCA, mentions: “Multiple organized crime groups try to evade justice through this kind of tools, which has become an extended and certainly useful practice.

HOW TO GENERATE A TEMPORARY BURNER GMAIL ID TO AVOID SPAM?

Posted on August 14, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/13/how-to-generate-a-temporary-burner-gmail-id-to-avoid-spam/

Everyone agrees that spam is one of the most hated things by tech users. No matter how many times we empty the undesirable mail folder, it will be full again in a couple of hours later, the hard drive destruction service specialists mentioned.

There is really no way to avoid spam, although there are ways to deal effectively against this practice. Here’s how to create a disposable email address, which will significantly reduce the level of spam in your actual inbox. The best thing is that users won’t need to use unconventional tools, but you’ll only need to know a Gmail feature.

Google doesn’t have its own disposable email service, although Gmail users have the option to create a custom email address that can be discarded when it’s no longer needed. According to the specialists in hard drive destruction service, here are the steps to take to use this tool:

• When prompted to enter your email into a service with which you would prefer not to share information, write it as usual, but add a specific label. The following example uses the tag “+unwantedemail.gmail.com” (the sign ‘+’ is useful, but is not required). By enabling this feature, emails sent to that address will appear in your inbox along with everyone else, but with that specific tag at the end of the address, which will help get rid of spam more efficiently.

• After adding this tag, users can set up a Gmail filter so that any message that includes this tag is automatically deleted. To do this, type the label used at the top of the inbox and click the arrow on the right side. Then, enter the label in the “From” section in the e-mail form and click “Create Filter”.

• On the next page, select the Delete check box and click Create Filter. This way you will no longer find tagged mail in your inbox, mentioned specialists in hard drive destruction service.

It should be mentioned that it is also possible to use disposable email addresses, which are tools external to Google; however, enabling Gmail filters is the most recommended option for users who simply want to get rid of inappropriate or useless advertising.

BYPASS RESTRICTIONS ON PALO ALTO’S PAN-OS FIREWALL WITH THIS ZERO-DAY VULNERABILITY

Posted on August 14, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/13/bypass-restrictions-on-palo-altos-pan-os-firewall-with-this-zero-day-vulnerability/

Specialists from a pentesting course have revealed the finding of a critical flaw in PAN-OS, the operating system present in multiple Palo Alto Networks solutions. According to the report, the exploitation of this flaw would allow threat actors to evade security controls on the affected products.

Below are some details of the reported flaw, in addition to their respective score and identification key in the Common Vulnerability Scoring System (CVSS).

CVE-2020-2035: When Forward Proxy Decryption SSL/TLS mode is configured to decrypt web transactions, The PAN-OS URL filtering feature inspects the HTTP host and URL path headers for policy enforcement in decrypted HTTPS web transactions, but does not parse the Server Name Indication (SNI) field within the TLS Hello Client handshake, which would allow malicious hackers to bypass the security restrictions implemented.

According to the pentesting course specialists, the flaw allows a compromised host on a protected network to dodge any security policy that uses URL filtering on a firewall configured with SSL Decryption in Forward Proxy mode.

This is an average severity vulnerability that received a CVSS score of 5.4/10.

The following are the versions of Palo Alto PAN-OS affected by this flaw: 8.1, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.4-h2, 8.1.5, 8.1.6, 8.1.6.2, 8.1, 7, 8.1.8, 8.1.8-h4, 8.1.8-h5, 8.1.9, 8.1.9-h4, 8.1.1.10, 8.1.12, 8.1.13, 8.1.14, 8.1. 15, 9.0, 9.0.0, 9.0.1, 9.0.2, 9.0.2-h4, 9.0.3, 9.0.3-h2, 9.0.3-h3, 9.0.4, 9.0.5, 9.0.5- h3, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.1, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0, 10.0.

While the flaw could be exploited by unauthenticated remote threat actors, pentesting course specialists have not detected attempts at active exploitation. It is important to remember that the vulnerability has not yet been fixed, so users should remain in the expectation of any new Palo Alto notice related to the flaw.

PINEPHONE: THE $200 USD SMARTPHONE WITH SWITCHES TO TURN OFF ITS CAMERA, MICROPHONE, WIFI AND GPS. A GOOD REPLACEMENT FOR ENCROCHAT

Posted on August 14, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/08/14/pinephone-the-200-usd-smartphone-with-switches-to-turn-off-its-camera-microphone-wifi-and-gps-a-good-replacement-for-encrochat/

The Android operating system has been characterized by its almost unlimited capacity for customization, in large part thanks to its Linux kernel and its open source nature, mention specialists in a pentesting course. Despite these features, the restrictions recently imposed by Google affect the work of developers, who must look for other alternatives for experimentation on mobile operating systems.

According to a report by Android Police, one of the most eye-catching alternatives for researchers and enthusiasts who want to gain complete control of their mobile devices is PinePhone, a device developed by Pine64 and supported by the Linux user and developer community. While experts mention that this is a very limited smartphone compared to its conventional counterparts, it is an ideal choice for security researchers and users interested in controlling every aspect of their device.

What’s so special about this phone?

The PinePhone is a smartphone developed by Pine64, a company that sells ARM-based Linux products. Braveheart, the first version of the device, was released in January 2020 and has continued an accelerated development process ever since. For the last couple of months, the company has been selling with different Linux distributions pre-installed. The version analyzed by pentesting course specialists is UBports Edition, which includes Ubuntu Touch.

When analyzing the hardware experts found that PinePhone is a hybrid result of two smartphone designs released in 2020 and 2008, including some features to improve the user privacy experience. Other notable details are its USB Type-C charging port, 5MP camera and a cover similar to low-end smartphones.

By removing the cover you will be able to see the battery of the PinePhone, practically the same as that used by conventional devices (some models of Samsung Galaxy, for example). It is worth mentioning that the PinePhone uses a microSIM, unlike newer smartphones that use nanoSIM, so it will require using an adapter. The PinePhone also features a slot to insert a microSD card up to 2 TB.

The most striking thing about the rear of the PinePhone are its three switches to disable the hardware, which must be manipulated with a screwdriver. These small switches can turn the modem, WiFi/Bluetooth controller, microphone, rear or front camera and even the audio jack on or off.

All the power of Linux in the palm of your hand

These are very attractive features, although the best thing about PinePhone is its ability to operate as a computer with Linux operating system, mentioned by experts in the pentesting course. In addition to the Linux distributions available, specialists are working on developing 17 different operating systems for the PinePhone.

The weakest point on these devices may be the in-availability of applications, as the available developments depend on the UBports community.

Regarding the installation of an additional operating system to the preloaded, this process varies depending on the distribution. Some distros can only run on the internal memory, while others must be installed on the memory card. On the other hand, distributions such as GloDroid will need to run a configuration script on a PC to compile the necessary information.

This is definitely an ideal alternative, although it has a big problem: the performance of the phone leaves a lot to be desired. The Allwinner A64 SoC only has 4 CPU cores and 2 GB of RAM, insufficient resources for the operation of some distributions. In simple terms, the operation of the PinePhone resembles that of a low-end Android smartphone.

Lots of things to improve

Pentesting course specialists believe this is more of a prototype than a product ready for final sale; even the manufacturer company issued a warning about potential device failures. However, PinePhone accepts its mission of providing researchers and enthusiasts with a useful device for research and with a noticeably better privacy experience than on a conventional device.

Advances allow Pine64 to think about launching a much more powerful device with a greater number of apps available. While it would be unrealistic to think that a PinePhone can reach the power of a Linux machine, the advances made so far are really promising.