TechSploits

Note by PHRACK STAFF:

A responsible disclosure was attempted to warn South Korea that China/North Korea has hacked them. The full article, dump and release schedule was shared with South Korea before it was published:

16th of June 2025, Informed Defense Counterintelligence Command.
26th of June 2025, Anonymous response from clearbear001 (dcc.mil.kr?).
16th of July 2025, Anonymous response from operation-dl (who is this?).
17th of July 2025, Informed KISA.
17th of July 2025, Informed Ministry of Unification.
17th of July 2025, Informed LG Uplus Corp.
18th of July 2025, Informed KrCERT.
1st of August 2025, Communication then ended abruptly.
14th of August 2025, The author received an ominous message via Signal, advising him that Proton is not secure (using a burner-phone). (Noticeable: The contact knew about “notfox”, a handle only shared with the South Korean government. Why the contact???).
15th of August 2025, Proton disables the whistleblower’s email account.
16th of August 2025, Proton disables the author’s email account.
18th of August 2025, The complaint fails. The appeal fails. Proton’s response: “your account will cause further damage to our service, therefore we will keep the account suspended”.
22nd of August 2025, Phrack vigorously tries to contact Proton-legal, Andy, and others at Proton. No response.
6th of September 2025, Phrack gives Proton 48h notice: Please respond, or we will try to reach you via social media.
9th of September 2025, Phrack reaches out to Proton on social media.
10th of September 2025, Proton re-enables both email accounts.

The email account was only used to communicate with South Korea. No ToS was violated. No crime was committed.

We trust that Proton will fix the appeal process and become more transparent. Don’t give up on Proton just yet.

So far Proton has not answered our emails or taken our calls. We wish to communicate and work this out together. This is not our first rodeo.

We thank the community for their support and courage.

Very interesting story.

Considering the time lines with the current ongoing S.Korean fires.

Making a Mac into a rack

A "Support" tech with limited privileges can elevate to root shell just by ssh'ing to the same box.

Very nice PoC

Now this is cool

Now this is some good ol' hacking just for fun

It could be worse i guess... I could be the admin of a Sharepoint instance...

Researchers at penetration testing and threat intelligence firm PCA Cyber Security (formerly PCAutomotive) have discovered that critical vulnerabilities affecting a widely used Bluetooth stack could be exploited to remotely hack millions of cars.

The researchers conducted an analysis of the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks.

They demonstrated how some of these flaws could be chained in what they named a PerfektBlue attack to remotely hack into a car’s infotainment system. From there the attacker can track the vehicle’s location, record audio from inside the car, and obtain the victim’s phonebook data.

The attacker may also be able to move laterally to other systems and potentially take control of functions such as the steering, horn and wipers. While this has not been demonstrated, previous research showed that it is possible for a hacker to move from a car’s infotainment to more critical systems.

The PerfektBlue hack has been demonstrated against recent infotainment models shipped with Mercedes-Benz, Skoda, and Volkswagen cars, as well as products made by another, unnamed OEM that was only recently made aware of the findings.

BlueSDK is present in millions of devices. The list includes not only vehicles, but also mobile phones and other portable gadgets made by dozens of major tech companies.

In order to conduct an attack, the hacker needs to be in range and able to pair their laptop with the targeted infotainment system over Bluetooth. In some cases pairing is possible without any user interaction, while in others pairing requires user confirmation, or it may not be possible at all.

“Essentially, PerfektBlue requires at most 1-click from a user to be exploited over-the-air by an attacker,” PCA Cyber Security explained.

The PerfektBlue vulnerabilities were reported to OpenSynergy back in May 2024 and were assigned the CVE identifiers CVE-2024-45434, CVE-2024-45431, CVE-2024-45432 and CVE-2024-45433.

Patches were created and distributed to customers starting in September 2024, but PCA Cyber Security waited until now to disclose them to ensure that the fixes would be widely deployed.

Earlier this year, PCA Cyber Security disclosed a series of vulnerabilities that could be exploited to remotely hack a Nissan Leaf electric vehicle, including for spying and the physical takeover of several functions.

I'm classing this as an exploit because it sounds like backblaze exploited their shareholders!

We (Reddthat) were going to use them as our object storage provider when we started. Luckily we didn't! It would make me want to migrate asap!

I nice write up on the #TikTok VM

We regularly see this on Reddthat's and my own personal services too.