Last Week’s Cyber Case Book – Sharp “AQUOS” Smartphone Vulnerability

We will send you a digest of security and cyber incidents that occurred over the week of April 20.

Vulnerability of sensitive information leakage to Sharp Android devices

On April 23, Sharp revealed that the company’s Android smartphones were vulnerable. The target models and versions are as follows.

AQUOS SH-M02 Version 01.00.05, and earlier
AQUOS SH-RM02 version 01.00.04, and earlier
AQUOS mini SH-M03 Version 01.00.0, 4 and earlier
AQUOS mobile phone SH-N01 version 01.00.01, and earlier
AQUOS L2 (UQ mobile/J:COM) version 01.00.05, and earlier
AQUOS sense lite SH-M05 version 03.00.04, and earlier
AQUOS sense (UQ mobile) version 03.00.03, and earlier
AQUOS compact SH-M06 version 02.00.02, and earlier
AQUOS sense plus SH-M07 version 02.00.02, and earlier
AQUOS sense2 SH-M08 version 02.00.05. and earlier
AQUOS sense2 (UQ mobile) version 02.00.06, and earlier

The vulnerability could allow the app in the terminal to ingest information in the product. However, it is said that there is no big influence because the leaked information is sensitive.

You have already released software that has fixed the vulnerability. Make sure that users of the target model update.

Bad login damage with Nintendo Network ID

On April 24, Nintendo announced that a fraudulent login to “Nintendo Network ID” (nnid) had occurred.

A bad login is due to a password list attack using a login ID and password obtained illegally from outside the company’s services. The attack occurred around the beginning of April, and it seems that the spoof login was also carried out.

NNID is an ID for using services for nintendo 3DS series and Wii U. It’s separate from the Nintendo account, but the company has discontinued the collaboration function because it can work together. Since it is possible to log in to a Nintendo account if the password is common, the password reset will be done sequentially.

Approximately 160,000 unauthorized logins were received. Any information that a third party may have viewed is your nickname, date of birth, country/region, and email address. If you are working with your Nintendo account, your registered name, date of birth, gender, country/region, and email address.

The company is urging users not to use the same password, including other external services, when they reset their passwords. Nintendo account can be set up two-step verification, so i want to introduce it.

Vulnerability in password tool included with Toshiba’s external HDD CANVIO series

On April 20, Toshiba Device Storage revealed a vulnerability in the password tool for Windows in the CANVIO series of external HDDs. This software was installed in the product or published on the website. The version s and products of the target software are as follows.

Password Tool for Windows Version 1.20.6620 or earlier

CANVIO PREMIUM (3TB, 2TB, 1TB)
HD-MB30TY / HD-MA30TY (Dark Gray Metallic)
HD-MB30TS / HD-MA30TS (Silver Metallic)
HD-MB20TY / HD-MA20TY (Dark Gray Metallic)
HD-MB20TS / HD-MA20TS (Silver Metallic)
HD-MB10TY / HD-MA10TY (Dark Gray Metallic)
HD-MB10TS / HD-MA10TS (Silver Metallic)

CANVIO SLIM 1TB, 500MB
HD-SB10TK (Black)
HD-SB10TS (Silver)
HD-SB50GK / HD-SA50GK (Black)
HD-SB50GS / HD-SA50GS (Silver)

The vulnerability is to obtain the authority to use the service’s behavior through an application with a name that consists of the first part of the path that contains white space characters. This could lead to unauthorized file execution.

If you already have password tool 1.20.6620 or earlier for Windows, do not do this and delete it. If so, remove the password and then uninstall the software. The pre-measured version will be available on April 28.

Phishing emails tricking yodobashi cameras

As of April 21, phishing emails tricking yodobashi cameras are spreading. The subject of the email is as follows.

[Yodobashi会員]Did you log in? (Date time)
[Yodobashi会員]Upgrade security system (time with)

In the email, they will ask you to click on the link, such as verifying your account information. The link is a phishing site to steal the ID and password of Yodobashi Camera (Yodobashi.com), and it is also used to enter credit card information.

Phishing sites look so similar that they’re hard to tell from the appearance of yodobashi.com. If you are using Yodobashi.com frequently, check your domain and determine if it is official. As of April 21, the phishing site is up and running. I want to keep an eye on similar sites because they may be published.

Yamakei Online Member Information Leaked

On April 18, Yamaandya sha revealed that personal information had been leaked at Yamakei Online, which the company operates. The information leak was discovered after receiving a point from a third party.

As a result of the investigation, information of users who registered before the renewal of Yamakei Online on April 9, 2013 was leaked. The company received this, and on April 18, it reset the user’s registered password and changed it to a randomly created string password.

The number of cases was 29,431 people, with details of information: email address, login password, date of birth and phone number. The company is calling attention to the potential for unauthorized logins, spoofing, phishing emails, and other sending from the contentof personal information leaked in the future.

Yamakei Online is also investigating whether it has been subjected to unauthorized access from outside by SQL injection in July 2015 and November 2017.