Contact Contact Us

Flawed UK Conservative Party Conference App Allows Public Login As Ministers, Sednit APT Group Delivers UEFI Rootkit In The Wild

A flawed phone app for the Conservative Party (UK) Conference had allowed members of the public to login as anyone attending the party conference and view and modify their personal information after entering an email address. The conference app can be downloaded by anyone, and contains details used during registration such as private phone numbers. Some hackers changed former Foreign Secretary Boris Johnson’s profile picture and job title, while others left messages on the internal messaging system. Some pranksters were able to phone senior MPs, including Foreign Secretary Jeremy Hunt and Home Secretary Sajid Javid. The flaw has since been fixed.

The Sednit APT group, also known as Fancy Bear and Sofacy, has successfully deployed a Unified Extensible Firmware Interface (UEFI) rootkit dubbed LoJax against government entities in the Balkans, Central and Eastern Europe – by writing a malicious UEFI module into a system’s SPI flash memory. The module can drop and execute malware on disk during the boot process and survive an operating system reinstallation and hard disk replacement.

[1] FINE MESS Tory party faces huge £2m data breach fine after app glitch exposes senior MPs’ contact details and even replaces profile pics with PORN
[2] LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883