ManInTheMiddle
Latest
Sennheiser's headphone software could allow attackers to intercept data
Sennheiser's HeadSetup and HeadSetup Pro software poses a cybersecurity risk, according to a vulnerability disclosure from Germany's Secorvo Security Consulting. The headphone-maker is now urging users to update to new versions of the software after researchers revealed it was installing a root certificate, along with an encrypted private key, into the Trusted Root CA Certificate store, which could enable man-in-the-middle (MITM) attacks.
Lenovo will pay a $3.5 million fine for preinstalling adware on certain laptops
Lenovo came under fire a few years ago for pre-installing adware called VisualDiscovery (developed by Superfish) onto new machines. Now that the legal dust has settled, the laptop maker has agreed to pay $3.5 million in fines to a 32-state coalition "to resolve their concerns" related to the nefarious bloatware app. In 2015, the worry was that the software performed a man-in-the-middle attack on supposedly secure connections and could be used to spy on encrypted communications. The company issued a tool for removing the software at the time.
The NSA tried to use app stores to send malware to targets
It shouldn't come as a surprise to hear that the NSA worked on iOS and Android malware meant to capture information from a target's phone, but actually getting the software onto phones? That's tricky. To help solve that problem, the NSA (and the rest of the Five Eyes intelligence community) attempted to hijack data being sent to and from app stores like those run by Samsung and Google. According to a document leaked by Edward Snowden, obtained by The Intercept and published by the CBC, it was mostly in search of a way to implant secret surveillance payloads into those data connections in hopes of identifying an Arab Spring in action in other countries.
MIT research team improves wireless security, is starting with the man in the middle
Now that they've finished building a robot capable of making cakes, MIT's researchers can get on with the serious business of improving our wireless security. In a new study it reveals a technique dubbed tamper-evident pairing that stops so-called man-in-the-middle attacks. Put simply, a hacker intercepts your wireless communications, reads it and passes it onto the recipient, pretending to be you. Because the hacker controls the flow of information between the two parties, it's difficult to detect. MIT's process randomizes and encrypts the data with silence patterns and strings of additional information, which a hacker won't be able to replicate. The best part is that the added security measures only add 23 milliseconds of time onto each transmission. As fixing our wireless security problems is now out the door, the team are probably off to solve some more giant Rubik's cubes.