vulnerability
Latest
Sprint security lapse gave access to customer data
Add Sprint to the list of US carriers whose security shortfalls put customer data at risk. TechCrunch has confirmed that the provider was using two sets of easily-guessed logins that let a security researcher access a company portal with access to customer data, including for Boost Mobile and Virgin Mobile. There were issues within the portal, too. The researcher would only have needed an account holder's phone number and a four-digit PIN to access their data, change plans or swap devices, and there was no limit on the number of PIN guesses.
T-Mobile, AT&T customer account PINs were exposed by website flaws
As if news of a recent breach leaking T-Mobile customer data to attackers weren't bad enough, Buzzfeed News highlights a pair of issues that could've revealed PIN numbers for customers of T-Mobile and AT&T. The security flaws were uncovered by two security researchers, Ryan aka "Phobia" and Nicholas "Convict" Ceraolo. The T-Mobile issue occurred via its link to Apple's online store, where they found that a page in the middle of the iPhone purchasing flow would allow an interested party unlimited attempts at guessing an account PIN or last four digits of the account holder's social security number. Given unlimited tries for a safety feature that's probably four digits with no rate limiting lets hackers run through all the possibilities quickly.
Intel discloses another set of processor vulnerabilities
Intel disclosed another set of processor flaws today that could let attackers steal information stored on computers or third party clouds. Discovered by a number of researchers and reported to Intel in January, the vulnerability includes three varieties. The company said in a blog post that when combined with updates released earlier this year, new updates being released today should protect most users from the vulnerability. "We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices," said Intel.
Security flaws could open body cameras up to hacks
At Def Con this weekend, Josh Mitchell, a cybersecurity consultant with Nuix, showed how various models of body cameras can be hacked, tracked and manipulated. Mitchell looked at devices produced by five companies -- Vievu, Patrol Eyes, Fire Cam, Digital Ally and CeeSc -- and found that they all had major security flaws, Wired reports. In four of the models, the flaws could allow an attacker to download footage, edit it and upload it again without evidence of any of those changes having occurred.
Android exploit targeted apps' shoddy use of external storage
Many mobile security flaws revolve around obvious avenues like websites or deep, operating system-level exploits. The security team at Check Point, however, has discovered another path: apps that make poor use of external storage like SD cards. While apps would ideally stick to internal storage (which Google sandboxes against outside influence) as much as possible, some apps have relied unnecessarily on unprotected external storage and didn't bother to validate the data coming from that space. An intruder could take advantage of that poor security policy to manipulate the data and cause havoc -- Check Point called it a "man-in-the-disk" attack.
Phones sold by the four major US carriers could have a major security flaw
Customers using devices from four major cell phone carriers could unknowingly be exposing sensitive data to hackers, according to the Department of Homeland Security (DHS). Fifth Domain reports that DHS-funded researchers from mobile security firm Kryptowire have found vulnerabilities in phones used by Verizon, AT&T, T-Mobile and Sprint. The flaws are built into phones by manufacturers, and include a loophole that could exploit data, emails and text messages.
Samsung patches multiple SmartThings Hub security flaws
Samsung's SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean company to resolve the issues, allowing Samsung to release a firmware update that patches them for all affected customers. Talos admits in its report that some of the vulnerabilities would've been difficult to exploit, but attackers can combine several at once to launch a "significant attack on the device."
Permanent LTE exploits steer users to rogue websites
LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn't completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent flaws in LTE to direct users to hostile websites. An active exploit uses the lack of integrity checks in LTE's lower layers to modify the text inside a data packet. Since that's easy to determine with DNS packets, which direct traffic to website addresses, you can steer requests to malicious DNS servers and thus take the user to a website of your choice.
Google will fix Home and Chromecast bug that reveals your location
Don't look now, but your Google Home speaker or Chromecast could give away your whereabouts... for a little while, that is. Google has promised a fix for an authentication vulnerability that lets attackers obtain your location using the company's devices as a conduit. While the necessary Home app on your phone normally performs most tasks through Google's cloud services, others (such as setting a device name and WiFi connection) are sent directly to the Home or Chromecast without authentication. If you use domain name system rebinding software, you can exploit this to obtain nearby wireless networks and use Google's location lookup services to obtain a position to an accuracy of a few feet.
Frontier Communications' password bug lets anyone into your account
While you might feel more at ease knowing your personal information is protected by two-factor authentication, a bug in Frontier's password reset system is demonstrating that vulnerabilities can open your info up to exposure even when that extra level of protection is available. The internet giant's password system sends users a two-factor code when they initiate a reset, but ZDNet reports that the system lets you enter as many codes as you want, opening up users' accounts to a breach. Spotted by security researcher Ryan Stevenson, the bug means a determined attacker with some time on their hands could get into an account with just a username or an email address.
Intel details fourth Spectre-style CPU security flaw
Intel said it was expanding its bug bounty program to help find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses speculative execution to expose some data through a side channel. The attack is so far known to work in a "language-based runtime environment" like the sort you'd see in a web browser (say, JavaScript), although Intel hadn't seen evidence of successful browser-based exploits.
Hackers find an 'unpatchable' way to breach the Nintendo Switch
Security researchers from ReSwitched have discovered a Nintendo Switch vulnerability that could let hackers run arbitrary code on all current consoles. Dubbed "Fusée Gelée" ("Frozen Rocket") it exploits buggy code in the NVIDIA Tegra X1's USB recovery mode, bypassing software that would normally protect the critical bootROM. Most worrisome for Nintendo is that the bug appears to be unpatchable and could allow users to eventually run pirated games.
Global cyberattack targets 200,000 network switches (updated)
The past few days haven't been great for the internet's broader security. Iran's Communication and Information Technology Ministry has reported that it was a victim in a global cyberattack that compromised about 200,000 Cisco switches that hadn't yet received patches for exploits in the company's legacy Smart Install protocol. The attackers displayed a US flag on at least some screens, complete with a "don't mess with our elections" warning, but the attack wasn't focused on Iran -- only 3,500 switches fell to the exploit in the country. About 55,000 of the victim devices were in the US, IT Minister Mohammad Javad Azari Jahromi said, while 14,000 were in China. Other victims were located in Europe and India.
Yet another security vulnerability afflicts India’s citizen database
India's Aadhaar database is a national system that contains personal data and biometric information on over 1.1 billion Indian citizens. While joining is technically voluntary (for now, at least), enrollment has become necessary for things like opening bank accounts and applying for loans, filing tax returns and buying or selling property. But Aadhaar has been rife with security issues and ZDNet reports that another, currently unaddressed, problem is exposing Indian citizens' information.
AMD vows to fix newly-disclosed processor vulnerabilities
Semiconductor company AMD has finally acknowledged there's a problem with its Platform Security Processor. Earlier this month Israel-based CTS labs found 13 critical vulnerabilities (including RyzenFall, MasterKey, Fallout and Chimera) with AMD's product, which could allow attackers to access sensitive data, install malware and gain complete access to compromised machines (although doing so would require admin access). Today, AMD has published a statement that largely underplays the threat, but claims that patches will be coming soon.
Sophisticated malware attacks through routers
Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive.
LTE security holes could lead to fake emergency alerts
Vulnerabilities in cellular network technology definitely aren't things of the past. Researchers at Purdue and the University of Iowa have outlined exploits in LTE protocols that would let intruders conduct ten serious attacks, including spying on calls and text messages, tracking locations, knocking devices offline and even faking emergency alerts. Intuders can take advantage of three key protocol tasks (such as attaching a device to the network and maintaining a connection) to conduct authentication relay attacks that not only let them connect to the network without credentials, but masquerade as the victim's device. A hacker could not only compromise the network, but frame someone else for the crime.
Tinder security flaw granted account access with just a phone number
Security researchers at Appsecure found a way to access anyone's Tinder account via their phone number. The exploit took advantage of a software flaw in both the dating app's login process as well as the Facebook API that it's based on. The issues have been fixed since, but represent a pretty big security lapse.
BitTorrent client exploits could let rogue websites control your PC
BitTorrent's peer-to-peer app and its lightweight uTorrent counterpart are susceptible to particularly nasty hijacking flaws. Google researcher Tavis Ormandy recently detailed a host of DNS rebinding exploits in Windows versions of the software that lets attackers resolve web domains to the user's computer, essentially giving the intruders the keys to the kingdom. They could execute remote code, download malware to Windows' startup folder (making it launch on the next reboot), grab downloaded files and look at your download history. The flaws touch on all unpatched versions, including uTorrent Web.
Air Force security hackathon leads to record payout
The US Air Force's second security hackathon has paid dividends... both for the military and the people finding holes in its defenses. HackerOne has revealed the results of the Hack the Air Force 2.0 challenge from the end of 2017, and it led to volunteers discovering 106 vulnerabilities across roughly 300 of the USAF's public websites. Those discoveries proved costly, however. The Air Force paid out a total of $103,883, including $12,500 for one bug -- the most money any federal bounty program has paid to date.
