background preloader

Hardware

Facebook Twitter

Hackers could hijack your computer via its vulnerable wireless mouse or keyboard. For a paltry sum, attackers can build a device that enables them to take control of a computer by exploiting vulnerabilities found in numerous wireless mice and keyboards.

Hackers could hijack your computer via its vulnerable wireless mouse or keyboard

Marc Newlin, an engineer at Bastille Networks, recently published a report on his research, dubbed "MouseJack". "MouseJack is a collection of security vulnerabilities affecting non-Bluetooth wireless mice and keyboards. Spanning seven vendors, these vulnerabilities enable an attacker to type arbitrary commands into a victim’s computer from up to 100 meters away using a $15 USB dongle.

" The MouseJack issues point to a flaw in the way several vendors have configured their non-Bluetooth wireless mice and keyboards, which communicate with a USB dongle connected to a computer that listens for radio frequency packets sent by the devices. Easily Exploitable Vulnerability Found in Netis Routers. Routers produced by China-based networking solutions provider Netis Systems are plagued by a security hole that can be leveraged by an attacker to gain control of the devices, Trend Micro reported on Monday.

Easily Exploitable Vulnerability Found in Netis Routers

Netis Systems is part of the Netcore Group, which is headquartered in Shenzhen. Their products are sold under the Netcore brand name in China and as Netis is other parts of the world. According to the security firm, Netis/Netcore routers are exposed by a backdoor that can be easily exploited. A remote attacker that knows the targeted router's external IP address can gain access to it through the UDP port 53413. Are-Connected-Cars-on-a-Collision-Course-with-Network-Security. Boffins find hundreds of thousands of woefully insecure IoT devices. Secure remote control for conventional and virtual desktops More than 140,000 internet-of-things devices, from routers to CCTV systems contain zero-day vulnerabilities, backdoors, hard coded crackable passwords and blurted private keys, according to the first large scale analysis of firmware in embedded devices.

Boffins find hundreds of thousands of woefully insecure IoT devices

Four researchers from EURECOM France found the flaws when conducting a simple but systematic, automated, and large-scale analysis of 32,356 firmware images running on embedded systems within thousands of different devices. How Secure is Your Security Badge? Security conferences are a great place to learn about the latest hacking tricks, tools and exploits, but they also remind us of important stuff that was shown to be hackable in previous years yet never really got fixed.

How Secure is Your Security Badge?

Perhaps the best example of this at last week’s annual DefCon security conference in Las Vegas came from hackers who built on research first released in 2010 to show just how trivial it still is to read, modify and clone most HID cards — the rectangular white plastic “smart” cards that organizations worldwide distribute to employees for security badges. HID iClass proximity card. Nearly four years ago, researchers at the Chaos Communication Congress (CCC), a security conference in Berlin, released a paper (PDF) demonstrating a serious vulnerability in smart cards made by Austin, Texas-based HID Global, by far the largest manufacturer of these devices.

Fifteen zero days found in hacker router comp romp. Implementing global e-invoicing with guaranteed legal certainty Defcon 22 Researchers have unveiled 15 zero day vulnerabilities in four home and small business routers as part of the SOHOpelessly Broken hacker competition in DEF CON this week.

Fifteen zero days found in hacker router comp romp

Four of the 10 routers offered for attack including the ASUS RT-AC66U; Netgear Centria WNDR4700; Belkin N900, and TRENDnet TEW-812DRU were fully compromised. Those devices allowed attackers to execute privileged commands through holes found on updated firmware. Blood was also splattered from an Actiontec Electronics router sold by Verizon, which was not on the original hit list but was nonetheless accepted by competition organisers. Xiaomi updates cloud messaging after privacy scare. Boost IT visibility and business value Chinese mobe-maker Xiaomi has changed the defaults on its cloud messaging service, in response to concerns raised by F-Secure that it was storing users' private data.

Xiaomi updates cloud messaging after privacy scare

At issue is a service provided for its Mi phones, which was switched on by default until the over-the-air update was issued. In this blog post, F-Secure notes that the phones send carrier name, IMEI, phone number, and contacts to a Xiaomi server when switched on – and that it was sent unencrypted. F-Secure discovered Xiaomi handset spying on users'data. Security experts at F-Secure security firm has conducted a series of analysis on the new Xiaomi RedMi 1S and to verify the alleged presence of hidden data stealer components.

F-Secure discovered Xiaomi handset spying on users'data

The researchers confirmed that the devices send an impressive amount of users’data to “api.account.xiaomi.com“, a server located in China. The information transferred by the Xiaomi device includes: Is the Blackphone really so easy to root? Probably no. Recently we read about the Blackphone, a super secure smartphone designed by SGP Technologies, a joint venture between Silent Circle and Spanish Geekphone, which is able to avoid surveillance of the NSA.

Is the Blackphone really so easy to root? Probably no.

The designer of Blackphone defined it as the “world’s first Smartphone which places privacy and control directly in the hands of its users,”. Security expert Jon Sawyer (@TeamAndIRC), CTO of Applied Cybersecurity, at the recent DEF CON hacker conference demonstrated that Blackphone is vulnerable, they have rooted the super smartphone in just 5 minutes. The security researcher took 5 minutes to root the device without unlocking the device’ bootloader. Researchers Uncover Security Vulnerabilities in Ultra-Private Blackphone. Multiple vulnerabilities have been identified in Blackphone, the first smartphone developed with security and privacy in mind, a researcher announced on Twitter on Sunday.

Researchers Uncover Security Vulnerabilities in Ultra-Private Blackphone

Jon "Justin Case" Sawyer, CTO of Applied Cybersecurity, and Tim "diff" Strazzere, lead research and response engineer at Lookout Mobile Security, gave a talk titled "Android Hacker Protection Level 0" at Def Con 22 in Las Vegas on Sunday. In addition to their presentation, Sawyer announced that they've also managed to hack the Blackphone. Blackphone is powered by a security-enhanced operating system, PrivatOS, which is built on Android KitKat and designed to provide users protection and control over security issues. Wireless Live CD Alternative: ZeusGard. I’ve long recommended that small business owners and others concerned about malware-driven bank account takeovers consider adopting a “Live CD” solution, which is a free and relatively easy way of temporarily converting your Windows PC into a Linux operating system.

Wireless Live CD Alternative: ZeusGard

The trouble with many of these Live CD solutions is that they require a CD player (something many laptops no longer have) — but more importantly – they don’t play well with wireless access. Today’s post looks at an alternative that addresses both of these issues. Zeusgard, with wireless adapter, on a Macbook Air. Exclusive: A review of the Blackphone, the Android for the paranoid. Based on some recent experience, I'm of the opinion that smartphones are about as private as a gas station bathroom. They're full of leaks, prone to surveillance, and what security they do have comes from using really awkward keys. While there are tools available to help improve the security and privacy of smartphones, they're generally intended for enterprise customers. Remote Car hacking is reality, do not to underestimate it.

Car hacking is possible, I have proposed different works presented by security experts that demonstrate how to compromise modern vehicles with cheap environment. Modern cars have a huge quantity of components connected by an internal network that could be easily compromised knowing the communication protocol used by principal vendors. “Modern cars contain upwards of 50 electronic control units (ECUs) that exchange data within an internal network.

The safety of the automobiles relies on near real time communication between the different ECUs for predicting crashes, performing anti-lock braking, and much more.“ Recently Security researchers have demonstrated that car hacking is possible using wired systems or short-range wireless such as Bluetooth, but experts at Toucan Systems confirm that similar attacks can be conducted remotely from any place on the planet. Chip-and-PIN cards easily cloning with the pre-play attack. The recent incident to the US giant retailers Target and Neiman Marcus has raised the debate on the real level of security of credit/debit cards used by US citizens, in response VISA and Mastercard are accelerating the migration to EMV chip cards, aka Chip-and-PIN cards. The payment systems are migrating from magnetic stripe payment cards to chip based cards, practically EMV chip cards generate for every transaction a unique code, in this way is hard for an attacker clone the card and use it in illicit payments.

A group of researchers at the University of Cambridge in the UK, composed by Mike Bond, Omar Choudary, Steven J. Murdoch, Sergei Skorobogatov and Ross Anderson, has demonstrated that the above code associated for each transaction is not really unique because of an implementation flaw. The researchers have published an interesting paper that describes an implementation flaw and a serious issue in the protocol used for the generation of casual numbers. British blogger discovered LG Smart TV spying on users. Exactly one year ago we discussed about the possibility to exploit a vulnerability in Samsung Smart TV to penetrate our domestic network to spy on us or to serve a malware. The British Developer and blogger DoctorBeet, announced to have discovered that his LG Smart TV is sending data about his family’s viewing habits back to the South Korean manufacturer.

It seems that the Smart TV, model LG 42LN575V, sends data back to LG servers even if the blogger has disabled the option “Collection of watching info” in the TV settings menu. The Smart TV sends back to a non-functional URL information on channels being watched and time of vision, but the most concerning thing is that the device also collect and send to LG filenames of some media on a USB device connected to the TV. Hacking Your Way Through Airports and Hotels. Want to know how to hack travelers and hotel networks in a matter of minutes? On a recent trip, Nabil Ouchn (@toolswatch) decided to do some some security analysis with a piece of hardware called the PwnPad – a penetration testing tablet – and a few other tools to see what kind of mischief he could get into.

Ouchn is the founder of ToolsWatch.org and the organizer of the Arsenal Tools exhibit at the BlackHat Conferences in both the US and Europe since 2011. ToolsWatch is a free interactive service designed to help auditors, penetration testers, and other security professionals keep their ethical hacking toolbox up to date with the latest and greatest resources. Ouchn has over 15 years of experience in vulnerability management, compliance assessment and penetration testing, and Co-Founder of an innovative SaaS Multi-Engines Threats Scanning Solution. The Second Operating System Hiding In Every Mobile Phone.

Hacking phone firmware allows paging response attack on GSM. Hacking phone firmware it is possible to interfere with other handsets in the same area, the attack technique has been presented recently at USENIX Security Symposium by telecommunications researcher Kévin Redon. Researcher Outlines Hack of Smart Light Bulbs. A security researcher has outlined an attack against the Philips hue smart lighting system that could quite literally leave victims in the dark. Due to an authentication issue, the hue personal wireless system can potentially leave users vulnerable to hackers looking to cause blackouts. USB Internet Modems vulnerability exposes Millions of PCs. D-Link. Apple.

BadUSB