Month: January 2019

Security Analysis of the LIFX Smart Light Bulb

Posted on By infossl
internetofthings, passwords, Security technology, vulnerabilities, wifi

The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private … Read More “Security Analysis of the LIFX Smart Light Bulb” »

iPhone FaceTime Vulnerability

Posted on By infossl
apple, eavesdropping, iphone, Security technology, vulnerabilities

This is kind of a crazy iPhone vulnerability: it’s possible to call someone on FaceTime and listen on their microphone — and see from their camera — before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine how an … Read More “iPhone FaceTime Vulnerability” »

Japanese Government Will Hack Citizens’ IoT Devices

Posted on By infossl
backdoors, botnets, exploits, firmware, hacking, internetofthings, japan, passwords, Security technology, vulnerabilities

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »

Hacking the GCHQ Backdoor

Posted on By infossl
backdoors, cryptowars, cybersecurity, encryption, gchq, hacking, Security technology

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active­ — silently inserting a secret eavesdropping member into an otherwise end-to-end … Read More “Hacking the GCHQ Backdoor” »

Military Carrier Pigeons in the Era of Electronic Warfare

Posted on By infossl
camouflage, espionage, military, Security technology

They have advantages: Pigeons are certainly no substitute for drones, but they provide a low-visibility option to relay information. Considering the storage capacity of microSD memory cards, a pigeon’s organic characteristics provide front line forces a relatively clandestine mean to transport gigabytes of video, voice, or still imagery and documentation over considerable distance with zero … Read More “Military Carrier Pigeons in the Era of Electronic Warfare” »

The Evolution of Darknets

Posted on By infossl
cryptocurrency, darkweb, deaddrops, Security technology

This is interesting: To prevent the problems of customer binding, and losing business when darknet markets go down, merchants have begun to leave the specialized and centralized platforms and instead ventured to use widely accessible technology to build their own communications and operational back-ends. Instead of using websites on the darknet, merchants are now operating … Read More “The Evolution of Darknets” »

Hacking Construction Cranes

Posted on By infossl
hacking, internetofthings, reports, Security technology, vulnerabilities

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »

Clever Smartphone Malware Concealment Technique

Posted on By infossl
concealment, google, malware, phones, Security technology

This is clever: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection — they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks. The thinking behind the monitoring is that … Read More “Clever Smartphone Malware Concealment Technique” »