Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly handshake of WPA3, which in the Wi-Fi standard is better known as the … Read More “Vulnerabilities in the WPA3 Wi-Fi Security Protocol” »
Category: vulnerabilities
Auto Added by WPeMatico
This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA’s DOUBLEPULSAR that was leaked by the Shadow Brokers — believed to be the Russian government — and it’s obvious that this attack copied that technique. What is less clear is … Read More “NSA-Inspired Vulnerability Found in Huawei Laptops” »
Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article. Powered by WPeMatico
Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters. Powered by WPeMatico
Zcash just fixed a vulnerability that would have allowed “infinite counterfeit” Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary. Powered by WPeMatico
The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private … Read More “Security Analysis of the LIFX Smart Light Bulb” »
This is kind of a crazy iPhone vulnerability: it’s possible to call someone on FaceTime and listen on their microphone — and see from their camera — before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine how an … Read More “iPhone FaceTime Vulnerability” »
The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »
Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems … Read More “Evaluating the GCHQ Exceptional Access Proposal” »