Security News

Lightning Cable with Embedded Eavesdropping
2021-09-07 11:14

Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping
2021-06-16 20:28

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit that could be abused by an adversary to gain improper access to audio and video streams. ThroughTek's point-to-point SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.

Millions of Connected Cameras Open to Eavesdropping
2021-06-15 20:51

Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency. The bug has been introduced via a supply-chain component from ThroughTek that's used by several original equipment manufacturers of security cameras - along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices.

Qualcomm Chip Bug Opens Android Fans to Eavesdropping
2021-05-06 19:55

A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone's modem - gaining the ability to execute code, access mobile users' call histories and text messages, and eavesdrop on phone calls. That's according to Check Point Research, which said that the bug exists in the Qualcomm Mobile Station Modem Interface, which is known as QMI for short.

ADT Security Camera Flaws Open Homes to Eavesdropping
2021-01-27 18:05

UPDATE. Researchers have publicly disclosed security flaws found in ADT-owned LifeShield security cameras, which, if exploited, could have allowed a local attacker to eavesdrop on victims' conversations or tap into a live video feed. Security experts warn that ADT's glitches serve as warning and are just the latest camera maker to patch similar security issues tied to connected cameras.

Eavesdropping on Phone Taps from Voice Assistants
2020-12-22 16:21

In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.

New 'LidarPhone' Attack Uses Robot Vacuum Cleaners for Eavesdropping
2020-11-23 15:06

A group of academic researchers has devised a new eavesdropping attack that leverages the lidar sensors present in commodity robot vacuum cleaners. The same method is used by laser microphones and basically LidarPhone transforms the lidar sensors on the vacuum cleaning robot into microphones.

Black Hat 2020: Satellite Comms Globally Open to $300 Eavesdropping Hack
2020-08-06 19:49

Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. When a satellite ISP makes an internet connection for a customer, it beams that customer's signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the internet.

Eavesdropping on Sound Using Variations in Light Bulbs
2020-06-16 15:20

New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs. This technique works from a distance, even from a building across the street through a window.

New Eavesdropping Technique Relies on Light Bulb Vibrations
2020-06-15 13:53

A group of security researchers has devised a new technique for eavesdropping on conversations that relies on the analysis of a light bulb's frequency response to sound. Called Lamphone, the novel side-channel attack demonstrates that fluctuations in the air pressure on the surface of the hanging bulb can be exploited to recover speech and singing in real time, using a remote electro-optical sensor placed externally.