Security News
Normal-looking cables (USB-C, Lightning, and so on) that exfiltrate data over a wireless network. I blogged about a previous prototype here
The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit that could be abused by an adversary to gain improper access to audio and video streams. ThroughTek's point-to-point SDK is widely used by IoT devices with video surveillance or audio/video transmission capability such as IP cameras, baby and pet monitoring cameras, smart home appliances, and sensors to provide remote access to the media content over the internet.
Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency. The bug has been introduced via a supply-chain component from ThroughTek that's used by several original equipment manufacturers of security cameras - along with makers of IoT devices like baby- and pet-monitoring cameras, and robotic and battery devices.
A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone's modem - gaining the ability to execute code, access mobile users' call histories and text messages, and eavesdrop on phone calls. That's according to Check Point Research, which said that the bug exists in the Qualcomm Mobile Station Modem Interface, which is known as QMI for short.
UPDATE. Researchers have publicly disclosed security flaws found in ADT-owned LifeShield security cameras, which, if exploited, could have allowed a local attacker to eavesdrop on victims' conversations or tap into a live video feed. Security experts warn that ADT's glitches serve as warning and are just the latest camera maker to patch similar security issues tied to connected cameras.
In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants have two to seven microphones, so they can do directional localisation, just as human ears do, but with greater sensitivity.
A group of academic researchers has devised a new eavesdropping attack that leverages the lidar sensors present in commodity robot vacuum cleaners. The same method is used by laser microphones and basically LidarPhone transforms the lidar sensors on the vacuum cleaning robot into microphones.
Satellite internet communications are susceptible to eavesdropping and signal interception by far-flung attackers located in a different continent or country from their victims. When a satellite ISP makes an internet connection for a customer, it beams that customer's signals up to a satellite in geostationary orbit within a narrow communications channel; that signal is then sent back down to a terrestrial receiving hub and routed to the internet.
New research is able to recover sound waves in a room by observing minute changes in the room's light bulbs. This technique works from a distance, even from a building across the street through a window.
A group of security researchers has devised a new technique for eavesdropping on conversations that relies on the analysis of a light bulb's frequency response to sound. Called Lamphone, the novel side-channel attack demonstrates that fluctuations in the air pressure on the surface of the hanging bulb can be exploited to recover speech and singing in real time, using a remote electro-optical sensor placed externally.