Security News

RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems
2020-12-16 11:34

Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.

How to leak data via Wi-Fi when there's no Wi-Fi chip: Boffin turns memory bus into covert data transmitter
2020-12-16 07:30

In a newly released working paper [PDF], "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers," Guri, head of research and development at Ben-Gurion University of the Negev, Israel's Cyber-Security Research Center, describes a technique for turning DDR SDRAM buses into transmitters that can spew sensitive data. It's a method for sending data via Wi-Fi signals when the target device doesn't have Wi-Fi capability.

Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware)
2020-12-15 01:20

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands" and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers controlled by an attacker.

Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets
2020-12-08 22:52

Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets.

Naked Security Live – Home Wi-Fi security tips
2020-12-07 20:19

Did you know you can join us for a live cybersecurity lecture every Friday? Thanks for watching hope to see you online later this week!

S3 Ep9: Gift card hacks, dubious doorbells and Wi-Fi tips [Podcast]
2020-12-03 19:18

In this episode: we look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

iOS Exploit Allows 'Unfettered Access' to iPhone User Data Over Wi-Fi
2020-12-02 12:59

Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, without any user interaction. According to Beer, the exploit leverages a single memory corruption vulnerability that can be used against an iPhone 11 Pro device to bypass mitigations and achieve native code execution and kernel memory reading and writing.

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones
2020-12-02 05:22

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."

Home Wi-Fi security tips – 5 things to check
2020-11-30 09:14

"Patch early, patch often" is a regular mantra on Naked Security, and it applies to all access points, modems and routers you use for your home network, as well as all the devices that can connect to it. LEARN MORE ABOUT WEP AND WHY TO AVOID IT. Here's a video we made more than seven years ago explaining why you should choose decent encryption for your home Wi-Fi. Some older network devices don't support anything better than WEP, so it's tempting to keep on using WEP if your router still supports it.

NETGEAR launches new WiFi 6 Access Point for home offices and small businesses
2020-11-25 02:00

NETGEAR announced the availability of the new WAX204 WiFi 6 Access Point, adding to the company's portfolio of WiFi 6-enabled business products. The WAX204 joins an existing Business Essentials family of high-performance, yet economical WiFi Access Points from NETGEAR, which are ideally suited for small single-site locations.