Security News
Covert Wi-Fi signals generated by DDR SDRAM hardware can be leveraged to exfiltrate data from air-gapped computers, a researcher claims. In a newly published paper, Mordechai Guri from the Ben-Gurion University of the Negev in Israel details AIR-FI, a new data exfiltration technique in which malware installed on a compromised air-gapped system can generate Wi-Fi signals that a nearby device intercepts and sends to the attacker, over the Internet.
In a newly released working paper [PDF], "AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers," Guri, head of research and development at Ben-Gurion University of the Negev, Israel's Cyber-Security Research Center, describes a technique for turning DDR SDRAM buses into transmitters that can spew sensitive data. It's a method for sending data via Wi-Fi signals when the target device doesn't have Wi-Fi capability.
A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel-surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses to generate electromagnetic emissions in the 2.4 GHz Wi-Fi bands" and transmitting information atop these frequencies that can then be intercepted and decoded by nearby Wi-Fi capable devices such as smartphones, laptops, and IoT devices before sending the data to remote servers controlled by an attacker.
Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets.
Did you know you can join us for a live cybersecurity lecture every Friday? Thanks for watching hope to see you online later this week!
In this episode: we look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.
Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, without any user interaction. According to Beer, the exploit leverages a single memory corruption vulnerability that can be used against an iPhone 11 Pro device to bypass mitigations and achieve native code execution and kernel memory reading and writing.
Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."
"Patch early, patch often" is a regular mantra on Naked Security, and it applies to all access points, modems and routers you use for your home network, as well as all the devices that can connect to it. LEARN MORE ABOUT WEP AND WHY TO AVOID IT. Here's a video we made more than seven years ago explaining why you should choose decent encryption for your home Wi-Fi. Some older network devices don't support anything better than WEP, so it's tempting to keep on using WEP if your router still supports it.
NETGEAR announced the availability of the new WAX204 WiFi 6 Access Point, adding to the company's portfolio of WiFi 6-enabled business products. The WAX204 joins an existing Business Essentials family of high-performance, yet economical WiFi Access Points from NETGEAR, which are ideally suited for small single-site locations.