Security News

Cybersecurity researchers have demonstrated a new attack technique that makes it possible to leverage a device's Bluetooth component to directly extract network passwords and manipulate traffic on a Wi-Fi chip. The novel attacks work against the so-called "Combo chips," which are specialized chips that are equipped to handle different types of radio wave-based wireless communications, such as Wi-Fi, Bluetooth, and LTE. "We provide empirical evidence that coexistence, i.e., the coordination of cross-technology wireless transmissions, is an unexplored attack surface," a group of researchers from the Technical University of Darmstadt's Secure Mobile Networking Lab and the University of Brescia said in a new paper.

Researchers at the University of Darmstadt, Brescia, CNIT, and the Secure Mobile Networking Lab, have published a paper that proves it's possible to extract passwords and manipulate traffic on a WiFi chip by targeting a device's Bluetooth component. To exploit these vulnerabilities, the researchers first needed to perform code execution on either the Bluetooth or WiFi chip.

Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people.

The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice until The Register told officials what was happening.

Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "Relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about $50 to collect 5,000 network hashes for the study, said "The process of sniffing Wi-Fis and the subsequent cracking procedures was a very accessible undertaking in terms of equipment, costs and execution."

War-driving - the process of driving around mapping residential Wi-Fi networks in hopes of finding a vulnerability to exploit - can still pay off for attackers, apparently: A CyberArk researcher recently found he could easily slice open about 70 percent of Wi-Fi network passwords in one Tel Aviv community - all at once. After gathering what he felt was a decent sample size of 5,000 SSIDs and password hashes, it was then time to get crackin' - literally.

A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack. CyberArk security researcher Ido Hoorvitch first wandered in the city center with WiFi sniffing equipment to gather a sample of 5,000 network hashes to use in the research.

A research team from WizCase, led by researcher Ata Hakçıl, reviewed 3,100 configurations of Eduroam at universities throughout Europe, finding that more than half of them have issues that can be exploited by threat actors. It assigns students, researchers and faculty members log-in credentials that allow them to obtain internet connectivity across different institutions by using credentials from their own university.

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The Fortress S03 Wi-Fi Home Security System is a do-it-yourself alarm system that enables users to secure their homes and small businesses from burglars, fires, gas leaks, and water leaks by leveraging Wi-Fi and RFID technology for keyless entry.

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. CVE-2021-35394 - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UDPServer' MP tool.