A number of incidents in which Zoom events in education settings were disrupted led the New York City school district to ban the use of Zoom for remote learning. Among the Zoombombing incidents: saboteurs inserted racist and anti-Semitic messages into a virtual graduation ceremony at Oklahoma City
New BIAS attack works agaisnt Bluetooth devices and firmware from Apple, Broadcom, Cypress, Intel, Samsung, and others.
Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices. The vulnerability, codenamed BIAS ( Bluetooth Impersonation Attack S), impacts the classic version of the
Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must
Questions are being raised again about the security of Bluetooth after researchers uncovered another flaw that could potentially compromise billions of devices.
Armis published details of the Bluetooth vulnerability it is calling ‘Blueborne’. The attack disguises itself as a Bluetooth device and exploits a weaknesses in the protocol to deploy malicious code.
“The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active,” warned the researchers. “Unlike the common misconception, Bluetooth enabled devices are constantly
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020 .
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows: On Android 8.0 to 9.0, a remote
In February 2019 Google engineers announced that they had created faster, more efficient encryption system that could function on less-expensive Android phones that were too low-powered to implement existing full-device encryption. The scheme, known as Adiantum, uses established and well-vetted
A vulnerability in Amadeus, the customer reservation system used by 144 of the world's airlines, was only superficially patched after a team reported the vulnerability in 2018. As a result, an attacker could alter online strangers' Passenger Name Records, which contain all the details of the
In December 2018, the security researchers at 0DayAllDay discovered that the encryption keys hard-coded into the firmware inside the Guardzilla indoor wireless security system were protected by a ten-year-old, easily cracked algorithm. Because all the devices used the same keys, anyone could use the
In December 2018, a hacker made more than 50,000 internet-connected printers worldwide print out flyers asking everyone to subscribe to the YouTube channel belonging to PewDiePie, whose real name is Felix Kjellberg. PewDiePie, who has had the most subscribers on YouTube since 2013, was in danger of
In February 2019, a faulty firmware update meant that Nike's latest $350 Adapt BB self-lacing shoes could not pair with the app that allows owners to adjust their tightness, customise the lights, and check remaining battery life. Because the shoes have no physical laces, the error effectively made
In August 2018 Amazon rolled out a software update to Fire OS 5, the operating system used by older versions of its Fire TV and Fire TV Stick devices to counteract malware. At risk were versions of the devices before the company released Fire OS 6 whose owners had turned on Android Debug Bridge in
In July 2018, Election Systems and Software (ES&S), long the top US manufacturer of voter machines, admitted in a letter to Senator Ron Wyden (D-OR) that it had installed pcAnywhere remote access software and modems on a number of the election management systems it had sold between 2000 and 2006
In September 2018, a number of people whose Google Pixel phones, Essential Phone, OnePlus 6, Nokia handsets, and other devices running Android 9 Pie discovered that the devices had, apparently autonomously, activated the software's Battery Saver feature. Google later explained that an internal
In 2014, Britain announced an infrastructure plan requiring all energy suppliers to offer smart meters to all homes and businesses by the end of 2020. With two years to go, at the end of 2018, the problems customers experienced after making the switch led to calls to halt the rollout, which had
In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device
