Firmware, Hacking and Mobile - Cyber Security Informer

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs

OCTOBER 8, 2023

Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain.

Firmware

Firmware Mobile Malware Retail

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. A TUG is an autonomous mobile robot designed for hospitals by Aethon. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates.

Mobile

Mobile Hacking Firmware Surveillance

SonicWall devices infected by malware that survives firmware upgrades

Bleeping Computer

MARCH 9, 2023

A suspected Chinese hacking campaign has been targeting unpatched SonicWall Secure Mobile Access (SMA) appliances to install custom malware that establish long-term persistence for cyber espionage campaigns. [.]

Firmware

Firmware Malware Mobile Hacking

Webinars

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

MORE WEBINARS

SonicWall releases second firmware updates for SMA 100 vulnerability

Security Affairs

FEBRUARY 20, 2021

Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. Early February, SonicWall released the first firmware updates (version 10.2.0.5-29sv)

Firmware

Firmware Mobile Hacking Information Security

Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

Security Affairs

JULY 10, 2023

Resecurity identified the emergence of adversarial mobile Android-based Antidetect Tooling for Mobile OS-Based Fraud. Resecurity has identified the emergence of adversarial mobile Android-based tools (called “mobile anti-detects”), like Enclave and McFly, as a new frontier in fraud tradecraft evolution.

Mobile

Mobile Banking Firmware Software

Malware found pre-installed in cheap push-button mobile phones sold in Russia

Security Affairs

SEPTEMBER 6, 2021

Security researcher ValdikSS found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores. A Russian security researcher that goes online with the name of ValdikSS has found malware preinstalled in four low-budget push-button mobile phones available for sale on Russian e-stores.

Mobile

Mobile Malware Firmware Manufacturing

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Security Affairs

NOVEMBER 1, 2021

Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. In this attack, a black-box device, such as a mobile device or a Raspberry, is physically connected to the ATM and is used by the attackers to send commands to the machine. score of 6.8.

Hacking

Hacking Firmware Encryption Manufacturing

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Security Affairs

AUGUST 23, 2022

It allows a remote or local client to connect and operate in the “mysh” console application, which must first be installed on the device or initially present in its firmware. To avoid the risk of becoming a victim of such malware attacks, experts recommend to purchase mobile devices only from official stores and legitimate distributors.

Mobile

Mobile Firmware Malware Wireless

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

Security Affairs

JANUARY 25, 2022

Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038 , in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December.

Mobile

Mobile Passwords Firmware Firewall

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

Security Affairs

DECEMBER 9, 2023

A set of flaws, collectively called 5Ghoul, in the firmware implementation of 5G mobile network modems from major vendors impacts Android and iOS devices. Such a family of vulnerabilities are present in the firmware implementation of 5G mobile network modems from major chipset vendors i.e., Qualcomm and MediaTek.”

Firmware

Firmware Mobile Software Hacking

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

The Hacker News

MARCH 10, 2023

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access (SMA) 100 appliances to drop malware and establish long-term persistence.

Malware

Malware Firmware Mobile Hacking

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Security Affairs

JULY 15, 2021

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. x firmware in an imminent ransomware campaign using stolen credentials.” “The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”

Firmware

Firmware Ransomware Passwords Mobile

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families. x firmware in an imminent ransomware campaign using stolen credentials.” The exploitation targets a known vulnerability that has been patched in newer versions of firmware.”.

Ransomware

Ransomware Firmware Mobile InfoSec

Android mobile devices from 11 vendors are exposed to AT Commands attacks

Security Affairs

AUGUST 27, 2018

The research revealed that millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands. The team published a website containing the list of phone models and firmware versions that expose the AT interface. camera control). In many cases, the commands are not documented by vendors.

Mobile

Mobile Firmware Telecommunications Advertising

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

Lightbulbs could be remotely controlled through a mobile app or via a digital home assistant, owners could control the light in the environment and even calibrate the color of each lightbulb. The bridge discovers the hacker-controlled bulb with updated firmware, and the user adds it back onto their network. ZigBee is an IEEE 802.15.4-based

Hacking

Hacking IoT Wireless Firmware

SonicWall urges customers to fix SMA 1000 vulnerabilities

Security Affairs

MAY 13, 2022

SonicWall warns customers to address several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products. SonicWall urges customers to address several high-risk security vulnerabilities affecting its Secure Mobile Access (SMA) 1000 Series line of products. SecurityAffairs – hacking, SMA).

Firmware

Firmware Mobile Risk Hacking

Experts show how to run malware on chips of a turned-off iPhone

Security Affairs

MAY 16, 2022

Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone is “off.” Unlike NFC and UWB chips, the Bluetooth firmware is neither signed nor encrypted opening the doors to modification. SecurityAffairs – hacking, domain name system). Pierluigi Paganini.

Malware

Malware Wireless Firmware Mobile

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Security Affairs

JULY 17, 2021

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. ” states the vendor.

Firmware

Firmware Wireless Passwords Internet

CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

Security Affairs

SEPTEMBER 24, 2021

SonicWall fixed a critical security flaw, tracked as CVE-2021-20034, that impacts some Secure Mobile Access (SMA) 100 series products that can allow device takeover. SonicWall has addressed a critical security vulnerability, tracked as CVE-2021-20034 , that impacting several Secure Mobile Access (SMA) 100 series products.

Firmware

Firmware Mobile Hacking Information Security

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. Below the details for the flaws: Vulnerabilities in the open source brcmfmac driver: • CVE-2019-9503 : If the brcmfmac driver receives the firmware event frame from the host, the appropriate handler is called.

Hacking

Hacking Firmware Wireless Advertising

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs

DECEMBER 17, 2023

that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 “QNAP considers these devices discontinued for support; however, the vendor recommends upgrading VioStor firmware on existing devices to the latest available version. and earlier.

Firmware

Firmware Wireless DDOS IoT

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

Security Affairs

DECEMBER 15, 2020

The CVE-2020-25183 is an improper authentication issue that could be exploited by an attacker to bypass the authentication between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app. SecurityAffairs – hacking, Medtronic). ” states the advisory. ” states the advisory. . ” states the advisory.

Firmware

Firmware Authentication Mobile IoT

BadPower attack could burn your device through fast charging

Security Affairs

JULY 21, 2020

Researchers devised a technique dubbed BadPower to alter the firmware of fast chargers to cause damage to connected systems or cause the device to catch fire. BadPower consists of corrupting the firmware of fast chargers. “Most BadPower problems can be fixed by updating the device firmware.” Pierluigi Paganini.

Firmware

Firmware Manufacturing Advertising Hacking

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6 CISA and ENISA enhance their Cooperation CISA adds Qlik bugs to exploited vulnerabilities catalog Report: 2.6

Data breaches

Data breaches Cybercrime Firewall Artificial Intelligence

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Security Affairs

OCTOBER 30, 2019

A Russian security researcher accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders. The Russian security researcher Anna Prosvetova, from Saint Petersburg, has accidentally discovered API and firmware issues that allowed her to take over all Xiaomi FurryTail pet feeders.

Hacking

Hacking Firmware Advertising DDOS

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Security Affairs

DECEMBER 13, 2021

A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords and manipulate traffic on a WiFi chip by targeting a device’s Bluetooth component. Pierluigi Paganini.

Wireless

Wireless Firmware Mobile Passwords

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

Twinkly smart decoration could be controlled via a mobile app, the experts focused their tests on the communication. The mobile app uses a UDP broadcast to port 5555 to discover the LEDs, in turn, it receives the IP address and the name of the device. ” reads the analysis published by MWR InfoSecurity. Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. Below is the list of flaws discovered by the researchers: CVE Detail Summary Mercury Firmware Version CVSS Score CVE-2022-31479 Unauthenticated command injection <=1.291 Base 9.0, SecurityAffairs – hacking, HID Mercury Access Controllers).

Firmware

Firmware Penetration Testing Manufacturing Authentication

Video: Hacker claims to have decrypted Apple's Secure Enclave, destroying key piece of iOS mobile security

Tech Republic Security

AUGUST 18, 2017

The hack exposes firmware code, and could be a major blow to iOS security, a key component of Apple's hardware strategy.

Firmware

Firmware Mobile Hacking

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Let's got through the options: Firmware Patching I'll start with the devices themselves and pose a question to you: can you remember the last time you patched the firmware in your light globes? Or vibrator.

IoT

IoT Firmware Risk Manufacturing

Decoding Security 127: We Got Conned

SiteLock

AUGUST 27, 2021

A topic of importance came from Kryptowire, a mobile security research firm that found firmware vulnerabilities in as many as 10 million Android devices in the United States that have remote escalation privileges. Was an 11-year old really able to hack election results? Straight on the heels of Black Hat was DEF CON 26.

Small Business

Small Business Artificial Intelligence Firmware IoT

Security Affairs newsletter Round 374 by Pierluigi Paganini

Security Affairs

JULY 16, 2022

SecurityAffairs – hacking, newsletter). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. The post Security Affairs newsletter Round 374 by Pierluigi Paganini appeared first on Security Affairs.

Firmware

Firmware Ransomware DDOS Cryptocurrency

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

This email address is also connected to accounts on several Russian cybercrime forums, including “ __edman__ ,” who had a history of selling “logs” — large amounts of data stolen from many bot-infected computers — as well as giving away access to hacked Internet of Things (IoT) devices.

Scams

Scams DDOS Cryptocurrency Accountability

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Security Affairs

AUGUST 6, 2019

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. The second flaw, tracked as CVE-2019-10540, is a buffer overflow issue that affects the Qualcomm WLAN and modem firmware that ships with Qualcomm chips.

Hacking

Hacking Firmware Advertising Mobile

SonicWall released patch for actively exploited SMA 100 zero-day

Security Affairs

FEBRUARY 4, 2021

SonicWall this week released firmware updates (version 10.2.0.5-29sv) 29sv) to address an actively exploited zero-day vulnerability in Secure Mobile Access (SMA) 100 series appliances. “SonicWall is announcing the availability of an SMA 100 series firmware 10.2.0.5-29sv SecurityAffairs – hacking, SonicWall).

Firmware

Firmware Mobile Media Internet

xHelper, the Unkillable Android malware that re-Installs after factory reset

Security Affairs

APRIL 7, 2020

The malware is distributed as a popular cleaner and speed optimization app for mobile devices, most of the infections reported by Kaspersky are in Russia (80.56%), India (3.43%), and Algeria (2.43%). In this case, reflashing is pointless, so it would be worth considering alternative firmwares for your device.

Malware

Malware Firmware Manufacturing Mobile

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Security Affairs

MAY 7, 2021

Passive Recon & OSINT: First of all (even without attempting to open the token) we can immediately notice our best-hardware-hacking-friend: the FCC ID. Conclusion, always do your homework before putting your hands on the target: FCC database, Google, and Chinese search engines are your best friend when doing a hardware hacking research!

Firmware

Firmware Passwords Password Management Encryption

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Threatpost

JANUARY 18, 2018

Intel says its firmware updates for Meltdown and Spectre are causing additional reboots and hits to performance.

Firmware

Firmware Mobile Hacking

Netgear is releasing fixes for ten issues affecting 79 products

Security Affairs

JULY 1, 2020

Netgear is addressing ten vulnerabilities affecting nearly 80 of its products, including issues discovered at the Pwn2Own hacking competition. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). SecurityAffairs – hacking, Netgear).

Authentication

Authentication Firmware Hacking Mobile

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

The iLnkP2P system allows users to remotely connect to their IoT devices using a mobile phone or a PC. Furthermore, even if software patches were issued, the likelihood of most users updating their device firmware is low. Potentially affected IoT devices include cameras and smart doorbells. Pierluigi Paganini.

IoT

IoT Hacking Manufacturing Advertising

Security Affairs newsletter Round 362 by Pierluigi Paganini

Security Affairs

APRIL 24, 2022

T-Mobile confirms Lapsus$ had access its systems Are you using Java 15/16/17 or 18 in production? SecurityAffairs – hacking, newsletter). Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here.

Cyber Insurance

Cyber Insurance Spyware Firmware Insurance

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

In this episode of The Hacker Mind , Beau Woods and Paulino Calderon discuss their book, Practical IoT Hacking, and talk about IoT threat models, the technologies being used today, and what tools and knowledge you need to get started successfully hacking IoT devices. Vamosi: I once lived near a large urban park.

IoT

IoT Hacking Internet Internet

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Android devices shipped with backdoored firmware as part of the BADBOX network

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Webinars

Trending Sources

SonicWall devices infected by malware that survives firmware upgrades

Webinars

SonicWall releases second firmware updates for SMA 100 vulnerability

Cybercriminals Evolve Antidetect Tooling for Mobile OS-Based Fraud

Malware found pre-installed in cheap push-button mobile phones sold in Russia

How to hack Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash

Counterfeit versions of popular mobile devices target WhatsApp and WhatsApp Business

Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

HelloKitty ransomware gang targets vulnerable SonicWall devices

Android mobile devices from 11 vendors are exposed to AT Commands attacks

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

SonicWall urges customers to fix SMA 1000 vulnerabilities

Experts show how to run malware on chips of a turned-off iPhone

D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

CVE-2021-20034 flaw can allow SMA 100 device takeover, patch it now!

Broadcom WiFi Driver bugs expose devices to hack

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Flaws in Medtronic MyCareLink can allow attackers to take over implanted cardiac devices

BadPower attack could burn your device through fast charging

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Thousands of Xiaomi FURRYTAIL pet feeders exposed to hack

Practical coexistence attacks on billions of WiFi chips allow data theft and traffic manipulation

Hacking the Twinkly IoT Christmas lights

HID Mercury Access Controller flaws could allow to unlock Doors

Video: Hacker claims to have decrypted Apple's Secure Enclave, destroying key piece of iOS mobile security

IoT Unravelled Part 3: Security

Decoding Security 127: We Got Conned

Security Affairs newsletter Round 374 by Pierluigi Paganini

Interview With a Crypto Scam Investment Spammer

QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

SonicWall released patch for actively exploited SMA 100 zero-day

xHelper, the Unkillable Android malware that re-Installs after factory reset

[Full-Disclosure] HideezKey 2 FAIL: How a good idea turns into a SPF (Security Product Failure)

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Netgear is releasing fixes for ten issues affecting 79 products

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs newsletter Round 362 by Pierluigi Paganini

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Who and What is Behind the Malware Proxy Service SocksEscort?

Stay Connected