Charlie Miller, a researcher with Accuvant Labs, has discovered an interesting new flaw in Apple’s software ecosystem. Their “Smart Battery System”, which monitors battery charging and power levels, can actually be compromised and the firmware reflashed, allowing an attacker to destroy a battery or perhaps even make it explode or catch fire.
Boom.
Leave a Comment » | 
Exploits, Physical Security | 
Permalink
Posted by matt
After a couple months of denial, RSA has finally come clean. SecureID is fatally compromised and will need replacement.
If you’re using SecureID tokens, they are no longer valid proof of “something you have” and cannot be relied upon as an authentication source. Switch to something else or shut down the service they are securing as soon as possible.
Leave a Comment » | Exploits | Permalink
Posted by matt
Once again, we see the results of telecom functionality moving into the networking space – the old-school telecom people just aren’t ready for the demands of properly securing an IP network. AusCERT has asserted that Cisco VoIP products, out of the box, can be vulnerable to attacks that turn them into listening bugs, that allow an attacker to eavesdrop on conversations, or can be crashed entirely as a Denial of Service attack.
Running any service over an IP network means that you now have TWO sets of security problems to deal with. In much the same way that “dumb” cell phones’ replacement by smartphones add tremendous security headaches, so too does the transition from traditional PBX systems to a VoIP world.
Leave a Comment » | Exploits, Networking | Permalink
Posted by matt
French security research firm Vupen has claimed to have written an exploit that allows them to escape the Chrome sandbox and launch arbitrary code.
Great.
Leave a Comment » | Exploits | Permalink
Posted by matt
The Nikon Image Authentication System has a simple enough mission – it is supposed to provide a cryptographically secure path from the camera to the newsroom, ensuring that any image used can be proven authentic.
Apparently, due to a weakness in the signing key storage in the camera, it doesn’t work. The key can be extracted and used to sign arbitrary image data, “proving” it legitimate.
Leave a Comment » | Exploits, Syndicated | Permalink
Posted by matt
How do you steal hundreds of dollars from someone’s ATM account with nothing more than a five dollar Wal-Mart glue gun?
It’s simpler than you think.
Leave a Comment » | Exploits, Syndicated | Permalink
Posted by matt
An interesting post on Bugtraq this week: apparently the Linksys WRT54G home router allows for anonymous FTP. And, using that anonymous FTP connection, a file can be accessed that contains the authentication credentials for the rest of the router’s functionality.
This doesn’t look too difficult to weaponize.
Leave a Comment » | Exploits | Permalink
Posted by matt
It’s a well-known fact that conversations using Voice-over-IP (VoIP) technologies need to be encrypted to ensure privacy; after all, tools like Wireshark offer special modes for reconstructing a phone conversation from a packet capture. But according to this paper (warning: PDF file), encryption might not be enough.
From the paper abstract:
Despite the rapid adoption of Voice over IP
(VoIP), its security implications are not yet fully un-
derstood. Since VoIP calls may traverse untrusted
networks, packets should be encrypted to ensure
confidentiality. However, we show that when the
audio is encoded using variable bit rate codecs, the
lengths of encrypted VoIP packets can be used to
identify the phrases spoken within a call. Our re-
sults indicate that a passive observer can identify
phrases from a standard speech corpus within en-
crypted calls with an average accuracy of 50%, and
with accuracy greater than 90% for some phrases.
Clearly, such an attack calls into question the effi-
cacy of current VoIP encryption standards. In ad-
dition, we examine the impact of various features of
the underlying audio on our performance and dis-
cuss methods for mitigation.
Leave a Comment » | Exploits, Networking | Permalink
Posted by matt
Sometimes I feel like there should be a category on here specific to Adobe Flash vulnerabilities. It seems to leak like a sieve.
Well, here’s another one. The Flash plugin can be exploited by an attacker to run arbitrary code or cause a DoS condition. A fix is expected next week; disabling Flash in your browser this week might be a smart move.
Leave a Comment » | Exploits | Permalink
Posted by matt
Researchers at UCSD and University of Washington have released a paper on finding remote vulnerabilities in automotive computer systems. Though the simplest method is still to use the automotive data interface, there are also exploitable holes in the cellular network interface, bluetooth network interfaces, and even the car stereo system.
From the article:
But their most interesting attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. “It’s hard to think of something more innocuous than a song,” said Stefan Savage, a professor at the University of California.
Adding computers to things also adds security implications. It’s too bad that this is not better understood in the world of product development.
Leave a Comment » | Exploits, Physical Security | Permalink
Posted by matt