In November 2022, researchers at universities in the U.S. and Canada demonstrated a method of Wi-Fi device localization using inexpensive and easy-to-find equipment. The attack proof-of-concept was dubbed Wi-Peep, as it can be used to peep on devices communicating with each other via Wi-Fi. The research offers new show more ...
insight into certain features of Wi-Fi networks, and the potential risks of device-localization. We should start by saying that the risks arent too high — an attack looks like something out of a Bond movie. But that doesnt make the research any less interesting. Wi-Peep attack features Before looking at the report in detail, lets consider a real-life attack. Attackers fly a mini-quadcopter with the most inexpensive microcomputer on board around a target building, collecting data to obtain a map of wireless devices inside with reasonable accuracy (±1.5 meters under ideal conditions). But why would they? Well, lets imagine its a bank or a top-secret laboratory whose security systems are equipped with Wi-Fi modules. And theres your why: their location could be of huge practical interest to attackers planning physical penetration. Simplified Wi-Peep attack scheme. Source. So how do researchers imitate something like that? The Wi-Peep attack exploits two important features of absolutely any Wi-Fi device, from ancient wireless modules from 20 years ago to the most modern. The first is the power-saving mechanism in Wi-Fi devices. The Wi-Fi module, say, in a smartphone can preserve battery by shutting down the wireless receiver for short periods of time. A wireless access point needs to consider this mode of operation: your router can accumulate data packets for a specific device, then transmit them all at once when it signals its ready again to receive a transmission. For a successful attack, a potential spy would need to obtain a list of MAC addresses — unique device IDs whose locations would be determined later. Devices in the same home, office, or hotel are usually connected to a shared Wi-Fi network, the name of which is no secret. It turned out that its possible to send a fake data packet, ostensibly from this shared wireless network, informing all connected devices that the access-point buffer has accumulated some data destined for them. In reply to this signal, the devices send responses which, when analyzed, reveal the unique MAC addresses of all network devices almost instantly. But theres a simpler way: eavesdrop on wireless radio traffic; however, this takes more time: according to the researchers you need to accumulate data in passive mode for 12 hours. The second exploitable feature of wireless data exchange was provisionally named Wi-Fi Polite. That name was assigned by the authors of an earlier 2020 study. In a nutshell, the essence of the feature is this: a wireless device always responds to an address request from another device, even if theyre not connected to a shared Wi-Fi network, and even if the request isnt encrypted or is malformed. In response, the Wi-Fi module sends a simple confirmation (Data from you received), but that turns out to be sufficient to determine the distance to the responding device. The response time for receipt of such a packet is strictly regulated, and is 10 microseconds. A potential attacker can measure the time between sending a request and receiving a response, subtract those 10 microseconds, and get the time taken for the radio signal to reach the device. What does that give? Moving around a stationary wireless device, we can determine its coordinates with a fairly high degree of accuracy, knowing our own location and the distance to the object of interest. Much of the research is devoted to overcoming the many difficulties of this method. The signal from the Wi-Fi radio transmitter is constantly reflected by walls and other obstacles, making it difficult to calculate the distance. In fact, that standardized response time should be 10 microseconds, but it actually varies from device to device — ranging from 8 to 13 microseconds. The geolocation accuracy of the attackers Wi-Fi module itself also has an effect: it turns out that even the precision of geopositioning systems (GPS, GLONASS, etc.) isnt always enough. Although the resulting data contains a lot of noise, if enough measurements are made, relatively high accuracy can be achieved. That means if you make tens of thousands of readings, you get a positioning accuracy with an error in the range of 1.26 to 2.30 meters — on the horizontal plane. On the vertical, the researchers were able to determine the exact floor in 91% of cases, but nothing more. Low-cost sophisticated attack Although the system for determining the coordinates of wireless devices turned out to be not very accurate, its still of interest — not least because the equipment used by the researchers is dirt-cheap. Theoretically, an attack can be carried out by a potential spy in person, simply by slowly walking around the target object. For added convenience, the researchers used a cheap quadcopter fitted with a microcomputer based on the ESP32 chipset and a wireless module. The total cost of this reconnaissance kit (excluding the cost of the quadcopter) is less than US$20! Whats more, the attack is virtually impossible to trace on the victims device. It uses the standard capabilities of Wi-Fi modules, which cannot be disabled or at least modified in terms of behavior. If communication between the victims device and the attackers microcomputer is possible in principle, the attack will work. The practical range of data transmission over Wi-Fi is tens of meters, which in most cases will suffice. Fuzzy implications If we assume the attack is doable in real life, is the data obtained of any use? The researchers propose several scenarios. First and most obviously, if we know the MAC address of the smartphone of a specific individual, we can roughly track their movements in public places. This is possible even if their smartphone is not connected to any wireless networks at the time of the attack. Second, creating a map of wireless devices in a secure building (a competitors office, bank premises) for a subsequent physical attack is an entirely realistic scenario. For example, attackers can determine the approximate location of surveillance cameras if these use Wi-Fi for data transmission. There are also less obvious benefits from collecting such data. You could, for instance, collect information about the number of Wi-Fi devices in a hotel to estimate how many guests there are. Such data may be of interest to competitors. Or, knowing the number of wireless devices could help determine if potential victims are at home. Even the MAC addresses themselves — without coordinates — are of some use: for collecting statistics about smartphone usage in a public place. In addition to spying and burglary, such methods are a threat to peoples privacy. However, the immediate risk of such a method being deployed in practice is still quite low. This applies to all potential attacks and data collection methods for which you have to get close to the target object. Its quite labor-intensive for one thing, meaning that few would do it on a mass scale, and for targeted attacks — other methods may be more effective. At the same time, scientific research helps to understand how minor features of complex technologies can be harnessed for malicious purposes. The researchers themselves note that the real benefit of their work will be if this small security and privacy risk is eliminated in future versions of wireless data transmission technologies. For the time being, all we can recommend is to use an anti-drone system. It wont help against Wi-Peep, but it will at least guard against being spied on from the air.
The 2022 FIFA Men's World Cup final in Qatar will be the most-watched sporting event in history — but will cybercriminals score a hat trick off its state-of-the-art digital footprint?
Check out our slideshow detailing the emerging cybersecurity trends in cloud, creating a defensible Internet, malware evolution, and more that lit up audiences in London.
Cybercriminal rats are at play: Several food suppliers and distributors have experienced hundreds of thousands of dollars in losses after fulfilling fraudulently placed orders for food and ingredient shipments.
Effective customer data management helps companies avoid data breaches and the resulting cascade of issues. From validating "clean" data to centralized storage and a data governance strategy, management steps can help keep data safe.
Even without an overarching dictionary of common definitions, the concept of a secure access service edge (SASE) has spread, but a standard could help cloud services work better together.
A zero-trust architecture is one designed to require authorization from a central point—often referred to as a trust algorithm—for individuals or devices trying to access specific resources throughout a network.
The Lego Group has moved swiftly to fix a pair of API security vulnerabilities that existed in its BrickLink digital resale platform, after they were identified by Salt Labs, the research arm of API specialist Salt Security.
According to findings from Check Point, Emotet has returned as one of the most prevalent malware after a quiet summer. Additionally, Qbot made the list for the first time since 2021, and the Raspberry Robin worm has had a notable influx in use.
An Iranian cyber-espionage gang has learned new methods and phishing techniques, and aimed them at a wider set of targets – including politicians, government officials, critical infrastructure, and medical researchers – according to Proofpoint.
Seeking to bring greater security to AI systems, Protect AI today raised $13.5 million in a seed-funding round co-led by Acrew Capital and Boldstart Ventures, with participation from Knollwood Capital, Pelion Ventures, and Aviso Ventures.
Threat activity tracked as UNC4166 likely trojanized and distributed malicious Windows operating system installers which drop malware that conducts reconnaissance and deploys additional capability on some victims to conduct data theft.
The US National Institute of Standards and Technology (NIST) says it's time to retire Secure Hash Algorithm-1 (SHA-1), a 27-year-old weak algorithm used in security applications.
While Flutter has been a game changer for application developers, malicious actors have also taken advantage of its capabilities and framework, deploying apps with critical security and privacy risks to unsuspecting victims.
Much like its recent predecessors, 2022 was a bumper year in cybersecurity. A slew of high-profile data breaches, attacks on essential infrastructure, and targeted cyber warfare upped the ante in an already sophisticated threat landscape.
A successful Meta-Phish attack could result in the loss of PII, login credentials, and Facebook profile links. Instead of a phishing link to an external landing page, the mail sample is crafted with a link that points to an actual Facebook post.
There is a "pattern of vulnerability" in human behavior extending far beyond end users into more complex IT functions. Finding evidence of these patterns can give hackers an upper hand and speed the timeline of compromise.
During a recent investigation, Sucuri researchers came across a simple piece of malware targeting FreePBX’s Asterisk Management portal which allowed attackers to arbitrarily add and delete users, as well as modify the website’s .htaccess file.
Organizations are looking for ways to reduce their application development costs, but automated coding can usher in some quality of code, monitoring, third-party security, and application security issues if you're unprepared.
Security researcher Peter H, aka ‘pmnh’, said the attack used Spring Expression Language (SpEL) injection. The bounty hunter found the bypass with the assistance of Synack pentester Usman Mansha during an engagement with a private Bugcrowd program.
Google joined Mozilla and Microsoft in removing support for TrustCor Systems certificates following a Washington Post report on TrustCor's connections to spyware vendors.
FuboTV has not provided any details on the attack but did state that a lack of bandwidth did not cause the outage, indicating that this was not a distributed denial-of-service (DDoS) attack.
National Security Agency Cyber Director Rob Joyce said Thursday he remains concerned about significant cyberattacks from Russia, warning that Moscow could unleash digital assaults on the global energy sector in the coming months.
A majority of the infections have been reported in Russia, and to a lesser extent in Kazakhstan, Uzbekistan, Ukraine, Belarus, Czechia, Italy, India, and Indonesia. The company did not disclose the exact scale of the campaign.
Today, the 2FA requirement is expanded to the entire user base, covering approximately 94 million users. While GitHub had announced this decision previously, it has now shared more details about how it will implement the new measure.
Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor.
Shoppers have been flocking to sites selling return pallets looking for great deals on holiday purchases. And as you might expect, scammers and bad actors have also seized on this trend.
Social Blade is an analytics platform that provides statistical graphs for YouTube, Twitter, Twitch, Daily Motion, Mixer, and Instagram accounts, allowing customers to see estimated earnings and projects.
Despite passing the Senate vote, the bill still needs to receive approval from the US House of Representatives before the end of the current congressional session. Only then will it be presented to President Joe Biden for approval.
The new Rust-based variant of Agenda ransomware has also been seen using intermittent encryption, one of the emerging tactics that threat actors use today for faster encryption and detection evasion.
Meta revealed its latest actions in a report released Thursday that was accompanied by a policy paper offering 13 recommendations for confronting the surveillance-for-hire industry.
The vulnerability resides in a PHP file in Cacti that allows remote agents to run different actions on the server. The only safeguard this file offered was to check whether requests were coming from an authorized IP address.
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
Red Hat Security Advisory 2022-9073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-9068-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9082-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and privilege escalation vulnerabilities.
Red Hat Security Advisory 2022-9075-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9074-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9080-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9081-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-8893-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.20.
Red Hat Security Advisory 2022-9079-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9072-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9065-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9077-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9067-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2022-9058-01 - Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Issues addressed include code execution and deserialization vulnerabilities.
Red Hat Security Advisory 2022-9032-01 - This release of Red Hat build of Eclipse Vert.x 4.3.4 GA includes security updates. For more information, see the release notes listed in the References section. Issues addressed include code execution and deserialization vulnerabilities.
Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices despite originating from malicious software downloads on Windows hosts. "The botnet spreads by
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The now-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are both rated 9.8 on the CVSS scoring system, and could be leveraged to
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing to the risk of collision attacks. While hashes are designed to be
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the supply chain attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. It's tracking the threat cluster as UNC4166
A former Twitter employee who was found guilty of spying on behalf of Saudi Arabia by sharing data pertaining to specific individuals has been sentenced to three-and-a-half years in prison. Ahmad Abouammo, 45, was convicted earlier this August on various criminal counts, including money laundering, fraud, falsifying records, and being an illegal agent of a foreign government. Abouammo was
Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack. As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late.
GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of January 2023. Secret scanning is designed to examine repositories for access tokens, private keys,
Social media analytics service Social Blade has confirmed that it is investigating a security breach, after a hacker offered its user database for sale on an underground criminal website. Read more in my article on the Hot for Security blog.
Celebrated crime author Ann Cleeves turned to Twitter this week, desperate for help. The reason? The author, whose novels had been the inspiration for TV series like "Vera", had lost her HP laptop during a blizzard in Shetland.