PINDROP BLOG

Category: Device Security

September 12, 2017
BlueBorne Attack Threatens IoT Devices
Researchers have developed a new attack against Bluetooth-enabled devices that takes advantage of the fact that these devices are always listening for connections and can be used by attackers to connect to nearby devices and then exploit one of several new vulnerabilities in the protocol to compromise the devices. The attack is known as BlueBorne…
Read More →
September 11, 2017 | Dennis Fisher
Overlay Attack Threatens Many Android Users
A vulnerability in nearly all of the current versions of Android can be used by attackers to execute an overlay attack to trick users into installing malware, ransomware, or other malicious apps. The flaw affects most of the Android devices in use right now, except for those that have been updated to Oreo, the newest…
Read More →
September 7, 2017 | Dennis Fisher
Using Inaudible Voice Commands to Control Siri and Alexa
Researchers have developed a method for sending human-inaudible ultrasonic voice commands to voice-enabled assistants such as Alexa, Siri, and Google Assistant that could be used to force the assistants to visit attacker-controlled websites or take control of other connected smart devices. The technique is known as DolphinAttack and was developed by academic researchers at Zhejiang…
Read More →
August 10, 2017 | Dennis Fisher
Ukrainian Police Arrest Suspect in Petya Ransomware Campaign
Police in Ukraine have arrested a 51-year-old man in connection with spreading the notorious Petya ransomware earlier this summer. In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it. The outbreak of a ransomware connected to Petya in June was centered in Ukraine…
Read More →
August 9, 2017 | Dennis Fisher
Mamba Ransomware Pokes Its Head Back Up
The ransomware that wreaked havoc on San Francisco’s Muni mass transit system last Thanksgiving has resurfaced and is infecting enterprises in several countries around the world. The Mamba ransomware used in these attacks isn’t one of the big-name variants like Cryptolocker or Petya, but it has the potential to cause serious problems. Last November the malware infected…
Read More →
August 9, 2017 | Dennis Fisher
EFF Asks Court to Require Warrants For Device Searches at the Border
A case making its way through the United States court system right now could have long-lasting effects on how much–if any–privacy travelers have when they reach the border. The case revolves around the prosecution of a woman named Maria Isabel Molina-Isidoro, whose phone was searched at the U.S. border. Some of the information found on the…
Read More →
August 8, 2017 | Dennis Fisher
10 Critical Remotely Exploitable Bugs Patched in Android
Google has released fixes for a long list of vulnerabilities in Android, including 10 critical flaws that could lead to remote code execution. All of the critical vulnerabilities fixed in Android’s August security update are in the operating system’s media framework. Google doesn’t provide many details about the vulnerabilities fixed in Android any longer, but…
Read More →
August 7, 2017 | Dennis Fisher
Siemens Medical Scanners Open to Simple Remote Exploitation
Siemens is warning customers that some of its CT and PET scanning machines have a pair of remotely exploitable vulnerabilities that attackers can use to execute arbitrary code. The flaws actually lie in Windows XP, the operating system on which the imaging equipment runs. One of the vulnerabilities was disclosed earlier this summer, while the…
Read More →
August 3, 2017 | Dennis Fisher
The Security Community, Not Government, Must Fix IoT
The Senate is considering a bill that would force some serious changes in the way that vendors handle the security of the IoT devices they sell, but while the proposed law has strong bones, it should be clear by now that no amount of government regulation or intervention is going to fix this problem. There…
Read More →
August 1, 2017 | Dennis Fisher
IoT Security Bill Would Protect Research, Require Patches
Congress may be about to apply some real pressure to hardware manufacturers and software makers whose IoT devices are forming the spine of a new, wildly insecure global network. A bill introduced Tuesday in the Senate would require IoT makers to guarantee that any devices sold to federal agencies are patchable and don’t contain any known security…
Read More →
Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS