PINDROP BLOG

Category: Device Security

August 1, 2017 | Dennis Fisher
IoT Security Bill Would Protect Research, Require Patches
Congress may be about to apply some real pressure to hardware manufacturers and software makers whose IoT devices are forming the spine of a new, wildly insecure global network. A bill introduced Tuesday in the Senate would require IoT makers to guarantee that any devices sold to federal agencies are patchable and don’t contain any known security…
Read More →
August 1, 2017 | Dennis Fisher
Rooting an Amazon Echo
Researchers have developed a method for getting a root shell on the Amazon Echo and then install a small piece of malware that can transmit live audio from the device to a remote computer or steal user authentication tokens. The attack relies on having physical access to the Echo and it requires quite a bit of…
Read More →
July 27, 2017 | Dennis Fisher
Broadpwn Bug Allows Phone Takeover With One WiFi Probe Request
LAS VEGAS–The vulnerability in Broadcom WiFi chips running in many iPhones and Android devices that both Apple and Google patched recently could be triggered with a simple probe request from a mobile access point, giving the attacker full control of the victim’s device. The bug, known as Broadpwn, is about as powerful as they come for…
Read More →
July 26, 2017 | Dennis Fisher
Attackers Can Take Over Your Local Car Wash From the Internet
LAS VEGAS–Researchers are continuing to find new and interesting ways to demonstrate the fragility and poor security of IoT devices, and the latest test bed is your local car wash. A weakness in the design of the software that runs a large number of automated car washes in the U.S can allow a remote attacker…
Read More →
July 19, 2017
Apple Fixes Broadpwn Bug in iOS 10.3.3
In the latest version of iOS Apple has patched dozens of serious security flaws, including the Broadpwn vulnerability in some Broadcom WiFi chips, and a number of remote code execution bugs in various components of the OS. Not many details of the Broadpwn vulnerability are public yet, but it’s considered a fairly serious issue. Google…
Read More →
July 18, 2017
GhostCtrl Android Malware Hijacks Audio, Roots Devices
A recently discovered piece of Android malware called GhostCtrl apparently evolved from the well-known OmniRAT tool for desktop platforms and has the ability to steal or delete a wide variety of user and device data. GhostCtrl has an interesting pedigree and history. The backdoor is connected to a data-stealing worm known as Retadup that was detected…
Read More →
July 13, 2017
Tens of Thousands of Machines Still Open to EternalBlue Bug
Weeks after the WannaCry and NotPetya ransomware campaigns emerged and months after Microsoft released a patch for the vulnerability the two pieces of malware used to spread, more than 60,000 machines are still vulnerable to the bug. The vulnerability, which lies in Microsoft’s implementation of the SMB protocol, has been part of both the WannaCry…
Read More →
July 10, 2017
Android Ransomware Threatens to Leak Victim Data
The attacker community is continuing to expand the variety of ransomware strains it creates, including a recent variant that doesn’t encrypt victims’ files but instead threatens to send personal data and photos to their contacts. Researchers at McAfee discovered this ransomware variant buried within a couple of apps in the Google Play app store recently.…
Read More →
July 7, 2017
Makers of ME Doc Software Say They’ve Closed Backdoor Used By NotPetya
The makers of the M.E. Doc software that has been at the center of the NotPetya malware story say they have produced an updated version of the application that does not include the backdoor that had been slipped in by attackers several months ago. “M.E.Doc has created an update that will ensure safe work in the…
Read More →
July 5, 2017
Google Patches Broadpwn Flaw in July Android Update
Google has released its monthly set of Android patches for July, a release that includes fixes for many, many remote-code execution vulnerabilities, the highlight of which is a serious bug in some Broadcom chipsets that affects a lot of Android devices, as well as some iPhones. That vulnerability, which is known as Broadpwn, will be detailed…
Read More →