In This Section


Category: Device Security

August 7, 2017 | Dennis Fisher
Siemens Medical Scanners Open to Simple Remote Exploitation
Siemens is warning customers that some of its CT and PET scanning machines have a pair of remotely exploitable vulnerabilities that attackers can use to execute arbitrary code. The flaws actually lie in Windows XP, the operating system on which the imaging equipment runs. One of the vulnerabilities was disclosed earlier this summer, while the…
Read More →
August 3, 2017 | Dennis Fisher
The Security Community, Not Government, Must Fix IoT
The Senate is considering a bill that would force some serious changes in the way that vendors handle the security of the IoT devices they sell, but while the proposed law has strong bones, it should be clear by now that no amount of government regulation or intervention is going to fix this problem. There…
Read More →
August 1, 2017 | Dennis Fisher
IoT Security Bill Would Protect Research, Require Patches
Congress may be about to apply some real pressure to hardware manufacturers and software makers whose IoT devices are forming the spine of a new, wildly insecure global network. A bill introduced Tuesday in the Senate would require IoT makers to guarantee that any devices sold to federal agencies are patchable and don’t contain any known security…
Read More →
August 1, 2017 | Dennis Fisher
Rooting an Amazon Echo
Researchers have developed a method for getting a root shell on the Amazon Echo and then install a small piece of malware that can transmit live audio from the device to a remote computer or steal user authentication tokens. The attack relies on having physical access to the Echo and it requires quite a bit of…
Read More →
July 27, 2017 | Dennis Fisher
Broadpwn Bug Allows Phone Takeover With One WiFi Probe Request
LAS VEGAS–The vulnerability in Broadcom WiFi chips running in many iPhones and Android devices that both Apple and Google patched recently could be triggered with a simple probe request from a mobile access point, giving the attacker full control of the victim’s device. The bug, known as Broadpwn, is about as powerful as they come for…
Read More →
July 26, 2017 | Dennis Fisher
Attackers Can Take Over Your Local Car Wash From the Internet
LAS VEGAS–Researchers are continuing to find new and interesting ways to demonstrate the fragility and poor security of IoT devices, and the latest test bed is your local car wash. A weakness in the design of the software that runs a large number of automated car washes in the U.S can allow a remote attacker…
Read More →
July 19, 2017
Apple Fixes Broadpwn Bug in iOS 10.3.3
In the latest version of iOS Apple has patched dozens of serious security flaws, including the Broadpwn vulnerability in some Broadcom WiFi chips, and a number of remote code execution bugs in various components of the OS. Not many details of the Broadpwn vulnerability are public yet, but it’s considered a fairly serious issue. Google…
Read More →
July 18, 2017
GhostCtrl Android Malware Hijacks Audio, Roots Devices
A recently discovered piece of Android malware called GhostCtrl apparently evolved from the well-known OmniRAT tool for desktop platforms and has the ability to steal or delete a wide variety of user and device data. GhostCtrl has an interesting pedigree and history. The backdoor is connected to a data-stealing worm known as Retadup that was detected…
Read More →
July 13, 2017
Tens of Thousands of Machines Still Open to EternalBlue Bug
Weeks after the WannaCry and NotPetya ransomware campaigns emerged and months after Microsoft released a patch for the vulnerability the two pieces of malware used to spread, more than 60,000 machines are still vulnerable to the bug. The vulnerability, which lies in Microsoft’s implementation of the SMB protocol, has been part of both the WannaCry…
Read More →
July 10, 2017
Android Ransomware Threatens to Leak Victim Data
The attacker community is continuing to expand the variety of ransomware strains it creates, including a recent variant that doesn’t encrypt victims’ files but instead threatens to send personal data and photos to their contacts. Researchers at McAfee discovered this ransomware variant buried within a couple of apps in the Google Play app store recently.…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.