Daily NCSC-FI news followup 2019-07-13

Brazil is at the forefront of a new type of router attack

www.zdnet.com/article/brazil-is-at-the-forefront-of-a-new-type-of-router-attack/ On these sites, malicious ads (malvertising) run special code inside users’ browsers to search and detect the IP address of a home router, the router’s model. When they detect the router’s IP and model, the malicious ads then use a list of default usernames and passwords to log into users’ devices, without their knowledge.. If the attacks are successful, additional malicious code relayed through the malicious ads will modify the default DNS settings on the victims’ routers, replacing the DNS server IP addresses routers receive from the upstream ISPs with the IP addresses of DNS servers managed by the hackers.

Brilliant Boston boffins blow big borehole in Bluetooth’s ballyhooed barricades: MAC addy randomization broken

www.theregister.co.uk/2019/07/12/untraceable_bluetooth_exposed/ David Strobinski, David Li, and Johannes Becker at Boston University told The Register how they found that the MAC randomization system of Bluetooth LE, designed to thwart the tracking of devices, transmits packages of data that can still be used to uniquely identify, and thus track the location of a mobile phone or PC.

iOS URL Scheme Susceptible to Hijacking

blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/ The URL Scheme can be dangerous and is not recommended for the transfer of sensitive data. Attackers can take advantage of the non-authentication feature since communication and data is transferred regardless of the source or destination.

Burning down the house with IoT

www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/ Weve shown that we can tamper with the temperature, so even if used safely by the user, a hacker can make them less safe.. Yes, this attack requires the hacker to be within Bluetooth range, but it would have been so easy for the manufacturer to include a pairing/bonding function to prevent this.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.