"If you want to compromise an iPhone, these are the best ways to do it," says independent security researcher Linus Henze of the two apps.
But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.
At the Defcon hacker conference today, independent security researcher Pedro Cabrera showed off in a series of hacking proofs-of-concept attacks how modern TVs—and particularly Smart TVs that use the internet-connected HbbTV standard implemented in his native Spain, across Europe, and much of the rest of the world—remain vulnerable to hackers.
But a group of security researchers told Motherboard this week they found what look like election infrastructure online in 10 states, including swing states like Wisconsin, Michigan, and Florida.
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.
Ars Technica reporter Dan Goodin brings the news of a major new privacy failure recently unearthed by security researchers: widely used Chrome and Firefox browser extensions scraped and sold the data of more than 4.1 million people, until the researcher alerted Google and Mozilla.
Cybereason says that the company found no evidence that the hackers stole the actual content of communications from victims, but the firm's principal security researcher Amit Serper argues that the metadata alone—device and SIM identifiers, call records, and which cell tower a phone connected to at any given time—can provide a frighteningly high-resolution picture of a target's life.
Scammers are taking advantage of default calendar settings to try to trick users into clicking malicious links. "For the calendar attack, the scammers use a prepared email list to send their fraudulent invitations," says Maria Vergelis, a security researcher at Kaspersky who has been following the method.
In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple's protected keychain.
When security researcher Rob Graham scanned the entire public internet for BlueKeep-vulnerable machines on Monday, using a tool he built, he found that 923,671 machines hadn't been patched, and were thus still exposed to any potential worm.
Louise Matsakis covers cybersecurity, internet law, and online culture for WIRED.Now, a leading group of researchers from MIT have found a different answer, in a paper that was presented earlier this week: adversarial examples only look like hallucinations to people .
State-backed hacking and physical warfare have been on a slow but steady path toward convergence for about two decades, and both information security and warfare researchers say that it was only a matter of time before a nation launched a kinetic attack against enemy hackers.
Security News This Week: Google Play Store Has a Malware Problem. Working together with security researchers, a Motherboard investigation found that more than 20 Android apps in the Google Play Store were actually spyware that may have been developed for the Italian government.
LockerGoga, which was named for a file path in its source code by security research group MalwareHunterTeam, remains relatively rare and targeted compared to older forms of ransomware like SamSam and Ryuk, says Charles Carmakal, who leads a team of incident responders at FireEye who have dealt with multiple infestations.
"As you can imagine," Hardigree says, "I went into panic mode." The day before that scrum, WIRED had revealed that Exactis exposed a database of 340 million records on the open internet, as first spotted by an independent security researcher named Vinny Troia.
"This is just another case where someone has my data, and hundreds of millions of other people’s data, and I’ve absolutely no idea how they got it." Security Researcher Troy Hunt In the exposed database, the researchers also found some of what appear to be Verifications.io’s own internal tools like test email accounts, hundreds of SMTP (email sending) servers, the text of emails, anti-spam evasion infrastructure, keywords to avoid, and IP addresses to blacklist.
Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes-worth of detailed, plaintext marketing data—including 763 million unique email addresses. The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.
Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described.
In new work they presented at last week’s Network & Distributed System Security Symposium, a team of researchers from UC Irvine and UC Riverside unveiled a so-called acoustic side-channel attack on a popular DNA-making machine, a vulnerability they say could imperil the up-and-coming synthetic biology and DNA-based data storage industries.
"Once the firmware is infected, there’s really no way to know if it is still infected or to recover from it." Karsten Nohl, Security Research Labs In their experiments, Eclypsium's researchers would rent an IBM bare metal cloud server, and then make a harmless alteration to its BMC's firmware, simply changing one bit in its code.
LEARN MORE The WIRED Guide to Data Breaches This week, a security researcher found that Chinese company SenseNets, which allegedly facilitates that facial recognition tracking, had left a database containing the associated data completely exposed online.
The data set was first reported by security researcher Troy Hunt , who maintains Have I Been Pwned , a way to search whether your own email or password has been compromised by a breach at any point.
FAO and University of Chile will promote sustainable development in the agri-food sector New agreement will foster knowledge-sharing and technology transfer to address climate change and food security 8 January 2019, Santiago, Chile - The Food and Agriculture Organization of the United Nations (FAO) and the University of Chile will join efforts in the areas of research, training, and technology transfer.
"In the past no one was aware of these issues, so they weren’t willing to sacrifice any performance for security." Jon Masters, Red Hat At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats.
All of Australia's intelligence allies—the United States, the United Kingdom, Canada, and New Zealand, known collectively as the Five Eyes—have spent decades lobbying for these mechanisms."The debate about simplifying lawful access to encrypted communication carries a considerable risk of regulations spilling to other countries," says Lukasz Olejnik, a security and privacy researcher and member of the W3C Technical Architecture Group.
It's not super technically challenging."Segerdahl notes that the findings have particular implications for corporations and other institutions that manage a large number of computers, and could have their whole network compromised off of one lost or stolen laptop.'It's pretty quick and very doable for a knowledgable hacker.'Olle Segerdahl, F-SecureTo carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation.