Facebook's Voice Transcripts Were More Invasive Than Amazon's

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Researchers from the security firm Pen Test Partners published findings this week that an attacker would just need a person's username to track them. A new vulnerability and corresponding exploit of Bluetooth could allow an attacker to determine the encryption keys used during device pairing and let themselves in on the party.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Watch a Drone Take Over a Nearby Smart TV

Watch a Drone Take Over a Nearby Smart TV

At the Defcon hacker conference today, independent security researcher Pedro Cabrera showed off in a series of hacking proofs-of-concept attacks how modern TVs—and particularly Smart TVs that use the internet-connected HbbTV standard implemented in his native Spain, across Europe, and much of the rest of the world—remain vulnerable to hackers.

Hackers Could Decrypt Your GSM Phone Calls

Hackers Could Decrypt Your GSM Phone Calls

But at the DefCon security conference in Las Vegas on Saturday, researchers from the BlackBerry are presenting an attack that can intercept GSM calls as they're transmitted over the air and decrypt them to listen back to what was said.

How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace

How Safecrackers Can Unlock an ATM in Minutes—Without Leaving a Trace

Over the last two and a half years, Davis has found techniques to crack three different types of the Kaba Mas high-security electronic combination locks the company has sold for securing ATM safes, pharmacy drug cabinets, and even Department of Defense facilities, representing millions of locks around the world.

How Apple Pay Buttons Can Make Websites Less Safe

How Apple Pay Buttons Can Make Websites Less Safe

Maddux has since noticed that Apple has revised its documentation for adding an Apple Pay button to make it less likely that sites will integrate it in this potentially vulnerable way.

Apple Gives Hackers a Special iPhone—And a Bigger Bug Bounty

Apple Gives Hackers a Special iPhone—And a Bigger Bug Bounty

Only three years ago did it suddenly shift its attitude towards security researchers, offering bounties as high as $200,000 to researchers who revealed some types of vulnerabilities in the iPhone .But even then, Apple's bug bounty program remained invite-only, open to only a select group of Apple's preferred and trusted researchers.

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

Povolny says that with the Avaya desk phones, it took only basic hacking skills to gain access to the device's systems and firmware (the foundational code that coordinates a device's hardware and software) and analyze them for flaws.

Hidden Algorithm Flaws Expose Websites to DoS Attacks

Hidden Algorithm Flaws Expose Websites to DoS Attacks

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Nathan Hauke and David Renardy of the security firm Two Six Labs started looking for these "algorithmic complexity" issues in mainstream services, and quickly found them in PDF readers, remote desktop servers, and a popular password strength evaluation tool.

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.

Hackers Can Break Into an iPhone Just by Sending a Text

Hackers Can Break Into an iPhone Just by Sending a Text

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

5G Is Here—and Still Vulnerable to Stingray Surveillance

5G Is Here—and Still Vulnerable to Stingray Surveillance

The researchers found that they could use their first stingray attack to modify a device's stated category number during the connection process, downgrading it to an older network.

Hackers Made an App That Kills to Prove a Point

Hackers Made an App That Kills to Prove a Point

Two years ago, researchers Billy Rios and Jonathan Butts discovered disturbing vulnerabilities in Medtronic's popular MiniMed and MiniMed Paradigm insulin pump lines. Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature.

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

Zoom patched this DoS issue in a May update but for now is only adjusting its auto-join video settings, giving users a more prominent way of choosing whether their video feed automatically launches when they click a Zoom call link.

The Biggest Cybersecurity Crises of 2019 So Far

The Biggest Cybersecurity Crises of 2019 So Far

In March, following a research report from the threat intelligence firm Kaspersky, computer maker Asus disclosed a supply chain attack sometime in the second half of 2018 that had compromised the company's Live Update tool to push malware to almost 1 million customers.

Ransomware Hits Georgia Courts As Municipal Attacks Spread

Ransomware Hits Georgia Courts As Municipal Attacks Spread

And whether a local government is going to rebuild from an attack on its own or pay the ransom, money to respond comes from public funds or through a municipality's cybersecurity insurance.

How Hackers Turn Microsoft Excel's Own Features Against It

How Hackers Turn Microsoft Excel's Own Features Against It

On Thursday, researchers from the threat intelligence firm Mimecast are disclosing findings that an Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks.

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I could see a public API endpoint that was returning the data for this feed, meaning that anyone could make a GET request (like a simple page load) to see the latest 20 transactions made on the app by anyone around the world.

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount

Analysts at two security firms, Crowdstrike and Dragos, tell WIRED that they've seen a new campaign of targeted phishing emails sent to a variety of US targets last week from a hacker group known by the names APT33 , Magnallium, or Refined Kitten, and widely believed to be working in the service of the Iranian government.

The Drone Iran Shot Down Was a $220M Surveillance Monster

The Drone Iran Shot Down Was a $220M Surveillance Monster

Iran's Islamic Revolutionary Guard Corps said on Thursday that the Northrup Grumman-made Global Hawk—part of a multi-billion-dollar program that dates back to 2001—had entered Iranian airspace and crashed in Iranian waters; US Central Command confirmed the time and general location of the attack, but insists that the drone was flying in international airspace.

A Plan to Stop Breaches With Dead Simple Database Encryption

A Plan to Stop Breaches With Dead Simple Database Encryption

That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either.

Tricky Scam Plants Phishing Links in Your Google Calendar

Tricky Scam Plants Phishing Links in Your Google Calendar

Scammers are taking advantage of default calendar settings to try to trick users into clicking malicious links. "For the calendar attack, the scammers use a prepared email list to send their fraudulent invitations," says Maria Vergelis, a security researcher at Kaspersky who has been following the method.

The Highly Dangerous 'Triton' Hackers Have Probed the US Grid

The Highly Dangerous 'Triton' Hackers Have Probed the US Grid

or E-ISAC, and the critical infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks.

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports.

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple's protected keychain.

Political Parties Still Have Cybersecurity Hygiene Problems

Political Parties Still Have Cybersecurity Hygiene Problems

Issie Lapowsky covers the intersection of tech, politics, and national affairs for WIRED.In the US, both the DNC and the RNC have worked to fortify their technical infrastructure since 2016, and, based on SecurityScorecard's findings from 2016, it shows, Casey says.

Security News This Week: Oh Great, Google Tracks What You Buy Online With Gmail

Security News This Week: Oh Great, Google Tracks What You Buy Online With Gmail

Security News This Week: Oh Great, Google Tracks What You Buy Online With Gmail. Google says it doesn’t use the information to serve ads, and that the page exists “to help you easily view and keep track of your purchases, bookings and subscriptions in one place.” Honestly, it’s no surprise that Google’s machines can read your email.

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe .

Google Recalls Titan Security Key Over a Bluetooth Flaw

Google Recalls Titan Security Key Over a Bluetooth Flaw

With the right timing, she could trick the victim's laptop, for instance, into pairing with her own Bluetooth dongle rather than the Titan key, thus gaining access to both a user's Google account and that computer.

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Like Meltdown and Spectre, the new MDS attack takes advantage of security flaws in how Intel's chips perform speculative execution, a feature in which a processor guesses at what operations and data it will be asked to execute or access ahead of time to speed up the chip's performance.

More