recentpopularlog in

pierredv : vulnerability   38

A connected world will be a playground for hackers - Cyber security - The Economist, Sep 2019
"Few companies making connected gadgets have much experience with cyber security"

"AS WAYS TO break into casinos go, a fish tank is an unusual route. Yet that is what was used in an unnamed American gambling house in 2017. It had invested in a fancy internet-connected tank in which the temperature and salinity of the water were remotely controlled. Its owners were not naive: when they installed it, they isolated its controls on their own specific part of their company network, away from all their sensitive systems.

It made no difference. According to Darktrace, a computer-security firm, attackers from Finland managed to break into the tank’s systems, then used it as a stepping stone for the rest of the casino’s networks. They made off with around 10GB of data."
TheEconomist  cybersecurity  IoT  vulnerability 
9 days ago by pierredv
Exclusive: Russia Carried Out A 'Stunning' Breach Of FBI Communications System, Escalating The Spy Game On U.S. Soil | HuffPost Sep 2019
"Both compounds, and at least some of the expelled diplomats, played key roles in a brazen Russian counterintelligence operation that stretched from the Bay Area to the heart of the nation’s capital, according to former U.S. officials. The operation, which targeted FBI communications, hampered the bureau’s ability to track Russian spies on U.S. soil at a time of increasing tension with Moscow, forced the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, according to former U.S. officials. It even raised concerns among some U.S. officials about a Russian mole within the U.S. intelligence community."

"American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams."

Joel Brenner: "we were neither organized nor resourced to deal with counterintelligence in networks, technical networks, electronic networks.”

"Russian spies also deployed “mobile listening posts.” Some Russian intelligence officers, carrying signals intelligence gear, would walk near FBI surveillance teams. Others drove vans full of listening equipment aimed at intercepting FBI teams’ communications."
HuffPost  Russia  surveillance  spying  FBI  cyber-spectrum  vulnerability  cellular 
24 days ago by pierredv
Simjacker – Next Generation Spying Over Mobile | Mobile Security News | AdaptiveMobile, Sep 2019
Via Amie Stepanovich

"... Simjacker. We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance. Other than the impact on its victims, from our analysis, Simjacker and its associated exploits is a huge jump in complexity and sophistication compared to attacks previously seen over mobile core networks. It represents a considerable escalation in the skillset and abilities of attackers seeking to exploit mobile networks. "

"This S@T Browser software is not well known, is quite old, and its initial purpose was to enable services such as getting your account balance through the SIM card. Globally, its function has been mostly superseded by other technologies, and its specification has not been updated since 2009, however, like many legacy technologies it is still been used while remaining in the background."
AdaptiveMobile  SIM  cyber-spectrum  spectrum  cellular  vulnerability 
4 weeks ago by pierredv
How dangerous is the KNOB Bluetooth vulnerability and what should I be - Aug 2019
Via Dale Hatfield

"Security researchers recently discovered a way to intercept a Bluetooth connection between two devices, leading to the ability to plainly view all of the data being transmitted between the two devices. The ‘attack’ was successful on 17 different kinds of Bluetooth chips on 24 different devices that they tested, which means that every popular brand of device that uses Bluetooth is vulnerable."

"In essence, the security researchers figured out how to lower the encryption level used to keep Bluetooth connections secured, by jumping in during the initial negotiation process prior to making a connection."

"In order to actually pull this off in real life, the perpetrator would need a really specialized and expensive piece of equipment, be relatively nearby and could only exploit the connection at the very moment that the two devices where attempting to pair with one another."
cyber-spectrum  cybersecurity  Bluetooth  vulnerability 
7 weeks ago by pierredv
Hack in the box: Hacking into companies with “warshipping” | Ars Technica
"For under $100, compact hardware can turn a shipped package into a horse for attacks."

"Using less than $100 worth of gear—including a Raspberry Pi Zero W, a small battery, and a cellular modem—the X-Force Red team assembled a mobile attack platform that fit neatly within a cardboard spacer dropped into a shipping box or embedded in objects such as a stuffed animal or plaque."
cybersecurity  vulnerability  cyber-spectrum  ArsTechnica 
9 weeks ago by pierredv
Hackers Made an App That Kills to Prove a Point | WIRED, Jul 2019
"... yet months of negotiations with Medtronic and regulators to implement a fix proved fruitless. So the researchers resorted to drastic measures. They built an Android app that could use the flaws to kill people."

"The researchers, who also include Jesse Young and Carl Schuett, say they found it easy to reverse engineer the simple encoding and validity checks meant to protect the signal, enabling an attacker to capture the fob's commands. A hacker could then use readily available, open source software to program a radio that masquerades as a legitimate MiniMed remote, and send commands that the pumps will trust and execute. After establishing that initial contact, hackers can then control that radio through a simple smartphone app to launch attacks"

"Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature. "

"Rios says the research group demonstrated its proof of concept app to FDA officials in mid-June of this year; Medtronic announced its voluntary recall program a week later. "
hacking  security  cyber-spectrum  Wired  Medtronic  vulnerability 
july 2019 by pierredv
Serious Zoom security flaw could let websites hijack Mac cameras - The Verge, Jul 2019
"Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That’s possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn’t. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention."
TheVerge  cybersecurity  hacking  vulnerability  Zoom  Mac 
july 2019 by pierredv
Hacking these medical pumps is as easy as copying a booby-trapped file over the network • The Register Jun 2019
"Two security vulnerabilities in medical workstations can exploited by scumbags to hijack the devices and connected infusion pumps, potentially causing harm to patients, the US government revealed today"

"An attacker successfully exploiting the critical flaw could remotely install malicious firmware, thereby disabling the workstation or altering its function."
TheRegister  healthcare  cyber-spectrum  cybersecurity  vulnerability  DHS 
june 2019 by pierredv
Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists - The Washington Post, Apr 2019
"But what if the scan had shown faked cancerous nodules, placed there by malware exploiting vulnerabilities in widely used CT and MRI scanning equipment? Researchers in Israel say they have developed such malware to draw attention to serious security weaknesses in critical medical imaging equipment used for diagnosing conditions and the networks that transmit those images — vulnerabilities that could have potentially life-altering consequences if unaddressed."

"Mirsky said the attack works because hospitals don’t digitally sign the scans to prevent them from being altered without detection and don’t use encryption on their PACS networks, allowing an intruder on the network to see the scans and alter them."
WashingtonPost  cybersecurity  healthcare  vulnerability 
april 2019 by pierredv
Researchers find 36 new security flaws in LTE protocol | ZDNet
"A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world.

The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic."

"The research team's discoveries aren't exactly new. Several academic groups have identified similar vulnerabilities in LTE over the past years on numerous occasions --July 2018, June 2018, March 2018, June 2017, July 2016, October 2015 ... These vulnerabilities have been the driving force behind efforts to create the new and improved 5G standard --which, unfortunately, isn't that secure either, with some researchers already poking holes in it as well."

"They discovered this sheer number of flaws by using a technique known as fuzzing --a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs."

"Because the flaws reside in both the protocol itself and how some vendors have implemented LTE in their devices, researchers believe many other flaws still exist in the real world."
cybersecurity  cyber-spectrum  spectrum-vulnerability  LTE  cellular  vulnerability  fuzzing  hacking 
april 2019 by pierredv
Family tracking app leaked real-time location data for weeks - Engadget Mar 2018
"Family tracking apps can be very helpful if you're worried about your kids or spouse, but they can be nightmarish if that data falls into the wrong hands. Security researcher Sanyam Jain has revealed to TechCrunch that React Apps' Family Locator left real-time location data (plus other sensitive personal info) for over 238,000 people exposed for weeks in an insecure database. It showed positions within a few feet, and even showed the names for the geofenced areas used to provide alerts. You could tell if parents left home or a child arrived at school, for instance."

"While the data is safe for now, the incident illustrates a problem with tracking apps as a whole: it's difficult to verify that developers are securing your location info every step of the way. If they don't and there's a breach, it could lead to very real threats that could include physical danger."
Engadget  GPS  surveillance  data-leaks  hacking  spectrum-vulnerability  cyber-spectrum  vulnerability 
march 2019 by pierredv
Security Researcher Assaulted Following Vulnerability Disclosure - cybersec Feb 2019
"Following a serious vulnerability disclosure affecting casinos globally, an executive of casino technology vendor Atrient has assaulted the security researcher who disclosed the vulnerability at the ICE conference in London"

"These kiosks and the back end server communicate the personal details of their users and send data like drivers license scans (used for enrollment), user home addresses and contact details, as well as details about user activity, unencrypted over publicly accessible internet. When the researcher discovered that the unauthenticated reward server was directly connected to the kiosks on the casino floor they realized that the API the kiosks used was wide open and extremely vulnerable to criminal abuse."
vulnerability  cybersecurity 
february 2019 by pierredv
Yes, you can remotely hack factory, building site cranes. Wait, what? • The Register
"Did you know that the manufacturing and construction industries use radio-frequency remote controllers to operate cranes, drilling rigs, and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro."

"In addition to basic replay attacks, where commands broadcast by a legitimate operator are recorded by an attacker and rebroadcast in order to take over a targeted plant, attack vectors also included command injection, "e-stop abuse" (where miscreants can induce a denial-of-service condition by continually broadcasting emergency stop commands) and even malicious reprogramming. During detailed testing of one controller/receiver pair, Trend Micro researchers found that forged e-stop commands drowned out legitimate operator commands to the target device."

"Just to keep site managers' blood pressure high, Trend Micro highlighted that not only could script kiddies carry out some of these types of attack against industrial plants, a remote attacker could achieve persistent access by using a battery-powered cellular modem dropped off at a quiet part of a site with a drone."
TheRegister  hacking  cyber-spectrum  vulnerability  cybersecurity 
january 2019 by pierredv
The “robust yet fragile” nature of the Internet | PNAS 2005

The search for unifying properties of complex networks is popular, challenging, and important. For modeling approaches that focus on robustness and fragility as unifying concepts, the Internet is an especially attractive case study, mainly because its applications are ubiquitous and pervasive, and widely available expositions exist at every level of detail. Nevertheless, alternative approaches to modeling the Internet often make extremely different assumptions and derive opposite conclusions about fundamental properties of one and the same system. Fortunately, a detailed understanding of Internet technology combined with a unique ability to measure the network means that these differences can be understood thoroughly and resolved unambiguously. This article aims to make recent results of this process accessible beyond Internet specialists to the broader scientific community and to clarify several sources of basic methodological differences that are relevant beyond either the Internet or the two specific approaches focused on here (i.e., scale-free networks and highly optimized tolerance networks).
networking  Internet  vulnerability  complexity 
january 2019 by pierredv
CenturyLink's outage started in Denver, spread across country - Denver Post, Jan 2019
"For about 30 hours, from the early morning hours of Dec. 27 until late on Dec. 28, chaos reigned on CenturyLink’s system as a faulty third-party network management card in Denver caused a series of outages across the country. "

"For about 30 hours, from the early morning hours of Dec. 27 until late on Dec. 28, chaos reigned on CenturyLink’s system. Western states that depend most heavily on the company’s fiber-optic system were hardest hit, but reports of outages and slower speeds came in from Alaska to Florida, according to"

"Computer scientists borrowed the term “Sorcerer’s Apprentice Syndrome” to describe what happens when a part of a network sends out “packets” of bad information that then get replicated and sent out over and over"

“Once on the secondary communication channel, the invalid frame packets multiplied, forming loops and replicating high volumes of traffic across the network, which congested controller card CPUs (central processing unit) network-wide, causing functionality issues and rendering many nodes unreachable,” the company said in a statement.

"Massey, who worked on cybersecurity issues at the Department of Homeland Security before joining CU, said most states have invested very little in cybersecurity and other safeguards when it comes to their 911 centers. They are not as failproof as they need to be."
DenverPost  CenturyLink  cybersecurity  outages  vulnerability  Dan-Massey  Dirk-Grunwald 
january 2019 by pierredv
GPS Problem Reports Status - US Coast Guard Navigation Center (NAVCEN)
"Civil GPS Users are encouraged to submit reports of GPS problems to NAVCEN. A form to submit reports can be found on our GPS Problem Reporting webpage. Some information from those reports is shared here along with input from interagency partners and the most likely cause of the report."
GPS  outage  vulnerability  degradation 
january 2019 by pierredv
GPS Anomaly Event - SVN23,
"GPS Satellite Vehicle Number (SVN) 23 launched in 1990 was retired from service in January 2016. It had occupied Pseudo-Random Noise (PRN) sequence 32 since 2008. According to NANU 2016008 it was marked unusable at 15:36 UTC on 25th January and decommissioned at 22:00 UTC later that same day. Unfortunately (for reasons not yet fully known) the UTC signal on some satellites was off by 13 microseconds. This Case Study charts the activity undertaken by the Chronos support team during and after this unprecedented GPS anomaly event. For some with long memories this is not the first time that SVN23 has caused a problem. The last time was 1st January 2004."
GPS  vulnerability  degradation 
january 2019 by pierredv
U.K. Cyber Security Center Says Most Attacks Are From Hostile States - Bloomberg Oct 2018
"The U.K.’s National Cyber Security Centre blamed hostile foreign states for the majority of the 1,167 attacks it has handled in the two years it’s been running, equivalent to 10 assaults a week."

"As fifth generation or 5G telephone networks come into service, companies should examine their supply chains, which may be at greater risk of hacking, the report recommended."
Bloomberg  UK  cybersecurity  vulnerability  5G 
october 2018 by pierredv
Protecting the power grid from GPS spoofing -- GCN Sep 2018
"It’s relatively simple for bad actors to bring down a power grid by spoofing the GPS signals the grid uses to time stamp sensor measurements, according to researchers at the University of Texas at San Antonio."

The sensors -- phasor measurement units -- are installed in fixed locations throughout the grid and transmit 30 measurements per second to the control center, where operators monitor grid performance and increase or decrease the supply of electricity depending on the readings. That data is time stamped with the signals received by the sensors’ on-board GPS receivers.

"The team is also exploring using the algorithm to protect against time-synchronization attacks against financial institutions, which use the GPS timing data to time stamp financial transactions."
GPS  utilities  electricity  finance  vulnerability 
september 2018 by pierredv
Leading RF Security Vulnerabilities in 2018 — Bastille
Wi-FI: Krack
Keyless entry
Medical devices
Remotely hijacking vehicles

"RF vulnerabilities are most often not the result of flaws in operating systems and applications. The problems often reside in the firmware of communications chips, which are trade secrets not open to public inspection. An attack on them bypasses not just network firewalls but many forms of detection. The vulnerable devices are often simple, mass-produced ones, the kind found on the Internet of Things. Many manufacturers pay more attention to price than security."
Bastille  cybersecurity  RF  Wi-Fi  vulnerability 
september 2018 by pierredv
Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes - Motherboard Jul 2018
"This demo shows that “evil maid attacks,” hacks where an attacker has physical access to a target computer, are not as complicated as you may think. "

"In early July, security firm Eclypsium posted a video showing how Mickey Shkatov, one of its researchers, hacks into a laptop by opening it up, connecting a device directly to the chip that contains the BIOS, and installing malicious firmware on it—all in just over four minutes"
cybersecurity  vulnerability  hacking 
july 2018 by pierredv
A survey of the existence of GPS interference in Europe « Electronic Environment
"One of the objectives of STRIKE3 is the deployment and operation of an international GNSS interference monitoring network to capture the scale and dynamics of the problem, and to work with international GNSS partners to develop, negotiate, promote and implement standards for threat reporting and receiver testing."

"This article presents measurement results from a survey of the existence of GPS interference and jammers within Europe. The measurement started in the late March 2016 and ended in the beginning of July 2016. Interference detection equipment were deployed ‘as is’ in seven European countries; Sweden, UK, France, Czech Republic, Poland, Slovakia and Finland, see fig. 1. In total eleven different site locations are covered among these countries."

"there is a huge variation in the number of weekly events at each site, with some sites having only a few detections per week whereas others have several hundred ... The most active sites appear to be those next to major roads or in city center locations. These are also the busiest sites in terms of vehicles (which may carry jammers) and other sorts of activity"

", the greatest number of chirp type events (which are likely to be intentional and are associated with vehicle jammers) are seen at site 8 and site 10, with a significant number also seen at site 5. Those three sites are close to busy roads and hence that probably explains the high number of these types of events."
EU  Horizon2020  GNSS  GPS  cybersecurity  vulnerability  measurement  jamming  spectrum 
july 2018 by pierredv
Spectre and Meltdown: A New Class of Computer Vulnerabilities - The Atlantic Jan 2018 - Bruce Schneier
review of new vulnerabilities:

"a harbinger of the sorts of security problems we’re going to be seeing in the coming years. These are vulnerabilities in computer hardware, not software. They affect virtually all high-end microprocessors produced in the last 20 years. . . . Spectre and Meltdown aren’t anomalies. They represent a new area to look for vulnerabilities and a new avenue of attack. They’re the future of security—and it doesn’t look good for the defenders."
theAtlantic  Bruce-Schneier  cybersecurity  vulnerability 
february 2018 by pierredv
How can airlines stop hackers pwning planes over the air? And don't say 'regular patches' • The Register
Via Dale Hatfield

See discussion thread:

"A plane was compromised as it sat on the tarmac at a New Jersey airport by a team of boffins from the worlds of government, industry and academia, we're told. During the hack – the details of which are classified – experts accessed systems on the Boeing 757 via radio-frequency communications."

"A couple of years ago, security researcher Chris Roberts was accused of hacking into the controls of a United Airlines plane in midair via the inflight entertainment system. Roberts tweeted about airplane network security during the flight to Syracuse, New York. He was questioned on arrival by the Feds. However, there is no evidence he accessed flight control systems, and no charges were ever brought.

In 2014, Brad Haines poked air traffic control and ADS-B security, and found various threats to installations."

"Recently designed commercial aircraft – such as Boeing’s 787 and the Airbus Group A350 – were drafted with computer security in mind, we're told, but resisting or preventing cyber-attacks were not on the design criteria list for older aircraft, which still make up the vast majority of airline fleets."
aviation  cybersecurity  TheRegister  exploits  vulnerability  ADS-B  discussion 
november 2017 by pierredv
ATIS Issues Report on GPS Vulnerability and Its Impact on Telecom
"Sept. 15, 2017 — ATIS today announced release of a major resource to help better understand and address a formidable telecommunications industry challenge: the vulnerabilities in the Global Positioning System (GPS). . . . GPS Vulnerability (ATIS-0900005) provides insight into the sources of the most common problems with GPS and their impacts."

"Known vulnerabilities to deliver GPS time to a system include environmental phenomena, malicious interference and spoofing, incidental interference, adjacent band interference, poor antenna installations, and rare but present GPS segment errors. GPS Vulnerability discusses techniques to address these vulnerabilities as well as alternatives to GPS timing, with the goal of mitigating GPS vulnerabilities for the timing receivers used in the critical infrastructure. Alternatives covered in the report include Navigational Message Authentication on modernized GPS civil signals, atomic clock time holdover, sync over fiber, eLoran, WWVB, terrestrial beacons and more."
ATIS  GPS  resilience  vulnerability 
september 2017 by pierredv
Network security: threats and opportunities for operators
"The software-controlled transformation of CSPs’ organisations and network infrastructures creates both opportunities and risks in terms of network security. The increased openness, speed and flexibility of software-defined networking (SDN) and network function virtualisation (NFV) create a host of new vulnerabilities that increase the level of risk to the organisation and its customers. Conversely, that same openness, speed and flexibility provides the CSP with very much better tools with which to spin-up and deploy security features to detect and mitigate real-time threats in its networks."

"Another example is the risk of DDoS attacks originating in the 5G radio access network. This already represents a threat to network availability in the current 3G and 4G network environments, but this will escalate with the introduction of 5G endpoints capable of supporting up to 100 Mbps. There are new opportunities for vendors in delivering products and feature sets that will meet these new 5G security challenges."
AnalysysMason  SDN  NFV  cybersecurity  vulnerability  5G 
june 2017 by pierredv
ASUS Settles FTC Charges That Insecure Home Routers and “Cloud” Services Put Consumers’ Privacy At Risk | Federal Trade Commission - Feb 2016
Via Andy Sayler
"Taiwan-based computer hardware maker ASUSTeK Computer, Inc. has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers’ insecure “cloud” services led to the compromise of thousands of consumers’ connected storage devices, exposing their sensitive personal information on the internet."
FTC  Wi-Fi  cybersecurity  vulnerability  IoT  security 
september 2016 by pierredv
Delta Airlines: On Second Thought, the Computer Crash Was Our Fault - IEEE Spectrum
"Delta says it has discovered the real root of the computer crash: One of its own power control modules went bad, allowing a surge that tripped circuits feeding the computer network that handles critical data including reservations, boarding passes, the matching of planes with the appropriate gates, and the roster showing which crew members are staffing each flight. The network is supposed to instantly switch over to backup systems. But as tens of thousands of stranded passengers have learned over the past few days, results may vary."
Delta  crash  IEEE-Spectrum  vulnerability 
august 2016 by pierredv
That time a patient’s heart procedure was interrupted by a virus scan | Ars Technica
"A heart patient undergoing a medical procedure earlier this year was put at risk when misconfigured antivirus software caused a crucial lab device to hang and require a reboot before doctors could continue.

The incident, described in an alert issued by the Food and Drug Administration, highlights the darker side of using computers and computer networks in mission-critical environments."
"While in theory AV may protect devices against attacks that exploit unpatched vulnerabilities, the protection often breaks down in practice. That's because federal certifications often bar the AV from receiving signature updates that allow it to detect new strains of malware."
ArsTechnica  cybersecurity  failure  vulnerability  antivirus 
may 2016 by pierredv
SS7: Locate. Track. Manipulate: Tobias Engel - Dec 2014
"Companies are now selling the ability to track your phone number whereever you go. With a precision of up to 50 meters, detailed movement profiles can be compiled by somebody from the other side of the world without you ever knowing about it. But that is just the tip of the iceberg."
SS7  vulnerability 
april 2016 by pierredv
Global Cyber Alliance: ‘A Coalition of the Angry’
Phil Reitinger interview "not threat but risk" Will need lots of automation
cybersecurity  risk-assessment  threat  vulnerability 
march 2016 by pierredv
P25 digital radio systems highly vulnerable to jamming and unauthorized decryption - Nov 2011
"On August 17, 2011 at the 20th Usenix Security Symposium, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze presented a paper Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System. These noted experts conducted in-depth research on the numerous vulnerabilities of digital P25 radio systems when operated in the encrypted and clear mode. ... According to these cryptography scientists, P25 systems are strikingly vulnerable to denial of service." "... the NID is error corrected separately from the rest of the frame. This makes it possible for an attacker to effectively prevent an entire voice frame from being correctly received by synchronizing a jamming transmitter to interfere only with the 64 bit NID field"
P25  cybersecurity  vulnerability  jamming  public-safety  spectrum  hacking 
february 2016 by pierredv
Whitepaper: Security Flaws in Universal Plug an... | SecurityStreet
"This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device."
vulnerability  security  whitepapers  UPnP 
february 2013 by pierredv

Copy this bookmark:

to read