Tag Archive for: hijack

Watch a Hacker Hijack a Capsule Hotel’s Lights, Fans, and Beds

/in


Kyasupā wondered if he could hack his hotel’s iPod Touch controls after they handed it to him at check in, but he didn’t want to waste his vacation time reverse engineering the system. He says he changed his mind after a noisy neighbor kept him up for several nights. “I thought it would be nice if I could take control of his room and make him have a lovely night,” he writes. “That’s how I decided to start to analyze how everything worked.”

The iPods the hotel issued as remote controls were locked with iOS’ “guided access” setting that prevents users from leaving the Nasnos remote control app. But Kyasupā found he could simply let the iPod’s battery drain and restart it to gain full access—a hard reboot is a known guided access workaround—and the iPod didn’t have a PIN set for its lockscreen. He then saw that the iPod was connecting via Wi-Fi to a Nasnos router—each room seemed to have its own—that in turn connected via radio to the other digital devices in the room like its lights, fan, and foldout couch.

To intercept the app’s commands from the iPod to the Nasnos router, Kyasupā knew he’d have to find the password to access that router. But remarkably, he found that the Nasnos routers used WEP encryption by default, a form of Wi-Fi security known for decades to be easily crackable. “Seeing that WEP is still used in 2019, it’s crazy,” he writes. Using the program AircrackNG, he brute-forced the router’s password and connected to it from this laptop. He was then able to use his Android phone as a Wi-Fi hotspot, connect the iPod to that hot spot, and route it through his laptop. Finally, he connected the laptop to the Nasnos router via Wi-Fi and used that setup as a man-in-the-middle to eavesdrop on all the iPod’s communications to the router.

Kyasupā then tried out every function in the app—such as turning lights on and off, converting the couch to a bed, and so on—while recording the data packets sent for each one. Because the Nasnos app used no actual authentication or encryption in its communications with the router, other than the WEP Wi-Fi encryption, he could then connect to the room’s router with his laptop instead and replay those commands to trigger the…

Source…

DNSpooq bugs let attackers hijack DNS on millions of devices

/in


DNSpooq bugs let attackers hijack DNS on millions of devices

Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices.

Dnsmasq is a popular and open-source Domain Name System (DNS) forwarding software that adds DNS caching and Dynamic Host Configuration Protocol (DHCP) server capabilities to networking equipment it runs on.

The full number or the name of all companies that use Dnsmasq versions vulnerable to DNSpooq attacks on their devices is not yet known.

However, JSOF highlighted a list of 40 vendors in their report, including Android/Google, Comcast, Cisco, Redhat, Netgear, Qualcomm, Linksys, Netgear, IBM, D-Link, Dell, Huawei, and Ubiquiti.

Behind the DNSpooq vulnerabilities

Three of the DNSpooq vulnerabilities (tracked as CVE-2020-25686, CVE-2020-25684, CVE-2020-25685) allow for both DNS cache poisoning attacks (also known as DNS spoofing).

DNS Cache Poisoning is an attack method that allows threat actors to replace legitimate DNS records on a device with ones of their choosing.

Using this attack, threat actors can redirect users to malicious servers under their control, while to the visitors it appears as if they are visiting the legitimate site.

This allows the attackers to perform phishing attacks, credential theft, or to distribute malware from what is perceived as a trusted company.

The first DNS spoofing attack was disclosed by security researcher Dan Kaminsky in 2008 when he showed that DNS software can be exploited to steal data and impersonate any website name.

DNS spoofing
DNS spoofing (JSOF)

“Traffic that might be subverted includes regular Internet browsing as well as other types of traffic, such as emails, SSH, remote desktop, RDP video and voice calls, software updates, and so on,” JSOF’s report explains.

Hypothetical attack scenarios also include JavaScript-fueled Distributed Denial of Service (DDoS), reverse DDOS, and wormable attacks in the case of mobile devices that switch networks regularly.

The rest of them are buffer overflow vulnerabilities tracked as CVE-2020-25687, CVE-2020-25683, CVE-2020-25682, and CVE-2020-25681 that…

Source…

Jean Fallacara Released a New Book “Neuroscience Calisthenics: Hijack your Body Clock” Shedding Light on – EIN News

/in

Jean Fallacara Released a New Book “Neuroscience Calisthenics: Hijack your Body Clock” Shedding Light on  EIN News
“HTTPS hijacking” – read more