Tag Archive for: revealed

Air Fryer Hacking On The Menu As Security Flaws Revealed

/in


Researchers from the Cisco Talos Intelligence Group have uncovered security vulnerabilities in a popular kitchen appliance, the Cosori Smart Air Fryer. The blog post confirming these vulnerabilities states that these could “hypothetically allow an adversary to change temperatures, cooking times and settings on the air fryer.” The remote code execution vulnerabilities, CVE-2020-28592 and CVE-2020-28593 could allow remote code injection by an attacker. Temperature and timer controls in the hands of a malicious attacker could prove dangerous in the extreme, but what is the real-world risk?

Vacuum cleaners, coffee machines and sex toys

The internet of not so smart things is a security and privacy nightmare, no doubt about that, but some vulnerabilities are more worrying than others.

Last year I reported on a robot vacuum cleaner that could be hacked to spy on the user. Out of the lab and in the real world, this would require a firmware update, access to the local network and the correct ambient light and sound levels to work.

There are, truth be told, much easier ways to use technology to eavesdrop on someone.

Smart lock issues, yep. Coffee machine ransomware, less so. Connected car hacking and even permanently locking an internet-connected chastity belt, well, yeah.

Air fryer hacking, not so much.

The problem with air fryer security vulnerabilities

Obviously, the ability to tamper with temperature and timer controls on a cooking device dangerous thing that, if successfully exploited, could potentially start a fire. So why am I not overly concerned about this one?

Well, to begin with, the researchers admit that the attacker “must have physical access to the air fryer for some of these vulnerabilities to work.” Given that there are only two vulnerabilities to begin with, the exploit opportunity has already shrunk considerably, it would seem to me.

OK, you have to allow for the ingenuity of persistent threat actors, which might see a scenario involving a stack of other exploits and malware to gain access to the local network and then the air fryer firmware. Still, it’s a bit of a stretch. At least as far as the average user, or rather risk to the average…

Source…

Massive Android 12 leak just revealed 21 new features — here’s the best ones

/in


The latest version of Android 12 offers some cool new ways to interact with Google Assistant, widgets, and even the home screen.

Found in an unreleased build by XDA Developers , given to it by an anonymous source, this version is newer than the current public build, and therefore contains some new toys to try out. Some of these are only surface-level interesting, such as new emojis or a different volume slider design, but many offer enhancements that will please Android power users.

Android 12: New way to get Google Assistant

Android 12

(Image credit: XDA Developers)

One feature that looks borrowed from Apple is the new option to activate Google Assistant by holding the power button. It’s similar to how you summon Siri on recent iPhones, and seems like a big improvement to the fiddly gesture you currently have to use while avoiding having the phone constantly listening for the “OK Google” wake word.

Android 12

(Image credit: XDA Developers)

If you’re a fan of widgets, you’ll love the new widget picker. This gives you fold-out menus for each app and a search bar at the top, making it easier to find and check out the widgets you’re interested in. This one also resembles an Apple feature, namely its own widget picker in iOS 14.

Android 12

(Image credit: XDA Developers)

On the topic of widgets, the Conversations widget and associated selection menu has been updated visually from the Developer Preview 2 version. This new feature lets you pick a contact or group from a messaging service to add to your home screen, making it easier to reply to them or to see if you’ve missed a call.

Android 12 dual-pane homescreen for tablets

Android 12

(Image credit: XDA Developers)

If you own an Android tablet, then Android 12 contains a couple of treats for you. The current DP2 build offers a persistent taskbar at the bottom of the display, while XDA’s new build also offers a dual-pane home screen, showing two sets of apps and widgets side-by-side to make the most of the larger display.

Android 12: Easier access to cards and passes

Android 12

(Image credit: XDA Developers)

Inside the notifications shade, there are new quick setting tiles for accessing device controls or your cards and passes menu. XDA Developers suggests that these features, usually found by holding…

Source…

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

/in


Google’s Project Zero revealed a novel, complex, well-engineered campaign of targeted attacks. It sounds like another one of those “nation-state” attacks that researchers love to bang on about. But was it?

It all happened about a year ago. So why are they only talking about it now?

There are more questions than answers. In today’s SB Blogwatch, we fill in the blanks.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: A Driver’s Last Hello.

Project Zero Keeps Schtum

What’s the craic? Catalin Cimpanu reports—“Google reveals sophisticated Windows and Android hacking operation”:

 The attacks were carried out via two exploit servers delivering different exploit chains via watering hole attacks. … Both exploit servers used Google Chrome vulnerabilities to gain an initial foothold. … Once an initial entry point was established in the user’s browsers, attackers deployed an OS-level exploit to gain more control of the victim’s devices.

Overall, Google described the exploit chains as “designed for efficiency & flexibility [using] well-engineered, complex code with a variety of novel exploitation methods.” … But Google stopped short of providing any other details about the attackers or the type of victims.

A nation-state, perhaps? Dan Goodin adds—“Not your average hackers”:

 Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). … It does show above-average skill by a professional team of hackers.

The attackers obtained remote code execution by exploiting the Chrome zero-day and several recently patched Chrome vulnerabilities. All of the zero-days were used against Windows users. None of the attack chains targeting Android devices exploited zero-days, but the Project Zero researchers said it’s likely the attackers had Android zero-days at their disposal.

Says who? Google’s anonymous Project Zero gnomes blog thuswise—“In-the-Wild”:

  Project Zero has recently launched our own initiative aimed at researching new ways to detect 0-day exploits…

Source…

Cellphone hacking and millions in Gulf deals: Inner workings of top secret Israeli cyberattack firm revealed – Haaretz

/in

Cellphone hacking and millions in Gulf deals: Inner workings of top secret Israeli cyberattack firm revealed  Haaretz
“cyber warfare news” – read more