Devices can be used to steal credentials and confidential information.
Cybersecurity Researcher Bobby Rauch discovered dangerous vulnerability in Apple AirTag devices. A problem with trackers allows devices to be used as a potential vector to steal credentials and confidential information.
The attack uses the Apple Lost Mode configuration method. A victim can be a person who discovers an AirTag left in a public place and wants to return the item to its true owner.
In the event of a missing AirTags, you can track it remotely using the Apple Find My app. AirTag can be scanned with an NFC reader on an iPhone or Android device, and if the AirTag was put into Lost Mode, it will automatically provide the person with any contact information related to the device. AirTag owners can customize this feature through Find My by providing a phone number or email address and can also enter a short message. After scanning the AirTag, the person who found it will automatically receive a request on their phone to navigate to a unique URL with the owner’s contact information.
However, this feature can expose an unsuspecting person to the risk of attacks. The owner of the AirTag can enter arbitrary code in the phone number field of the device URL and use the code to redirect the victim to a phishing site or other malicious web page designed to steal credentials or steal personal information. An attacker can acquire AirTags for the specific purpose of converting them into malicious Trojans and then scattering them around the world.
Rauch told Apple about his findings in June this year, but the company for three months simply said that experts were “still studying” his notice. When Rauch contacted specialist Brian Krebs, the company announced its intention to fix the issue in an upcoming update.
Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal
At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.
The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.
“Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.
According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.
Hackers hacked Europe’s largest missile manufacturer
Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.
The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.
The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.
Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.
MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.
Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once
Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.
Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.
Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.
It will set a record in its class: Honor Magic V2 will be released in December
Today it became known that a new phone with a folding screen Honor and a proprietary Magic UI skin will...
Xiaomi Mi 12T Pro with 200MP camera poses in the first photo. Otherwise, it will be a copy of Redmi K50 Extreme Edition
The first real photo of the Xiaomi Mi 12T Pro smartphone has been published, which confirms that the phone will...
Apple finally ran out of archaic 5W chargers
According to Mydrivers, Apple’s classic 5W charger has finally disappeared from the official website, meaning all stock has been sold...
Nikon Z8 will receive a very attractive price
There is fresh data on new cameras from Nikon. The source writes that Nikon will not release the Z7III and...
News7 days ago
Lenovo’s first VR headset announced
Phones6 days ago
Smartphones are to blame: Nikon and Panasonic have stopped the production of compact digital cameras. Fujifilm, Sony and Casio have done it before
Phones7 days ago
LTPO-screen like the flagship smartphones and the widest range of features. Oppo Watch 3 is coming out on August 10th
Phones7 days ago
How good is the Xiaomi 12S Ultra in DxOMark’s best camera phone rankings? We will know the answer to this question very soon.