At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.
The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.
“Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.
According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.
“The issue of protecting national security is more important than short-term profits,” not all US chipmakers are happy with the sanctions, according to Gina Raimondo.
US Commerce Secretary Gina Raimondo admitted that not all American chipmakers are happy with the sanctions against China, since the restrictions lead to a loss of profit.
“I know there are heads of chip companies sitting in the room who are a little annoyed by what I did because [они] lose profits. But that’s life. The issue of protecting national security is more important than short-term profit,” said Gina Raimondo.
She added that mostly representatives of this industry cooperate and help her department, but she also acknowledged the presence of some problems.
We have a good relationship. But of course there is some natural tension. For the first time, we refused an entire country, i.e. China, in access to semiconductors and equipment. We will continue to work in this direction.
She also acknowledged that if Japan and the Netherlands, which have leading positions in semiconductor manufacturing equipment, continue to supply China, then sanctions will make no sense.
iMessage for Android only lasted a few days. Nothing Chats app removed from Google Store and has security issues
The other day, a rather curious event happened on the market quite quietly. Nothing has introduced the Nothing Chats application, which could be called just another instant messenger, but the point is that this application actually allows Android owners to exchange messages with iPhone owners via iMessage. And a few days later, this application was removed from the Google Store.
Nothing initially stated that this was done due to the discovery of several bugs that simply needed to be fixed. However, it seems that the real reason is something else, and it is worse.
Let us remind you that the interaction between the Android messenger and iMessage occurs on a third party. She is represented by the Sunbird company, which provides its platform through which the magic happens. However, it turned out that in terms of data security, this platform is apparently much worse than Sunbird itself stated. In particular, there is no end-to-end encryption.
The Sunbird platform, and therefore the Nothing Chats app, requires a new user of the app to submit their Apple ID credentials to set up syncing. This data is then authenticated on your behalf using a virtual machine running MacOS. The main problem is that the request containing user credentials occurs over an unencrypted channel (HTTP).
The situation as a whole is more complex and is fully described on the Text.Blog website, where several specialists explain how they discovered the problem and what it is. Among other things, they show that they can obtain users’ personal data.
Thus, in fact, Nothing may not be to blame for the situation, but whether the application will now return to the Google Store is an open question.
“Eliminate the password with best-in-class security keys.” New Google Titan Security Keys Unveiled
Google has introduced a new version of the Titan Security Key. The new product is already available for purchase at a price of $30.
In its press release, Google from the very first lines focuses on the fact that this solution allows you to abandon passwords.
Eliminate passwords and prevent attacks with best-in-class security keys that can store up to 250 unique access keys, and learn about our commitment to providing 100,000 keys to high-risk users worldwide by 2024
We are talking about free distribution of 100,000 such devices. Google says it and its partners will distribute the Titan Security Key to users around the world.
The new version of the dongle is available in two versions: USB-A and USB-C. The first one costs 30 dollars, but for some reason they ask for 35 dollars for the second one. Both versions have an NFC module for easy and fast connection to mobile devices.
Google Keys supports FIDO2, so can be used as a two-factor authentication solution.
But these new AMD processors already look much more interesting. AMD talked a little about Ryzen generation Strix Point
The Ryzen 8000U/H/HS processors may disappoint with the lack of any significant improvements, but these are not all the new...
One of the most senseless changes in processor generations, and this time from AMD. Mobile Ryzen 8000U/H/HS presented
AMD will present new Ryzen 8000 mobile processors today as part of the Advance AI event. Materials from the presentation...
Microsoft will extend the life of Windows 10, but only if you pay
Microsoft has decided to slightly extend the life of the Windows 10 operating system for corporate and ordinary users. Although...
ISS celebrates 25 years in Earth orbit
25 years ago, on December 6, 1998, the crew of the STS-88 mission of the space shuttle Endeavor carried out...
Components6 days ago
The old GeForce RTX 3060 will still fight. Nvidia is going to reduce the price of this video card and extend its lifespan to combat AMD
Components3 days ago
Gamer’s Lexus TX presented: with RGB lighting, powerful acoustics and a pair of large monitors in the cabin
Components6 days ago
GeForce RTX 4090 D (Dragon) will retain the same AD102 GPU as the original model
News4 days ago
Ten times weaker than Nvidia H100, but entirely our own development. Loongson introduced LG200 AI accelerator