Connect with us
Millions of Android Windows and iOS devices will lose Internet Millions of Android Windows and iOS devices will lose Internet

Security

Millions of Android, Windows and iOS devices will lose Internet access on September 30

Published

on

Let’s Encrypt IdenTrust DST Root CA X3 will expire tomorrow.

Millions of Android devices, Windows PCs and Apple iPhones will lose access to the Internet on September 30 this year due to the expiration of the IdenTrust DST Root CA X3 digital root certificate from the Let’s Encrypt certification authority (CA).

Let’s Encrypt, a non-profit organization, issues free digital certificates to encrypt connections between devices and the Internet and protect data from interception in transit. Millions of sites use Let’s Encrypt certificates.

However, how warned Security Researcher Scott Helme, the IdentTrust DST Root CA X3 currently used by Let’s Encrypt expires tomorrow, and many computers, smart devices and web clients (such as browsers) will no longer be able to trust certificates issued by this CA.

After the expiration of the IdenTrust DST Root CA X3, devices that do not receive regular updates, in particular embedded systems that do not receive automatic updates, and smartphones with outdated software versions, will encounter problems. In particular, the problems will affect users of older versions of macOS 10.12.0 and later, Windows XP (with Service Pack 3), iOS devices prior to iOS 10, clients relying on OpenSSL 1.0.2 and below, PlayStations 3 and 4 with an un-updated firmware, Nintendo 3DS, Ubuntu up to 16.04, Debian 8 and later, Java 8 up to 8u141, Java 7 up to 7u151 and NSS up to 3.26.

While Android has long had a problem with OS updates according to Let’s Encrypt, the organization has come up with a mechanism to keep most smartphones safe from root certificate expiration issues.

This year, Let’s Encrypt switched to using its own ISRG Root X1 certificate, which will expire only in 2035. While most Android devices (notably Android Nougat 7.1.1 and earlier) still do not trust this certificate, Let’s Encrypt has received a cross-signature for its certificate that is longer than the root certificate. Thanks to this, most Android devices should work smoothly for another three years.

However, some Android devices can still run into problems, Let’s Encrypt warns and recommends that Android (Lollipop) 5.0 users install Firefox.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal

Published

on

Is Elon Musks Satellite Internet Under Threat Enthusiast Hacked Starlink

At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

This is what the Starlink terminal looks like

According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.

Continue Reading

Security

Hackers hacked Europe’s largest missile manufacturer

Published

on

Hackers hacked Europes largest missile manufacturer

Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.

Hackers hacked Europe's largest missile manufacturer

The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.

The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.

Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.

MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.

Continue Reading

Security

Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once

Published

on

Samsung is ahead of the curve again The company released

Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.

Samsung is ahead of the curve again.  The company released the August security patch for three flagship lines at once

Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.

Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.

Continue Reading

Most Popular