Connect with us
New method allows you to force the victim to connect New method allows you to force the victim to connect

Security

New method allows you to force the victim to connect to a malicious hotspot

Published

on

SSID Stripping method, works on devices running Windows, macOS, Ubuntu, Android and iOS.

A team of specialists from AirEye and the Israeli Technion discovered a new method that attackers can trick victims into connecting to a malicious wireless access point.

The method, dubbed SSID Stripping, works on devices running Windows, macOS, Ubuntu, Android, and iOS. The essence of the method is to manipulate the name of the wireless network controlled by hackers (SSID) so that it appears as the name of a legitimate wireless network.

Researchers have succeeded in generating three types of so-called “display errors”. One is to embed a NULL byte in the SSID, which causes Apple devices to display only part of the name preceding this byte. On Windows devices, you can use the newline character for this.

The second type of “display error” (which is the most common) can be caused by using non-printable characters. An attacker can add special characters to the SSID that will be included in the name, but will not be visible to the user. For example, the network name “aireye_x1cnetwork” (x1c is a byte with a value of 0x1C hex) is displayed the same as “aireye_network”.

In order to cause the third type of “display error”, an attacker must hide a certain part of the network name from the visible area of ​​the screen. For example, the network name “aireye_networknnnnnnnnnnnnrogue” (where “n” stands for newline) on the iPhone will display as “aireye_network” because the word “rogue” is out of sight. Together with an error of the second type, this can be used to effectively hide the suffix of the name of the malicious network.

The researchers described the issues they discovered as vulnerabilities, but the affected vendors do not appear to be dangerous. The AirEye specialists talked about their discovery to Apple, Microsoft, Google (Android) and Canonical (Ubuntu) in July this year, but they did not consider them to be a serious threat and do not plan to release patches in the near future.

Click to comment

Leave a Reply

Your email address will not be published.

Gaming

PlayStation 5 has been hacked. You can install games, but you can’t run them yet

Published

on

PlayStation 5 has been hacked You can install games but

Nearly two years after the PlayStation 5 went on sale, modders have found a way to jailbreak the console, albeit with some restrictions.

IGN notes that the modder, known as SpecterDev, disclosed an apparent jailbreak that is described as an experimental IPV6 kernel exploit exploiting a WebKit vulnerability.

The jailbreak will only work on PS5 systems with firmware 4.03 or later. If you’ve updated your PS5 since October last year, you won’t be able to try the exploit. But even if you need firmware, an attempt to install a jailbreak works only in a third of cases.

PlayStation 5 has been hacked.  You can install games, but you can't run them yet

As for what you can do with a jailbroken PS5 right now, you’ll get access to the system’s debug menu. You can also install games from outside the PlayStation Store, but you cannot run third-party software.

Modder Lance McDonald tested the jailbreak and was able to install the PT demo, the famous teaser of the canceled Silent Hills game. However, he was unable to start playing the game. Although the exploit offers read/write access to the PS5, there is currently no way to execute the downloaded files. In any case, PT is not backwards compatible with PS5.

It is currently unlikely that this jailbreak will be widely used anytime soon due to its limitations and the fact that Sony can ban modder accounts. On top of that, there is a risk of locking the console at that time. However, it may give other hackers and modders a foundation to build more robust jailbreak tools.

Continue Reading

Security

Hacker Hacked Fast Company’s Apple News Account and Spread Racist Messages

Published

on

Hacker Hacked Fast Companys Apple News Account and Spread Racist

An unknown hacker was able to access the business publication Fast Company’s Apple News account and sent out a series of obscene and racist messages via push notifications. Subscribers are the victims.

Hacker Hacked Fast Company's Apple News Account and Spread Racist Messages

Fast Company confirmed the hack, and so did Apple. The incident is currently under investigation.

Fast Company’s Apple News account was hacked Tuesday night. After that, two push notifications with obscene and racist content were sent with a minute interval. The messages are disgusting and do not match Fast Company content. We are investigating the incident and have also paused feed updates and closed FastCompany.com until we are confident the situation has been resolved.“, – noted in the publication.

Shortly before the shutdown, the hacker himself posted an entire article on the Fast Company website, where he described in detail how he managed to bypass the protection. It turned out that the accounts on the site were protected by the same password, this also applies to the account of the site administrator. Having gained access to them, the hacker was able to get to the authentication tokens and log in to Apple News.

At the same time, in addition to hooliganism, no financial losses or manipulations were recorded.

Continue Reading

Security

Young hacker who leaked GTA 6 material denies his guilt

Published

on

Young hacker who leaked GTA 6 material denies his guilt

The 17-year-old hacker, who was previously arrested in the UK on suspicion of hacking Rockstar Games and Uber, has pleaded not guilty. According to police, he appeared in court over the weekend, but refused to plead guilty to PC misuse. At the same time, he admitted that he violated the conditions of release on bail. Now he is being held in a juvenile detention center.

Young hacker who leaked GTA 6 material denies his guilt

According to investigators, the 17-year-old is part of the Lapsus$ hacker group and is behind the recent leak of videos and other details of the $2 billion GTA 6 game.

Earlier, a hacker under the nickname teapotuberhacker published an archive with video and source code from an early version of GTA 6, which has already gone viral. Take-Two tried to stop the spread of the leak, but it was only partially successful.

The hacker also said that it was he who attacked the Uber computer system, gaining access to correspondence, email addresses, and so on.

At the moment, the investigation is ongoing, so it is not yet clear how this story will end.

Continue Reading

Most Popular