Connect with us
Researcher finds a way to brute force PIN codes for Verizon Researcher finds a way to brute force PIN codes for Verizon

Security

Researcher finds a way to brute-force PIN codes for Verizon customers

Published

on

A vulnerability in Verizon’s site has exposed customers to SIM swap risk.

Cybersecurity researcher Joseph Harris discovered a way to brute-force Verizon customers’ PINs on the Internet, potentially giving them the ability to hack user accounts.

The problem was that the Verizon website did not limit the number of simultaneous PIN requests, and only recorded one attempt. Many sites are set up to block such password guessing attempts after multiple incorrect requests. However, in this case, the hackers could have unlimited possibilities.

“Using this single page, I can disclose any Verizon customer account number, as well as access the PIN. Quite a serious mistake, ”the expert explained to Motherboard.

According to Harris, an attacker can use the client’s PIN to request a SIM change. An attack called SIM swapping (SIM swapping) allows a hacker to redirect text messages to himself in order to hack other accounts. Attackers could also add a new phone number to the target’s account or read the user’s text messages.

“Race conditions could have allowed me to take control of my Verizon account. You could view messages on vtext.com, ”added Harris.

Harris uploaded a video to YouTube showing PoC code for exploiting the vulnerability. The researcher informed Verizon of the problem and the company disabled the vulnerable pages.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers

Published

on

Nvidia lost LHR mining protection is also hacked under

Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.

Nvidia lost.  LHR mining protection is also hacked under Linux.  This was done by NBMiner developers

Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.

Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.

Continue Reading

Security

Xiaomi has released a profitable set of security camera and smart door locksmart door lock

Published

on

Xiaomi has released a profitable set of security camera and

Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.

The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.

Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.

Xiaomi has released a profitable set of security camera and

As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.

In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.

Continue Reading

Security

“These are machines for sucking out personal data.” Prayer and mental health apps have poor security

Published

on

These are machines for sucking out personal data Prayer and

Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.

“These are machines for sucking out personal data.”  Prayer and mental health apps have poor security

The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.

The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.

These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.

The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.

They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing

Continue Reading

Most Popular