VLC player has ‘critical’ security flaw

Popular media software VLC Media Player has a critical software vulnerability that could put millions of users at risk, security researchers have warned.

Researchers from German firm CERT-Bund say they have detected a major safety flaw in the video player, which has been downloaded billions of times across the world, which could allow hackers access to compromise users' devices.

Although the vulnerability is yet to be exploited by hackers publicly to date, it poses an increasing threat for users of the popular software.

- VLC for Nintendo Switch and PS4 could be on the way
- How to convert videos with VLC
- VLC Media Player is about to hit 3bn downloads, with new features on the way

Hijacked

According to CERT-Bund, the flaw enables remote code execution (RCE), unauthorised modification and disclosure of data/files, and overall disruption of service, meaning users could see their devices hijacked and made to run malicious code of software.

Known as CVE-2019-13615, the vulnerability is found in the latest edition of the software, VLC Media Player version 3.0.7.1, and is rated at 9.8 in NIST's National Vulnerability Database, meaning it can be labelled as 'critical'.

The issue has been detected in the Windows, Linux and UNIX versions of VLC, however the macOS version appears to be unaffected.

VideoLAN, the not-for-profit organisation beind VLC Media Player, says it has been working on a patch for the flaw for the last four weeks, and is 60 percent through.

Last month, VideoLAN released the biggest single security update for VLC Media Player in the history of the programme. The update included fixes for 33 vulnerabilities in total, of which two were marked critical, 21 medium and 10 rated low.

Flaw in Zoom app could allow Mac webcams to be hacked

Jonathan Leitschuh, a US-based security researcher on Monday had publicly disclosed a major zero-day vulnerability in the Zoom video conferencing software. Leitschuh had demonstrated that any website can start a video-enabled call through the Zoom software on a Mac with the help of a web server which gets installed by the Zoom app.

According to a report by The Verge, the server accepts the requests which the regular would not. The report further says that even if you uninstall the Zoom software, the server will still remain and it can reinstall Zoom without the user’s choice. As per the findings by Leitschuh, the Zoom software can get hijacked by any website which can then force a Mac user to join a call along with an activated webcam even without their permission unless a specific setting is enabled.

On a Medium post published on Monday, Leitschuh gave a demonstration through a form of a link which after being clicked takes Mac users (currently using/or have used Zoom app before) to a conference room activating their webcams. He notes that this particular code can get embedded to any website and also on malicious ads or a phishing campaign.

Leitschuh further writes that even if Mac users uninstall the Zoom app, the local web server still remains and it will “happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The Verge in its report said that they tried the flaw themselves by using Leitschuh’s demo and were able to confirm that the issue does persist on clicking the link if Mac users have used the Zoom app and have not checked a particular checkbox in settings. The link auto joins the users to a conference call with the web camera on.

As per Leitschuh, he had contacted Zoom back on March 26 earlier this year and had said that he would disclose the exploit publicly in 90 days. According to him, Zoom does not seem to have done enough to resolve the problem. The particular vulnerability was also disclosed to both Chromium and Mozilla teams, however, because it is not an issue with their browsers, there is not much those developers can do about this.

Ransomware found exploiting former Windows flaw

Researchers at cybersecurity firm Kaspersky have uncovered new encryption ransomware named Sodin (Sodinokibi or REvil) that exploits a recently discovered Windows vulnerability to get elevated privileges in an infected system. The ransomware takes advantage of the architecture of the central processing unit (CPU) to avoid detection - functionality that is not often seen in ransomware.

"Ransomware is a very popular type of malware, yet it's not often that we see such an elaborate and sophisticated version: using the CPU architecture to fly under the radar is not a common practice for encryptors," said Fedor Sinitsyn, a security researcher at Kaspersky.

"We expect a rise in the number of attacks involving the Sodin encryptor, since the amount of resources that are required to build such malware is significant. Those who invested in the malware's development definitely expect if to pay off handsomely," Sinitsyn added.

The researchers found that most targets of Sodin ransomware were found in the Asian region: 17.6 percent of attacks have been detected in Taiwan, 9.8 percent in Hong Kong and 8.8 percent in the Republic of Korea.

However, attacks have also been observed in Europe, North America and Latin America, Kaspersky said, adding that the ransomware note left on infected PCs demands $2500 worth of Bitcoin from each victim.

The vulnerability CVE-2018-8453 that the ransomware uses was earlier found to be exploited by the FruityArmor hacking group. The vulnerability was patched on October 10, 2018, Kaspersky said.

To avoid falling victim to Sodin threats, make sure that the software used in your company is regularly updated to the most recent versions, said Kaspersky researchers.

Security products with vulnerability assessment and patch management capabilities may help to automate these processes, they added.

EA Origin Security Flaw Exposed over 300 Million Gamers to Account Takeovers



In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers.

As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield.

The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player's accounts without needing the login or password.

Stealing 'Access Tokens' can be a bit more complex than stealing passwords, however, it still is possible. It's because users have been enlightened against providing passwords on dubious websites, hackers now resort to accessing access tokens rather than the passwords. Moreover, it can be carried out behind the scenes without needing any active participation from the user.

On Wednesday, commenting on the matter, Oded Vanunu, head of products vulnerability research for Check Point, told, "EA's Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users' accounts,"

Referencing from the statements given by Alexander Peleg in an email in the regard, "We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix," 

Flaws in LTE can allow hackers to spoof presidential alerts


Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the 'Presidential Alert,' a new category that can't be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.

Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.

A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message.

Why it matters: The Wireless Emergency Alert (WEA) system is meant to allow the president to promptly broadcast alert messages to the entire connected US population in case of a nationwide emergency. It can also send out bad weather or AMBER alerts to notify citizens in a particular region or locality, thus making its operation critical. However, the exploitation of LTE networks used in it can enable the transmission of spoofed messages that can cause wide spread of misinformation and panic among the masses.

The researchers didn’t perform an actual attack on a live crowd at the stadium or on actual mobile devices, Eric Wustrow, a researcher on the paper, told Gizmodo in an email. The tests performed were instead done in isolated RF shield boxes, Wustrow said, “and our analysis of Folsom Field was a combination of empirically gathered data and simulation.”

First, alerts come from a specific LTE channel, so malicious alerts can be sent out once that channel is identified. Second, phones have no way of knowing if an alert is genuine or not. Adding digital signatures to alerts could potentially solve the latter problem, but the task would require device manufacturers, carriers, and government agencies to work together.

Mozilla advices its users' to update their web browser to fix critical vulnerability






Mozilla has issued a warning to its users and asked them to upgrade their web browser Firefox, after company found some critical vulnerabilities.

The company has issued an advisory on Tuesday, 18 June, 2019, it includes a details about security vulnerabilities that have been fixed in Firefox 67.0.3 and Firefox ESR 60.7.1.

 The advisory detailed flaws stating, “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash.”

It further read “We are aware of targeted attacks in the wild abusing this flaw.” The company has marked the update as ‘critical’. 

According to reports, the bug is classified as critical because  it allows outside users to remotely execute code on your machine without your permission.


The bug was spotted for the first time by Samuel Groß, who is reportedly a security researcher with Google Project Zero and Coinbase Security.

Security flaw in India Post server revealed by researcher

French security researcher Robert Baptiste who goes by Elliot Anderson on Twitter has been revealing cybersecurity flaws in the Indian scene for a while now. This time, he has reported a vulnerability on the India Post server that allows remote code execution.

Baptiste has in fact reported this flaw in place of an Indian researcher who chose to remain anonymous because of legal implications in face of Indian law.

The subdomain of India Post — digitization.indiapost.gov.in — was vulnerable to an Apache vulnerability i.e. CVE 2017-5638. It meant that the attacker would be able to run code on India Post server, as shown below:




The flaws led to exposed bank details of employees as well as databases of sensitive information. He posted several screenshots of the files he was able to access by exploiting the flaw.


He also revealed that he was not the first person to exploit these flaws and posted screenshots that show activity from almost a year ago on 14th April, 2017.


The vulnerability has since been fixed, leading to Elliot Anderson tweeting out the details of this recent hack.




Hacker breaks into Telangana’s TSPost website, exposes flaw

Indian government sites are often criticized for their lack of cyber security and safety of people’s information. Pointing out a flaw in Telangana government’s NREGA portal, French hacker and independent security researcher Robert Baptiste hacked into the state government’s website.

He reportedly contacted the site owners regarding the issue and after receiving no response for some time, published his results on social media.


The website (http://tspost.aponline.gov.in) was vulnerable to one of the most basic web hacking technique, an SQL injection. It has now gone offline in the wake of this news.

“A basic SQL injection allows an attacker to access the database of the website,” Robert said. “To be clear, all the data on this website can be a dump. Telangana government officials say they are working to fix it. For this website, they have to hire decent web developers to protect it from attacks.”

TSPost, Telangana’s government benefit disbursement portal, contained the account details and Aadhaar numbers of over 56 lakh NREGA beneficiaries and 40 lakh beneficiaries of social security pensions.

Using the SQL injection, Robert was able to access not just the Aadhaar and account details from the website but also the API keys of UIDAI’s Aadhaar database, the access of which can enable anyone capable enough to make a fake Aadhaar app that could be uploaded to Google Playstore for malicious use.

This is one of the many cases pointing out how vulnerable the Aadhaar system is to hacking and security breaches.

Tinder flaw that let hackers break into accounts with just a phone number

According to a report by Anand Prakash from Appsecure, a specialised cybersecurity company, the company had discovered a vulnerability in the Tinder application that could let hackers have access to user accounts using just their phone numbers.

It has been reported that the flaw has since been patched by Tinder and Facebook, and there have been no reports of any previous exploitation of this flaw as yet.

The attack became possible by exploiting a vulnerability in the Account Kit service provided by Facebook, which is used to login into both the web and mobile application using phone numbers.

Prakash said that just by knowing the phone number the user uses to login with, the attacker would have been able to gain access to their account “within seconds” and would gain full access to the account, including personal chats, information, and interaction with other users.

He reported this flaw to Facebook and Tinder and it has since been fixed, earning him a bounty of $5,000 and $1,250 from Facebook and Tinder respectively through their bounty programs.

Anand Prakash has till now earned more than $350,000 as a full-time bounty hunter, finding out and notifying global companies about major security flaws.

Security flaw in uTorrent allows hackers remote access

Tavis Ormandy, a vulnerability researcher at Google and a part of Google Project Zero, a team of security analysts specializing in finding zero-day vulnerabilities, revealed on Wednesday a vulnerability in BitTorrent’s uTorrent Windows and web client that allows hackers to either plant malware on the user’s computer or see their download activity.

Google Project Zero published their research once the 90-day window that it gave to uTorrent to fix the flaw before publicly disclosing it was over.

According to Ormandy, the flaws are easy to exploit and make it possible for hackers to remotely access downloaded files or download malware on their computers using the random token generated upon authentication.

He reported on Twitter that the initial fix that BitTorrent rolled out seemed to only generate a second token, which did not fix the flaw and said, “you just have to fetch that token as well.”


BitTorrent issued a statement on Wednesday regarding the issue:

On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent).

Zero Day Telegram Vulnerability Exploited by Hackers for Cryptomining

Kaspersky Lab has revealed that in October 2017, they had discovered a flaw in Telegram Messenger’s Windows desktop client that was being exploited “in the wild”. According to Kaspersky, the flaw has allegedly been by Russian cybercriminals in a cryptomining campaign.

The Telegram vulnerability involves the use of an RLO (right-to-left override) attack when the user sends a file through the messenger.

RLO Unicode method is primarily used for coding languages that are written right-to-left, such as Hebrew or Arabic, but hackers can use it to trick users into downloading malicious files. When an app is vulnerable to attack, it will display a filename incompletely or in reverse.

Kaspersky has said that it seems that only Russian cybercriminals were aware of this flaw and were exploiting it — not to spread ransomware but cryptomining malware.

The attacks enabled cybercriminals to not just spread the cryptomining malware but also to install a backdoor to remotely control victims’ computers.

“We don’t have exact information about how long and which versions of the Telegram products were affected by the vulnerability. What we do know is that its exploitation in Windows clients began in March 2017,” read the report Kaspersky published on the flaw.

In the report, Alexey Firsh, cyberthreat researcher at Kaspersky, has outlined several scenarios that show cases of how the vulnerability was actually exploited.

He also wrote that Telegram was informed of this flaw and it no longer occurs in their products.

Amazon denies risk in Amazon Key — while it is working to fix it

Earlier this week, Anonymous researcher and Twitter user, MG, posted a video showing how Amazon Key, the company’s recently launched service which allows delivery staff to unlock a customer’s house and deposit items when no one’s home, can be used to disable customer’s alarm systems and break into their homes using a software.


After a failed attempt at disclosure with Amazon, where it demanded to see a PoC and refused the possibility of any reward or payment, MG took to Twitter and uploaded the video showing how Amazon Key can be exploited by “anyone with a raspberry pie.”

Once the video was posted, Amazon finally reached out to him and is currently working on a fix to the vulnerability.

However, Amazon is still denying any risk associated with its product.

"The security features built into the delivery application technology used for in-home delivery are not being used in the demonstration,” said Kristen Kish, Amazon spokesperson.

She added that, “Safeguards are in place when the driver technology is used: our system monitors 1) that the door is only open for a brief period of time, 2) communication to the camera and lock is not interrupted, and 3) that the door is securely re-locked. The driver does not leave without physically checking that the door is locked. Safety and security is built into every aspect of the service.”

While MG is withholding technical details until Amazon has a chance to fix the issue, the video shows how a hacker can easily enter a house enabled with Amazon Key.

Amazon also told Forbes that the hack involves “disrupting Wi-Fi connections used by the Key system, not Amazon software. The Raspberry Pi does some as yet undisclosed deauthorization, which would indicate a disconnection between the various pieces of the Amazon Key setup.”

MG, in his report, questions this process.

“Why are you using low wage workers to be the last gate in a bad security model? How often has this process been audited for completion rates or holes?” he writes.

He is also concerned about the “fact that they require your house’s alarm to be turned off for a driver to use the Amazon Key without issue,” saying that Amazon doesn’t talk about the consumer use of the app either.

Schneider Electric reveals it was flaw in technology that led to hack

Schneider Electric SE said in a customer advisory released on Thursday that the attack that in December that led to a halt in operations at an undisclosed industrial facility was caused by hackers exploiting a previously unknown vulnerability in its technology.

Schneider said in the notice that the vulnerability was in an older version of the Triconex firmware that allowed hackers to install a remote-access Trojan as "part of a complex malware infection scenario" and advised customers to follow previously recommended security protocols for Triconex.

Reports of the breach surfaced on December 14, when cybersecurity firms disclosed that hackers had breached one of Schneider’s Triconex safety systems and speculated that it was likely an attack by a nation-state.

The target of the attack has not been disclosed till now, however, Dragos, a cybersecurity firm has said it occurred in the Middle East. Others have speculated it was in Saudi Arabia.

The attack is the first of its kind to be reported to happen on this kind of system.

The system itself is used in nuclear facilities, oil and gas plants, mining, water treatment facilities, and other plants to safely shut down industrial processes when hazardous conditions are detected.

Previously, Schneider had said that the attack was not caused by a bug in the Triconex system.

Schneider is reportedly working on tools to identify and remove the malware, expected to be released in February. The Department of Homeland Security is also investigating the attack, according to Schneider.

Gmail Android app flaw allows crooks to send emails pretending to be someone else


Beware people! A bug in Gmail’s Android app would allow people with bad intention to hide their identity and impersonate other people and organizations.

Yan Zhu, a security researcher, discovered the bug in the end of October which Google has said to have fixed.

In order to stay safe, Gmail users should study the email address carefully. Don’t hit reply to ask for verification. Walk over and have a chat, or send a note using what you know is their real email address.

Email spoofing is not a new thing which allowed the hackers sending an email which looks like from another account by hiding their own addresses.  

As per the researcher, the sender’s real email address would be hidden, and the receiver wouldn’t be able to reveal it by even by opening the email and expanding the contents.

Zhu told Motherboard that she had changed her display name to yan “security@google.com” with an extra quotation mark.

She shared a screenshot of the mail with the Motherboard.

According to Motherboard, DomainKeys Identified Mail (DKIM) signature digitally signs emails for a given domain and establishes authenticity.

When John Shier, a security enthusiast, noted that a set of emails to discern whether they were phish or legit, the DKIM was one of the clues that led him to the conclusion that one of the emails in question was for real.

DKIM doesn’t filter or identify spoofed emails, per se, but it can be helpful in approving legitimate email.

In fact, Google has used it to authenticate email coming from eBay and PayPal: both heavily phished properties.

If a message comes in to Gmail purporting to be from either but lacks DKIM, out it goes – it doesn’t even make it into the Spam folder.

Hackers can Record Phone Calls on Modern Samsung Galaxy Handsets



The recent versions of Samsung Galaxy can have all their phone calls recorded using an OpenBTS, a malicious base station.

A base stations work as a fake telephony towers, they  are used for testing and debugging in laboratory.

Two German security researchers, Daniel Komaromy and Nico Golde, showed how base stations can easily fool Samsung Galaxy’s handset and have them connected to their network, at the PacSec security conference  in Tokyo, Japan.

They used  the latest versions of Samsung's Galaxy S6, Galaxy S6 Edge, and Galaxy Note 4 families. The common thing about these phones is Samsung's line of "Shannon" baseband chips, which is used to handle telephony features.

When hacker uses the OpenBTS base  for transmitting malicious firmware update to the baseband chip then it has higher possibility of attack.

This firmware is capable of rerouting all  the phone calls through proxy, and can record   phone calls and spy on their victims without being noticed.

Researchers reported technical details to Samsung's team, and  the company has started work on a patch to fix the issue.



Several serious security bugs in Samsung Galaxy S6 Edge

A dozen of flaws have been found in Samsung's Android operating system running on Samsung Galaxy S6 Edge smartphones by researchers from Google’s Project Zero.  

However, Samsung claims to have patched most of the vulnerabilities.

As per the researchers, the flaws could allow an attacker to manipulate the privilege the device assigns to its apps, and access the victim's emails among other threats.

The research team reported the vulnerabilities to the concerned company in late July and eight of them were addressed by the vendor with its October maintenance release. The company has assured to patch remaining three security bugs later this month.

 Project Zero wanted to put the security of an OEM device to the test to see how it compares against Google’s Nexus, for which the Internet giant has started releasing monthly security updates.

“The majority of Android devices are not made by Google, but by external companies known as Original Equipment Manufacturers or OEMs which use the Android Open-Source Project (AOSP) as the basis for mobile devices which they manufacture. OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers,” Project Zero researcher Natalie Silvanovich said in a blog post.

The researchers, who were asked to find vulnerabilities, looked for three types of issues that can be part of a kernel privilege escalation exploit chain, including gaining remote access to contacts, photos and messages, gaining access to such data from a Google Play application that requires no permissions, and using this access to persistently execute code even after a device wipe.

“Each team worked on three challenges, which we feel are representative of the security boundaries of Android that are typically attacked. They could also be considered components of an exploit chain that escalates to kernel privileges from a remote or local starting point,” Silvanovich said.

Among the eleven high severity issues, the most serious being a path traversal vulnerability (CVE-2015-7888) in the Samsung WifiHs20UtilityService service that can be exploited to write arbitrary files on the system.

The email client installed on Samsung Galaxy S6 Edge devices is also plagued by a serious flaw (CVE-2015-7889), which allows an attacker to forward a user’s emails to a different account via a series of intents from an unprivileged application. Another email client issue (CVE-2015-7893) can be exploited to execute arbitrary JavaScript code embedded in a message.

Google researchers also found issues related to drivers (CVE-2015-7890, CVE-2015-7891, CVE-2015-7892), and image parsing (CVE-2015-7894, CVE-2015-7895, CVE-2015-7896, CVE-2015-7897, CVE-2015-7898).

“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device which slowed us down. The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review. It was also surprising that we found the three logic issues that are trivial to exploit. These types of issues are especially concerning, as the time to find, exploit and use the issue is very short,” Silvanovich explained.



Critical Bug in GnuTLS library affects Linux and hundreds of apps


A critical bug(CVE-2014-0092) in handling the errors in the GNU Security library GnuTLS affects hundreds of software packages including RedHat, Debian and Ubuntu distros.

According to RedHat security advisory, there is a coding error in GnuTLS which fails to handle certain errors that could occur during the verification of an X.509 certificate, results in reporting 'a successful verification'.

"An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker." the advisory reads.

The bug exists in returning the value in the verify.c file (https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b?diffmode=sidebyside).  It appears the uninitialized variable "result" is causing the problem.  There is also another coding error where it returns value of issuer_version when issuer_version is less than zero, instead of returning zero.  And, when result is less than zero, it goes to 'cleanup' location instead of 'fail'.

Nikos Mavrogiannopoulos from Red Hat Security Technologies Team discovered this security flaw, while doing an audit of GnuTLS for the RedHat.

Users are advised to upgrade to the latest GnuTLS version (3.2.12 or 3.1.22) or apply the patch for GnuTLS 2.12.x.

Hackers can use Google Chrome to spy on your conversations


A Security bug in Google Chrome allows hackers to use computer microphone to surreptitiously listen to your private conversations.

Normally, a website that uses speech recognition technology gets permission from user to access mic.  There will be indication of the speech recognition in chrome.  Once the user leaves the website, chrome will stop listening to Mic.

Israeli developer Tal Ater found a security flaw in this system, while working on Speech Recognition library.

The problem is that once you grant a HTTPS-enabled website permission to use your mic, chrome will remember the choice and start listening in the future without asking permission again.

In a demo video, he showed how an attacker could leverage this functionality by launching a small hidden pop-up window that will start the speech recognition system.

Ater reported the bug to Google's Security team on Sep. 2013.  He has been nominated for the chromium's reward panel.




Security Bugs fixed: Wireshark 1.10.4 and 1.8.12 released

Wireshark latest versions are available here.  The new versions 1.10.4 and 1.8.12 have no special features comparing to previous versions.  However, multiple bugs have been fixed in these versions.

There are three security bugs fixed.  The vulnerability exists in the "SIP dissector", "The BSSGP dissector" and the "NTLMSSP v2 dissector"

An attacker could remotely crash the Wireshark by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Besides security bugs, there are also some non-security related bugs fixed in these versions such as "Tx MCS set is not interpreted properly in WLAN beacon frame", "Wireshark fails to decode single-line, multiple Contact: URIs in SIP responses".

Download the latest version from here:
http://www.wireshark.org/download.html



Hacked Verizon Femtocell allows hackers to spy on Phone calls made with iPhone & Android


Two Security experts from iSEC Partners have found a way to spy on Verizon wireless mobile phone customers by hacking into devices the U.S. Carrier sells to boos Wireless signals indoors.

In a demonstration for Reuters, researchers Ritter and Doug DePerry show how they are able to spy on phone calls, messages and photos made with iPhone and Android phones by using a Verizon femtocell that they had previously hacked.

"This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people," Reuters quoted a senior consultant with the security firm iSEC Partners , Tom Ritter as saying.

Verizon reportedly updated the software on its signal-boosting devices, known as femtocells or network extenders,to thwart hackers from copying the technique of the two experts.

"The Verizon Wireless Network Extender remains a very secure and effective solution for our customers" Verizon spokesperson said in a statement after they fixed the bug.

However, researchers claimed their technique still works because they had modified the device before the company pushed out the software fix. Experts told Reuters that the further details will be shared at the two upcoming hacking conferences : Black Hat and DefCon.