Search This Blog

Showing posts with label Vulnerabilities. Show all posts

New Vulnerability in Bluetooth Connections Allows Hackers to Spy on Private Conversations


Bluetooth is used worldwide as one of the most convenient methods of connecting and controlling the devices in range. However, according to a recent report, a vulnerability labeled as the KNOB (Key Negotiation of Bluetooth) attack has been found in Bluetooth connections.

All the Bluetooth compliant devices can be affected by the vulnerability, which allows attackers to spy on a victim's personal conversations. Hackers can also exploit the vulnerability to manipulate the data present on the compromised device.

How the attack unfolds? 

While establishing a functional Bluetooth connection, both the devices rely upon an encryption key. Therefore,
in order to execute the attack, hackers exploit the vulnerability in the Bluetooth standard and weaken this encryption of Bluetooth devices instead of breaking it straightaway.

The attacker gets in the way while the devices are setting up the encryption key and resorts to brute force attack for breaking the new key with less number of digits and manipulates both the devices to employ the new encryption key.

The vulnerability affects devices by some of the renowned manufacturers namely, Apple, Qualcomm, and Intel. Companies like Apple, Microsoft, Cisco, Google, Blackberry, Broadcom and Chicony has already issued a patch to fix the flaw, as per the reports by Mashable.

The group of researchers from the Singapore University of Technology and Design, University of Oxford, and CISPA Helmholtz Center for Information Security, who found this critical vulnerability, explained, "We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to listen, or change the content of, nearby Bluetooth communication, even between devices that have previously been successfully paired."

TP-Link Wi-Fi Extenders: Detected With Vulnerability Making Them Hacker Prone!




The popular router company left its users shocked when researchers discovered a crucial vulnerability with its Wi-Fi extenders.

The vulnerability immensely compromised the extender to the hacker and let them have entire control of the device.

Victim’s traffic could easily be redirected via the taking over of the extender and could lead them to malware, the researchers cited.

To enhance the range of the Wi-Fi signals these extenders are used to “extend” the range. They provide a significant boot in the signal’s strength.

Security cameras, doorbells and other security equipment could easily be connected via the extender to the router.


But quite like the routers they are prone to vulnerabilities and need to be maintained and patched from time to time to ensure a safe network.

Allegedly, the particular extenders that were affected were the RE365, the RE350, the RE650 and the RE500.

According to sources, the researchers who were behind the digging up of this glitch belong to IBM’s X-Force of researchers.

 Ever since then IBM collectively with TP-Link has released updates for the affected users.

The to-be attackers don’t necessarily need to be within the range of the Wi-Fi extender for him to exploit the weakness.

The attacks procedure begins with the hacker sending a malicious HTTP request to the Wi-Fi extender.

 The vulnerability in turn aids the attacker to execute such commands form the request which is not the case with proper extenders which have limited access.

The attacker would need to know the extender’s IP address to abuse the vulnerability. Thousands of exposed devices could be easily found on “Shodan” and similar search engines.

The misuse of the vulnerability is not only limited to malicious code execution or simple taking control of the extender.

More sophisticated malicious activity could also be followed through using shell commands on the device’s operating system, sources cited.

Also creating a botnet out of the extender and redirecting the users to malicious pages are other things on the list of probable attacks.

Spectre Rises Yet Again With a Vulnerability In Tow


Spectre ,a class of vulnerabilities in the theoretical execution mechanism utilized in present day modern processor chips, is indeed living up to its name by ending up being unkillable.

In the midst of a progression of alleviations proposed by Intel, Google and others, the on-going claims by Dartmouth computer scientists to have comprehended Spectre variation 1, and a proposed chip configuration fix called Safespec, new variations and sub-variations continue showing up.

The discoveries likewise restore questions about whether the present and past chip plans can ever be really fixed. Just two weeks back, new data-stealing exploits named Ghost 1.1 and 1.2 were made public by specialists Vladimir Kiriansky and Carl Waldspurger. 


Presently there's another called SpectreRSB that endeavors the return stack buffer (RSB), a framework in the current modern CPUs utilized to help anticipate the return addresses, rather than the branch predictor unit.

In a paper titled Spectre Returns! Speculation Attacks utilizing the Return Stack Buffer , circulated through pre-print server ArXiv, boffins Esmaeil Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Tune, and Nael Abu-Ghazaleh detail another class of Spectre Attack that accomplished the similar from Spectre variation 1 – enabling pernicious programming software to take passwords, keys, and other sensitive data, from memory it shouldn't be permitted to contact.

These specialists by coincidence, are among the individuals who built up the SafeSpec mitigation in the first place.

The most recent data-theft burglary system includes constraining the processor to misspeculate utilizing the RSB. Utilizing a call direction on x86, SpectreRSB enables an attacker to push an incentive to the RSB with the goal that the return address for the call guideline never again coordinates with the contents of the RSB.

The paper, dated July 20, plots the steps associated with the SpectreRSB attack, which itself has six variations:         

"(1) after a context switch to the attacker, s/he flushes shared address entries (for flush reload). The attacker also pollutes the RSB with the target address of a payload gadget in the victim’s address space; (2) the attacker yields the CPU to the victim; (3) The victim eventually executes a return, causing speculative execution at the address on the RSB that was injected by the attacker. Steps 4 and 5 switch back to the attacker to measure the leakage."