#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

Wi-Fi hacking | Breaking Cybersecurity News | The Hacker News

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature

Beware! Connecting to This Wireless Network Can Break Your iPhone's Wi-Fi Feature
Jun 21, 2021
A wireless network naming bug has been discovered in Apple's iOS operating system that effectively disables an iPhone's ability to connect to a Wi-Fi network. The issue was spotted by security researcher  Carl Schou , who found that the phone's Wi-Fi functionality gets permanently disabled after joining a Wi-Fi network with the unusual name " %p%s%s%s%s%n " even after rebooting the phone or changing the network's name (i.e., service set identifier or SSID). The bug could have serious implications in that bad actors could exploit the issue to plant fraudulent Wi-Fi hotspots with the name in question to break the device's wireless networking features. After joining my personal WiFi with the SSID "%p%s%s%s%s%n", my iPhone permanently disabled it's WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3 — Carl Schou (@vm_call) June 18, 2021 The issue stems from a  string formatting  bug in the manner iOS parses th

WPA3 Standard Officially Launches With New Wi-Fi Security Features

WPA3 Standard Officially Launches With New Wi-Fi Security Features
Jun 26, 2018
The Wi-Fi Alliance today officially launched WPA3 —the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks . WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data. However, in late last year, security researchers uncovered a severe flaw in the current WPA2 protocol, dubbed KRACK (Key Reinstallation Attack), that made it possible for attackers to intercept, decrypt and even manipulate WiFi network traffic. Although most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2's technical shortcomings from the ground. What is WPA3? What New Security Features WPA3 Offers? WP

Researchers unearth a huge botnet army of 500,000 hacked routers

Researchers unearth a huge botnet army of 500,000 hacked routers
May 23, 2018
More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter , that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well as conduct destructive cyber attack operations. The malware has already infected over 500,000 devices in at least 54 countries, most of which are small and home offices routers and internet-connected storage devices from Linksys, MikroTik, NETGEAR, and TP-Link. Some network-attached storage (NAS) devices known to have been targeted as well. VPNFilter is a multi-stage, modular malware that can steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infrastructure and factori

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol
Oct 16, 2017
Do you think your wireless network is secure because you're using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting almost all Wi-Fi devices—including in our homes and businesses, along with the networking companies that build them. Dubbed KRACK — Key Reinstallation Attack —the proof-of-concept attack demonstrated by a team of researchers works against all modern protected Wi-Fi networks and can be abused to steal sensitive information like credit card numbers, passwords, chat messages, emails, and photos. Since the weaknesses reside in the Wi-Fi standard itself, and not in the implementations or any individua

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack
Sep 27, 2017
You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available. Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and is hell easy to exploit. This flaw is similar to the one Beniamini discovered in the Broadcom WiFi SoC (Software-on-Chip) back in April, and BroadPwn vulnerability disclosed by an Exodus Intelligence researcher Nitay Artenstein, earlier this summer. All flaws allow a remote takeover of smartphones over local Wi-Fi networks. The newly discovered vulnerability, which Apple fixed with its major iOS update released on September 19, could allow hackers to take control over the victim's iPhone remotely. All they need is the iPhone's MAC address or network-port ID. And since obtaining the MAC address of a connec

Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests

Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests
Aug 11, 2017
An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels and attributed it to the Fancy Bear hacking group. Fancy Bear —also known as APT28, Sofacy, Sednit, and Pawn Storm—has been operating since at least 2007 and also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election. The newly-discovered campaign is also exploiting the Windows SMB exploit (CVE-2017-0143), called EternalBlue , which was one of many exploits allegedly used by the NSA for surveillance and leaked by the Shadow Brokers in April. EternalBlue is a security vulnerabi

Wikileaks Unveils 'Cherry Blossom' — Wireless Hacking System Used by CIA

Wikileaks Unveils 'Cherry Blossom' — Wireless Hacking System Used by CIA
Jun 15, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices. Dubbed " Cherry Blossom ," the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its 'Cherry Bomb' project. Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware. "An implanted device [ called Flytrap ] can then be used to monitor the internet activity of and deliver software exploits to targets of interest." a leaked CIA manual  reads . "The wi

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws
Apr 20, 2017
Bad news for consumers with Linksys routers: Cybersecurity researchers have disclosed the existence of nearly a dozen of unpatched security flaws in Linksys routers, affecting 25 different Linksys Smart Wi-Fi Routers models widely used today. IOActive's senior security consultant Tao Sauvage and independent security researcher Antide Petit published a blog post on Wednesday, revealing that they discovered 10 bugs late last year in 25 different Linksys router models. Out of 10 security issues (ranging from moderate to critical), six can be exploited remotely by unauthenticated attackers. According to the researchers, when exploited, the flaws could allow an attacker to overload the router, force a reboot by creating DoS conditions, deny legitimate user access, leak sensitive data, change restricted settings and even plant backdoors. Many of the active Linksys devices exposed on the internet scanned by Shodan were using default credentials, making them susceptible to the

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi

Update Your Apple Devices to iOS 10.3.1 to Avoid Being Hacked Over Wi-Fi
Apr 04, 2017
Note:  We have published a follow-up article with more technical details about this vulnerability which resides in Broadcom WiFi SoC equipped not only in Apple devices, but also in Android devices from various manufacturers. Less than a week after Apple released iOS 10.3 with over 100 bug fixes and security enhancements; the company has just pushed an emergency patch update – iOS 10.3.1 – to addresses a few critical vulnerabilities, one of which could allow hackers to "execute arbitrary code on the Wi-Fi chip." The vulnerability, identified as CVE-2017-6975, was discovered by Google's Project Zero staffer Gal Beniamini, who noted on Twitter that more information about the flaw would be provided tomorrow. Apple also did not provide any technical details on the flaw, but urged Apple iPhone, iPad and iPod Touch users to update their devices as soon a possible. In the security note accompanying iOS 10.3.1, Apple describes the issue as a stack buffer overflow vuln
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.