The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: firmware

Faulty Firmware Auto-Update Breaks Hundreds of 'Smart Locks'

Faulty Firmware Auto-Update Breaks Hundreds of 'Smart Locks'

August 15, 2017Mohit Kumar
More features, more problems! Today, we are living in a digital age that is creating a digital headache for people by connecting every other unnecessary home appliance to the Internet. Last week, nearly hundreds of Internet-connected locks became inoperable after a faulty software update hit some models. Users of remotely accessible smart locks made by Colorado-based company LockState have taken to social media platforms including Twitter to complain that their $469 Lockstate 6000i locks started to fail from last Monday, leaving the keypad entirely useless. LockState's RemoteLock 6i (6000i) is an Internet-connected smart lock that connects to your home Wi-Fi network for remote control and monitoring as well as firmware updates. LockState is even a partner with Airbnb, allowing Airbnb hosts' to give their guests entry code in order to get into hotel properties without having to share physical keys. However, last week many Airbnb customers were unable to use the bu
BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

October 04, 2014Swati Khandelwal
Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. This vulnerability has come about to be known as " BadUSB ", whose source code has been published by the researchers on the open source code hosting website Github , demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack. The code released by researchers Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware. But Wait! What this means is that this critical vulnerability is now ava
First widely distributed Android bootkit Malware infects more than 350,000 Devices

First widely distributed Android bootkit Malware infects more than 350,000 Devices

January 29, 2014Anonymous
In the last quarter of 2013, sale of a Smartphone with ANDROID operating system has increased and every second person you see is a DROID user. A Russian security firm ' Doctor Web' identified the first mass distributed Android bootkit malware called ' Android.Oldboot ', a piece of malware that's designed to re-infect devices after reboot, even if you delete all working components of it. The bootkit Android.Oldboot has infected more than 350,000 android users in China, Spain, Italy, Germany, Russia, Brazil, the USA and some Southeast Asian countries. China seems to a mass victim of this kind of malware having a 92 % share. A Bootkit is a rootkit malware variant which infects the device at start-up and may encrypt disk or steal data, remove the application, open connection for Command and controller. A very unique technique is being used to inject this Trojan into an Android system where an attacker places a component of it into the boot
Exclusive: More than 200,000 Algerian TP-LINK Routers are vulnerable to Hackers

Exclusive: More than 200,000 Algerian TP-LINK Routers are vulnerable to Hackers

January 16, 2014Mohit Kumar
More than 15.2% of the Algerian population use Internet service which is provided by around 30 Internet Service Providers and one of the largest shares is served by Algerie Telecom .  Algerie Telecom provides  TP-LINK TD-W8951ND  Router to most of their home customers who Opt-In for Internet services and each of which has ZYXEL embedded firmware installed in it. ABDELLI Nassereddine, penetration tester and Algerian Computer Science Student has reported highly critical unauthorized access and password disclosure vulnerabilities in the Routers provided by Algerie Telecom. He told ' The Hacker News ' that the vulnerabilities can be exploited by any remote hacker just by exploiting a very simple loophole in the firmware. First, he found that an unauthorized access is available to ' Firmware/Romfile Upgrade'  Section on the Router's panel that can be accessed without any login password i.e. http://IP//rpFWUpload.html This page actually allows a user to upgrade
Firmware vulnerability allows man-in-the-middle attack using SD Memory cards

Firmware vulnerability allows man-in-the-middle attack using SD Memory cards

January 02, 2014Anonymous
How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany. The researchers demonstrated how it is possible to hack the microcontroller inside every SD and MicroSD flash cards that allow arbitrary code execution and can be used to perform a man in the middle attack . The Hardware Hackers  Andrew “ bunnie ” Huang and Sean “xobs”  described the exploitation method on their blog post ," it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers. " It seems that to reduce SD cards price and increase their storage capability, engineers have to consider a form of internal entropy that could affect data integrity on every Flash drive. Almost every NAND flash memory is affected by defects and presents problems like electron leakage between adjacent cells. " Flash memory is really
Unauthorized Access Backdoor found in D-Link router Firmware Code

Unauthorized Access Backdoor found in D-Link router Firmware Code

October 14, 2013Anonymous
A number of D-Link routers reportedly have an issue that makes them susceptible to unauthorized backdoor access . The researcher Craig, specialized on the embedded device hacking - demonstrated the presence of a backdoor within some DLink routers that allows an attacker to access the administration web interface of network devices without any authentication and view/change its settings. He found the backdoor inside the firmware v1 . 13 for the DIR-100 revA . Craig found and extracted the SquashFS file system loading firmware’s web server file system (/bin/webs) into IDA.  Giving a look at the string listing, the Craig's attention was captured by a modified version of thttpd , the thttpd - alphanetworks /2.23, implemented to provide the rights to the administrative interface for the router.  The library is written by Alphanetworks, a spin-off company of D-Link, analyzing it Craig found many custom functions characterized by a name starting with suffix “alpha”
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.