wifi hacking | Breaking Cybersecurity News | The Hacker News

WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices. Dubbed " Cherry Blossom ," the framework was allegedly designed by the Central Intelligence Agency (CIA) with the help of Stanford Research Institute (SRI International), an American nonprofit research institute, as part of its 'Cherry Bomb' project. Cherry Blossom is basically a remotely controllable firmware-based implant for wireless networking devices, including routers and wireless access points (APs), which exploits router vulnerabilities to gain unauthorized access and then replace firmware with custom Cherry Blossom firmware. "An implanted device [ called Flytrap ] can then be used to monitor the internet activity of and deliver software exploits to targets of interest." a leaked CIA manual  reads . "The wi

Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Wi-Fi enabled devices — widely known as the Internet of Things (IoT) — are populating offices and homes in greater and greater numbers. From smartphones to connected printers and even coffee makers, most of these IoT devices have good intentions and can connect to your company's network without a problem. However, as the Internet of Things (IoT) devices are growing at a great pace, they continue to widen the attack surface at the same time, giving attackers a large number of entry points to affect you some or the other way. The attackers can use your smart devices to gain backdoor entry to your network, giving them the capability to steal sensitive data, such as your personal information, along with a multitude of other malicious acts. An interesting attack scenario has recently been demonstrated by one of the renowned hackers, Jayson Street , who said all it is needed is to walk around with the right device to get into someone's device. Before we jump into the te

Hacking Wi-Fi is not a trivial process, but it does not take too long to learn. If you want to learn WiFi Hacking and Penetration testing, you are at right place. Don't associate hacking as a negative, as you can learn some hacking skills yourself to secure your networks and devices. WiFi hacking is an all time hot topic among hackers as well as penetration testers. This week's featured deal from THN Deals Store brings you 83% discount on Online Wi-Fi Hacking and Penetration Testing Training Course . This online Wi-Fi Hacking and Penetration Testing course is structured in a way that will provide you an in-depth, hands-on comprehensive information on Wi-Fi Security and Penetration Testing, and Defenses on WiFi systems to protect it from these attacks. This training course is available with lifetime access and focuses on the practical side of Wi-Fi hacking without neglecting the theory behind each attack. All the attacks explained in this course are practical attacks lau

To make the configuration of routers easier, hardware vendors instruct users to browse to a domain name rather than numeric IP addresses. Networking equipment vendor TP-LINK uses either tplinklogin.net or tplinkextender.net for its routers configuration. Although users can also access their router administration panel through local IP address (i.e. 192.168.1.1). The first domain offered by the company is used to configure TP-LINK routers and the second is used for TP-LINK Wi-Fi extenders. Here's the Blunder: TP-Link has reportedly " forgotten " to renew both domains that are used to configure its routers and access administrative panels of its devices. Both domains have now been re-registered using an anonymous registration service by an unknown entity and are being offered for sale online at US$2.5 Million each. This latest TP-Link oversight, which was first spotted by Cybermoon CEO Amitay Dan, could lead its users to potential problems. However, it

From GPS system to satellite radio to wireless locks, today vehicles are more connected to networks than ever, and so they are more hackable than ever. It is not new for security researchers to hack connected cars . Latest in the series of hackable connected cars is the Mitsubishi Outlander plug-in hybrid electric vehicle (PHEV). A security expert has discovered vulnerabilities in the Mitsubishi Outlander's Wi-Fi console that could allow hackers to access the vehicle remotely and turn off car alarms before potentially stealing it. The company has embedded the WiFi module inside the car so that its users can connect with their Mitsubishi mobile app to this WiFi and send commands to the car. Researchers from security penetration testing firm Pen Test Partners discovered that the Mitsubishi Outlander uses a weak WiFi access security key to communicates with the driver's phone. The key to getting into the Wi-Fi can be cracked through a brute force attack (" on a 4 x GPU c

Hacking into computer, networks and websites could easily land you in jail. But what if you could freely test and practice your hacking skills in a legally safe environment? Facebook just open-sourced its Capture The Flag (CTF) platform to encourage students as well as developers to learn about cyber security and secure coding practices. Capture the Flag hacking competitions are conducted at various cyber security events and conferences, including Def Con, in order to highlight the real-world exploits and cyber attacks. The CTF program is an effective way of identifying young people with exceptional computer skills, as well as teaching beginners about common and advanced exploitation techniques to ensure they develop secure programs that cannot be easily compromised. Facebook  CTF Video Demo: Since 2013, Facebook has itself hosted CTF competitions at events across the world and now, it is opening the platform to masses by releasing its source code on GitHub. "

A researcher has demonstrated how easy it is to steal high-end drones, commonly deployed by government agencies and police forces, from 2 kilometres away with the help of less than $40 worth of hardware . The attack was developed by IBM security researcher Nils Rodday, who recently presented his findings at Black Hat Asia 2016. Hacking the $28,463 Drone with Less than $40 of Hardware Rodday explained how security vulnerabilities in a drone's radio connection could leverage an attacker ( with some basic knowledge of radio communications ) to hijack the US$28,463 quadcopters with less than $40 of hardware. Rodday discovered ( PPT ) two security flaws in the tested drone that gave him the ability to hack the device in seconds. First, the connection between drone's controller module, known as telemetry box, and a user's tablet uses extremely vulnerable ' WEP ' ( Wired-Equivalent Privacy ) encryption – a protocol long known to be 'crackable in sec

The same "Vigilante-style Hacker," who previously hacked more than 10,000 routers to make them more secure, has once again made headlines by compromising more than 70,000 home routers and apparently forcing their owners to make them secure against flaws and weak passwords. Just like the infamous hacking group Lizard Squad , the group of white hat hackers, dubbed the White Team , is building up a sizeable botnet consisting of hundreds of thousands of home routers, but for a good purpose. Lizard Squad , the same group responsible for Sony PlayStation Network and Microsoft Xbox Live outages , uses their botnets to launch DDoS ( Distributed Denial of Service ) attacks against target websites to flood them with traffic and knock them offline. Hacking Routers to Make them More Secure Challenged by Lizard Squad's maliocus work, the White Team of vigilante hackers built their own peer-to-peer botnet that infects routers to close off vulnerabilities , such

Apple has patched a critical vulnerability in its iOS operating system that allowed criminal hackers to impersonate end users' identities by granting read/write access to website's unencrypted authentication cookies. The vulnerability was fixed with the release of iOS 9.2.1 on Tuesday, almost three years after it was first discovered and reported to Apple. The vulnerability, dubbed " Captive Portal " bug, was initially discovered by Adi Sharabani and Yair Amit from online security company Skycure and privately reported to Apple in June 2013. Here's How the Vulnerability Worked The vulnerability caused due to the way iOS handles Cookie Stores at Captive Portals , generally a login page that requires users to authenticate themselves before connecting to the free or paid public Wi-Fi hotspots when they are first joining. So, when a user with a vulnerable iPhone or iPad connects to a captive-enabled network ( sample page shown in the screensho

Hackers have come after your phone, your computer, and your car . Now hackers are coming after your home refrigerators, Smart TVs , and eventually KETTLES . Yes, your kettle turns out good for more than just heating up water or making coffee for you– they are potentially a good way for hackers to breach your wireless network. Also Read:   How to Weaponize your Cat to Hack Neighbours' Wi-Fi Passwords . Ken Munro, a security researcher at PenTest Partners, has managed to hack into an insecure iKettle , which was proclaimed " the world's first WiFi kettle " by its developers, and stolen a home's Wi-Fi password. Besides boiling water, the iKettle can connect to a user's home WiFi network. It also comes inbuilt with an Android and iOS app that allows the user to switch on the kettle and boil the water from other location. However, the biggest security flaw resides in the Android iKettle app that keeps the kettle's password as the defa

Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 11,000 Devices. This week, we reported about a Vigilante Hacker , who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password. Now within few days, a security researcher has discovered a serious vulnerability in Netgear routers that has been publicly exploited by hackers. The critical flaw could allow hackers to bypass authentication mechanism and change the Domain Name System (DNS) settings of victims' routers to the malicious IP address. [ Exploit Code ] A security researcher, named Joe Giron, gave the details of his experience to BBC, saying that he noticed some anonymous activities in his machine and on investigating he learned that: The admin settings on his personal router have been modified on 28 September. Specifically, Domain Name System (DNS) settings on his router were changed to a suspicious IP address.

Mandiant , a FireEye sister concern has been involved in researches related to cyber defense. In their recent findings, a backdoor malware named SYNful Knock identified as the one compromising the principles of Cisco routers with features such as... ...Having an everlasting effect, i.e. Serious Persistence. What?- The malicious program is implanted in the router illicitly through the device's firmware (regardless of the vendor). The goal is achieved by modifying the router's firmware image, which exists even after the device gets a reboot. How?- installing SYNful Knock in Cisco 1841 router, Cisco 2811 router, and Cisco 3825 router. Affected areas- 14 instances in 4 countries including India, Mexico, Ukraine, and the Philippines. Impact- the backdoor is backed up with such abilities that can compromise the availability of other hosts and access to sensitive data in an organization. " The theoretical nature of router-focused attacks created a minds

Ever wonder, How can you Track your Stolen Smartphone , Laptop or any Smart Device? ...With IMEI Number? ...Or IP address? ...Or may be some special types of equipment? Well, Not required, because now it is possible to track stolen devices just by scanning their MAC addresses. Yes, Just MAC addresses, which is assigned to each device on a unique basis by the IEEE, but crooks can modify it in an attempt to hide the origin of the stolen device. But given the people's practice to never notice the MAC address of their mobile phone, tablet, laptop, desktop, smart TV, smart refrigerator, or broadband router, MAC addresses can be used to track stolen electronics. This exactly is what an Iowa City cop wants to do.  How Police Can Track Stolen Devices? According to Gazette, an Iowa police officer David Schwindt has developed a sniffing software that helps police find more stolen properties. The software, Schwindt dubbed L8NT (short for Latent analysi

Don't stare at the screen for too long for the buffering to end, Google has a solution ! It seems like Google is buckling up to carve out a niche in the market of wireless smart network devices. Just few days after Google made itself a subsidiary and a separate venture under Alphabet Inc , it announced the news of Android Marshmallow and now ithe company has announced to offer a new way to Wi-Fi and seemingly a newer and different outlook of routers. " OnHub a new way to Wi-Fi" as Google says is a speedy, secure, easy to use and a reliable Wi-Fi with a stylish look is all in a package the company can offer. Key Highlights of OnHub OnHub looks different from other routers in many unique ways, which are as follows: OnHub is cylindrical in shape It has Congestion Sensing Antennas It provides support for connecting up to 128 Devices at a time It Speaks your Language OnHub contains High-Performance Antennas hidden inside the Router Shell It has

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone called ' Snoopy ' that was capable to intercept data from users' Smartphones through spoofed wireless networks. Now, the email conversations posted on WikiLeaks website reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) called Drones to carry out attacks that inject spyware into target computers or mobile phones via WiFi. After attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the U.S. drone company Boeing subsidiary Insitu become interested in using surveillance drones to deliver Hacking Team's Remote Control System Galileo for even more surveillance. Among the emails, co-founder Ma

A leading provider of advanced threat, security and compliance solutions, Tripwire , has announced that Craig Young , a security researcher from its Vulnerability and Exposure Research Team (VERT) , is working on a paper about SSL vulnerabilities that will be presented at DEF CON 22 Wireless Village . There are thousands of websites over Internet that contain serious mistakes in the way that Secure Sockets Layer and Transport Layer Security (SSL/TLS) is implemented, leaving them vulnerable to man-in-the-middle (MitM) attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. MitM attack is one of the common and favorite techniques of attackers used to intercept wireless data traffic. Cyber criminals could able to intercept sensitive user data, including credit card numbers, PayPal credentials and social network credentials as well. Young has unearthed various situations where poor SSL implementations in co

This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event's security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world. Israel-based security firm RISCO is providing security management at the soccer stadium and very proud of their incredible work in securing this year's World Cup, which includes monitoring and maintaining hundreds of CCTV security cameras all over the 41,000-seat Arena Pantanal football stadium in Cuiaba, Brazil. The image was originally published by news outlet Correio Braziliense, that showed the Federal Police's head of international co-operation Luiz Cravo Dorea , standing in the mulch-million-dollar security center overseen by Israeli company RISCO and was watching Live video feeds from surveillance camera

Previous articles on The Hacker News have highlighted that How Internet of Things (IoT) opens your home to cyber threats. Recently the security researchers from vulnerability research firm  ReVuln  published a video demonstration shows that Philips Smart TV is prone to cyber attacks by hackers. According to the researchers, some versions of Philips Smart TV with latest firmware update are wide open to hackers and also vulnerable to cookie theft. The fault is in a feature called Miracast , that allows TVs to act as a WiFi access point with a hard-coded password 'Miracast,' and allows devices nearby within the range to connect the device for receiving the screen output. " The main problem is that Miracast uses a fixed password, doesn't show a PIN number to insert and, moreover, doesn't ask permission to allow the incoming connection, " Luigi Auriemma, CEO and security researcher at ReVuln, told SCMagazine . The vulnerability allows an attacker within the device'