NewsWorld

Billion devices affected by Wi-Fi vulnerability

UNITED STATES (OBSERVATORY NEWS) — Eset security guards discovered a vulnerability that could intercept user Internet traffic and affect more than a billion devices around the world. Large-scale such a story. We are talking about the hardware protection of Wi-Fi modems.

The vulnerability is called Kr00k and is found in wireless communication chips manufactured by the two largest companies Broadcom and Cypress. It is important that these modems can be installed in completely different equipment, from smartphones and tablets to household and not only access points, routers and smart home devices.

The essence of the problem is that attackers can send a device with such a chip a special data packet, upon receipt of which the modem will automatically change the traffic encryption key to zero and continue to work in the previous mode, that is, the user will not notice anything, but attackers will be able to decrypt the traffic, since they are now the encryption key is known for certain.

According to analysts, many popular smartphones are at risk, for example, all iPhones, starting with the sixth model, Google Nexus 5 and 6, MacBook, Asus and Huawei routers and lots of other equipment. But in reality, everything is not so scary, attackers can only decrypt the traffic that was encrypted by the modem itself, but was initially transmitted in clear form.

That is, this does not apply to secure connections, for example, via VPN, or to the data of a site whose address begins with the abbreviation HTTPS, there such traffic is again encrypted by default, and the vast majority of such sites are now. VPNs allow you to hide your real IP address and better secure your data and online activity. Visit AlwaysVPN to find out more.

Well, of course, before publishing their report, Eset researchers warned about the vulnerabilities of electronics manufacturers and many companies have already fixed the problem in new versions of their software.

Another vulnerability that affects billions of devices. Two researchers said they found a problem in Apple devices in almost all. It seems to allow attackers to gain access to any information that the user copies. It is curious that Apple itself is not aware of this and vulnerability.

The essence of the stated problem is that on Apple, iPhone and iPad mobile devices, any program can access the information on the clipboard, to what was copied or cut, to text or files. Investigators even wrote a program that demonstrates how this happens, and it seems like it works and intercepts. And here the most interesting moment is the charms of the Apple ecosystem, in the sense that the Yabloko people have done quite a bit, roughly speaking, a cloud clipboard, that is, it is common to all devices, working under one user ID. This means that the copied on the laptop can be immediately pasted on the tablet.

This also means that the program on the iPhone can intercept the computer’s clipboard data, and in theory it could be passwords, logins or bank data that no one was going to transfer to this third-party program, that is, this is quite a vulnerability. But Apple said the researchers said they did not see a problem, because such an attack is possible if the user has a malicious application installed, and Apple scans all the programs in its App Store quite carefully. which no one was going to transfer to this third-party program, that is, it is quite a vulnerability. But Apple said the researchers said they did not see a problem, because such an attack is possible if the user has a malicious application installed, and Apple scans all the programs in its App Store quite carefully. which no one was going to transfer to this third-party program, that is, it is quite a vulnerability. But Apple said the researchers said they did not see a problem, because such an attack is possible if the user has a malicious application installed, and Apple scans all the programs in its App Store quite carefully.

After the “apple” company did not begin to correct anything, the researchers published the results of their work, apparently hoping to draw attention either to the story, or, in fact, to themselves, because the mention of the Apple brand is guaranteed attention and hype. As for the users of “apple” gadgets, Cupertino assured that there is no evidence that this vulnerability could or at least could be exploited by attackers.

Online:

This article is written and prepared by our foreign editors writing for OBSERVATORY NEWS from different countries around the world – material edited and published by OBSERVATORY staff in our newsroom.

Our Standards, Terms of Use: Standard Terms And Conditions.

Contact us: [email protected]

Stay connected with Observatory and Observatory Newsroom, also with our online services and never lost the breaking news stories happening around the world.