Daily Archives: November 8, 2019

Researchers find security flaws in ‘Amazon’s Ring Video Doorbell Pro’ IoT device

Bitdefender researchers have discovered an issue in ‘Amazon’s Ring Video Doorbell Pro’ IoT device that allows an attacker to intercept the owner’s Wi-Fi network credentials.

During the configuration stage, the mobile app sends the Wi-Fi network credentials in plaintext to the Ring Video Doorbell Pro. This then allows the hacker to sniff the packets and find out the sensitive data it needs to connect to the user’s WiFi.

Once in possession of a user’s WiFi password, an attacker has full access to the network. And it’s no secret that an internal network can be very lax. In fact, many devices such as Smart TVs allow interaction without any authentication whatsoever – even if a device was under attack, there is no trace left and users will have no idea they were even a victim.

Examples of possible things an attacker might do without your knowledge:
  • Interact with all devices within the household network 
  • Intercept network traffic and run ‘man-in-the-middle’ attacks 
  • Access local storage (NAS drives, for example) and subsequently access private photos, videos and other types of information 
  • Exploiting vulnerabilities and gaining access to other devices connected to the local network, that may lead to reading emails and private conversations 
  • Get access to security cameras to steal video recordings 
The Ring Doorbell Pro cameras now receive automatic security updates, the latest update resolves the security vulnerabilities.

IDG Contributor Network: Rethinking government use of commercial exploit tools after WhatsApp spying

Earlier this year, Facebook released an emergency patch after it discovered a software vulnerability in the voice over IP (VoIP) code used in WhatsApp that allowed attackers to remotely install malware on a user’s device by simply placing a call to their phone—the user would not even need to answer. The seriousness of this vulnerability became even more apparent a week ago after Facebook filed a lawsuit against NSO Group, an Israeli cyber security company, alleging that the company used its malware to infect 1,400 mobile phones belonging to journalists, diplomats, human rights activists and senior government officials in an attempt to access their encrypted WhatsApp messages (presumably on behalf of one or more unknown clients). WhatsApp worked with Citizens Lab, an academic research center at the University of Toronto’s Munk School, to identify the affected users and notify them of this privacy breach.

To read this article in full, please click here

BlueKeep Attacks seen in the wild!

CVE-2019-0708, popularly known as BlueKeep, is a RDP pre-authentication vulnerability which allows attacker to compromise a vulnerable system without user’s interaction. This exploit is also wormable, meaning that it can spread to other vulnerable systems in a similar way as the WannaCry malware spread across the globe in 2017. Interestingly,…