It isn't often we hear of a vulnerability that could potentially affect every device you own, but a new type of attack being detailed today could very well do that. Described as key reinstallation attacks (KRACK, for short), these new exploits "work against all modern protected WiFi networks." That, in case you were wondering, is bad news.
With the massive Equifax hack still fresh in our minds, we're now learning that a bug on T-Mobile's website made it very easy for hackers to make off with subscriber information. The information that was potentially put at risk includes email addresses, T-Mobile account numbers, and the IMSI number from customer phones. All those hackers needed to access that information was your phone number, which isn't exactly a difficult thing to find (or even stumbled upon).
Twitter set the cat among the pigeons (or whatever bird its logo actually is) yesterday, with news that it was testing out 280 character tweets. The double-length messages have met with mixed responses online, with some users embracing the fact that they have more characters, while others worry it's an end to the forced-brevity that helps make the service so appealing. However, not everybody got to play.
Earlier in the week, we told you about a CCleaner breach that infected somewhere in the area of 2.27 million users with malware. Though Avast, the company that distributes CCleaner, initially said it was able to "disarm the threat before it was able to do any harm," it turns out that may not actually be the case. According to new findings, this could have been a more sophisticated attack with some very specific targets.
In the grand annuls of software irony, apps that explicitly promise to make your computer more stable being used to secretly distribute malware are top of the list, especially when they happen to be owned by anti-virus specialists. It's a cluster of coincidences that makes news that CCleaner, the free system tune-up tool offered by Avast, was unwittingly used to load a backdoor in users' PCs. During the period it was compromised, 2.27m people installed the infected app.
Voice-controlled smart assistants are all the rage these days. Just look back at IFA 2017 to see how many devices were proud to announce support for Amazon Alexa, Google Assistant, or Apple Siri (via HomeKit). They are admittedly pretty convenient and powerful, but those same strengths might actually be their Achilles’ heel as well. Chinese researchers have demonstrated that Alexa, Siri, Cortana, and Google Assistant can be easily told to do things without the knowledge, much less permission, of their owners. All by saying commands that no human can actually hear.
A security flaw that could affect millions of cars has been identified, with researchers warning that there may be no fix available to protect susceptible vehicles. The exploit works by overloading the so-called CAN, or "car device network", which connects all of the different aspects of modern vehicles together. With the right code, essential parts of the car's safety features - such as the airbags or antilock brakes - could be forced offline.
Remember the big HBO hack? The latest one, that is. The company just suffered another blow as the hacker has leaked new Curb Your Enthusiasm episodes online, making them available for anyone to download. That's a big problem for HBO, which announced last year that it would be reviving the beloved series. The new show hasn't yet premiered on the network.
Many iPhone users that play music in their car via the USB cable experience a common problem: as soon as the device is connected, it starts playing the exact same song automatically — whichever is alphabetically first in the music library. A new solution has emerged, however, in the form of a "song" that runs for 10 minutes with nothing but silence. And it appears to be music to iPhone owners' ears, as the track is racing up the iTunes charts.
If console makers can create slim versions of their hulking gaming machines, why can’t computer makers do that too? Well, some do, but they have nothing on this computer that is only as thick as a few stacks of credit cards. You shouldn’t be surprised that no computer OEM is crazy enough to do that. Fortunately, the ever so creative, persistent, and insane N O D E has done it for the rest of us. Introducing the Raspberry Pi 3 Slim, which is really a fully functional computer that can almost fit in your wallet.
Amazon's original Echo smart speaker can be hacked into a 24/7 live microphone, perpetually beaming anything it can hear to a remote server. The flaw was identified by Mark Barnes, a British security researcher who figured out that certain Echo models could be compromised with just a little hands-on time. While the exploit can't be used to remotely modify an Echo, it could nonetheless fuel the privacy complaints of those uncomfortable with putting internet-connected microphones into their home or office.
A couple of days back, we got word that a group of developers had found a way around the Galaxy S8's iris scanner. According to the folks at Chaos Computer Clubs, the iris scanner in the Galaxy S8 can be beaten with a high-resolution, infrared photo of the iris in question with a contact lens laid over it. That, obviously, is a pretty discouraging bit of news, but now Samsung has responded to this report.
