Millions of IoT Devices Open to Attack Due to Security Flaws

Forescout Research Labs and JSOF researchers have discovered nine security flaws in four commonly used TCP/IP stacks that make 100+ million devices vulnerable to attack. The set of flaws, dubbed Name:Wreck, mainly impact Internet of Things (IoT) products and IT management servers. The TCP/IP stacks that integrate network communication protocols to connect devices and the Internet are found in operating systems such as the open-source FreeBSD and Siemens’ Nucleus NET. An attacker could crash a device, take it offline or gain control of it. Continue reading Millions of IoT Devices Open to Attack Due to Security Flaws

Google Adopts Open-Source, Secure Password-Less Logins

The FIDO Alliance, a consortium for open source authentication standards, is trying to make passwords obsolete, expanding its secure login protocols. Its efforts were boosted by Google’s announcement that it added certified support for the FIDO2 standard, impacting the vast majority of devices running Android 7 or later. That means owners of these Android 7-based devices should be able to log in seamlessly without passwords on mobile browsers such as Chrome. Websites can now be designed to interact with FIDO2 management. Continue reading Google Adopts Open-Source, Secure Password-Less Logins

WPA2 Wi-Fi Flaw Revealed, Android & Linux Most Vulnerable

According to researchers, the WPA2 protocol for Wi-Fi connectivity contains a significant weakness that makes it vulnerable to attackers. A hacker within range of connected devices would reportedly be able to exploit this weakness to hijack passwords, emails and other “encrypted” data, or even place ransomware into a website the user is visiting. The research, which has been ongoing for weeks, reveals that the WPA2 core vulnerability could affect operating systems and devices including Android, Linux, OpenBSD, MediaTek, Linksys, macOS and Windows. Continue reading WPA2 Wi-Fi Flaw Revealed, Android & Linux Most Vulnerable