/ Security Assessments News /

Collin Mulliner Developing and maintaining secure firmware for tablets, cars, and IoT devices is hard. Often, the firmware is initially developed by a third party rather than in-house. And it can be tough as projects move from inception and prototyping to full-force engineering and finally to deployment and production. Now, an engineer at self-driving car …

/ Security Assessments News /

Enlarge / An AT&T store in New Jersey. Michael Brochstein/SOPA Images/LightRocket via Getty Images When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number. The stakes were high because Terpin …

/ Security Assessments News /

Enlarge / Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. Elijah Nouvelage | Getty Images US Attorney General William Barr today launched a new front in the feds’ ongoing fight against consumer encryption, railing against the common …

/ Security Assessments News /

Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac. The webserver accepts connections from any device connected to the same local network, a security researcher disclosed on Monday. The server continues to run even when a Mac user uninstalls Zoom. …

Enlarge / Microsoft at a trade show. Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage that’s accessed through two-step verification, or a “strong authentication method,” although Microsoft didn’t define the latter term. Microsoft notes that fingerprinting, face scans, …

/ Security Assessments News /

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. Samuel Axon When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company’s Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security …

/ Security Assessments News /

More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices’ unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks. Troy Mursch Independent researcher Troy Mursch said the …

Enlarge / A plane in the researchers’ demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. Sathaye et al. Just about every aircraft that has flown over the past 50 years—whether a single-engine Cessna or a 600-seat jumbo jet—relies on radios to safely land at airports. These …

/ Security Assessments News /

Enlarge / PORTUGAL – 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. Vodafone, the largest mobile network operator in Europe, found backdoors in Huawei equipment between 2009 and 2011, reports Bloomberg. With these backdoors, Huawei could have gained unauthorized access to Vodafone’s “fixed-line network in Italy.” But …