The heartbleed bug is back and this time it’s a different for of monster. The new variant of heartbleed is being dubbed “Cupid” by the security researcher who discovered it, Luis Grangeia. The “Cupid” bug can be used to launch heartbleed style attacks but this time on WiFi based routers (instead of the open web) and Android Jelly Bean devices connected to those routers. The bug allows hackers to target certain routers that are EAP based routers (e.g. require an individual logon and password, such as WiFi routers) by pulling the private security keys effectively bypassing any security measures. From this position the hackers could even view snippets of the working memory of the targeted devices potentially exposing user credentials, client certificates and private keys. The damage from this variant of heartbleed will apparently be much more contained than the first variant, however, it still isn’t known how many devices and routers are currently vulnerable to the attack. Any Android devices running 4.1.1 Jelly Bean are particularly vulnerable and if possible those users are encouraged to upgrade. Check out the technical details at the two source links.
Source: Luis Grangeia (#1 #2), Via: The Verge
Image courtesy of PCMag.com
OFFICIALLY LICENSED Built with matching firmware to seamlessly work with all models of PS5 and…
Pixart 3327 optical sensor with native DPI of up to 6, 200 Comfortable symmetric design…
✽[NOTES] An Aqara Zigbee 3.0 Hub is required and sold separately. The Aqara Cube T1…
Flight cloche with 4 firing triggers Dual speaker Riser included 17" monitor Light-up marquee Was…
14 games in 1 Wi-Fi Monitor 17” LCD Light Up Marquee 3D Coindoor Was £549.99…
Game in the Fast Lane: Play with hyper-fast, sub-1ms SLIPSTREAM CORSAIR WIRELESS TECHNOLOGY, or connect…