The heartbleed bug is back and this time it’s a different for of monster. The new variant of heartbleed is being dubbed “Cupid” by the security researcher who discovered it, Luis Grangeia. The “Cupid” bug can be used to launch heartbleed style attacks but this time on WiFi based routers (instead of the open web) and Android Jelly Bean devices connected to those routers. The bug allows hackers to target certain routers that are EAP based routers (e.g. require an individual logon and password, such as WiFi routers) by pulling the private security keys effectively bypassing any security measures. From this position the hackers could even view snippets of the working memory of the targeted devices potentially exposing user credentials, client certificates and private keys. The damage from this variant of heartbleed will apparently be much more contained than the first variant, however, it still isn’t known how many devices and routers are currently vulnerable to the attack. Any Android devices running 4.1.1 Jelly Bean are particularly vulnerable and if possible those users are encouraged to upgrade. Check out the technical details at the two source links.
Source: Luis Grangeia (#1 #2), Via: The Verge
Image courtesy of PCMag.com
LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…
The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…
【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…
FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…
The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…
【Unique Split Design】5200mAh hand warmers rechargeable together with double-sided heating function, split snap swivel design,…