Entries with tag security problems.

Femtocells Vulnerable to Hacking

New research finds femtocells, devices used to extend the range of cellular phone coverage, are vulnerable to hacking, which could leave users’ conversations open to eavesdropping. The devices are typically used to push a wireless signal into areas that would not typically  have coverage. Researchers from iSEC Partners found the flaw a year ago, which they say would allow someone to view any transmission between a device and a cellular tower, including calls, text messages, and Internet sites accessed. They say the vendors have been working to fix the flaw on those femtocells operating on Verizon's 3G CDMA network. Verizon says the issue has been repaired in all its Samsung femtocells, which Samsung confirmed. The researchers say similar security issues  might exist on other networks’ femtocells. iSEC plans to present its findings, which  include a proof of concept system, at the Def Con and Black Hat security conferences in Las Vegas, but have said they do not plan to disclose how the software was modified to prevent criminals from using the hack. Security problems with European femtocells were previously discovered with the US wireless industry group releasing a report regarding the potential for cyberattacks via femtocell in February. (CNN)(Reuters)

Researchers Discover Vulnerabilities in Plug-and-Play Systems

Security researchers have discovered that, of devices at more than 80 million unique IP addresses responding to Universal Plug and Play discovery requests, between 40 and 50 million of them are vulnerable to attack via UPnP. Although security problems with the protocol have been well known for at least a dozen years, the issues put networks at risk and the research served to quantify the extent of the issue. UPnP is a set of networking protocols that let routers, printers, network-attached storage, media players, smart TVs and other devices seamlessly communicate. The researchers from security-software vendor Rapid 7 said they discovered more serious problems than they expected when they began their study. For example, they found that the most commonly used software stack used by the Universal Plug and Play protocol to control the device is also the most vulnerable. (SlashDot)(ThreatPost)(Rapid7)

Showing 2 results.