Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Network Protocol. Show all posts

A Newly Discovered Bug Allows Researchers to See through Walls

 

Cybersecurity researchers at the University of Waterloo in Ontario have designed a drone-powered tool that employs WiFi networks to infiltrate barriers. 

Called Wi-Peep, the device was created by researchers Ali Abedi and Deepak Vasisht utilizing a drone purchased at a store with $20 worth of cheap components. 

According to the study presented at the 28th Annual International Conference on Mobile Computing and Networking, Wi-Peep launches a “location-revealing privacy attack” to exploit the data in WiFi networks and employs it to “see through walls,” or, rather, approximate the location of devices via sneaky scanning. 

Modus operandi 

With an abundance of Wi-Fi connections, any small vulnerability can damage user privacy. The Wi-Peep device exploits loopholes in the IEEE 802.11 - a longstanding wireless protocol for local access networks - to draw out responses from devices in a wireless network. 

First, the Wi-Peep spoofed a beacon frame, causing all devices to immediately send a response that the Wi-Peep detected and used to determine all devices’ MAC addresses. After identifying the MAC addresses, the Wi-Fi deploys an unencrypted data packet to the victim’s device. Without proper encryption, this packet could not control the device; however, thanks to “Polite Wi-Fi,” the device deploys a confirmation, regardless of the contents of the packet. 

This confirmation effectively closes the loop between Wi-Peep and the target device, allowing Wi-Peep to spot the device’s location employing a time-of-flight (ToF) measurement combined with the localization model. The measurements precisely determine the device's position with around a meter of accuracy, making it a disturbingly effective localization technique. 

Abedi and Vasisht worry that a hacker armed with this device could potentially “infer the location of home occupants, security cameras, and home intrusion sensors.” 

During their presentation, researchers stated the device can be employed to “track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”

Lenovo: No Fix for High-Severity Flaw in Legacy IBM System X Servers

 

Lenovo stated that two legacy IBM System x server models that were discontinued in 2019 are vulnerable to attack and will not receive security fixes. However, the firm is providing a workaround mitigation solution. 

Both the IBM System x 3550 M3 and IBM System x 3650 M3 are vulnerable to command injection attacks. An attacker can use a vulnerable programme called Integrated Management Module to execute arbitrary instructions on either server model's operating system (IMM). 

IMM performs system management functions. Serial and Ethernet connections on the back panel of System x models use the IMM for device management. 

According to a Lenovo advisory published Tuesday, the flaw is in the IMM firmware code and “could allow the execution of operating system commands over an authenticated SSH or Telnet session.” 

Secure Shell, often known as SSH, is a cryptographic network communication technology that allows two computers to interact or transfer files. Telenet is another network protocol that permits remote users to log into another machine on the same network. Telnet does not encrypt data delivered over its connection by default. 

The flaw, which has been assigned the number CVE-2021-3723, was discovered on Wednesday by Denver Abrey, a bug hunter. 

In June 2020, eight vulnerabilities in a subsequent version of IMM, known as IMM2, were discovered, three of which were of high severity. These issues were found in the client-side code called libssh2, which is accountable for executing the SSH2 protocol. 

The System x 3550 M3 and System x 3650 M3 were announced as medium‐sized corporate solutions on April 5, 2011. Lenovo stated on June 30, 2015, that both systems will be terminated, but security updates would be provided for another five years. 

Software and security support for the System x 3550 and 3650 ended on December 31, 2019, according to the Lenovo security notice. 

Lenovo wrote, “Lenovo has historically provided service and support for at least five years following a product’s withdrawal from marketing. This is subject to change at Lenovo’s sole discretion without notice. Lenovo will announce a product’s EOS date at least 90 days before the actual EOS date and in most cases longer.”

Lenovo stated on Wednesday that it recommends discontinuing the use of both servers, but that it had a mitigation approach. 

If it is not possible to stop using these systems, Lenovo suggests: 
  • Disable SSH and Telnet (This can be done in the Security and Network Protocol sections of the navigation pane after logging into the IMM web interface) 
  • During initial configuration, change the default Administrator password. 
  • Enforce the use of strong passwords. 
  • Only give trustworthy admins access. 
Lenovo did not comment if it was familiar with any active campaigns aimed at exploiting the flaw.