The big news this week was the public release of Quadrooter, four critical vulnerabilities which impact 900 million of the top smartphones (you should check your phone). With the 2016 Black Hat conference over, several interesting cybersecurity research pieces came to light. Chip-and-Pin cards exploited, Apple announces a bug bounty program, an autonomous system won DARPA’s $2m prize, and home automation devices were infected with ransomware. With the Olympics in full swing, be ready to avoid phishing emails and texts!
Here were my security blogs for the last week:
900 Million Phones Vulnerable to Quadrooter – Check Your Phone!
Security researchers announced 4 critical vulnerabilities in the firmware of a popular mobile phone chip. Dubbed "Quadrooter," it is estimated that 900 million Android devices could be exploited and allow an attacker to get root-level access. – CHECK YOUR PHONE, details in the post!
Chip and PIN Cards Vulnerable to Cybercriminals
A team of engineers showed how a Man-in-the-Middle (MitM) attack could succeed at compromising an ATM machine even with the new Chip and Pin Cards.
Apple Will Pay if You Can Find Bugs in Their Products
Apple announced this week at the Black Hat cybersecurity conference that the company would begin a program to compensate external researchers who follow their process and disclose security vulnerabilities in Apple products.
The Latest Way Our Lives Can be Hacked - Ransomware for Home Thermostats
Researchers at DefCon showed the first proof-of-concept (PoC) ransomware which can take over a smart home thermostat. Although it will not likely be the downfall of modern civilization, it is a precursor of many similar hacks to come.
Congrats to team ForAllSecure for winning the DARPA $2 Million Prize
The ForAllSecure team won the DARPA Cyber Grand Challenge (CGC) and a $2m prize for their MAYHEM autonomous computer system which beat out all other competitors to scan for software bugs, create fixes, and exploits for the vulnerabilities.
Beware Phishing Based Upon the Olympics
Cybercriminals, activists, and online fraudsters like to use major new events for phishing to lure people into clicking links and supporting fraudulent causes.