Author: tongwing

Categories
security

Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets | Exodus Intelligence

An impressively detailed start-to-end explanation of how an exploit is created. This exploit is unusually powerful in that it does not require the user to perform any action – no need to open attachments, click on hyperlinks etc. The only requirement is that Wifi is turned on. For iOS users, this exploit has been patched in the latest iOS 10.3.3.

Broadpwn is a fully remote attack against Broadcom’s BCM43xx family of WiFi chipsets, which allows for code execution on the main application processor in both Android and iOS. It is based on an unusually powerful 0-day that allowed us to leverage it into a reliable, fully remote exploit.

Source: Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets | Exodus Intelligence

Categories
3D programming

[github] kosua20/herebedragons

Someone implemented the same 3D scene using different API/frameworks. Interesting from a learning point of view. But as someone commented in HN, some implementations could be made to look the same given enough effort.

This repository contains multiple implementations of the same 3D scene, using different APIs and frameworks on various platforms. The goal is to provide a comparison between multiple rendering methods. This is inherently biased due to the variety of algorithms used and available CPU/GPU configurations, but can hopefully still provide interesting insights on 3D rendering.

[github] kosua20/herebedragons

Categories
privacy

Roomba’s Next Big Step Is Selling Maps of Your Home to the Highest Bidder

Privacy concerns or fearmongering?

The Roomba is generally regarded as a cute little robot friend that no one but dogs would consider to be a potential menace. But for the last couple of years, the robovacs have been quietly mapping homes to maximize efficiency. Now, the device’s makers plan to sell that data to smart home device manufacturers, turning the friendly robot into a creeping, creepy little spy.

Source: Roomba’s Next Big Step Is Selling Maps of Your Home to the Highest Bidder

Categories
programming

Starbucks should really make their APIs public. – Tendigi

See how closed API reverse engineering typically happens.

Now that I was able to sign and fingerprint my login requests, I combined everything into a small Node.js module that allows some basic Starbucks API functions. The good news is that it’s (mostly) hosted here on GitHub!

Voilà! Programmatic coffee.

Source: Starbucks should really make their APIs public. – Tendigi

Categories
privacy

Errata Security: How The Intercept Outed Reality Winner

Oh wow. You can’t even trust your printer now ‘cos it could expose potentially incriminating information about how you are using it.

The problem is that most new printers print nearly invisibly yellow dots that track down exactly when and where documents, any document, is printed. Because the NSA logs all printing jobs on its printers, it can use this to match up precisely who printed the document.

Source: Errata Security: How The Intercept Outed Reality Winner

Categories
Uncategorized

What is that popup on Windows 10 that disappears after a split second? – gHacks Tech News

It got me paranoid when I notice the blink-and-you-miss opening and closing of a popup ever so often when using Windows 10. After turning on process audit I finally managed to track it down to officebackgroundtaskhandler.exe. Turns out it is due to Ms Office doing some who-knows-what background handling. Follow the article below to disable the annoying popup.

If you run Microsoft Windows 10, you may have noticed a popup window being launched on the screen once a day, or even regularly.

Source: What is that popup on Windows 10 that disappears after a split second? – gHacks Tech News

Categories
security

The Judy Malware: Possibly the largest malware campaign found on Google Play | Check Point Blog

Yet another wide-spread Android malware.

Check Point researchers discovered another widespread malware campaign on Google Play, Google’s official app store. The malware, dubbed “Judy”, is an auto-clicking adware which was found on 41 apps developed by a Korean company. The malware uses infected devices to generate large amounts of fraudulent clicks on advertisements, generating revenues for the perpetrators behind it. …

Source: The Judy Malware: Possibly the largest malware campaign found on Google Play | Check Point Blog

Categories
diy security

Using RTL-SDR to Open Car Doors

DIY hardware and software now makes it possible to capture and replay car fob wireless signals. Obviously this can be used for very bad things..

yes, I tested this on two cars and a truck and successfully implemented the attack and door locks opened. Scary to think that anyone can spend less than a few dollars and be-able to grab my laptop if left in the open.

Source: Using RTL-SDR to Open Car Doors

Categories
privacy security

How to Accidentally Stop a Global Cyber Attacks | MalwareTech

Someone accidentally stopped the ongoing WannaCry attacks by registering a domain.

In certain sandbox environments traffic is intercepted by replying to all URL lookups with an IP address belonging to the sandbox rather than the real IP address the URL points to, a side effect of this is if an unregistered domain is queried it will respond as it it were registered (which should never happen).

Source: How to Accidentally Stop a Global Cyber Attacks | MalwareTech

Categories
security

Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool

The collateral damage from leaked NSA hacking tools is just beginning to be felt.

Computer users in as many as 74 countries were reported to be disrupted by the ransomware attack, mostly affecting Britain and Russia.

Source: Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool