Marvell Wifi System-on-chip, which is used by Valve Steamlink, PS 4, Microsoft Surface and Samsung Chromebook is susceptible to remote compromise. Here’s the kicker: the device can be compromised just by the fact that it’s powered on. There is no need for the victim to visit any website or click on any links. That’s what makes this RCE (remote code execution) so dangerous and potent.
This vulnerability can be triggered without user interaction during the scanning for available networks. This procedure is launched every 5 minutes regardless of a device being connected to some Wi-Fi network or not. That’s why this bug is so cool and provides an opportunity to exploit devices literally with zero-click interaction at any state of wireless connection (even when a device isn’t connected to any network).
Source: Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE – Embedi
We are in an age where the proliferation of sensors to collect data for analytics is becoming common-place. However there needs to be more caution in completely trusting the result of the data collected, eg. sensors can malfunction, there may be software errors, unprotected endpoints can be hacked etc.
The error resulted from a faulty sensor over the main entrance that was initially detected in the spring of last year, a museum representative said. At that time, an engineer was sent to repair the device, but the device later failed a routine accuracy test in July last year.
Source: Reported drop in visitors to museum a counting error, Lifestyle News & Top Stories – The Straits Times