Tag: Vulnerable

‘Smart’ Male Chastity Device Vulnerable To Locking By Hackers: Researchers

A security flaw in an internet-connected male chastity device could allow hackers to remotely lock it — leaving users trapped, researchers have warned.

The Cellmate, produced by Chinese firm Qiui, is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.

The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device — but security researchers have found multiple flaws that leave it vulnerable to hacking.

“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,” British security firm Pen Test Partners said Tuesday.

“An angle grinder or other suitable heavy tool would be required to cut the wearer free.”

The firm also found other security flaws

Read More

Vulnerable supply chains introduce increasingly interconnected attack surfaces

Accenture Security lists five other “extreme but plausible threat scenarios in financial services” in a new report.

financial graphs background

Image: lucadp, Getty Images/iStockphoto

Financial institutions have interdependent supply chains that offer a “broad, target-rich attack surface that adversaries can undermine,” a new report from Accenture warns. The firm listed it as the latest security trend gaining significance.

The six threats identified by Accenture are:

  • Supply chains, which introduce increasingly interconnected attack surfaces
  • Credential and identity theft, which continue to accelerate
  • Data theft and data manipulation, which stem from new vulnerabilities and cybercriminal behaviors
  • Emerging technologies, especially deepfakes and 5G, advance cyberthreats
  • Destructive and disruptive malware attacks, which spur multiparty and cross-sector targeting
  • Misinformation that is shaking trust in retail and government-backed banks

Attackers have been conducting supply chain attacks for years, the Accenture report noted. “However, supply chain threats to financial institutions in the past year have primarily involved technology service providers

Read More

A Bluetooth Flaw Leaves Billions of Devices Vulnerable

The October issue of WIRED took a close, in-depth look at the state of election security. While lots of it isn’t pretty, we did find some pockets of hope. Data scientist Sara-Jayne Terp is on a mission to stamp out misinformation. The former Facebook employees at the nonprofit Acronym are hoping to use the Trump’s 2016 strategies against him. And we dug into the story of STAR-Vote, an audacious plan to secure voting machine tech for good.

There’s more! We talked to Stacey Abrams about how to overcome voter suppression. We looked at how some countries have successfully stymied Russian interference efforts. And we explained how you’ll know for sure that the presidential election results are valid, no matter how loudly Trump yells that they’re going to be rigged.

Plenty of non-election news happened this week as well. Customs and Border Protection seized 2,000 OnePlus Buds, claiming they were counterfeit

Read More

New Bluetooth flaw leaves devices vulnerable to man-in-the-middle attacks

A new Bluetooth vulnerability could allow an attacker to downgrade or bypass Bluetooth encryption keys, opening the door to man-in-the-middle attacks or other types of malicious exploits.

The flaw, dubbed “BLURtooth,” resides in a component of the Cross-Transport Key Derivation standard and leaves devices vulnerable to man-in-the-middle attacks or other exploits. It affects all “dual-mode” devices running Bluetooth 4.0 or 5.0, which includes the iPad Pro to the iPhone 11.

According to a security notice by the Bluetooth Special Interest Group (SIG), researchers at Purdue University and the Ecole Polytechnique Federale de Lausanne discovered that CTKD may permit escalation of access between two devices.

The CTKD component is used to negotiate authenticate keys when pairing two Bluetooth devices together, and works by implementing two different sets of keys for the Bluetooth Low Energy or Basic Rate/Enhanced Data Rate standards.

However, the researchers discovered that an attack could leverage CTKD to

Read More

PathCheck Foundation Adds Covi-ID Technology and Team to Increase Access to Exposure Notification to Vulnerable Communities Worldwide

CAMBRIDGE, Mass.–(BUSINESS WIRE)–Sep 10, 2020–

PathCheck Foundation, a non-profit dedicated to enabling open-source, privacy-preserving technology and public health solutions to contain COVID-19, today announced that Covi-ID has joined the family of PathCheck solutions.

Covi-ID was founded by Co-Pierre Georg, a professor of economics at University of Cape Town, South Africa. The Covi-ID solution uses QR codes and innovative privacy-preserving backend technologies to enhance contact tracing and exposure notification in markets with low smartphone penetration. With only 3.5 billion smartphone users (35 percent of the population), that leaves 65 percent of the population unable to get digitally notified about a possible exposure. Covi-ID will integrate with the PathCheck SafePlaces CT, web tools for contract tracers, to fill the gap that exists for billions of non-smart phone users.

“PathCheck is committed to containing the COVID-19 pandemic in every community, including communities with low smartphone adoption where mobile apps will not

Read More