Two recent unique security exploits (usb and android)

android
security
usb

#1

i thought these were two of the more interesting articles about security that i have read recently. the first, “an evil usb cable”, reminds me more of the wild state of IoT security these days. it also reminded me to be aware of where i order equipment from even if it seems to be as mundane and worry-free as a usb cable.

tl;dr version: the creator enclosed a wifi chip in the usb end of a usb to lightning cable and was able to effectively run malicious instructions on a macbook from his phone.

the, second about the possibility of hacking android with a malicious png image, reminded me how some of us who (also mentioned in the comments) buy non-flagship model phones on budget networks may never see an android update during the life of that phone.

neither has reportedly been exploited in the wild and the usb creator says he only did so to prove it was possible. stay safe out there, folks :slight_smile:


#2

Thanks for the heads up interesting reads.


#3

I think this was out some time ago, or similar story to this about the cables. I see this one is from this month. It makes me wonder if it is the same thing that has not been solved. Unfortunately my once reliable memory which would be able to remember the date and place that, I saw this is, since having my stroke and being disabled can’t recall it exactly.

However it is another reason why I don’t use mobile telephones and have never sent a text - Oh wait a moment - Google were warned about this exploit weren’t they?


#4

my understanding of the two short articles is that google is the one who reported the vulnerability. while that is helpful to an extent, the fact that security patches are sent out and/or applied so randomly industry-wide also means that older (or less than flagship-model pricey) phones may always remain at risk.


#5

It is nagging away at me I just wish the brain fog would clear as the only one I can remember at the moment is this one -https://www.techtimes.com/articles/234063/20180904/google-hacked-by-own-employee-vulnerability-found-in-supposedly-secure-doors-of-sunnyvale-campus.htm. Looks life for the first time in my life I am going to have to write stuff down :frowning_face::frowning_face: to remember them.


#6

to be certain there are plenty of vulnerabilities out there to be aware of these days. once upon a time i thought it would be fun to study network+ and security+, but can only begin to imagine what a minefield that truly is. the reference in the article you linked to IoT reminded me of another recent article that talked about something as simple as throwing away a “smart” light bulb could be enough to give away the keys to a home network.

as far as joining team “note to self” goes, i was going to link the notes app i use from fdroid, but remembered that you don’t use a mobile :slight_smile:


#7

It’s a horrible world in and thanks for remembering the fact I don’t use a mobile telephone, I have never seen the point of them


#8

I have a Fleece & Go mobile (phone and text only), essentially due to the fact the old GPO telephone boxes no longer exist. For break-downs, or delays, when travelling. Not for those fanatic calls from the supermarket asking the wife where are the “tin of beans” or “pint of milk” is kept.

Ditto, the majority of then friends (during the 90’s) had their head so far up their own passage, discussing what tariff was giving them more bang for their buck. Pales into insufficient, compared the walking/cycling zombies that stalk our pavements.

Smart phone, don’t seem that smart. GIGO…!