A cryptographic bug in many Bluetooth firmware and operating system drivers could allow an attacker within about 30 meters to capture and decrypt data shared between Bluetooth-paired devices. The flaw was found by Lior Neumann and Eli Biham of the Israel Institute of Technology, and flagged today by Carnegie Mellon University CERT. The flaw, which Read more about Bluetooth security: Flaw could allow nearby attacker to grab your private data[…]

Almost all Android devices released since 2012 are vulnerable to a new vulnerability named RAMpage, an international team of academics has revealed today. The vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack. Rowhammer is a hardware bug in modern memory cards. A few years back researchers discovered that when someone would send Read more about Every Android Device Since 2012 Impacted by RAMpage Vulnerability[…]

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests.   Read more about Cops Around the Country Can Now Unlock iPhones, Records Show[…]

Intel has made much of its NUC and Compute Stick mini-PCs as a way to place computers to out-of-the-way places like digital signage. Such locations aren’t the kind of spots where keyboards and pointing devices can be found, so Intel sweetened the deal by giving the world an Android and iOS app called the “Intel Read more about NUC, NUC! Who’s there? Intel, warning you to kill a buggy keyboard app[…]

So: Oddly enough, if you make a QR code that tells you to go somewhere, the camera will take you to where the QR code tells you to go, even if you tell someone that the QR code goes someplace else. This trend of ‘reporting’ security problems that are not security problems at all is Read more about IOS QR ‘bug’ isn’t a bug: trend in pointing out things working as intended as a security advisory continues[…]

It appears that the over-the-air update to the UConnect system went out on Friday, and many, many owners have not had working center-stack systems since then. Many of these vehicles are nearly brand-new, which makes the issue even more maddening. […] The failure of the UConnect system isn’t just limited to not having a radio; Read more about Fiat Chrysler Pushed A UConnect Update That Causes Constant Reboots With No Announced Fix[…]

Apple has released security patches for iOS and macOS that include, among other things, Meltdown and Spectre fixes. The new versions should be installed as soon as possible. […] Less-hyped, but still serious, are vulnerabilities in the macOS kernel that include an exploitable race condition (CVE-2018-4092), a validation issue (CVE-2018-4093), and memory initialization bug (CVE-2018-4090) Read more about It’s 2018 and your Macs, iPhones can be pwned by playing evil music: lots of patches[…]

According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes. Meanwhile, a second monitoring service, Qrator Labs, Read more about “Suspicious” event routes traffic for big-name sites through Russia[…]