Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

New Heartbleed Attack, "Cupid Bug" Affects Android Devices Over WiFi

3:35 pm on May 30, 2014 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
votes: 533

Perhaps not on the same scale as Heartbleed, Bug, it seems we may not have heard the last of this problem.

Seven weeks after the bug put the web on high alert, Heartbleed is still causing problems. A new report from Portuguese security researcher Luis Grangeia describes how the same bug could be used over Wi-Fi to enable new kinds of attacks that build on the same vulnerability.

Dubbed Cupid, the new line of attack would perform the same Heartbleed procedure over Wi-Fi instead of the open web, either pulling data from enterprise routers or using a malicious router to pull data from Android devices as they connect. In each case, the attacker would be able to view snippets of the working memory from the targeted device, potentially exposing user credentials, client certificates, or private keys. Grangeia published a proof of concept for the bug earlier today, and is urging vendors and administrators to upgrade their devices.New Heartbleed Attack, "Cupid Bug" Affects Android Devices Over WiFi [theverge.com]