Welcome to WebmasterWorld Guest from 54.145.144.101

Forum Moderators: phranque

Message Too Old, No Replies

New Heartbleed Attack, "Cupid Bug" Affects Android Devices Over WiFi

   
3:35 pm on May 30, 2014 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Perhaps not on the same scale as Heartbleed, Bug, it seems we may not have heard the last of this problem.

Seven weeks after the bug put the web on high alert, Heartbleed is still causing problems. A new report from Portuguese security researcher Luis Grangeia describes how the same bug could be used over Wi-Fi to enable new kinds of attacks that build on the same vulnerability.

Dubbed Cupid, the new line of attack would perform the same Heartbleed procedure over Wi-Fi instead of the open web, either pulling data from enterprise routers or using a malicious router to pull data from Android devices as they connect. In each case, the attacker would be able to view snippets of the working memory from the targeted device, potentially exposing user credentials, client certificates, or private keys. Grangeia published a proof of concept for the bug earlier today, and is urging vendors and administrators to upgrade their devices.New Heartbleed Attack, "Cupid Bug" Affects Android Devices Over WiFi [theverge.com]
 

Featured Threads

Hot Threads This Week

Hot Threads This Month