Currently browsing: Threat Research

CVE-2019-8545: Vulnerability in IOHIDFamily.kext

Summary A local user may be able to cause unexpected system termination or read kernel memory. Details In the function IOHIDEventServiceFastPathUserClient::getSharedMemorySize, the ClientObject (Offset 0xE0 of the user client) is given to a function which assumes it is initialised (It should be initialised via external method 0 — IOHIDEventServiceFastPathUserClient::_open). Calling […]

Read more

Malicious WiFi Connections: Welcome to RSA Conference 2019

Nicolás Chiaraviglio (@chiconara) We recently blogged about attacks perpetrated at WiFi networks in Barcelona before and during the 2019 Mobile World Congress (MWC). We found an astonishing amount: estimating more than 7,000 threats in less than four days. Furthermore, 25 percent of those threats were detected in hotels, and of those, 70 percent […]

Read more

The Other MWC, Revisited

Nicolás Chiaraviglio (@chiconara) (This post is a follow up of an earlier blog post) Last week, we released a blog warning about how hackers leverage massive events like the Mobile World Congress (MWC) to attack high profile corporates to steal company data. We showed the network attacks we detected last year in Barcelona, […]

Read more

Malicious WiFi Connections: The Other MWC

Nicolás Chiaraviglio (@chiconara) The GSMA Mobile World Congress, taking place every year in Barcelona, is undoubtedly the most important event for the mobile industry – with an average attendance of more than 100k people each year. Every important company is represented, with salespeople and high ranking executives taking the chance to […]

Read more

Don’t Give Me a Brake – Xiaomi Scooter Hack Enables Dangerous Accelerations and Stops for Unsuspecting Riders

This proof-of-concept (PoC) is released for educational purposes and evaluation by researchers, and should not be used in any unintended way. Furthermore, this PoC and any other related material has been published only after disclosing it to Xiaomi Researcher: Rani Idan (@RaniXCH)   **UPDATE: Subsequent to the initial disclosure/posting, zLabs […]

Read more

FreeRTOS TCP/IP Stack Vulnerabilities – The Details

Researcher: Ori Karliner (@oriHCX) Following our blog from last month, this blog will cover the technical details of our findings. If you suspect that any of your devices are affected by these vulnerabilities and want our assessment, contact us at freertos@zimperium.com. General information Before we dive into the vulnerabilities, there […]

Read more