Vulnerabilidad crítica que afecta a dispositivos Android y iPhone. Vulnerabilidad en firmware de chip WiFi.
Permite ejecución remota de código mediante la utilización del vector de ataque de este chip.
Fuente: Investigador. NVD.
El algoritmo de hashing SHA1 (algoritmo de resumen o digesto) es vulnerable a un ataque práctico de colisión, es decir lograr que un archivo tenga el mismo hash que otro. De esta forma se puede atacar la integridad de un documento, como por ejemplo, en una prueba documental informática (cadena de custodia de informática forense).
Abstract
As HTTPS deployment grows, middlebox and antivirus products are increasingly intercepting TLS connections to retain visibility into network traffic. In this work, we present a comprehensive study on the prevalence and impact of HTTPS interception. First, we show that web servers can detect interception by identifying a mismatch between the HTTP User-Agent header and TLS client behavior. We characterize the TLS handshakes of major browsers and popular interception products, which we use to build a set of heuristics to detect interception and identify the responsible product. We deploy these heuristics at three large network providers: (1) Mozilla Firefox update servers, (2) a set of popular e-commerce sites, and (3) the Cloudflare content distribution network. We find more than an order of magnitude more interception than previously estimated and with dramatic impact on connection security. To understand why security suffers, we investigate popular middleboxes and client-side security software, finding that nearly all reduce connection security and many introduce severe vulnerabilities. Drawing on our measurements, we conclude with a discussion on recent proposals to safely monitor HTTPS and recommendations for the security community.
Por menos de 300 euros en una universidad de Noruega explican que se puede hacer un IMSI Catcher (una antena de celular que actúa como un ataque de «hombre en el medio») y así poder rastrear a los usuarios de telefonía celular en los últimos modelos (4G/LTE).
Easy 4G/LTE IMSI Catchers for Non-Programmers
Stig F. Mjølsnes, Ruxandra F. Olimid
IMSI Catchers are tracking devices that break the privacy of the subscribers of mobile access networks, with disruptive effects to both the communication services and the trust and credibility of mobile network operators. Recently, we verified that IMSI Catcher attacks are really practical for the state-of-the-art 4G/LTE mobile systems too. Our IMSI Catcher device acquires subscription identities (IMSIs) within an area or location within a few seconds of operation and then denies access of subscribers to the commercial network. Moreover, we demonstrate that these attack devices can be easily built and operated using readily available tools and equipment, and without any programming. We describe our experiments and procedures that are based on commercially available hardware and unmodified open source software.
Mediante el histórico de navegación supuestamente anónimo se permitió identificar en un 72% a los usuarios. Esto mediante la información proporcionada a las redes sociales a partir de los distintos sitios web.
