#wifi

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: ECOVACS Equipment: DEEBOT Vacuum and Base Station Vulnerabilities: Use of Hard-coded Cryptographic Key, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to send malicious updates to the devices or execute code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ECOVACS reports the following DEEBOT vacuum and base station devices are affected: X1S PRO: Versions prior to 2.5.38 X1 PRO OMNI: Versions prior to 2.5.38 X1 OMNI: Versions prior to 2.4.45 X1 TURBO: Versions prior to 2.4.45 T10 Series: Versions prior to 1.11.0 T20 Series: Versions prior to 1.25.0 T30 Series: Versions prior to 1.100.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Use of Hard-coded Cryptographic Key CWE-321 ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK. The key can be easily derived f...

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. "These vulnerabilities can be chained by

Oligo Security uncovers “AirBorne,” a set of 23 vulnerabilities in Apple AirPlay affecting billions of devices. Learn how…

Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.

Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.

Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.

Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.

Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software…