Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

A device capable of intercepting phone signals was likely deployed during the 2024 Democratic National Convention (DNC) in Chicago, WIRED has learned, raising critical questions about who authorized its use and for what purpose.

The device, known as a cell-site simulator, was identified by the Electronic Frontier Foundation (EFF), a digital rights advocacy organization, after analyzing wireless signal data collected by WIRED during the August event.

Cell-site simulators mimic cell towers to intercept communications, indiscriminately collecting sensitive data such as call metadata, location information, and app traffic from all phones within their range. Their use has drawn widespread criticism from privacy advocates and activists, who argue that such technology can be exploited to covertly monitor protesters and suppress dissent.

The DNC convened amid widespread protests over Israel’s assault on Gaza. While credentialed influencers attended exclusive yacht parties and VIP events, thousands of demonstrators faced a heavy law enforcement presence, including officers from the US Capitol Police, the Secret Service, Homeland Security Investigations, local sheriff’s offices, and Chicago police.

Concerns over potential surveillance prompted WIRED to conduct a first-of-its-kind wireless survey to investigate whether cell-site simulators were being deployed. Reporters, equipped with two rooted Android phones and Wi-Fi hot spots running detection software, used Rayhunter—a tool developed by the EFF to detect data anomalies associated with these devices. WIRED’s reporters monitored signals at protests and event locations across Chicago, collecting extensive data during the political convention.

Initial tests conducted during the DNC revealed no conclusive evidence of cell-site simulator activity. However, months later, EFF technologists reanalyzed the raw data using improved detection methods. According to Cooper Quintin, a senior technologist at the EFF, the Rayhunter tool stores all interactions between devices and cell towers, allowing for deeper analysis as detection techniques evolve.

A breakthrough came when EFF technologists applied a new heuristic to examine situations where cell towers requested IMSI (international mobile subscriber identity) numbers from devices. According to the EFF’s analysis, on August 18—the day before the convention officially began—a device carried by WIRED reporters en route a hotel housing Democratic delegates from states in the US Midwest abruptly switched to a new tower. That tower asked for the device’s IMSI and then immediately disconnected—a sequence consistent with the operation of a cell-site simulator.

“This is extremely suspicious behavior that normal towers do not exhibit,” Quintin says. He notes that the EFF typically observed similar patterns only during simulated and controlled attacks. “This is not 100 percent incontrovertible truth, but it’s strong evidence suggesting a cell-site simulator was deployed. We don’t know who was responsible—it could have been the US government, foreign actors, or another entity.”

Under Illinois law, law enforcement agencies must obtain a warrant to deploy cell-site simulators. Similarly, federal agents—including those from the Department of Homeland Security—are required to secure warrants unless an immediate national security threat exists. However, a 2023 DHS Inspector General report found that both the Secret Service and Homeland Security Investigations did not always comply with these requirements.

The Chicago Police Department tells WIRED it did not deploy a cell-site simulator during the DNC, while the Secret Service tells WIRED in a statement that, “as a matter of practice,” it does not discuss the “means and methods” of its operations for “National Special Security Events.”

Other components of DHS as well as the DNC have not responded to requests for comment.

Quintin notes that the EFF detected similar anomalous behavior in a previous test conducted in Washington, DC’s Embassy Row, an area known for its high concentration of embassies and diplomatic offices. It wouldn’t be the first time that cell-site simulators were found in the nation's capitol. In 2019, the FBI accused Israel’s government of deploying a cell-site simulator near the White House—a claim Israel denied.

While the possible deployment of a cell-site simulator at the DNC has raised more questions than answers, for privacy and civil liberties advocates the implications are troubling nonetheless.

Nate Wessler, deputy director of the ACLU’s Speech, Privacy, and Technology Project, says, “It would be a big deal if the digital artifacts you found were in fact due to the presence of a cell-site simulator deployed to identify people at a protest.” However, Wessler adds, “it is also entirely possible that law enforcement was using a cell-site simulator in the area for a lawful purpose.”

For Wessler, the lack of clarity around their use is itself a cause for concern. “The ambiguity is really chilling,” he says. “The uncertainty around their use undermines people’s ability to express themselves.”

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…

Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your digital assets now.

Cryptocurrencies have recently increased in popularity, with more alternatives launched every day. The first cryptocurrency ever developed was Bitcoin, which inspired plenty of other cryptocurrencies to be created and make new waves in the world.

Even though there are various other notable examples in the crypto space, Bitcoin still has the number one position and represents the largest cryptocurrency by market cap. This has made a lot of individuals search for the best crypto exchange from where to buy Bitcoin to add it to their portfolios. 

Cryptocurrencies have brought several advantages to the world, as they have finally offered another solution to fiat money, integrating decentralization into the world. However, even if the popularity of cryptocurrencies has many advantages, it also has a major downside. For example, the price of the major digital coins has increased greatly, and this has attracted a lot of hackers who are trying to steal the funds of innocent people.

So, the crypto space is subjected to various threats, and because of that, before investing, it is imperative to adopt a more cautious approach, as, in this way, you can protect your crypto funds from malicious actors.

To protect your crypto assets, you must know the most common cybersecurity risks in the crypto space. In this way, you can avoid them and protect yourself against everything that might appear on the horizon. To help you a little in this process, we will explore together the most common cybersecurity threats in the crypto ecosystem. Keep reading to discover more. 

****Phishing threats****

One of the most common ways hackers try to steal information is through phishing attacks. In this cybersecurity threat, a malicious actor can use plenty of online means to try to steal information, such as texts, emails, and websites. The hacker will then try to fool users into clicking on this misleading information. But if individuals do that, their crypto funds can be stolen, as these clicks can reveal seed phrases or private keys. 

One of the most common ways hackers want to steal information is when they pretend to be a crypto exchange; in this way, they think they have a bigger chance of making users click on the sent links.

Unfortunately, especially when cryptocurrencies started becoming more popular, many people lost access to their crypto accounts because they fell prey to this kind of scam. This is why anyone wanting to increase the chances of keeping their crypto accounts secure should take measures to help them prevent phishing scams.

One of the best cybersecurity measures for this is to use two-factor authentication (2FA), which can increase resilience against these online threats. Another important security action is to double-check before clicking on a link or email to ensure that the offered details are veritable and that there is no chance of a scam. 

****Ransomware attacks****

Ransomware attacks are also very popular in the crypto industry, and these threats contain malicious malware that can encrypt files that individuals use to access their crypto funds, such as crypto wallets or their private keys.

These attacks will make the data on these files unreadable, and for the owner to have access to these files again, they need to pay in return. And as we’re talking about crypto accounts, in most cases, these malicious actors ask for payment with cryptocurrencies to receive access to their accounts again.

One of the best ways to reduce becoming a victim of these attacks is to use a cold wallet instead of one that functions with internet connectivity or to maintain a regular backup. Another great solution to avoid these cybersecurity attacks is to be cautious before clicking on something, like a link or an email, especially if an unknown or unidentified person sends it. 

****Malware attacks****

Malware attacks can also be dangerous to everyone who holds significant crypto funds. In these attacks, a malicious actor tries to compromise a crypto wallet or infect gadgets to steal cryptocurrencies. A very common malware attack used in the crypto landscape is crypto-jacking, which infiltrates into devices and then uses computing power to mine digital assets. 

In most cases, this leads to high electrical costs, financial losses, or damage to device performance. One of the best measures to protect against these attacks is installing anti-virus software and downloading everything needed only from official or reputable sites. 

****Man-in-the-Middle (MitM)** **

Man-in-the-Middle (MitM) attacks happen when a hacker wants to come between the communication between a crypto exchange and a user, with the final goal of stealing private keys and login credentials. Unfortunately, these attacks can steal crypto funds because hackers can discover sensitive crypto information, like private keys or login credentials.

In this type of attack, the crypto transactions can be sent directly to the hacker’s wallet instead of the right recipient. This is why it is better to refrain from paying with cryptocurrencies when using public WiFi, as in this way, you might encourage your crypto funds to be stolen. 

****Zero-day attacks****

Zero-day attacks are also very common, where hackers exploit every vulnerability they find in crypto platforms, such as hardware wallets or crypto software. If developers don’t discover these vulnerabilities on time, hackers will have everything they need to steal the crypto funds of innocent people. And until developers notice the potential vulnerability, the malicious actors have enough time to steal what they want, bringing enormous losses to individuals worldwide. 

****The bottom line****

Industries from all around the world can deal with hackers who are trying to steal information, but these threats have become even more prevalent in the crypto sphere because of the popularity of digital assets. This is why malicious actors see cryptocurrency as the perfect target, which is why recent attacks on digital coins have become so common.

1.  **AI Can Guess Crypto Seed Phrases in 0.02 Seconds**
2.  **Biggest Crypto Scam Tactics in 2024 – How to Avoid Them**
3.  **The Growing Importance of Secure Crypto Payment Gateways**
4.  **Why Web hosting firms have started to accept crypto payments**
5.  **Blockchain and Smart Contracts in Securing Digital Transactions**

Cybersecurity Risks in Crypto: Phishing, Ransomware and Other Emerging Threats

The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities.

COMMENTARY

As cybersecurity threats continue to surge, it has become crucial for small businesses to adopt proactive strategies to ensure they are protected. While artificial intelligence (AI) is starting to provide value to security organizations, it also has enabled more sophisticated attacks, leaving too much room for hackers to slip through.

The very nature of our workplaces is intensifying the cybersecurity challenges small businesses face, with remote and hybrid work models still popular, despite the push for a return to office. This massive increase in remote work has created a broader attack surface that's difficult to manage for businesses when they are already lacking time and resources. Accenture's Cybercrime Study revealed that nearly 43% of cyberattacks are on small businesses, and 95% of them can be attributed to human error. These businesses agree, as 60% of small-business owners said in the US Chamber of Commerce's Q1 2024 Small Business Index that they are concerned about cybersecurity threats.

Employees now operate in a space where their activities are less regulated, making cybersecurity vigilance more crucial than ever. Companies must not only implement robust security measures but also empower their teams to recognize potential threats. One significant risk comes from the allure of public Wi-Fi networks — incredibly convenient but fraught with danger, especially as "work from home" can also be "work from anywhere." These networks can easily be mimicked by malicious actors eager to intercept sensitive data.

As workers navigate this new environment, a blend of proactive security measures and individual awareness becomes essential for safeguarding both personal and organizational information.

Here are two of the most common cybersecurity myths or misconceptions business owners will encounter, and how they can avoid falling into these traps:

*   Myth No. 1: Antivirus software is enough. Many small businesses are relying on antivirus software alone to protect against cyber threats. This is not an effective long-term solution. Modern security threats, especially social engineering attacks, demand more robust defenses, such as multifactor authentication (MFA) and ongoing employee education to withstand these threats.
    

*   Myth No. 2: Your business is immune to threats because of size or location. Small businesses should never assume they are immune due to their size or location. Fostering a culture of cybersecurity awareness among employees is vital, despite the size or capacity of your small business. When individual employees are armed with the right knowledge and they recognize that cybersecurity is a collective responsibility, simple actions like reporting suspicious activities and ensuring devices are securely managed can significantly mitigate the risk of breaches.
    

**Strategies for Small Businesses**

AI needs to be used as a supplement, not a replacement for human analysis and decision-making. Small businesses should identify and prioritize their most critical functions and software. AI can process vast amounts of data and improve efficiency, but it still requires human oversight. Small businesses, which often lack dedicated information security teams, need to adopt proactive strategies to protect themselves.

While small businesses may lack the resources needed for complex simulations, they can use checklists and resources provided by local or federal cybersecurity agencies to evaluate their preparedness and make sure they are covering all of their bases. Leveraging resources that are readily available can give small businesses the additional support they need in a time where threats have become unmanageable.

**Maintaining Customer Trust**

Small businesses often depend on third-party providers for critical services like payment processing, payroll, customer support, and more. Again, because their resources are limited, it's vital for them to verify that the providers they choose uphold stringent security standards, such as PCI certification, to protect both their operations and their customers. In that same vein, these businesses need to communicate clearly with customers about how their data is being protected by these third-party platforms. As much as people don't want to hear it, reading and understanding terms of service and data privacy policies is essential and will show customers your commitment to securing their data.

The workplace will continue to see growing use of AI, and small businesses that adopt these solutions need to ensure customer data is protected. According to Pipedrive's 2024 "State of AI in Business Report," knowledge and trust are the main blockers in AI adoption, with 48% citing a lack of knowledge as the main blocker to adoption, followed by lack of trust (40%). When there is already a lack of trust in AI solutions, it makes it even more important that small businesses prioritize gaining the trust of their customers when using AI to enhance their offerings.

AI offers valuable tools to enhance cybersecurity, but small businesses cannot afford to rely on it as a standalone solution. The growing complexity of cyber threats, paired with limited resources, makes it essential for companies to adopt a more comprehensive approach that combines human vigilance with AI's capabilities. Building a culture of cybersecurity awareness among employees, ensuring the use of advanced security measures like multifactor authentication, and fostering transparent communication with customers about data protection are all critical steps. As businesses navigate an increasingly digital landscape, their long-term success will depend on how well they can balance technological solutions with human insight and proactive planning.

**About the Author**

CISO, Pipedrive

John Mutuski is chief information security officer (CISO) at Pipedrive, the easy and effective sales CRM for small businesses. Mutuski is responsible for developing and leading the information security program, managing technology risk, driving cybersecurity operations, and implementing and managing the cyber governance, risk, and compliance (GRC) process.

With over 20 years of experience spanning both agile startups and large global enterprises, he has consistently demonstrated a unique blend of strategic leadership and technical expertise. His career is marked by a deep commitment to continuous learning, always embracing the unfamiliar and turning challenges into opportunities for growth. His passion for building diverse, cross-functional teams has allowed him to foster innovation and resilience in the face of rapidly evolving security threats. As a collaborative leader, he actively seeks out new experiences and relationships, enabling him to stay at the forefront of cybersecurity trends and deliver impactful, long-term solutions.

Why Small Businesses Can't Rely Solely on AI to Combat Threats

### Summary
The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. 

### Details
I have exploited this vulnerability in a Windows service using version 5.22.11 of the module, to escalate privileges (in an environment where I am authorized to do so). However, as far as I can see from the code, it is still present in master branch at time of writing, on line [403/404 of network.js](https://github.com/sebhildebrandt/systeminformation/blob/3a92931c7d46605ffddc1aacb97a9727273b2888/lib/network.js#L403).

The SSID is obtained from `netsh wlan show interface ...` in `getWindowsWirelessIfaceSSID`, and then passed to `cmd.exe /d /s /c "netsh wlan show profiles ...` in `getWindowsIEEE8021x`, without sanitization.

### PoC
First, the command injection payload should be included in the connected Wi-Fi SSID. For example create hotspot on mobile phone or other laptop, set SSID to payload, connect to it with victim Windows system. Two example SSID's to demonstrate exploitation are below.

Demonstration to run ping command indefinitely:
```
a" | ping /t 127.0.0.1 &
```

Run executable with privileges of the user in which vulnerable function is executed. Chosen executable should should be placed in (assuming system drive is C): `C:\a\a.exe`.
```
a" | %SystemDrive%\a\a.exe &
```

Then, the vulnerable function can be executed on the victim system, for example, using:
```
const si = require('systeminformation');
si.networkInterfaces((net) => { console.log(net) });
```

Now the chosen command, `PING.exe` or `a.exe` will be run through the cmd.exe command line.

### Impact
This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation.



**Summary**

The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the getWindowsIEEE8021x function. This means that malicious content in the SSID can be executed as OS commands.

**Details**

I have exploited this vulnerability in a Windows service using version 5.22.11 of the module, to escalate privileges (in an environment where I am authorized to do so). However, as far as I can see from the code, it is still present in master branch at time of writing, on line 403/404 of network.js.

The SSID is obtained from netsh wlan show interface ... in getWindowsWirelessIfaceSSID, and then passed to cmd.exe /d /s /c "netsh wlan show profiles ... in getWindowsIEEE8021x, without sanitization.

**PoC**

First, the command injection payload should be included in the connected Wi-Fi SSID. For example create hotspot on mobile phone or other laptop, set SSID to payload, connect to it with victim Windows system. Two example SSID's to demonstrate exploitation are below.

Demonstration to run ping command indefinitely:

    a" | ping /t 127.0.0.1 &
    

Run executable with privileges of the user in which vulnerable function is executed. Chosen executable should should be placed in (assuming system drive is C): C:\a\a.exe.

    a" | %SystemDrive%\a\a.exe &
    

Then, the vulnerable function can be executed on the victim system, for example, using:

    const si = require('systeminformation');
    si.networkInterfaces((net) => { console.log(net) });
    

Now the chosen command, PING.exe or a.exe will be run through the cmd.exe command line.

**Impact**

This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation.

**References**

*   GHSA-cvv5-9h9w-qp2m
*   sebhildebrandt/systeminformation@f7af0a6
*   https://nvd.nist.gov/vuln/detail/CVE-2024-56334

GHSA-cvv5-9h9w-qp2m: Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)

TP-Link is being investigated for alleged predatory pricing practices, which may be driven by ulterior motives.

The US government launched a national security investigation into the popular, Chinese-owned router maker TP-Link, with a potential eye on banning the company’s devices in the United States.

The investigation comes amid heightened tension between the US and the Chinese government, and after a public letter from members of the US House of Representatives this summer that alleged that TP-Link was engaged in predatory pricing practices, driven by ulterior motives, and possibly sponsored by China. US officials noted how TP-Link undercut the competition on price to become the market leader for Small Office/Home Office (SOHO) network appliances.

In doing this, TP-Link managed to grow their market share to 60% of the US retail market for WiFi systems and SOHO routers—from 10% in 2019. And the company reportedly has almost 80% of the US retail market for WiFi 7 mesh systems.

A WiFi 7 Mesh system is the latest advancement in wireless networking, combining the features of WiFi 7 technology with the benefits of mesh networking, which uses multiple nodes that work together to provide uniform WiFi coverage throughout the home, eliminating dead zones.

Because of TP-Link’s original founding in China, claims have been made of a so-called “Huawei playbook,” referring to allegations that Huawei Technologies Co. spies for the Chinese government and that it became a dominant player in the global networking equipment sector on the back of improper state subsidies. Huawei and China both deny these allegations, though.

Nonetheless, the US imposed restrictions that make it harder for Huawei to sell equipment in the US and buy parts from American suppliers.

Perhaps because of this type of scrutiny, TP-Link has made many efforts to distance itself from its Chinese ownership. TP-Link Systems is an entity based in Irvine, California, and no longer affiliated with the Chinese TP-Link Technologies.

Part of the attention paid to TP-Link this year could also be because a Chinese-backed Advanced Persistent Threat (APT) called Volt Typhoon has been using SOHO routers as gateways to get inside sensitive infrastructure. The cybercriminals used the routers to hide the actual origin of malicious attempts to reach inside the utilities and other targets.

But that argument doesn’t make sense since many of those routers were malware-infected NetGear and Cisco SOHO devices that no longer receive updates because they have reached their End-of-Life.

TP-Link said the market share percentages were overstated, but it did recently sign deals with internet service providers (ISPs) who then supply the routers to their customers. In such deals ISPs often rebrand the routers which makes it hard for customers to know which brand and type of router they have.

Representative John Moolenaar, the co-chairman of the US House Select Committee on Strategic Competition between the United States and the Chinese Communist Party—which sent the letter prompting the TP-Link probe—stayed fast in his concerns:

> “Chinese companies that, because of the technology they provide or the supply chains they impact, pose an unacceptable risk to our country’s security.”

Unfortunately, vulnerabilities in routers are very common and hardly ever patched by consumers, because they either don’t know how, or they may not even know that the patches are necessary because they don’t know which router model they have or that patches are available.

This makes it very hard to tell whether a vulnerability was an oversight or an intentional backdoor. This will make it hard for the investigators to find the “loaded gun” they are looking for.

**We don’t just report on privacy—we offer you the option to use it.**

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

 TP-Link faces US national security probe, potential ban on devices 

A free VPN app called Big Mama is selling access to people’s home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.

In the hit virtual reality game _Gorilla Tag_, you swing your arms to pull your primate character around—clambering through virtual worlds, climbing up trees and, above all, trying to avoid an infectious mob of other gamers. If you’re caught, you join the horde. However, some kids playing the game claim to have found a way to cheat and easily “tag” opponents.

Over the past year, teenagers have produced video tutorials showing how to side-load a virtual private network (VPN) onto Meta’s virtual reality headsets and use the location-changing technology to get ahead in the game. Using a VPN, according to the tutorials, introduces a delay that makes it easier to sneak up and tag other players.

While the workaround is likely to be an annoying but relatively harmless bit of in-game cheating, there’s a catch. The free VPN app that the video tutorials point to, Big Mama VPN, is also selling access to its users’ home internet connections—with buyers essentially piggybacking on the VR headset’s IP address to hide their own online activity.

This technique of rerouting traffic, which is best known as a residential proxy and more commonly happens through phones, has become increasingly popular with cybercriminals who use proxy networks to conduct cyberattacks and use botnets. While the Big Mama VPN works as it is supposed to, the company’s associated proxy services have been heavily touted on cybercrime forums and publicly linked to at least one cyberattack.

Researchers at cybersecurity company Trend Micro first spotted Meta’s VR headsets appearing in its threat intelligence residential proxy data earlier this year, before tracking down that teenagers were using Big Mama to play _Gorilla Tag_. An unpublished analysis that Trend Micro shared with WIRED says its data shows that the VR headsets were the third most popular devices using the Big Mama VPN app, after devices from Samsung and Xiaomi.

“If you’ve downloaded it, there’s a very high likelihood that your device is for sale in the marketplace for Big Mama,” says Stephen Hilt, a senior threat researcher at Trend Micro. Hilt says that while Big Mama VPN may be being used because it is free, doesn’t require users to create an account, and apparently doesn’t have any data limits, security researchers have long warned that using free VPNs can open people up to privacy and security risks.

These risks may be amplified when that app is linked to a residential proxy. Proxies can “allow people with malicious intent to use your internet connection to potentially use it for their attacks, meaning that your device and your home IP address may be involved in a cyberattack against a corporation or a nation state,” Hilt says.

"Gorilla Tag is a place to have fun with your friends and be playful and creative—anything that disturbs that is not cool with us,” a spokesperson for Gorilla Tag creator Another Axiom says, adding they use “anti-cheat mechanisms” to detect suspicious behavior. Meta did not respond to a request for comment about VPNs being side-loaded onto its headsets.

**Proxies Rising**

Big Mama is made up of two parts: There’s the free VPN app, which is available on the Google Play store for Android devices and has been downloaded more than 1 million times. Then there’s the Big Mama Proxy Network, which allows people (among other options) to buy shared access to “real” 4G and home Wi-Fi IP addresses for as little as 40 cents for 24 hours.

Vincent Hinderer, a cyber threat intelligence team manager who has researched the wider residential proxy market at Orange Cyberdefense, says there are various scenarios where residential proxies are used, both for people who are having traffic routed through their devices and also those buying and selling proxy services. “It’s sometimes a gray zone legally and ethically,” Hinderer says.

For proxy networks, Hinderer says, one end of the spectrum is where networks could be used as a way for companies to scrape pricing details from their competitors' websites. Other uses can include ad verification or people scalping sneakers during sales. They may be considered ethically murky but not necessarily illegal.

At the other end of the scale, according to Orange’s research, residential proxy networks have broadly been used for cyber espionage by Russian hackers, in social engineering efforts, as part of DDoS attacks, phishing, botnets, and more. “We have cybercriminals using them knowingly,” Hinderer says of residential proxy networks generally, with Orange Cyberdefense having frequently seen proxy traffic in logs linked to cyberattacks it has investigated. Orange’s research did not specifically look at uses of Big Mama's services.

Some people can consent to having their devices used in proxy networks and be paid for their connections, Hinderer says, while others may be included because they agreed to it in a service’s terms and conditions—something research has long shown people don’t often read or understand.

Big Mama doesn’t make it a secret that people who use its VPN will have other traffic routed through their networks. Within the app it says it “may transport other customer’s traffic through” the device that’s connected to the VPN, while it is also mentioned in the terms of use and on a FAQ page about how the app is free.

The Big Mama Network page advertises its proxies as being available to be used for ad verification, buying online tickets, price comparison, web scraping, SEO, and a host of other use cases. When a user signs up, they’re shown a list of locations proxy devices are located in, their internet service provider, and how much each connection costs.

This marketplace, at the time of writing, lists 21,000 IP addresses for sale in the United Arab Emirates, 4,000 in the US, and tens to hundreds of other IP addresses in a host of other countries. Payments can only be made in cryptocurrency. Its terms of service say the network is only provided for “legal purposes,” and people using it for fraud or other illicit activities will be banned.

Despite this, cybercriminals appear to have taken a keen interest in the service. Trend Micro’s analysis claims Big Mama has been regularly promoted on underground forums where cybercriminals discuss buying tools for malicious purposes. The posts started in 2020. Similarly, Israeli security firm Kela has found more than 1,000 posts relating to the Big Mama proxy network across 40 different forums and Telegram channels.

Kela’s analysis, shared with WIRED, shows accounts called “bigmama\_network” and “bigmama” posted across at least 10 forums, including cybercrime forums such as WWHClub, Exploit, and Carder. The ads list prices, free trials, and the Telegram and other contact details of Big Mama.

It is unclear who made these posts, and Big Mama tells WIRED that it does not advertise.

Posts from these accounts also said, among other things, that “anonymous” bitcoin payments are available. The majority of the posts, Kela’s analysis says, were made by the accounts around 2020 and 2021. Although, an account called “bigmama\_network” has been posting on the clearweb Blackhat World SEO forum until October this year, where it has claimed its Telegram account has been deleted multiple times.

In other posts during the last year, according to the Kela analysis, cybercrime forum users have recommended Big Mama or shared tips about the configurations people should use. In April this year, security company Cisco Talos said it had seen traffic from the Big Mama Proxy, alongside other proxies, being used by attackers trying to brute force their way into a variety of company systems.

**Mixed Messages**

Big Mama has few details about its ownership or leadership on its website. The company’s terms of service say that a business called BigMama SRL is registered in Romania, although a previous version of its website from 2022, and at least one live page now, lists a legal address for BigMama LLC in Wyoming. The US-based business was dissolved in April and is now listed as inactive, according to the Wyoming Secretary of State’s website.

A person using the name Alex A responded to an email from WIRED about how Big Mama operates. In the email, they say that information about free users’ connections being sold to third parties through the Big Mama Network is “duplicated on the app market and in the application itself several times,” and people have to accept the terms of conditions to use the VPN. They say the Big Mama VPN is officially only available from the Google Play Store.

“We do not advertise and have never advertised our services on the forums you have mentioned,” the email says. They say they were not aware of the April findings from Talos about its network being used as part of a cyberattack. “We do block spam, DDOS, SSH as well as local network etc. We log user activity to cooperate with law enforcement agencies,” the email says.

The Alex A persona asked WIRED to send it more details about the adverts on cybercrime forums, details about the Talos findings, and information about teenagers using Big Mama on Oculus devices, saying they would be “happy” to answer further questions. However, they did not respond to any further emails with additional details about the research findings and questions about their security measures, whether they believe someone was impersonating Big Mama to post on cybercrime forums, the identity of Alex A, or who runs the company.

During its analysis, Trend Micro’s Hilt says that the company also found a security vulnerability within the Big Mama VPN, which could have allowed a proxy user to access someone’s local network if exploited. The company says it reported the flaw to Big Mama, which fixed it within a week, a detail Alex A confirmed.

Ultimately, Hilt says, there are potential risks whenever anyone downloads and uses a free VPN. “All free VPNs come with a trade-off of privacy or security concerns,” he says. That applies to people side-loading them onto their VR headsets. “If you’re downloading applications from the internet that aren't from the official stores, there’s always the inherent risk that it isn’t what you think it is. And that comes true even with Oculus devices.”

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target.

Ben Barrontine, Vice President of Executive Services & Partnerships, 360 Privacy

December 17, 2024

4 Min Read

Source: Igor Stevanovic via Alamy Stock Photo

COMMENTARY

What are cybercriminals thinking? Inside the mind of a threat actor, the devil is in the details. Cybersecurity is composed of so many details that it's easy to miss some of them. For instance, even if you have all other employees protected, just one person not using two-factor authentication could put them all at risk.

Back in the day, a 99% success rate for security solutions was considered good. But the problem is that there's still a 1% chance of an attack getting through. To defeat that 1% chance, you must have layers of security. If you've got 10 layers of 99% success, you stack the odds in your favor that you will catch just about every security threat.

Defenses are getting more advanced, so threat actors will always search for the point of least resistance. In our day and age, that point is the human element. According to IBM, 41% of all cybersecurity incidents start with phishing as the initial attack vector. Fortunately, though, it's not all doom and gloom. By understanding the enemy, you can better prepare your organization against cyberattacks.

**The State of Security: Understanding Where Threat Actors Look**

Many threat actors are returning to the basics of social engineering by using information they get from data brokers. They're using basic phishing tactics to hook a target, because it avoids the automated cybersecurity tools and directly engages the individual human.

Cybercriminals rarely commit direct attacks against the designated target person. They typically find someone in the target's support system: an executive assistant, a spouse, kids, or the live-in grandmother. Whoever is the softest target in that support system will be the one who clicks a link. It doesn't matter if they have the latest, greatest security software update. Think of the Trojan horse story: A walled city's defenses were no match for a clever scheme that went right past all those defenses. In fact, the defenders opened the gates wide and unwittingly let the threat in.

**Train the Company's Cyber-Spidey Senses**

You have to develop a certain level of "Spidey sense" in employees, and it can be as simple as realizing that they need a second opinion before clicking a link. They don't have to be subject matter experts; they just have to know enough to recognize when they should ask someone else. After all, the Verizon "2024 Data Breach Investigations Report" notes that more than two-thirds (68%) of breaches analyzed included a nonmalicious human element, which involves insider errors or falling for social engineering schemes.

Part of developing this sense is looking for red flags in emails. While this may be getting harder with AI, there are still some obvious signs. Misspellings, odd phrasing, strange fonts, or out-of-character requests are all good indicators that something is amiss. For example, you would never get an email from your mom saying, "Hello, I need you to buy me gift cards." In addition, train employees to hover over the sender's name to see the email address. If the subject line says "Comcast," but the email address ends in "gmail.com," they can bet the email is a scam.

If a bad actor can access someone's packets by Wi-Fi sniffing or other means, the actor doesn't have to follow the person — they can just build out an electronic pattern of life and figure out where the target is going. That jeopardizes physical and digital safety. So, employees need to know not to connect to free Wi-Fi without a VPN and to turn Wi-Fi off when not using it.

People sometimes have the mistaken notion that they aren't targets for bad actors because they aren't famous and don't have a high net worth. But that's simply not the case today. Anyone with any online presence is a potential target to attackers. That means everyone needs to know their cyber hygiene.

Basic cyber hygiene is essential and easy. Steps to train employees on include:

*   Be more stringent about the info they share online
    
*   Review and adjust privacy settings
    
*   Use strong and unique passwords
    
*   Enable two-factor authentication
    

*   Be skeptical of unsolicited requests
    
*   Regularly audit third-party apps
    

*   Separate personal and professional identities
    

All of these points can be taught and tested via ongoing training.

**Outmaneuvering the Cybercriminals**

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target. Criminals go after the low-hanging fruit, such as people who click on suspicious links. Your job is to harden all targets at your organization. 

One of the security layers needed to close that 1% gap mentioned earlier is ongoing cyber-hygiene training for all employees from the bottom to the top. This aspect of a full-spectrum security plan is crucial, as humans are typically the weakest link in the security chain. However, with the proper education and training, they can become a solid first line of defense that helps keep everyone in the organization safe.

**About the Author**

Vice President of Executive Services & Partnerships, 360 Privacy

Ben Barrontine joined 360 Privacy in 2021 and currently holds the position of vice president of executive services and partnerships. Prior to 360 Privacy, Ben worked as a targeting specialist with the National Security Agency (NSA) under the US Army’s CSS Program. During his time in service he has worked with the US Marshalls, Special Forces, and US Embassy Security Teams as a cyber and signals intelligence collector and targeting subject matter expert. Ben created and leads the Executive Services Division at 360 Privacy, which helps to educate and protect families, family offices, business executives, professional athletes, and entertainers.

To Defeat Cybercriminals, Understand How They Think

Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.

What a week! On Monday, police arrested 26-year-old Luigi Mangione and charged him in the murder of UnitedHealthcare CEO Brian Thompson. Mangione’s five-day run from authorities ended after he was spotted eating at a McDonald’s in Altoona, Pennsylvania, about 300 miles from Manhattan, where Thompson was gunned down on the morning of December 4. Authorities say they found Mangione carrying fake IDs and a 3D-printed “ghost gun,” the model of which is known as the FMDA, or “Free Men Don’t Ask.”

Meanwhile, a flood of mysterious drone sightings across New Jersey and neighboring states caused so much havoc, it quickly gained federal attention. While many people wondered why the US military couldn’t just shoot down the drones, the FBI, Department of Homeland Security, and independent experts say the drone mystery may not be much of a mystery, and the drones are probably mostly just airplanes.

As for more terrestrial threats, we dove into the far-right realm of “Active Clubs,” small groups of young, fitness-focused men who are steeped in extremist ideology and linked to several violent attacks. While the man who helped invent the Active Club network, Robert Rundo, was sentenced in federal court this week, Active Clubs around the world are proliferating.

Finally, we investigated cheating schemes that use tiny cameras to gain an illicit edge in poker, and we interrogated the ways humans will use generative AI to make the world a more dangerous place.

But that’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Back in May, Microsoft jubilantly announced Recall, an AI feature for some Windows PCs that silently takes screenshots every five seconds and then allows you to easily search through the resulting digital footprint. Forgotten where you saw a recipe online? Tapping a couple of keywords into Recall could, in theory, find the dish again. It didn’t take long for the privacy and security community to find gaping holes in the feature.

In response, Microsoft delayed Recall’s launch and eventually made some significant changes—such as making Recall opt-in rather than on by default, better encrypting information captured by Recall, and adding authentication to access data that it stored. Recall finally launched for some users this month.

However, this week, testing of Recall by Tom’s Hardware demonstrated that a key safeguard put in place by Microsoft can still fail. With a Recall setting called “filter sensitive information” turned on, Tom’s Hardware’s tests found that it still took screenshots of some sensitive information—such as credit card numbers and Social Security numbers. When the publication typed a credit card number and a username and password into a Notepad window, they were gathered in the screenshots. “Similarly, when I filled out a loan application PDF in Microsoft Edge, entering a social security number, name and DOB, Recall captured that,” Avram Piltch writes. The tool, however, didn’t record details when they were entered on a couple of online stores.

Microsoft pointed to its product information that says the system will get better over time and that people should report if sensitive information is captured by Recall. While that may be the case, it’s unlikely that any system can correctly determine what is and isn’t sensitive every time. And that could make it a bigger target for hackers.

**14 North Koreans Identified and Indicted as Fraudulent IT Workers**

For years, North Korean nationals posing as tech workers have tried to get hired by global businesses so they can send their wages back to help the Hermit Kingdom pay for its nuclear programs. Increasingly, some companies are revealing they were targeted, and investigators are unravelling the schemes. This week, the US government indicted 14 North Koreans for their alleged role in generating $88 million, stealing sensitive business information, and attempting to use that information to extort more payments from companies. To get hired, the FBI alleges, the IT workers stole real identities, paid people in the US to use their home Wi-Fi connections, or paid them to attend job interviews. Researchers from Google-owned cybersecurity firm Mandiant who focus on North Korea say that in recent months they’ve seen IT workers following through on leaking sensitive data and demanding more cryptocurrency than ever before—although, they say this desperation could be a sign of the schemes becoming less effective.

**Cleo File-sharing Software Exploited to Spread Cybercriminal Malware**

File-sharing software firm Cleo this week warned customers to implement a new security patch to prevent a wave of intrusions by cybercriminals actively exploiting a vulnerability in its code. Researchers at security firm Huntress Labs told news outlet Recorded Future that at least two dozen organizations have already been breached by the hackers exploiting the Cleo flaw. Huntress has found a sample of malware found on those victims’ networks it calls Malichus, and says it appears to have been used by a sophisticated hacker group. Huntress also noted that Blue Yonder, a software firm breached by the Termite ransomware gang in November, had a vulnerable instance of Cleo’s software exposed on its network, and some evidence suggests the same cybercrime group may now be using the software’s vulnerability to hit other victims. Cleo first released a patch for the bug currently being exploited in October, but hackers appear to have circumvented it, and the company is urging customers to apply its new patch now.

**US Sanctions Chinese Hackers Who Allegedly Hijacked Thousands of Firewalls**

For five years, UK cybersecurity firm Sophos engaged in a cat-and-mouse game with a mysterious group of Chinese hackers targeting the company’s firewalls as a vector to break into its customers’ networks, as WIRED chronicled in October. Sophos went so far as to download surveillance “implants” to its devices that the hackers were testing to better monitor and preempt their intrusion techniques—and to gain more information about who they were and where they operated. Now, following Sophos’s revelations, those hackers have been hit with sanctions from the US government, and one of them has been indicted by name. Sichuan Silence Information Technology, based in Chengdu, and an alleged hacker named Guan Tianfeng are accused of hijacking 81,000 firewalls by exploiting a zero-day vulnerability that Guan is said to have discovered. Sichuan Silence, a known seller of disinformation tools to the Chinese government, and Guan are accused of targeting 23,000 firewalls in the US specifically, 36 of which were used in US critical infrastructure networks. The US State Department also issued a $10 million bounty for information about the company or Guan.

Microsoft’s AI Recall Tool Is Still Sucking Up Credit Card and Social Security Numbers

Explore the professions most vulnerable to cybersecurity threats in 2025, from IT pros to crypto investors. Learn how…

Explore the professions most vulnerable to cybersecurity threats in 2025, from IT pros to crypto investors. Learn how to stay safe and reduce risks in a digital-first world.

Everyone is exposed to the risk of falling from a great height at some point, but comparing the chances of this happening to a cobbler and a construction worker is misleading. Construction workers, by the very nature of their job, face significantly higher exposure to this risk due to working at elevated heights like scaffolding or rooftops. Ignoring this reality is akin to burying one’s head in the sand.

When we transfer this story into an online world, it becomes painfully obvious that some professions make you more exposed to cybersecurity threats. These people visit more sites, receive more emails from unverified sources (which makes them more exposed to phishing), and handle a lot of transactions online.

So, what professions are the most exposed to cybersecurity threats in 2025? Let’s check it out!

**IT professionals**

IT professionals are constantly exposed to compromised systems. Whether building a Python code, troubleshooting malware-infected devices or managing breached networks, their work often puts them in direct contact with cybersecurity threats. Protecting others’ systems sometimes comes at the cost of their safety, as attackers exploit their access to larger networks.

Malware-infected devices are a common challenge for IT professionals. Moreover, each compromised system they interact with is a potential risk to their own devices and networks. Without proper isolation measures or secure practices, these threats can spread further, causing widespread damage and complicating the recovery process.

Sometimes, the sheer workload leads IT professionals to neglect their cybersecurity. Also, they might skip updating personal devices or use weaker passwords, assuming their expertise will keep them safe. This overconfidence can leave them vulnerable to targeted attacks, as even seasoned professionals are not immune to sophisticated threats.

Hackers often target IT professionals to gain access to larger systems. Compromising an IT professional’s account or device can provide attackers with a golden ticket to sensitive company data, including passwords, customer records, and financial information. Personal cybersecurity is just as critical as professional protocols, as the stakes are enormous when breaches occur. 

****Crypto investors****

Crypto investors are often glued to their screens, scouring countless websites for the latest market updates, investment opportunities, and trends. The very volume of online activity exposes them to a wider range of cybersecurity threats, from phishing attempts to malware. The more time they spend online, the greater the risk becomes.

Unlike credit cards or traditional payment methods, cryptocurrency transactions are irreversible. If hackers get their hands on your crypto, there’s no calling your bank to get your funds back. Moreover, the lack of a safety net makes crypto investors a prime target, as even small mistakes can lead to massive losses.

Researching new coins or platforms can feel like navigating a minefield. Fraudulent websites, fake projects, and malicious links are everywhere. Staying alert is essential to avoid falling for elaborate scams designed to trap eager investors. According to crypto specialist Kane Pepi, a reputable site will not only help you discover trending Binance coin launches, but it will also keep you safe while doing so, which is a perk you can’t afford to overlook. 

As the crypto market grows, so does its appeal to cyber criminals. The potential for massive payouts incentivizes hackers to develop increasingly sophisticated methods. Protecting investments now isn’t just optional – it’s necessary in an industry where the stakes are only increasing. Every new surge in popularity raises the bar for security. 

****Financial advisors****

Managing and transferring large sums of money online puts financial advisors at significant risk. Cybercriminals always search for vulnerabilities, and advisors handle transactions that make them high-value targets. Even a minor lapse in security could lead to devastating losses for both the advisor and their clients. 

Spear-phishing attacks are a constant threat in this profession. These personalized, highly convincing scams aim to trick advisors into revealing sensitive information. Moreover, the tailored nature of these attacks makes them harder to detect, underscoring the need for constant vigilance.

Handling sensitive client financial information adds another layer of complexity. Protecting this data means financial advisors must adhere to strict cybersecurity practices. Any breach can result in financial loss and irreparable damage to their reputation.

Heavy reliance on third-party financial software further exposes advisors to risks. You see, any vulnerabilities in these tools can become an entry point for attackers. Ensuring that software is secure and up-to-date is a critical part of minimizing cybersecurity threats. 

****Healthcare professionals****

Healthcare professionals handle sensitive patient data daily, making them high-value targets for cybercriminals. The healthcare industry’s reliance on digital systems creates a vulnerability that attackers are eager to exploit. Protecting this data isn’t just about compliance—it’s about trust and patient safety.

Ransomware attacks increasingly target hospitals and clinics, where hackers lock systems and demand payment. Moreover, these attacks can paralyze operations, delete care, and endanger lives. Healthcare professionals are often caught in the crossfire, emphasizing the need for robust security measures. 

Many medical systems rely on outdated or insecure software. This lack of modernization also makes it easier for hackers to exploit vulnerabilities. Upgrading these systems isn’t just a technical decision – it’s a matter of defending against growing cyber threats.

Limited cybersecurity training among medical staff compounds the problem. Even well-meaning professionals might fall for phishing scams or use weak passwords. Addressing these gaps with education and clear protocols can significantly reduce risks. 

****Journalists****

Journalists constantly communicate with unknown or unverified sources to chase leads and uncover stories. This regular interaction increases their exposure to phishing attempts, malicious links, and other threats disguised as helpful information or contacts. Their curiosity and drive to uncover the truth often become vulnerabilities exploited by cybercriminals with malicious intent. 

The nature of their work means journalists receive countless emails and messages, many from strangers or unfamiliar addresses. This high volume of communication makes them prime targets for phishing scams. A single click on a convincing fake link can compromise their devices or leak sensitive information. Also, because they work under tight deadlines, they often don’t have the time to verify every link or sender, increasing their exposure. 

Journalists often rely on public Wi-Fi while traveling or reporting in the field. However, these networks are notoriously insecure and expose their data to interception. Without using a VPN or other protective measures, their devices and communications become easy prey for hackers. This vulnerability is compounded when sensitive information is transmitted without encryption.

Moreover, state-sponsored hackers or activist groups frequently target journalists. Whether to suppress sensitive stories or gain access to insider information, these attackers are persistent and well-resourced. Journalists are at the frontlines of the information war, making their cybersecurity essential not just for their safety but for the integrity of the stories they tell. 

****Cybersecurity threats don’t affect everyone equally****

From managing sensitive data to dealing with unverified sources, these jobs come with unique vulnerabilities that require extra caution. Awareness is the first step in protecting yourself, whether you’re a journalist, a healthcare worker, or a crypto investor.

Moreover, adopting strong cybersecurity practices can go a long way in reducing risks. Understanding your vulnerabilities and staying proactive are the keys to staying safe in a world where digital threats are always evolving.

1.  **The Importance of Effective Incident Response**
2.  **How Red Teaming Helps Meet DORA Requirements**
3.  **Cybersecurity Jobs: Demand Grows, but Supply Falls Short**
4.  **Getting Startup Off The Ground Amid Cybersecurity Threats**
5.  **5 Cyber Security Certifications That Will Skyrocket Your Salary**

Image via Unsplash

Professions That Are the Most Exposed to Cybersecurity Threats

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.

Source: Hilke Maunder via Alamy Stock Photo

Internet of Things (IoT) vendor Ruijie Networks has shored up its Reyee cloud management platform against 10 newly discovered vulnerabilities that could have given adversaries control of thousands of connected devices in a single cyberattack.

The Fuzhou, China-based infrastructure maker's Ruijie Networks devices, are commonly used to provide free Wi-Fi in public settings like airports, schools, shopping malls, and governments across more than 90 countries.

A pair of researchers from Claroty Team82 have developed an attack they named "Open Sesame" that they used to successfully take control of Rujie Networks devices through its cloud-based Web management portal for remote monitoring and configuration.

"The Ruijie Reyee cloud platform lets admins remotely manage their access points and routers," researchers Noam Moshe and Tomer Goldschmidt explained in a statement. "By exploiting these vulnerabilities, attackers could access these devices and the internal networks to which they connect. Our research found tens of thousands of potentially affected devices worldwide."

Moshe and Goldschmidt presented their findings in a presentation titled "The Insecure IoT Cloud Strikes Again: RCE on Ruijie Cloud-Connected Devices" at Black Hat Europe 2024 this week.

Of the 10 CVEs outlined by a new Claroty Team82 report, all of which have been patched by Ruijee, three received CVSS scores of 9 or higher: CVE-2024-47547, a weak password recovery bug with a CVSS score of 9.4; CVE-2024-48874, a server-side request forgery vulnerability with a CVSS score of 9.8; and CVE-2024-52324, flagged as a "use of inherently dangerous function," also with a 9.8 CVSS score.

"The most serious vulnerability we discovered was the vulnerability allowing devices to impersonate the Ruijie cloud platform, sending commands to other devices," the Clarity researchers said.

The collection of bugs allowed remote code execution (RCE) on devices connected to the Ruijie cloud platform, they explained.

"An attacker would be able to exploit weak authentication mechanisms to generate valid device credentials," the research team commented. "After authenticating as a device, we discovered that the attacker could impersonate the Ruijie cloud platform and send malicious payloads to other devices in its stead, gaining full control through legitimate cloud functionality."

**Open Sesame Attack**

As spectacular as taking over 50,000-plus IoT devices at one time would be, the Claroty researchers suspect that not many adversaries want that kind of attention. Instead, they predicted, threat actors armed with these bugs would take a more low-profile approach, taking over specific devices in distinct locations.

"Exploiting this vulnerability at scale could alert the vendor, who would issue a fix to the vulnerabilities needed for this exploit," according to a blog post detailing Claroty's findings. "In addition, many attackers would simply not gain anything by mass-exploiting tens of thousands of devices; this is only relevant in the case of an attacker attempting to build a botnet. Instead, most attackers would take a more targeted, stealthy approach."

With this in mind, the Claroty team built the Open Sesame attack scenario, allowing them to execute code on a vulnerable Ruijie device with nothing more than a serial number.

To make it work, an attacker needs close proximity to a Wi-Fi network using Ruijie access points to sniff out the raw beacons sent out by the Wi-Fi network for users to find and connect. That beacon also contains the device's serial number.

"Then, using the vulnerabilities in Ruijie's MQTT communication, an attacker could impersonate the cloud and send a message to the target device (identified by its SN the attacker leaked)," the blog post added. "This will result in the attacker supplying a malicious OS command for the device to execute, resulting in a reverse shell on the attacked Ruijie access point, giving the attacker access to the device internal network."

The researchers went on to explain that they hope this work highlights how the porousness of clouds can become a big vulnerability for IoT networks.

"Team82's research on Ruijie's infrastructure further exposes how vulnerable devices that are insecurely connected to, and managed through, the cloud can be," the report said.

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Tag

#wifi