Vulnerabilities: They're in the Air

Wireless exploits head up a pack of new flaws spotted by researchers

January 25, 2008

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

4:00 PM -- I guess the holidays are officially over for the hackers, too.

After a relative lull in vulnerability reports, researchers this week were working overtime to alert users to a wide range of potential threats and system flaws, headed up by some distressing holes in wireless and voice technology.

Steve Stasiukonis, Dark Reading's resident penetration tester, got it started when he reported that those increasingly popular wireless headsets used in many offices are highly susceptible to simple scans and eavesdropping. In a scary twist, Steve used the eavesdropped data to impersonate one of his client's employees and virtually rob the company blind. (See Hacking Wireless Headsets.)

While Stasiukonis was exposing flaws in wireless headsets, Fortinet was reporting a new worm that spreads through Nokia wireless headsets running the SymbianOS operating system. Attacks on smartphones and other wireless devices seem to be increasingly popular in the first few weeks of 2008, as more and more users embrace iPhones and other mobile devices.

Voice over IP also was in the news this week, as researchers released a new proof of concept, dubbed "call-jacking," that could assist attackers with advanced phishing exploits and theft of VOIP calls. (See New VOIP 'Call-Jacking' Hack Unleashed.)

But voice and wireless devices weren't the only ones threatened during the week. Routers got a good scare, too, as Symantec reported spotting the first instance of "drive-by pharming" in the wild. In this exploit, an attacker’s malicious code could change the DNS server settings on the victim’s home broadband router, effectively gaining control of the victim’s Internet connection. (See 'Drive-By Pharming' Now a Reality, Researchers Say.)

Even sites with the "Hacker Safe" label were under siege, as problems at Geeks.com raised many questions about such certifications, including several raised by Dark Reading's own John Sawyer. (See Are You Hacker-Safe?)

Clearly, both hackers and researchers are back at their computers, and that means a new generation of tasks for security professionals. Here's hoping that things settle down -- or at least slow down -- during the rest of the year.

— Tim Wilson, Site Editor, Dark Reading

Read more about:

2008
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events