Newsletter

The Top 7 Product Security Lessons From DEFCON

Karamba Security | August 22nd, 2019
defcon logo

From substandard router security to ransomware attacks on your camera, it was an eye-opening week at DEFCON earlier this month. Here are the top product security takeaways.

Study Finds “Terrible” Security Measures in 18 Leading Vendors - including Asus, Belkin, D-Link, Linksys, TP-Link and More (SecurityLedger)

security logo

Study analyzed more than 6,000 firmware images reaching back 15 years and found that even the most updated firmware doesn’t protect against overflow attacks.

Researchers Find 35 vulnerabilities in Office Printers Manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother (threatpost)

printer

Of the vulnerabilities, 22 are overflow attacks which can lead to remote code execution and the complete takeover of an entire enterprise network. Office printers were once again a hot topic, and researchers presented how to steal data from an enterprise by sending a fax to its office printer.

Smile, You’re Being Hacked: How Hackers Could Implant Malware in a Canon DSLR Camera to Hold Users’ Pictures for Ransom (threatpost)

camera

The first attack scenario included an attacker that takes over a PC and leapfrogs an infection into a camera via a USB connection. The second involves placing a rogue Wi-Fi access point in a public setting to leverage a remote attack against the targeted camera. Using the CVE-2019-5995 bug, the researcher was able to run a silent and malicious firmware update.

Hackers Can Turn a Tesla Model S into a Surveillance Device (SecuritySales)

tesla logo

Using free code available on GitHub, security researcher Truman Kain was able to turn the car’s built-in cameras into a surveillance system that identifies, tracks, and stores faces and license plates.

Two Security Flaws in Xilinix SoC Boards Secure Boots Jeopardize Automotive, Aviation, and Industrial Components (ZDnet)

city street

Researchers say the Encrypt Only secure boot mode in Xilinix’s Zynq UltraScale+ brand, which includes SoC, multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip(RFSoC), does not encrypt boot image metadata, leaving this data vulnerable to malicious modifications. Read the full paper here.

Hackers Could Use Remote Ignition App to Steal Tens of Thousands of Vehicles (Wired)

car lot

Software engineer Jmaxxz showcased the vulnerabilities that could allow a hacker to use the “MyCar” app to pinpoint and steal cars.

Malware Can be Remotely Installed in Headphones to Turn them Into Acoustic Weapons and Track Users (Wired)

headphones

A cybersecurity researcher developed malware which can allow an attacker to physically destroy devices and cause bodily harm to users.

Read more

Want to learn more?

Contact Us
Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 833 4KARAMBA

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 892 1547 7583