The researcher Ralf-Phillip Weinmann , managing director at security firm Comsecuris , has disclosed Vulnerability-related.DiscoverVulnerability a zero-day baseband vulnerability affecting Vulnerability-related.DiscoverVulnerability Huawei smartphones , laptop WWAN modules , and IoT components . Baseband is firmware used on smartphones to connect to cellular networks , to make voice calls , and transmit data . An attacker can exploit baseband flaws to eavesdrop Attack.Databreach mobile communications , take over the device making calls and sending SMS messages to premium numbers or to exfiltrate Attack.Databreach data . The expert revealed Vulnerability-related.DiscoverVulnerability the flaw this week at the Infiltrate Conference , the vulnerability could be exploited Vulnerability-related.DiscoverVulnerability by attackers to execute a memory-corruption attack against affected devices over the air . Fortunately , the attack is quite difficult to conduct . The baseband vulnerability resides in Vulnerability-related.DiscoverVulnerability the HiSilicon Balong integrated 4G LTE modems . The Balong application processor is called Kirin , it is produced by the Hisilicon Technologies , a subsidiary of Huawei Technologies . The affected firmware is present in several Huawei Honor smartphones , including the P10 , Huawei Mate 9 , Honor 9 , 7 , 5c and 6 . Weinmann believes that millions of Honor smartphones could be exposed to the to attack . Weinmann presented Vulnerability-related.DiscoverVulnerability multiple baseband vulnerabilities found in Vulnerability-related.DiscoverVulnerability the Kirin application processor . The expert also revealed that many laptops produced by IT vendors leverage the HiSilicon Balong integrated modem , such as a number IoT devices . “ This baseband is much easier to exploit than other basebands . Why ? I ’ m not sure if this was intentional , but the vendor actually published the source code for the baseband which is unusual , ” Weinmann said . “ Also , the malleability of this baseband implantation doesn ’ t just make it good for device experimenting , but also network testing. ” Weinmann speculates HiSilicon may have wrong released the Kirin source code as part of a developer tar archive associated with the Huawei H60 Linux kernel data . Weinmann demonstrated several attack scenarios against mobile phones . A first attack scenario presented by the researcher involves setting up a bogus base station using open-source software called OpenLTE that is used by an attacker to simulate a network operator . The attacker can send specially crafted packets over the air that trigger a stack buffer overflow in the LTE stack causing the phone crashing . Once the phone rebooted an attacker can gain persistence installing a rootkit . In a second attack scenario , the attacker with a physical access to the phone and private key pair data would install malicious tools on the firmware . “ It requires key material that is stored both by the carrier and on the SIM card in order to pass the mutual authentication between the phone and the network . Without this key material , a base station can not pose as a legit network towards the device. ” Weinmann used for its test his own VxWorks build environment using an evaluation version of VxWorks 7.0 that shipped with Intel Galileo several years ago . The expert explained that the existence of a Lua scripting interpreter running in the baseband gives him further offensive options . Weinmann did not disclose the technical details to avoid threat actors in the wild will abuse his technology . “ I have chosen to only disclose lower-severity findings for now . Higher severity findings are in the pipeline. ” Weinmann said .

The device manufacturer acquired St Jude Medical last year and has since been working to fix Vulnerability-related.PatchVulnerability severe vulnerabilities found in Vulnerability-related.DiscoverVulnerability its pacemakers . Abbott released Vulnerability-related.PatchVulnerability its second and final round of planned cybersecurity updates to its pacemakers , programmers and remote monitoring systems to fix Vulnerability-related.PatchVulnerability severe cybersecurity flaws in the devices . The patch will update Vulnerability-related.PatchVulnerability the battery performance alert , allowing the device to monitor for abnormal battery behavior and automatically vibrate to tell the patient when something is wrong . The planned updates began last year , and the latest firmware update was approved Vulnerability-related.PatchVulnerability by the Food and Drug Administration last week . The update applies to Vulnerability-related.PatchVulnerability about 350,000 of Abbott ’ s implantable cardioverter defibrillators and implantable cardiac resynchronization therapy defibrillators . The devices were originally manufactured by St Jude Medical , which Abbott acquired last year . At that time , St Jude was under fire for remaining quiet about defibrillator issues that caused rapid battery depletion . The FDA found St Jude continued to ship these devices despite knowing about the defect . In fact , the agency found those flaws caused patient deaths . The flaws , made public Vulnerability-related.DiscoverVulnerability in 2016 by Muddy Waters and security firm MedSec , could allow an unauthorized user to access the defibrillaors and modify the programming controls . Since acquiring St Jude , Abbott has been working to patch Vulnerability-related.PatchVulnerability those vulnerabilities . The FDA ’ s recall notice said the firmware update will reduce the risk of patient harm due to premature battery depletion and potential exploitation of the flaws in the devices . The update will effectively complete the necessary patches to prevent unauthorized access . The update is not a response to any new flaws , but are merely a continuation of last year ’ s patches , according to officials . `` Technology and its security are always evolving , and this firmware upgrade is part of our commitment to ensuring our products include the latest advancements and protections for patients , '' said Robert Ford , executive vice president of medical devices at Abbott , in a statement .

Cisco Systems yesterday issued 17 security advisories , disclosing Vulnerability-related.DiscoverVulnerability vulnerabilities in multiple products , including at least three critical flaws . One of them , a privileged access bug found in Vulnerability-related.DiscoverVulnerability seven models of its Small Business Switches , has not yet been patched Vulnerability-related.PatchVulnerability , but the company has recommended a workaround to limit its potential for damage . Designated CVE-2018-15439 with a CVSS score of 9.8 , the unsolved privileged access vulnerability could allow a remote attacker to bypass an affected device ’ s user authentication mechanism and obtain full admin rights without the proper administrators being notified . Although there is currently no software fix , a Cisco advisory says users can implement a workaround by “ adding at least one user account with access privilege set to level 15 in the device configuration. ” Affected device models are the Cisco Small Business 200 Series Smart Switches , Small Business 300 Series Managed Switches , Small Business 500 Series Stackable Managed Switches , 250 Series Smart Switches , 350 Series Managed Switches , 350X Series Stackable Managed Switches and 550X Series Stackable Managed Switches . The other critical flaws confirmed Vulnerability-related.DiscoverVulnerability in Cisco products were an authentication bypass vulnerability in the Stealthwatch Management Console of Cisco Stealthwatch Enterprise and a remote shell command execution bug in Unity Express . These also carry CVSS scores of 9.8 . Cisco published a fourth critical advisory warning Vulnerability-related.DiscoverVulnerability of a remote code execution bug in the Apache Struts Commons FileUpload Library ; however , it is unknown at this time if any Cisco products and services are affected . Additional vulnerabilities were found Vulnerability-related.DiscoverVulnerability in the Cisco ’ s Meraki networking devices , Video Surveillance Media Server , Content Security Management Appliance , Registered Envelope Service , Price Service Catalog , Prime Collaboration Assurance , Meeting Server , Immunet and AMP for Endpoints , Firepower System Software , Energy Management Suite and Integrated Management Controller Supervisor . And in one final , odd advisory , Cisco acknowledged that a flub in its QA practices allowed dormant exploit code for the Dirty Cow vulnerability to be included in shipping software images for its Expressway Series and Cisco TelePresence Video Communication Server ( VCS ) software . “ The presence of the sample , dormant exploit code does not represent nor allow an exploitable vulnerability on the product , nor does it present a risk to the product itself as all of the required patches for this vulnerability have been integrated Vulnerability-related.PatchVulnerability into all shipping software images , ” said the advisory . “ The affected software images have proactively been removed from the Cisco Software Center and will soon be replaced Vulnerability-related.PatchVulnerability with fixed software images . ”