The researcher Ralf-Phillip Weinmann , managing director at security firm Comsecuris , has disclosed Vulnerability-related.DiscoverVulnerability a zero-day baseband vulnerability affecting Vulnerability-related.DiscoverVulnerability Huawei smartphones , laptop WWAN modules , and IoT components . Baseband is firmware used on smartphones to connect to cellular networks , to make voice calls , and transmit data . An attacker can exploit baseband flaws to eavesdrop Attack.Databreach mobile communications , take over the device making calls and sending SMS messages to premium numbers or to exfiltrate Attack.Databreach data . The expert revealed Vulnerability-related.DiscoverVulnerability the flaw this week at the Infiltrate Conference , the vulnerability could be exploited Vulnerability-related.DiscoverVulnerability by attackers to execute a memory-corruption attack against affected devices over the air . Fortunately , the attack is quite difficult to conduct . The baseband vulnerability resides in Vulnerability-related.DiscoverVulnerability the HiSilicon Balong integrated 4G LTE modems . The Balong application processor is called Kirin , it is produced by the Hisilicon Technologies , a subsidiary of Huawei Technologies . The affected firmware is present in several Huawei Honor smartphones , including the P10 , Huawei Mate 9 , Honor 9 , 7 , 5c and 6 . Weinmann believes that millions of Honor smartphones could be exposed to the to attack . Weinmann presented Vulnerability-related.DiscoverVulnerability multiple baseband vulnerabilities found in Vulnerability-related.DiscoverVulnerability the Kirin application processor . The expert also revealed that many laptops produced by IT vendors leverage the HiSilicon Balong integrated modem , such as a number IoT devices . “ This baseband is much easier to exploit than other basebands . Why ? I ’ m not sure if this was intentional , but the vendor actually published the source code for the baseband which is unusual , ” Weinmann said . “ Also , the malleability of this baseband implantation doesn ’ t just make it good for device experimenting , but also network testing. ” Weinmann speculates HiSilicon may have wrong released the Kirin source code as part of a developer tar archive associated with the Huawei H60 Linux kernel data . Weinmann demonstrated several attack scenarios against mobile phones . A first attack scenario presented by the researcher involves setting up a bogus base station using open-source software called OpenLTE that is used by an attacker to simulate a network operator . The attacker can send specially crafted packets over the air that trigger a stack buffer overflow in the LTE stack causing the phone crashing . Once the phone rebooted an attacker can gain persistence installing a rootkit . In a second attack scenario , the attacker with a physical access to the phone and private key pair data would install malicious tools on the firmware . “ It requires key material that is stored both by the carrier and on the SIM card in order to pass the mutual authentication between the phone and the network . Without this key material , a base station can not pose as a legit network towards the device. ” Weinmann used for its test his own VxWorks build environment using an evaluation version of VxWorks 7.0 that shipped with Intel Galileo several years ago . The expert explained that the existence of a Lua scripting interpreter running in the baseband gives him further offensive options . Weinmann did not disclose the technical details to avoid threat actors in the wild will abuse his technology . “ I have chosen to only disclose lower-severity findings for now . Higher severity findings are in the pipeline. ” Weinmann said .

A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices . A vulnerability in the mobile apps of major banks could have allowed attackers to steal Attack.Databreach customers ' credentials including usernames , passwords , and pin codes , according to researchers . The flaw was found Vulnerability-related.DiscoverVulnerability in apps by HSBC , NatWest , Co-op , Santander , and Allied Irish bank . The banks in question have now all updated Vulnerability-related.PatchVulnerability their apps to protect against the flaw . Uncovered Vulnerability-related.DiscoverVulnerability by researchers in the Security and Privacy Group at the University of Birmingham , the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information . The vulnerability lay in Vulnerability-related.DiscoverVulnerability the certificate pinning technology , a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate . While certificate pinning usually improves security , a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim 's online banking . As a result , certificate pinning can hide the lack of proper hostname verification , enabling man-in-the-middle attacks . The findings have been outlined Vulnerability-related.DiscoverVulnerability in a research paper and presented Vulnerability-related.DiscoverVulnerability at the Annual Computer Security Applications Conference in Orlando , Florida . The tool was run on 400 security critical apps in total , leading to the discovery Vulnerability-related.DiscoverVulnerability of the flaw . Tests found Vulnerability-related.DiscoverVulnerability apps from some of the largest banks contained the flaw which , if exploited Vulnerability-related.DiscoverVulnerability , could have enabled attackers to decrypt , view , and even modify network traffic from users of the app . That could allow them to view information entered and perform any operation that app can usually perform -- such as making payments or transferring of funds . Other attacks allowed hackers to perform in-app phishing attacks Attack.Phishing against Santander and Allied Irish bank users , allowing attackers to take over part of the screen while the app was running and steal Attack.Databreach the entered credentials . The researchers have worked with the National Cyber Security Centre and all the banks involved to fix Vulnerability-related.PatchVulnerability the vulnerabilities , noting that the current version of all the apps affected Vulnerability-related.DiscoverVulnerability by the pinning vulnerability are now secure . A University of Birmingham spokesperson told ZDNet all the banks were highly cooperative : `` once this was flagged to them they did work with the team to amend it swiftly . ''

A particular TP-Link router model will spew out its admin password in cleatext to anyone that sends an SMS message to the router 's SIM card with a particular script inside , according to German security researcher Jan Hörsch , who shared Vulnerability-related.DiscoverVulnerability his findings with German newspaper Heise.de . The vulnerability affects Vulnerability-related.DiscoverVulnerability TP-Link model M5350 , a 3G mobile Wi-Fi router , often distributed by mobile telco providers to their customers , along with a SIM card they insert in the router . This SIM card allows the router to connect to the mobile operator 's network , and just like any SIM card , has its own telephone number . In an online conversation with Bleeping Computer , Hörsch , who 's a researcher for German cyber-security firm Securai , says that after he analyzed the router 's firmware , he discovered Vulnerability-related.DiscoverVulnerability a vulnerability in the feature that handles incoming SMS messages . By sending the following SMS , the router would answer back with the admin account password , the Wi-Fi network SSID , and the Wi-Fi network 's password . The issue is n't as dangerous as it sounds , mainly because the attacker needs to know the router SIM card 's phone number in order to exploit it , Hörsch told Bleeping Computer . This issue is one of many the researcher discovered Vulnerability-related.DiscoverVulnerability in recent months in various devices . His findings were summarized and presented in a talk at the recently concluded Kaspersky Security Analyst Summit ( SAS ) , held last week . In the same talk , Hörsch also presented Vulnerability-related.DiscoverVulnerability several other vulnerabilities that allowed him to obtain root access to Hootoo Travelmate and Trendnet TEW714TRU routers and Vstarcam webcams . Other vulnerabilities the researcher discovered Vulnerability-related.DiscoverVulnerability and presented Vulnerability-related.DiscoverVulnerability at SAS include the presence of a hardcoded Telnet password in Startech modems , and a very simple to exploit authentication bypass for Panasonic BM ET200 retina scanners , which allowed anyone access to the admin panel just by deleting a few parameters in an URL . His presentation Vulnerability-related.DiscoverVulnerability also detailed Vulnerability-related.DiscoverVulnerability several flaws in Western Digital MyCloud NAS hard drives , some of which were made public at the start of March by another researcher who disclosed Vulnerability-related.DiscoverVulnerability the bugs .

A particular TP-Link router model will spew out its admin password in cleatext to anyone that sends an SMS message to the router 's SIM card with a particular script inside , according to German security researcher Jan Hörsch , who shared Vulnerability-related.DiscoverVulnerability his findings with German newspaper Heise.de . The vulnerability affects Vulnerability-related.DiscoverVulnerability TP-Link model M5350 , a 3G mobile Wi-Fi router , often distributed by mobile telco providers to their customers , along with a SIM card they insert in the router . This SIM card allows the router to connect to the mobile operator 's network , and just like any SIM card , has its own telephone number . In an online conversation with Bleeping Computer , Hörsch , who 's a researcher for German cyber-security firm Securai , says that after he analyzed the router 's firmware , he discovered Vulnerability-related.DiscoverVulnerability a vulnerability in the feature that handles incoming SMS messages . By sending the following SMS , the router would answer back with the admin account password , the Wi-Fi network SSID , and the Wi-Fi network 's password . The issue is n't as dangerous as it sounds , mainly because the attacker needs to know the router SIM card 's phone number in order to exploit it , Hörsch told Bleeping Computer . This issue is one of many the researcher discovered Vulnerability-related.DiscoverVulnerability in recent months in various devices . His findings were summarized and presented in a talk at the recently concluded Kaspersky Security Analyst Summit ( SAS ) , held last week . In the same talk , Hörsch also presented Vulnerability-related.DiscoverVulnerability several other vulnerabilities that allowed him to obtain root access to Hootoo Travelmate and Trendnet TEW714TRU routers and Vstarcam webcams . Other vulnerabilities the researcher discovered Vulnerability-related.DiscoverVulnerability and presented Vulnerability-related.DiscoverVulnerability at SAS include the presence of a hardcoded Telnet password in Startech modems , and a very simple to exploit authentication bypass for Panasonic BM ET200 retina scanners , which allowed anyone access to the admin panel just by deleting a few parameters in an URL . His presentation Vulnerability-related.DiscoverVulnerability also detailed Vulnerability-related.DiscoverVulnerability several flaws in Western Digital MyCloud NAS hard drives , some of which were made public at the start of March by another researcher who disclosed Vulnerability-related.DiscoverVulnerability the bugs .

The problems arise from Vulnerability-related.DiscoverVulnerability the way Java and Python ( through the urllib2 library in Python 2 and urllib library in Python 3 ) handle FTP links , which allow the attacker to inject newline ( CRLF ) characters inside the URL , making the Java and Python code think some parts of the URL are new commands . This leads to a flaw that security researchers call Vulnerability-related.DiscoverVulnerability `` protocol injection . '' The FTP protocol injection issue was first detailed Vulnerability-related.DiscoverVulnerability by Russian security lab ONsec in 2014 , but never got the public attention it needed . Two recent reports Vulnerability-related.DiscoverVulnerability have raised Vulnerability-related.DiscoverVulnerability the profile of this flaw , describing two new exploitation scenarios . Security researcher Alexander Klink detailed Vulnerability-related.DiscoverVulnerability on his blog how the FTP protocol injection flaw could be used to send emails using Java 's FTP URL handler . Two days later , Timothy Morgan of Blindspot Security came forward and presented Vulnerability-related.DiscoverVulnerability a more ominious exploitation scenario where the FTP URL handlers in Java and Python could be used to bypass firewalls . Morgan also revealed Vulnerability-related.DiscoverVulnerability that his company informed Vulnerability-related.DiscoverVulnerability both the Python team ( in January 2016 ) and Oracle ( in November 2016 ) about the FTP protocol injection flaw , but neither have issued updates to address Vulnerability-related.PatchVulnerability the reported problem . At the heart of the FTP protocol injection attack resides an older issue in the FTP protocol itself , which is classic mode FTP . The classic mode FTP is an older mechanism that governs how FTP clients and servers interact , which was proved to be insecure in issue # 60 of the Phrack hacking magazine and later detailed in more depth by Florian Weimer . Classic mode FTP has been replaced by a more secure method of client-server FTP interactions known as passive mode FTP . Nevertheless , most firewall products support classic mode FTP connections .