Attack of the week: Voice calls in LTE I haven’t written an “attack of the week” post in a while, and it’s been bumming me out. This is not because there’s been a lack of attacks, but mostly because there hasn’t been an attack on something sufficiently widely-used that it can rouse me out of my blogging torpor. But today brings a beautiful… Read More
Hackers Tell the Story of the Twitter Attack From the Inside A Twitter hacking scheme that targeted political, corporate and cultural elites this week began with a teasing message between two hackers late Tuesday on the online messaging platform Discord.“yoo bro,” wrote a user named “Kirk,” according to a screenshot of the conversation shared with The New York Times. “i work at twitter / don’t show… Read More
The $100,000 bug in Sign in with Apple In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid… Read More
Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 Samsung patches 0-click vulnerability impacting all smartphones sold since 2014 Samsung patched this month a critical bug discovered by Google security researchers. South Korean smartphone vendor Samsung released this week a security update to fix a critical vulnerability impacting all smartphones sold since 2014. The security flaw resides in how the Android OS flavor running… Read More
Children’s computer game Roblox employee bribed by hacker for access to millions of users’ data A hacker who bribed a worker for the online video game Roblox managed to gain access to the personal information of over 100 million active users, the ability to change passwords and email addresses, and allocate in-game currency. The hacker first paid an employee to look up data about users, and then targeted a customer… Read More
These Guys Figured Out a Way to Get Endless Free McDonald’s Last November, software developers Lenny Bakkalian and David Albert discovered two loopholes in the German McDonald’s system which allowed them to order an endless supply of free food. Recently, I met the two Hamburglars and their colleague Mats Tesch at an East Berlin McDonald’s so they could show me how they did it. McDonald’s receipts… Read More
MGM Hotel Hack Leaves 10.6M Guests’ Personal Data Exposed 10.6 million people who had stayed at MGM Resorts have had their personal data published on a hacking forum, it was revealed this week. It is thought that the recent breach stems from an earlier incident which occurred last year, whereby unauthorised actors were able to access MGM’s internal cloud and therefore the personal information… Read More