MWC2017: Day 1

Today was productive at Mobile World Congress 2017. Our booth assignment is in Hall 8 at Fira Montjuic, with a detailed map here. We met with a myriad of companies already including carriers, IoT developers, and several high-profile companies in the mobile industry. We demonstrated our offerings via demo and we conveyed the importance of…

We’re attending Mobile World Congress #MWC2017

We have been sponsored to participate in Mobile World Congress hosted in beautiful Barcelona Spain, Feb 27 – Mar 2, 2017. MWC is an annual gathering for the mobile industry and for related industries. The annual event provides an excellent channel for these interconnected entities to display cutting-edge technologies, network, make partnerships, and more. They…

Brute Force Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 Base Station to Camera Communication Basics As we shared in a previous blog article, the Netgear ARLO security camera system consists of a base station and multiple camera units that operate on batteries. The ARLO base station and camera…

Factory Reset Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 In our ongoing curiosity of IoT products, we took a look at ARLO, a home security camera system from Netgear. ARLO is Netgear’s competing product to the Google Nest Dropcam. When I first researched network security cameras last summer ahead…

Rediscovery of NetUSB Vulnerability in Broadband Routers

Figure 1 Connecting UART connections to the target device

Recently NewSky Security Labs performed white-box testing on a Netgear networking product, the R6050 model. During our investigation into the system, we found an exploitable vulnerability in the NetUSB module present in the system. NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide “USB over IP” functionality. NetUSB is included in…

Mobile devices bundled with malware?

When you purchase a mobile device, you expect the device to be free of digital threats, clear of viruses, and otherwise safe to use. According to a G Data Mobile Malware Report for Q2 of 2015, more than 20 smartphone models were identified to contain modified or manipulated versions of common apps such as Facebook:…

Smart devices as Bitcoin mining slaves

Recently, we blogged about unintentionally installing Android ransomware to an Android HD media player. It is possible and probable that other unwanted programs, such as Bitcoin mining trojans could be installed on a smart device. Background Bitcoin (BTC) is one of several popular digital (virtual) currency payment systems. It is decentralized and functions peer-to-peer (P2P)…

Critical Stagefright flaw, millions affected

In late July, researchers with Zimperium announced the discovery of a critical flaw in the Android library libstagefright, potentially affecting 95% of all Android devices, from Android Froyo (2.2) to Lollipop (5.0). The flaw could result in the device getting owned if successfully exploited. Google illustrates Android media architecture and framework in the following diagram:…