Friday, May 30, 2014

Android devices and routers over Wi-Fi under New Heartbleed attack

The Heartbleed attack that left encrypted data vulnerable to theft is still causing problems, according to a new report. Luis Grangeia, partner and security services manager at information security firm SysValue, claims to have found a new vector that leaves wireless routers and Android devices vulnerable to attack. Dubbed "Cupid", the vulnerability theoretically lets attackers capture data transmitted between Android devices and Wi-Fi routers. Grangeia claims the attack uses the same procedure as Heartbleed, but it is carried out over Wi-Fi rather than the open web. Devices running Android 4.1.1 are already known to be vulnerable to Heartbleed, however Grangeia warns iOS and OSX may also be at risk from Cupid and that administrators should "test everything". <more>

No comments: