Members

Blog Posts

BUY REAL PASSPORT ONLINE <a href="https://worldpassporte.com/">https://worldpassporte.com/</a>

Posted by jobclif on September 23, 2024 at 9:07am 0 Comments

https://worldpassporte.com/ Do you urgently need a valid passport, Driver’s license, ID Cards, Residence Permit, toefl – ielts certificate and ….. in a couple of days but Not ready to go through the long stressful process?IF “YES ” you found yourself a solution as our service includes the provision of valid EU Passport, drivers licenses, IDs, SSNs and more at good rates.…

Continue

Why ISTANA189 is the Top Choice for Online Interaction

Posted by geekstation on September 23, 2024 at 9:01am 0 Comments

ISTANA189is making waves as a top destination for online enthusiasts who seek an interactive digital experience. With multiple offerings, ISTANA189 stands out in today's digital marketplace.



Whether you're a beginner or a regular user, ISTANA189 delivers something for everyone. Thanks to its easy-to-use design to its advanced features, ISTANA189 is attracting a growing number of users.



ISTANA189 emphasizes ensuring safety and privacy… Continue

Colour Trading Game 2024: Win Gold & Lakhs of Bonuses

Posted by QKSEO on September 23, 2024 at 8:59am 0 Comments

The online gaming landscape is continually evolving, and one of the most thrilling developments in recent years is the rise of the Colour Trading Game. This innovative and engaging game has captured the attention of thousands of players, offering not only entertainment but also lucrative rewards such as gold and cash bonuses. In 2024, the Colour Trading Game has gained significant traction, attracting new players eager to experience its unique gameplay and enticing opportunities… Continue

Water Taxi Market Value Chain, Stakeholder Analysis and Trends 2030

Posted by Akash Ra on September 23, 2024 at 8:55am 0 Comments

Water Taxi Market size was valued at USD 36.97 Thousand Units in 2023 and the total Water Taxi revenue is expected to grow at a CAGR of 4.73% from 2024 to 2030, reaching nearly USD 51.09 Thousand Units by 2030.

Water Taxi Market Report Scope and Research Methodology

The report is a thorough analysis of the Water…

Continue

Nuki Smart Lock Vulnerabilities Allow Hackers to Open Doors

Nuki Smart Lock Vulnerabilities Allow Hackers to Open Doors



Nuki Smart Lock and Nuki Bridge – that allow users to unlock their doors with their smartphones by simply walking in range.To get more news about smart home security products, you can visit securamsys.com official website.

The vulnerabilities identified by NCC Group in the latest versions of the products could allow attackers to intercept a Nuki product’s network traffic, to execute arbitrary code on the device, to send commands with elevated privileges, or cause a denial-of-service (DoS) condition. The vendor has released patches.Nuki smart lock vulnerabilities

“Some of the vulnerabilities result in a fully compromised device, including capabilities to open and close the door without the owner noticing,” NCC researchers Guillermo del Valle Gil and Daniel Romero told SecurityWeek.

“This could be achieved either from the same WiFi network as the lock device, or from Nuki servers themselves. Some of the other attacks require physical access to at least one device, which may be possible, since some of them are installed outside the protected area,” the researchers also said.

Both Nuki Smart Lock and Nuki Bridge were found to lack SSL/TLS certificate validation, allowing an attacker to perform a man-in-the-middle attack and intercept network traffic. The bug is tracked as CVE-2022-32509.

“It was possible to set up an intercepting proxy to capture, analyze and modify communications between the affected device and the supporting web services,” NCC Group explains in a technical advisory.

The security researchers also identified two buffer overflow bugs (CVE-2022-32504 and CVE-2022-32502) that could be exploited to achieve arbitrary code execution on the vulnerable devices.

Impacting the code responsible for parsing JSON objects received from the SSE WebSocket, the first buffer overflow could be combined with the lack of SSL/TLS certificate validation to intercept and tamper with the WebSocket packets to take control of the device.

“Additionally, if a malicious user could get access to the Nuki’s SSE servers this could be used to take control of all the affected devices,” NCC warns.

Discovered in the HTTP API parameter parsing code, the second buffer overflow could be exploited from within the LAN, even if the attacker did not have a valid token, as long as the HTTP API was enabled.

NCC Group also discovered that Nuki’s implementation of the Bluetooth Low Energy (BLE) API lacked proper access controls (CVE-2022-32507), allowing an attacker to send high-privileged commands they should not have permissions to send.

Because BLE commands could be sent from unprivileged accounts, such as the keypad, an attacker could open the keyturner without knowing the keypad code, and could even try to change the keyturner admin security PIN, the researchers say.

To open the keyturner, an attacker would take advantage of the fact that the impacted devices also expose JTAG hardware interfaces. Tracked as CVE-2022-32503, the flaw allows an attacker to tamper with internal and external flash memory.

“An attacker with physical access to any of these ports may be able to connect to the device and bypass both hardware and software security protections. JTAG debug may be usable to circumvent software security mechanisms, as well as to obtain the full firmware stored in the device unencrypted,” NCC says.

The company also discovered SWD hardware interfaces exposed on both Nuki Smart Lock and Nuki Bridge devices, that an unencrypted channel was used for administrative communication – allowing devices on the local network to passively collect network traffic – and that crafted HTTP and BLE packets could be used to cause DoS conditions.

“There were also some denial of service vulnerabilities found which were not fully developed, affecting both the HTTP and Bluetooth APIs. These may end up developing into something bigger, however, these were not the focus of this research,” NCC’s researchers told SecurityWeek.

Views: 45

Comment

You need to be a member of On Feet Nation to add comments!

Join On Feet Nation

© 2024   Created by PH the vintage.   Powered by

Badges  |  Report an Issue  |  Terms of Service