• United States



4 Flaws: Critical vulnerabilities in Huawei routers and more

Jul 31, 20122 mins
Data and Information SecurityNetwork Security

Editor’s note: 4 Flaws is a new column where I’ll recap 4 vulnerabilities per month. With that, here are the flaws making news of late:

1.) Hackers target Huawei for “insecure coding practices and lack of security transparency.” Security researchers unveiled critical holes in routers from Chinese networking and telecommunications equipment manufacturer Huawei at Defcon in July. A session hijack, heap overflow and stack overflow were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to hijack the devices, researcher Felix Lindner, said.

2.) Researcher shows off Windows 8 attacks. There are at least three attack points in Windows 8 that could uncover exploitable vulnerabilities, said researcher Sung-ting Tsai, leader of an advanced threat research team for Trend Micro.

3.) Vulnerabilities found in three popular payment terminal models can result in credit card data theft, researchers say. Three widely deployed payment terminals have security holes attackers could exploit to steal credit card data and PINs. Researchers Nils and Rafael Dominguez Vega showed off the flaws at Black Hat.

4.) Researcher demos NFC-based smartphone hacking. Accuvant Labs researcher Charlie Miller demoed a way to break into both the Google/Samsung Nexus Sand Nokia N9 via Near Field Communication (NFC) capability in the smartphones. Miller showed Black Hat attendees how it’s possible to set up NFC-based radio communication to share content with the smartphones to play such tricks as writing an exploit to crash phones and even in certain circumstances read files on the phone.

Contributors to this report: Lucian Constantin Ellen Messmer and Tim Greene