WolfVision Cynap versions 1.18g and 1.28j suffer from a hardcoded credential vulnerability.
d6b2f3a38c59dff4dc8014904e4bc9fb7be3b0831749657f9c23488cc4c0a1ffDue to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) of the ABUS Secvest wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. Version 3.01.01 is affected.
9aa96c7e78ac0cc59dc8c9762e90be180a231028ffcc00fc5372b502ed7fcf6cIn this article, the authors want to present an example of exploiting a trust relationship between two technical devices that can put the confidentiality of sensitive data or the integrity of a computer system at risk. This trust relationship they exploit exists between two Bluetooth devices: On the one side a computer system you want to remain secure and you don't want to be compromised, for example your laptop, or your smartphone, and on the other side a Bluetooth device you usually do not consider worth protecting with special diligence as it simply is an output device of a specific kind and does not persistently store any of your valuable data locally, for example headphones.
b73346666342349f472c954f5a015752063415c14b1cc1ea74d10fb17608bf4aThis whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).
c3809eac9d774959095aaa64f57d5970b03ee8190b8247907992919c1953a04eWhitepaper call Of Mice and Keyboards. This write up gives you an overview on the security of modern wireless desktop sets.
a23b6c71f4bc4c2bb5db90ee5bab0a7cd56644257573acdf96d51e19d1e89e12SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.
f2b5958d04f9bcacb801da8a3f95c98a49142000d47cd1feadd0ebc033c088f0Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.
b19e73ae566f67141fff01b385e124ffe916d02b99d2f4b1eb6581a9331a10b9Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.
a33d718d22481da6180fc9af25a09eb7609ae79013ec68a0eb5bd6fddea35071Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.
5b91e6090047fef94d34dd0fd973cc4e86a6c54ee1ac8d86d8a8818ca9bfdecaWireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.
76381a4aa95212b548a5c57eb1416134f9c09f4ceba809253b945b2d5b315328Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).
a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
f4bc0516c208b0307fe50d327f89c8d288ef83ffc61506179cd54509362894b3The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
1638ec208f8e37eaf9b5a1c43ce2ce9035fedf7e2ee03ce599899ee97a9d2669The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.
b5b536b4797a8eff1eb40c967a4bdf37db110f16f71fc0a6f0da5e15e92a9b27CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.
3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313Microsoft Wireless Desktop 2000 suffers from insufficient verification of data authenticity and mouse spoofing vulnerabilities.
bc89d14332c2b68a2ee9f6c37aaad16729c3eaea94ed00aa4a432e5198e87c01Perixx Computer PERIDUO-710W suffers from cryptographic issues and keystroke injection vulnerabilities.
8a417656e3f50e51e5bc8be30c76990235aac75b6972f2542d7dafd6526a1364Perixx Computer PERIDUO-710W suffers from insufficient protection of code (firmware) and data (cryptographic key).
38f937f8061cad43b21e684ff35b905293604b2bc0497e65235d623d04f62a1cPerixx Computer PERIDUO-710W suffers from cryptographic issues and replay attack vulnerabilities.
1a00902e3cc0b35718d10d3b1e91ac8b418d375cddc8f60c930a86c9a262dc22Logitech K520 keyboards suffer form cryptographic issues and insufficient protection against replay attacks.
02220b6a6fed68dae857d702f9529ab8a00d04c1577c2ca7f2ea7e090a2225d2CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and keystroke injection vulnerabilities.
8d783cf17d0aeb744bc415fcc3f5209b17a3b0f1fec084fd4a66af59968c352fCHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from insufficient protection of code (firmware) and data (cryptographic key).
f1ff00bde501a530edae9d601cb3986ee2e1274ad3e4408f7af68bf525e7d5f6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed