Security Wrap-Up (August 10th, 2021)

Hi, everybody - Chad here. First off, Happy Tuesday! You’ve survived another Monday in 2021, and that’s no small feat! This week’s on time Security Wrap-Up is chock full of frustrating news, simple annoyances, and maybe a couple of things that even angried up my blood…real good! So, let’s get to it:

New “Glowworm attack” recovers audio from devices’ power LEDs
If you’re like me, you often sit on the balcony of your condo staring to the west - the glorious Red Rocks Amphitheater in the foreground, when it’s got-danged visible - and ponder the world’s seeming lack of evil geniuses. Well then, here’s a story for you. From ArsTechnica: “Researchers at Ben-Gurion University of the Negev have demonstrated a novel way to spy on electronic conversations. A new paper released today outlines a novel passive form of the TEMPEST attack called Glowworm, which converts minute fluctuations in the intensity of power LEDs on speakers and USB hubs back into the audio signals that caused those fluctuations.” As of now, a potential target seems wouldn’t be likely to expect or actively defend against Glowworm, but that could all change after the team presents its paper at the CCS21 security conference later this year.

FlyTrap malware hijacks thousands of Facebook accountsFlyTrap malware hijacks thousands of Facebook accounts
Hey, guess what - a new Android threat that researchers have dubbed “FlyTrap” has been hijacking FB accounts in at least 140 countries by stealing session cookies. Basically, using an old method to trick victims into using their Facebook credentials to log into other, malicious apps that can collect the data associated with that specific Facebook session. The bait was mostly offers for free coupon codes for thins like Netflix, Google AdWords. Despite not using a new technique, FlyTrap managed to hijack a significant number of Facebook accounts. With a few tweaks, it could easily become a more dangerous threat to mobile devices, research shows.

Amazon Kindle vulnerable to malicious eBooks
In this week’s news that makes me want to punch a kitten, it was discovered this week that a security flaw in Amazon’s Kindle e-reader can make it vulnerable to malicious eBooks. This could allow attackers to turn the devices into bots, compromise personal information and more. The research shows just how easily an eBook can be used to as a malware vector. “Antivirus [protections] do not have signatures for eBooks,” the researchers commented . “A malicious eBook can be published and made available for free access in any virtual library, including the Kindle Store…” Okay, look…I love my Kindle and I’ll fight to protect it, so I’m just going to forget about this story. What story??

1 Like