Security News

Glowworm attack decrypts sound from light

Plus, a hacker steals and returns $600 million, and botnets are targeting some home Wi-Fi routers

Researchers at Ben-Gurion University of the Negev published a paper this week in which they outline how a passive form of the TEMPEST attack, called Glowworm, can reconstruct the sound passing through a computer’s speakers by analyzing the minute and nuanced fluctuations of that computer’s power indicator LED light. After testing a wide array of consumer devices including smart speakers, simple PC speakers, and USB hubs, the team concluded that the power indicator LEDs on the devices were generally influenced by the audio signals coming through the unit’s speakers. To play out the Glowworm attack, a photodiode was used to convert the perceived electrical current into an electrical signal. That signal was then run through an Analog/Digital Converter (ADC) and played back as sound. 

“Fortunately, even though the attack works, for once this is something we mere mortals do not need to be concerned about,” Avast Security Evangelist Luis Corrons reassured us. “It could be used by some intelligence agency, but it has a number of limitations that prevent it from becoming a worthy attack vector.” For more on this story, see Ars Technica

Kaseya decryption key leaked

Cloud-based IT management company Kaseya was the victim of a ransomware attack last month, but after its attackers vanished, the decryption key turned up online. The REvil ransomware gang attacked Kaseya in early July, in turn affecting 60 MSPs and 1,500 businesses. Strangely, after demanding $70 million for the decryption key, REvil seemed to disappear. Its payment sites were all shut down. But Bleeping Computer confirmed that a decryptor key mysteriously acquired by Kaseya is indeed the decryptor that can unlock any system compromised by the Kaseya attack.

Facebook Dating adds new features

EMEA tech communications specialist at Facebook Alexandru Voica announced on Twitter that Facebook Dating is getting 3 new features: Match Anywhere, Lucky Pick, and Audio Dates. Match Anywhere will allow hopeful singles to search for love in more than one location, intended for those who may have to work across multiple cities. Lucky Pick is meant for those whose search preferences are not hard and fast, introducing them to compatible matches who may be outside their typical preferences. And Audio Dates allows potential matches to start up an audio chat if both participants accept. Facebook Dating is not to be confused with Facebook’s other dating app Sparked. Read more at The Verge

Hacker steals over $600M, then returns it

In the largest digital asset heist ever, a hacker transferred $611 million in cryptocurrency from token-swapping platform Poly Network, only to return as much of those funds as they could less than 2 days later. Poly Network is a service that allows its customers to transfer funds among the Binance Smart Chain, Ethereum blockchain, and Polygon blockchain. The hacker overrode the three blockchains and diverted funds to three wallet addresses. The next day, however, the assets began transferring back to Poly Network. Everything was returned save $33 million which had been frozen by the Tether platform. It’s still unknown who perpetrated the attack and whether it was an “ethical hack” to illustrate the vulnerability or a criminal hack that went awry. For more, see Reuters.

Botnet attacks target millions of home Wi-Fi routers

After a researcher demonstrated the exploitation of a vulnerability in a Buffalo home Wi-Fi router, Buffalo patched the flaw, but attackers began exploiting the same bug in other router brands. According to Tom’s Guide, all vulnerable routers were manufactured by Taiwanese tech company Arcadyan. The models are sold by 20 different companies as various brands. The full list is available in the Tom’s Guide article, and it includes devices put out by Verizon, Vodafone, and Telus, among others. Savvy users can protect themselves by disabling remote access in their routers, while others will have to wait for firmware updates.

This week’s ‘must-read’ on The Avast Blog

There's no time like the present to set up two-factor authentication (2FA) on your Facebook account, so hackers don’t hijack your profile and use your own security against you. We'll tell you how.