O.MG Cable – A normal looking USB cable that can hijack your computer when plugged in

It looks like an ordinary Lightning to USB Cable from Apple, yet it’s not: it’s got built-in Wifi and can receive payloads which get executed on the machine it’s plugged in 😱 However, let this be a reminder to never trust external cables (or USB outlets for that matter!), found USB sticks, etc. O.MG Cable […]

Wavethrough – Stealing data from remote sites through (fake) wav files

Jake Archibald discovered a really nice browser bug (which is fixed by now) by which he was able to steal data from remote sites by loading it in as a (fake) wav file. The exploit works as follows: Make a request to evil-script, using a Content-Range header to suggest there’s more data to be loaded […]

Side-channel attacking browsers through CSS3 features

Ruslan Habalov and Dario Weißer found a way to read contents from an iframe, using CSS3: Accessing the DOM of an iframe that includes a cross-origin resource is forbidden by default. However, the content of the iframe was displayed in the same context as the rest of the site so we wanted to verify if […]

The dots do matter: how to scam a Gmail user

Recently James Fisher received an email from Netflix asking him to update his credit card information. “Odd,” I thought, “but OK, I’ll check.” The email is genuinely from netflix.com, so I clicked the link. It logged me in and took me to an “Update your credit or debit card” page, which is genuinely hosted on […]

Login with root and no password on any mac running macOS High Sierra

This tweet is currently making rounds on Twitter: You can access it via System Preferences>Users & Groups>Click the lock to make changes. Then use "root" with no password. And try it for several times. Result is unbelievable! — Lemi Orhan Ergin (@lemiorhan) November 28, 2017 And yes, that actually works: enter root as a username, […]

Stealing your browser history with the W3C Ambient Light Sensor API

A few years ago window.getComputedStyle and the like where adjusted to return the default color of links, instead of the actual color on screen. Security and privacy were the driving factors behind that decision: by styling :visited links with a different color than their non-visited counterparts, a hacker could easily determine which sites a user […]

Ticket Trick: Hacking companies through their helpdesk

Clever way, unearthed by Inti de Ceukelaire, to getting access to private communications channels (such as Slack) by leveraging the create-by-email feature of issue trackers/the helpdesk of a company. First target of Init was Gitlab’s Slack channel: Anyone with a valid @gitlab.com e-mail address can join their Slack team. At the same time, GitLab offers […]

DolphinAttack: Hacking Voice Assistants with Inaudible Voice Commands

About a year ago it came to my attention that voice assistants such as Siri can lead to easily exploitable security issues. As voice assistants are not aware who is talking to them, it doesn’t matter if it’s you or your neighbour shouting “Unlock the door” at ‘m … Now a team from Zhejiang University […]