logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Security Researchers Exploit Amazon Echo's Chromium Bug, Win $60,000 Bounty


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Security Researchers Exploit Amazon Echo's Chromium Bug, Win $60,000 Bounty

IT Security Nachrichten vom | Direktlink: it.slashdot.org Nachrichten Bewertung

An anonymous reader quotes TechCrunch: Two security researchers have been crowned the top hackers in this year's Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama and Richard Zhu, who make up Team Fluoroacetate, scored $60,000 in bug bounties for their integer overflow exploit against the latest Amazon Echo Show 5, an Alexa-powered smart display. The researchers found that the device uses an older version of Chromium, Google's open-source browser projects, which had been forked some time during its development. The bug allowed them to take "full control" of the device if connected to a malicious Wi-Fi hotspot, said Brian Gorenc, director of Trend Micro's Zero Day Initiative, which put on the Pwn2Own contest... When reached, Amazon said it was "investigating this research and will be taking appropriate steps to protect our devices based on our investigation," but did not say what measures it would take to fix the vulnerabilities -- or when. The same researchers also compromised Sony and Samsung smart TVs, and the Xiaomi Mi9 smartphone, according to ZDNet, which also reports that "Nobody wanted a piece of the Facebook Portal, and nor did they want to hack Google's Home assistant. "Security researchers chose to go after the easier targets, like routers and smart TVs, known for running weaker firmware than what you'd usually find on a smart speaker or home automation hub."

Read more of this story at Slashdot.

...

Externe Webseite mit kompletten Inhalt öffnen

➤ Ähnliche Beiträge

  • 1.

    My 11 year old son wrote a game in BASH Shell on Linux.

    vom 267.94 Punkte ic_school_black_18dp
    Hi! I'm teaching my son to code. He's 11, so none of that scratch stuff -- we're working in C on Linux. I taught him to write shell scripts in BASH to make his life easier, and I told him, go write something, anything you want, and I'll get you some c
  • 2.

    Amazon Announces a Range of New and Refreshed Echo and Alexa Products

    vom 211.99 Punkte ic_school_black_18dp
    The rumors were true. Amazon on Thursday announced a range of new Echo smart speakers and other Alexa-enabled devices. The company first announced the Echo Sub, its answer to voice-enabled premium audio products such as Apple's HomePod, Sonos One, and
  • 3.

    Command Injection Payload List

    vom 196.82 Punkte ic_school_black_18dp
    Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP header
  • 4.

    VirtualBox 6.0.10 for Windows - Alternative mirrors

    vom 169.2 Punkte ic_school_black_18dp
    Download VirtualBox 6.0.10 for Windows (Mirrors)http://www.nitroflare.com/view/919547235...72-Win.exehttp://www.filefactory.com/file/glw14kaq...72-Win.exehttps://www.brupload.net/5966d03yfmpz/Vi...72-Win.exehttps://clicknupload.org/p57t6vwo96kc/Vi...72-Win.exehttps://cloud-share.in/gw
  • 5.

    Security Researchers Exploit Amazon Echo's Chromium Bug, Win $60,000 Bounty

    vom 169.09 Punkte ic_school_black_18dp
    An anonymous reader quotes TechCrunch: Two security researchers have been crowned the top hackers in this year's Pwn2Own hacking contest after developing and testing several high profile exploits, including an attack against an Amazon Echo. Amat Cama
  • 6.

    Guided in-process fuzzing of Chrome components

    vom 165.11 Punkte ic_school_black_18dp
    Posted by Max Moroz, Chrome Security Engineer and Kostyra Serebryany, Sanitizer TsarIn the past, we’ve posted about innovations in fuzzing, a software testing technique used to discover coding errors and security vulnerabilities. The topics have incl
  • 7.

    Seccomp Tools - Provide Powerful Tools For Seccomp Analysis

    vom 162.8 Punkte ic_school_black_18dp
    Provide powerful tools for seccomp analysis.This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case.Features Dump - Automaticall
  • 8.

    Google's AlphaGo Will Face Its Biggest Challenge Yet Next Month -- But Why Is It Still Playing?

    vom 157.29 Punkte ic_school_black_18dp
    From a report on The Guardian: A year on from its victory over Go star Lee Sedol, Google DeepMind is preparing a "festival" of exhibition matches for its board game-playing AI, AlphaGo, to see how far it has evolved in the last 12 months. Headlining the
  • 9.

    Earn $1 Million- Apple Bug Bounty Offer

    vom 156.98 Punkte ic_school_black_18dp
    Earn $1 Million From Apple Bug Bounty Great News for Bug Bounty Hunters Apple increases its Bug bounty reward from $20000 to $1 Million.... The post Earn $1 Million- Apple Bug Bounty Offer appeared first on HackersOnlineClub.
  • 10.

    Chrome Fuzzer Program Update And How-To

    vom 156.49 Punkte ic_school_black_18dp
    Posted by Max Moroz, Fuzzing Evangelist, and Ned Williamson, Fuzzing Entrepreneur TL;DR We increased the Chrome Fuzzer Program bonus from $500 to $1,000 as part of our recent update of reward amounts. Chrome Fuzzer Program is a part of the Google Chrome Vulnerability Reward Program that lets security researchers run their
  • 11.

    What exactly does this bash script do?

    vom 148.23 Punkte ic_school_black_18dp
    I found a bash script and I honestly dont know what it does and have come up empty handed trying to figure it out. the bash script is named "Foobar" I found it on a computer running Slackware I picked up from a goodwill. oddly enough the password for roo
  • 12.

    Amazon Echo, Echo Dot und Co: Alexa-Lautsprecher radikal reduziert

    vom 147.09 Punkte ic_school_black_18dp
    Im Rahmen des Amazon Prime Day 2019 kauft ihr am 15. und 16. Juli Amazons Smart Speaker zum Schnäppchenpreis. Echo, Echo Dot, Echo Show und Co. sind teils bis zu 50 Euro im Preis gesenkt worden! Dieser Artikel wurde einsortiert unter

Kommentiere zu Security Researchers Exploit Amazon Echo's Chromium Bug, Win $60,000 Bounty