Ghulam Ghous’ Post

View profile for Ghulam Ghous, graphic

BBA | Digital Marketer Certified | Social Media Management | SEO Certified | CISM | Cyber Security Analyst | Offensive Security Operator | Ethical Hacker | Bug Hunter

𝐍𝐞𝐰 𝐅𝐥𝐚𝐰𝐬 𝐢𝐧 𝐒𝐨𝐧𝐨𝐬 𝐒𝐦𝐚𝐫𝐭 𝐒𝐩𝐞𝐚𝐤𝐞𝐫𝐬 𝐀𝐥𝐥𝐨𝐰 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐭𝐨 𝐄𝐚𝐯𝐞𝐬𝐝𝐫𝐨𝐩 𝐨𝐧 𝐔𝐬𝐞𝐫𝐬 Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Robert Herrera said. Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023. The findings were presented at Black Hat USA 2024. A description of the two security defects is as follows CVE-2023-50809 - A vulnerability in the Sonos One Gen 2 Wi-Fi stack does not properly validate an information element while negotiating a WPA2 four-way handshake, leading to remote code execution CVE-2023-50810 - A vulnerability in the U-Boot component of the Sonos Era-100 firmware that would allow for persistent arbitrary code execution with Linux kernel privileges NCC Group, which reverse-engineered the boot process to achieve remote code execution on Sonos Era-100 and the Sonos One devices, said CVE-2023-50809 is the result of a memory corruption vulnerability in the Sonos One's wireless driver, which is a third-party chipset manufactured by MediaTek. "In wlan driver, there is a possible out of bounds write due to improper input validation," MediaTek said in an advisory for CVE-2024-20018. "This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." The initial access obtained in this manner paves the way for a series of post-exploitation steps that include obtaining a full shell on the device to gain complete control in the context of root followed by deploying a novel Rust implant capable of capturing audio from the microphone within close physical proximity to the speaker. 𝐒𝐨𝐮𝐫𝐜𝐞: https://lnkd.in/dBviwuW2 #CyberThreats #CyberAwareness #LinkedIn #Redteam #technology #CyberSecurity #EthicalHacking #Networking #NetworkSecurity #FollowMe #CyberCrime #Marketing #InfoSec #ProfessionalNetworking #Motivation #Inspiration #ProfessionalDevelopment #Connect #SecurityTesting #CyberRisk #PenTesting #VulnerabilityManagement #LinkedInInfluencer #LinkedInTips #PersonalBranding #CareerGrowth #Inspiration #Engagement #Visibility #DigitalMarketing #ThreatHunting #SecurityResearch #CyberDefense #ProfessionalDevelopment #Visibility #ContentMarketing #SocialMediaMarketing #LinkedInProfile #ProfileVisit #ProfileViews #ContentMarketing #Toptrending #top #Success #DataBreach

  • No alternative text description for this image

To view or add a comment, sign in

Explore topics