SHARE
Slide
Source: SysValue

One similar attack to heartbleed found by Luis Grandeia (a partner and security services manager) at Information security firm SysValue.

Attack leaves your Android and Wireless routers vulnerable to attack.

More about the Vulnerability:

Luis named this ‘Cupid,’ which allows an attacker to capture data which is being transmitted between Android Devices and Wifi routers.

Cupid?

Cupid is the name I gave to two source patches that can be applied to the programs “hostapd” and “wpa_supplicant” on Linux. These patches modify the programs behavior to exploit the heartbleed flaw on TLS connections that happen on certain types of password protected wireless networks, Luis writes.

Why is this same as Heartbleed?

According to Luis, this is the same procedure used in Hearbleed attack to caputre data over web, and in this attacker able to do the same thing over Wifi.

Devices affected:

Android 4.1.0 and 4.1.1 use a vulnerable version OpenSSL. Also, all versions of Android use wpa_supplicant to connect to wireless networks, so I have to assume that these are probably vulnerable, Luis writes.

He also claims Cupid dispels myths that “Heartbleed can only be exploited over TCP connections … [or] after TLS handshake”.

You can see a Detailed presentation of Cupid Here, and If you want to read a detailed report, click HERE.

Heartbleed was revealed in April this year, and this vulnerability exposed personal information of almost every person using OpenSSL for transmitting data.

This is also being said that some of the hackers might be using Heartbleed Bug since 2011.

This huge security Flaw disturbed almost every website on the Internet.

Bug
Image shows CUPID exploiting a vulnerable client | SOURCE: sysvalue

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.