Cybersecurity News that Matters

Cybersecurity News that Matters

Researchers warn of potential exploitation of data authentication vulnerabilities by attackers

Designed by Daeun Lee, The Readable

by Minkyung Shin

May. 28, 2024
10:13 PM GMT+9

Seoul — The ACM WiSec Conference — On Tuesday, three research groups presented on the topic of cyberattacks at the ACM WiSec conference in Seoul. The researchers highlighted how attackers can exploit vulnerabilities in data protection and authentication to launch such attacks. They emphasized the critical need to safeguard devices and networks from emerging methods of cyber intrusion.

One of the key discoveries presented at the conference was made by Aya Fukami and Richard Buurke, scientists at the Netherlands Forensic Institute. They identified a significant security vulnerability in the Replay Protected Memory Block (RPMB), a secure memory component in digital devices.

Aya Fukami, a scientist at the Netherlands Forensic Institute, presenting during the ACM WiSec conference on Tuesday. Photo by Minkyung Shin, The Readable

The scientists demonstrated how attackers could manipulate critical data within the RPMB by bypassing authentication checks and gaining control over the device. They pointed out that this poses a serious security risk, as the RPMB is intended to securely store important information, such as booting and security-related data. By exploiting this vulnerability, attackers could carry out malicious activities, including downgrading software, unlocking the bootloader, or tampering with Android system images. The scientists emphasized the importance of enhancing security measures to prevent potential attacks on the device’s memory security.

Heloise Gollier, a PhD candidate with the DistriNet research group at Katholieke Universiteit (KU) Leuven, emphasized the importance of reducing vulnerabilities in both hardware and network protocols. She introduced attack methods to highlight Wi-Fi vulnerabilities, demonstrating how clients can be tricked into connecting to the wrong network despite using secure protocols. In her simulation, the attacker created a fake network to deceive devices into connecting to it, thereby illustrating how clients can be tricked into connecting to the wrong network despite using secure protocols. Gollier stressed the need to understand and address such vulnerabilities to protect both hardware and network protocols.

Heloise Gollier, a doctoral candidate in philosophy at the DistriNet research group in KU Leuven, speaking during the ACM WiSec conference on Tuesday. Photo by Minkyung Shin, The Readable

“We have tested our attack against several different devices and have found that all of them are vulnerable. This means that all devices are vulnerable as long as the protocol is vulnerable,” Gollier warned.

Xingya Zhao, a research assistant at Ohio State University, revealed vulnerabilities in wireless communication systems, particularly in Wi-Fi protocols. Zhao demonstrated how hackers could exploit these systems by sending fake signals to intercept data. She warned that attackers could disrupt communication between devices and access points by making the signals noisy—in other words, by introducing random interference or disturbances to the signals, rendering them unreadable or unreliable.

“Attackers can join as malicious clients and send fake channel state information feedback to intercept data intended for other users. They also explored attacks targeting networks with implicit channel feedback,” Zhao highlighted.

Zhao further emphasized the importance of addressing vulnerabilities in Wi-Fi protocol communication systems and stressed the need for improved security measures to defend against attacks.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Minkyung Shin

    Minkyung Shin serves as a reporting intern for The Readable, where she has channeled her passion for cybersecurity news. Her journey began at Dankook University in Korea, where she pursued studies in...

    View all posts
Reviewer:
Stay Ahead with The Readable's Cybersecurity Insights