D
Size: a a a
2020 February 04
D
2020 February 05
A
Огонь бага
https://m.habr.com/en/post/486856/
https://m.habr.com/en/post/486856/
D
Огонь бага
https://m.habr.com/en/post/486856/
https://m.habr.com/en/post/486856/
HiSilicon?.. это ж дочка хуйвея)
2020 February 06
D
Огонь бага
https://m.habr.com/en/post/486856/
https://m.habr.com/en/post/486856/
масштабы конечно поражают:
https://github.com/tothi/pwn-hisilicon-dvr#summary
https://github.com/tothi/pwn-hisilicon-dvr#summary
2020 February 07
ЗБ
Critical Bluetooth Vulnerability in Android (CVE-2020-0022)
"On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm)."
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
"On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm)."
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
D
Critical Bluetooth Vulnerability in Android (CVE-2020-0022)
"On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm)."
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
"On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to theft of personal data and could potentially be used to spread malware (Short-Distance Worm)."
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address.
а как же рандомизация МАСов на мобиле?
а как же рандомизация МАСов на мобиле?
ЗБ
For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address.
а как же рандомизация МАСов на мобиле?
а как же рандомизация МАСов на мобиле?
Она помоему только с 10 появилась, но я не уверен надо погуглить 🤔
D
Она помоему только с 10 появилась, но я не уверен надо погуглить 🤔
емнип, она появилась очень давно
ЗБ
Оказывается оба правы :))
Starting in Android 8.0, Android devices use randomized MAC addresses when probing for new networks while not currently associated with a network. In Android 9, you can enable a developer option (it's disabled by default) to cause the device to use a randomized MAC address when connecting to a Wi-Fi network.
In Android 10, MAC randomization is enabled by default for client mode, SoftAp, and Wi-Fi Direct.
https://source.android.com/devices/tech/connect/wifi-mac-randomization
Starting in Android 8.0, Android devices use randomized MAC addresses when probing for new networks while not currently associated with a network. In Android 9, you can enable a developer option (it's disabled by default) to cause the device to use a randomized MAC address when connecting to a Wi-Fi network.
In Android 10, MAC randomization is enabled by default for client mode, SoftAp, and Wi-Fi Direct.
https://source.android.com/devices/tech/connect/wifi-mac-randomization
D
Оказывается оба правы :))
Starting in Android 8.0, Android devices use randomized MAC addresses when probing for new networks while not currently associated with a network. In Android 9, you can enable a developer option (it's disabled by default) to cause the device to use a randomized MAC address when connecting to a Wi-Fi network.
In Android 10, MAC randomization is enabled by default for client mode, SoftAp, and Wi-Fi Direct.
https://source.android.com/devices/tech/connect/wifi-mac-randomization
Starting in Android 8.0, Android devices use randomized MAC addresses when probing for new networks while not currently associated with a network. In Android 9, you can enable a developer option (it's disabled by default) to cause the device to use a randomized MAC address when connecting to a Wi-Fi network.
In Android 10, MAC randomization is enabled by default for client mode, SoftAp, and Wi-Fi Direct.
https://source.android.com/devices/tech/connect/wifi-mac-randomization
это интересно. т.е. я могу заспуфить эфир миллионом нагерененных SSID и тогда мобилка на андроид 8 отдаст истинный МАС (если узнает хоть ождин SSID)? 🤔