52 matches found
Autel Robotics EVO Nano Series Security Breach
Autel Robotics EVO Nano Series is a series of drones from Autel Robotics. A security vulnerability exists in Autel Robotics EVO Nano Series v1.6.5 that stems from the presence of an insecure privilege that allows an attacker to break through a geofence and fly into a no-fly zone...
CVE-2023-30701
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access...
A Peek Inside the FBI's Unprecedented January 6 Geofence Dragnet
Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol...
CVE-2022-20142
In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
2022 Planning: Straight Talk on Zero Trust
“Zero trust" is increasingly being heralded as the ultimate solution for organizational cyber safety and resilience — but what does it really mean, and how can you assess if it has a practical place in your organization's cybersecurity strategy for 2022? In this post, we'll answer those questions...
Google, geofence warrants, and you
Another day, another example of how the data sharing choices we make can come back to haunt us. The Guardian reports a Florida resident finding his bike ride data requested by law enforcement. This is due to his route taking him close to the scene of a burglary a year earlier. According to the...
Explosion in Geofence Warrants Threatens Privacy Nationwide
New figures from Google show a tenfold increase in the requests from law enforcement, which target anyone who happened to be in a given location at a specified time...
Creepy ‘Geofence’ Finds Anyone Who Went Near a Crime Scene
Police increasingly ask Google and other tech firms for data about who was where, when. Two judges ruled the investigative tool invalid in a Chicago case...
Google Receives Geofence Warrants
Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants, where the police go to...
Congress Asks Google 10 Questions On Its Location Tracking Database
U.S. Congress has sent an open letter to Google CEO Sundar Pichai asking for more information about its Sensorvault database that's reportedly being used by law enforcement agencies to solve crime cases. Last week, we reported a story based upon NY Times findings that revealed how using a...
Google Helps Police Identify Devices Close to Crime Scenes Using Location Data
It's no secret that Google tracks you everywhere, even when you keep Google's Location History feature disabled. As revealed by an Associated Press investigation in 2018, other Google apps like Maps or daily weather update service on Android allows the tech giant to continuously collect your...
Uber: No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts
A lack of rate limiting on the "/confirm" endpoint made it possible for an attacker to add themselves to arbitrary business.uber.com accounts by brute forcing confirmation codes. If they were able to successfully brute force the correct confirmation code, this would allow an attacker to take ride...