291 matches found
CVE-2020-11217
A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
CVE-2020-11217
CVE-2020-11217 involves a vulnerability in the Qualcomm Snapdragon audio driver (Speaker Protection parameters) that can cause a double free or invalid memory access in the affected audio subsystem. Reported impact targets Snapdragon Compute, Connectivity, Industrial IoT, and Mobile SKUs, with th...
How Your Digital Trails Wind Up in the Police’s Hands
Phone calls. Web searches. Location tracks. Smart speaker requests. They’ve become crucial tools for law enforcement, while users often are unaware...
Multiple Qualcomm Products Resource Management Error Vulnerability
A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way to miniaturize circuitry including primarily semiconductor devices, but also passive components, etc. and is manufactured from time to time on the surface of semiconductor wafers. A resource management error vulnerability exists in...
Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords
Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication 2FA securit...
Xiaomi AI speaker Rom buffer overflow vulnerability
Xiaomi AI speaker Rom is a smart speaker device from Chinese company Xiaomi. A buffer overflow vulnerability exists in versions prior to Xiaomi AI speaker Rom 1.59.6, which originates from a memory overflow during the OTA process that can be exploited by an attacker to validate malicious firmware...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
Design/Logic Flaw
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
CVE-2020-14096
The provided connected documents describe a memory overflow in the Xiaomi AI speaker Rom versions older than 1.59.6 that can occur when verifying a malicious firmware during OTA. The vulnerability is characterized with a CRITICAL impact (CVSSv3.1: 9.8) and affects the OTA verification path; explo...
CVE-2020-14096
Memory overflow in Xiaomi AI speaker Rom version 1.59.6 can happen when the speaker verifying a malicious firmware during OTA process...
Guangzhou Suoai Digital Technology Co., Ltd Suoai Smart Payment Speaker E-50 has a logic flaw vulnerability
The Sony Ericsson Group is a high-tech conglomerate that specializes in Bluetooth headphones, LCD TVs, smart audio, Bluetooth stereos, Karaoke entertainment devices, cell phones, amplifiers and other verticals based on multimedia series products. Guangzhou Suoai Digital Technology Co. Suoai Smart...
Unspecified vulnerability in Linkplay firmware
The Anker Zolo Halo is a smart speaker from Anker Philippines. A security vulnerability exists in the Linkplay firmware. An attacker can exploit the vulnerability to execute code...
Unspecified vulnerability in Linkplay firmware
The Anker Zolo Halo is a smart speaker from Anker Philippines. A security vulnerability exists in the Linkplay firmware. An attacker can exploit the vulnerability to execute code...
CVE-2019-15311
CVE-2019-15311 affects Zolo Halo devices via the Linkplay firmware. The vulnerability resides in the GoAhead web server running on port 80, with the /httpapi.asp endpoint exposing multiple command-execution flaws that enable LAN remote code execution. Multiple connected sources corroborate a GoAh...
Lock and Code S1Ep6: Recognizing facial recognition’s flaws with Chris Boyd
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, an...
New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers
Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come wit...
Xiaomi Xiao AI Speaker Pro LX06 Input Validation Error Vulnerability
Xiaomi Xiao AI Speaker Pro LX06 is a smart speaker from Chinese company Xiaomi Technology Xiaomi. An input validation error vulnerability exists in the Xiaomi Xiao AI Speaker Pro LX06 version 1.58.10. The vulnerability can be exploited by activating failsafe mode and using the miconsole command t...
Xiaomi Xiao AI Speaker Pro LX06 Input Validation Error Vulnerability
The Xiaomi Xiao AI Speaker Pro LX06 is a smart speaker from Chinese company Xiaomi Technology Xiaomi. An input validation error vulnerability exists in Xiaomi Xiao AI Speaker Pro LX06 version 1.52.4. The vulnerability can be exploited to obtain a root shell by accessing the UART interface, which...
CVE-2020-10262
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the miconsole command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can i read Wi-Fi SSID or password, ...