Seven weeks after the bug put the web on high alert, Heartbleed is still causing problems. A new report from Portuguese security researcher Luis Grangeia describes how the same bug could be used over Wi-Fi to enable new kinds of attacks that build on the same vulnerability. Dubbed Cupid, the new line of attack would perform the same Heartbleed procedure over Wi-Fi instead of the open web, either pulling data from enterprise routers or using a malicious router to pull data from Android devices as they connect. In each case, the attacker would be able to view snippets of the working memory from the targeted device, potentially exposing user credentials, client certificates, or private keys. Grangeia published a proof of concept for the bug earlier today, and is urging vendors and administrators to upgrade their devices.

Read the full story at The Verge.

Like it? Tweet it.

"New Strand of Heartbleed, ‘Cupid,’ is Causing Similar Problems" by @ShellyPalmer

600,000 subscribers and counting...

We write a daily newsletter featuring current events and the top stories in technology, media, marketing and entertainment.