New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference – Disposable mail news

The developers call it “Spectra.” This assault neutralizes “combo chips,” specific chips that handle various kinds of radio wave-based remote correspondences, for example, Wi-Fi, Bluetooth, LTE, and others.

The attack system is set to release in August at the Black Hat Security Conference in a virtual session. The full academic paper with all details will also be published in August. The researchers teased a few details about the attack in an upcoming Black Hat talk, “Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access.”

The Spectra assault exploits the coexistence mechanism that chipset merchants incorporate within their devices. Combo chips utilize these systems to switch between wireless technologies at a quick pace.

Specialists state that while this coexistence mechanism speeds execution, they likewise give a chance to attackers for side-channel assaults.
Jiska Classen from Darmstadt Technical University and Francesco Gringoli researcher from the University of Brescia state that they are the first to explore such possibility of using the coexistence mechanism of Combo chips to break the barrier between Wireless.

“We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series,” the two academics say.

“We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores.”

Results change. However, the research group says that specific situations are possible after a Spectra assault.

“In general, denial-of-service on spectrum access is possible.

The associated packet meta-information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core,” Gringoli and Classen said.

“Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. It makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface.”

Though the research used Broadcom and Cypress chips for Spectra attacks, the researchers Gringoli and Classen are sure that this attack will work on other chips.

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

WPA2 security flaw puts millions of devices at risk – Here’s how to stay safe – 10 minute mail

A security flaw in the WPA2 protocol was found and published by Belgian researchers on the morning of October 16th 2017. The protocol – normally used for securing modern Wi-Fi networks – has been broken to expose wireless internet traffic to potential eavesdropping and attacks. This vulnerability puts million of devices connected to Wi-Fi at risk for attacks.

We have interviewed our security experts in order to help you stay safe!

What has happened

In short, a combination of vulnerabilities in the WPA2 specification and its implementation was published. This combination allows an attacker to listen in on the data transmitted through Wi-Fi connections and potentially even inject data packets into them. This affects everything from Linux, Windows, iOS, Android, BSD and most likely some other platforms. Some sources claim that iOS and Windows are not affected, but according to the report written by the researcher behind these vulnerabilities, this is not true. It is possible to attack the access point directly which indirectly affects any device connected to it.

The vulnerability opens up for three attacks. The first attacks broadcast messages. While this is bad in itself, it’s not as devastating as the other two that have the potential to attack any message. The second attack targets an issue in the client. This affects Linux and Android according to the research paper, but could affect other systems as well. The third attack targets the access points. This means that any client connected could be attacked indirectly. Both of the latter attacks mean that an attacker can listen in on the traffic and could potentially even inject malicious content.

How do I know if I am affected?

If you are using Wi-Fi and have not received a security patch for this vulnerability, then you are most likely vulnerable. Unfortunately, the attack can be performed by just simulating background noise so there is not any reliable way to know if you are affected.

What to do?

  • Look for updates for your OS. Most vendors should already be releasing security patches for these vulnerabilities (when reading the patch notes, keep an eye out for “KRACK attack” or “WPA2 nonce reuse”).
  • If possible, use a cabled connection instead of Wi-Fi for your computer until a patch is out.
  • Turn off Wi-Fi on your phone until you’ve patched your device.
  • If possible, turn off the 802.11r feature in your router or device. Contact your access point vendor for information on how to disable this for your particular access point. In Linux you can remove this support in wpa_supplicant by removing FT-PSK and FT-EAP from your accepted protocols in wpa_supplicant.conf. (Note that Linux, Android and possibly other systems can be attacked through other means than the 802.11r feature.)
  • Use application-level security like HTTPS, SSL, VPN etc.
  • Be extra vigilant for anything that implies a broken trust chain, for example broken certificate warnings on websites or a missing lock in the address bar of your browser.

If you have any tips on how to mitigate the flaw in other operating systems, we’d love to add them to this article. Please let us know at hello[at]!

WPA2 security flaw

How do you patch your software?

  • Your first priority should be to patch your clients (your phone and computer).
  • Check with your router/access point vendor for patches to your router/APs firmware. Make sure to download them over a secure connection if you’re still on Wi-Fi.

Worth knowing for companies out there

  • The attack requires the attacker to be in proximity to the Wi-Fi they are attacking. This means some locations will be reasonably safe.
  • Mobile devices will be most vulnerable since they move from Wi-Fi to Wi-Fi automatically. Make sure these are patched or have their Wi-Fi turned off until that is possible.Hacker WiFI

How can this vulnerability be used by a hacker?

This vulnerability can let an attacker listen in on your network traffic and in some cases send fake network traffic. This opens up a very wide attack surface. An attacker could steal sensitive information or inject malicious data to infect the device it is attacking.

For more information about the WPA2 security flaw including a detailed demo, visit:

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.