Wi-Fi Test Suite carries a vulnerability that allows for elevation of privilege and remote code execution (RCE) attacks – and since there is no patch, and no word if there ever will be a patch, users are advised to replace the affected endpoints, or at least stop using them until any sort of resolution.
The Wi-Fi Test Suite is a certification toolset, developed by the Wi-Fi Alliance, and used to test, validate, and ensure interoperability and performance of Wi-Fi devices based on Wi-Fi standards.
This suite includes a variety of tests that cover different aspects of Wi-Fi functionality, such as connectivity, throughput, security, and coexistence with other wireless technologies.
No patch yet
According to the CERT Coordination Center (CERT/CC), this toolset carries a command injection vulnerability, which allows threat actors to execute arbitrary commands with root privileges on affected routers. The routers affected by this vulnerability seem to be from Arcadyan, a Taiwanese-based hardware manufacturer. To exploit the flaw, the threat actor only needs to send a specially crafted packet to the vulnerable device.
Advertisement
What’s interesting here is that the test suite was never designed to be used in production environments – its goal was to support the development of certification programs, and device certification, the CERT Coordination Center says. However, it somehow made it into commercial routers, and thus the vulnerability trickled down to households, and possibly small businesses.
The Hacker News says the Taiwanese router maker is not building a patch for this vulnerability, and there is no word if it ever will. Therefore, other vendors using the Wi-Fi Test Suite are advised to remove it, or update to version 9.0 or later, thus minimizing the risk of exploitation.
Being omnipresent, and a gateway for all data, routers are one of the most targeted endpoint devices in cyberattacks. Therefore, using routers from reputable manufacturers, and keeping them secured and up-to-date, remains pivotal in cybersecurity best practices.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Microsoft is accusing Google of funding a proxy campaign designed to discredit it in the eyes of regulatory authorities and policymakers in the European Union and beyond. In a blog post penned by Rima Alaily, the company’s deputy general counsel, Microsoft claims the search giant has gone to “great lengths to obfuscate its involvement, funding and control” of the Open Cloud Coalition, a group of “cloud service providers, industry leaders and stakeholders” that says it’s committed to advocating for a “fair, competitive, and open cloud services industry across the UK and EU.”
According to Microsoft, Google hired a lobbying agency in Europe to create and operate the organization, and recruited “a handful of” European cloud providers to appear as the public face of the soon-to-launch campaign. The company says that Google plans to “present itself as a backseat member” of the Open Cloud Coalition, rather than its leader and primary funder. As one example, Microsoft points to a recruitment document (PDF link) that makes no mention of the group’s claimed affiliation to Google. It also notes the involvement of Nicky Steward, who co-wrote a complaint against Microsoft and Amazon Web Services as part of the UK’s ongoing antitrust investigation into the cloud services market.
“It remains to be seen what Google offered smaller companies to join, either in terms of cash or discounts,” Microsoft says. It adds that one of the cloud providers Google approached about joining the Open Cloud Coalition claims that the company will direct the group to attack “Microsoft’s cloud computing business in the European Union and the United Kingdom.”
Engadget was unable to independently verify Microsoft’s claims.
Advertisement
“We’ve been very public about our concerns with Microsoft’s cloud licensing. We and many others believe that Microsoft’s anticompetitive practices lock-in customers and create negative downstream effects that impact cybersecurity, innovation, and choice,” a Google spokesperson told Engadget, and pointed us to fourseparateblogposts on the matter.
As for why Google would potentially go to the extraordinary lengths of funding an astroturf campaign, Microsoft points to the recent uptick in regulatory scrutiny of the company’s search, advertising and mobile app store businesses. By Microsoft’s count, Google faces at least 24 antitrust investigations globally, including a Department of Justice probe that could see the potential break up of the company.
“Never in the past two decades have Google’s search, digital advertising, and mobile app store monopolies faced such a concerted and determined threat as they do today.” Alaily writes. “At a time when Google should be focused on addressing legitimate questions about its business, it is instead turning its vast resources towards tearing down others. It is disappointing that, with the foundation of their business facing jeopardy, they have sought to bolster their cloud computing service – Google Cloud Platform – by attacking ours.”
The accusations come after Google had reportedly attempted to derail an antitrust settlement Microsoft had negotiated with the Cloud Infrastructure Services Providers in Europe (CISPE). In July, Bloomberg wrote that Google had offered the group €470 million to go forward with litigation against its rival, an overture CISPE ultimately rejected.
Advertisement
As revenue growth from digital ads has slowed for Google in recent years, the company has increasingly turned to the cloud market to pick up the slack. In 2023, Google’s cloud business broke even for the first time. More recently, the unit generated a $900 million profit in the first quarter of this year.
If you buy something through a link in this article, we may earn commission.
CONTRIBUTOR CONTENT: Hero.io, a platform offering AI-powered tools for Web3 and DeFi, has reached new heights—both figuratively and literally. The Hero.io team successfully scaled Mt. Kilimanjaro, Africa’s highest peak. This climb coincided with the release of Hero.io’s whitepaper, marking two significant milestones for the company. Hero.io’s missi…Read More
DGLegacy, a company that’s designed a digital legacy planning and inheritance app, pitched today at TechCrunch Disrupt Startup Battlefield to detail how it’s helping people ensure that their loved ones inherit their assets.
Founded by husband-and-wife duo Ana Mineva and Peter Minev, DGLegacy allows users to proactively inform their beneficiaries of their assets and ensure they are aware of their passwords and other information in order to claim them. The idea behind the app is to minimize the chance of an unclaimed asset.
Unlike traditional asset protection tools like trusts and wills, which can become outdated soon after their creation, DGLegacy lets you keep a continuously updated catalog of your assets and ensures that beneficiaries will always have access to it.
With DGLegacy, you can catalog your assets and upload relevant files to the respective asset. You can then invite beneficiaries and trustees to ensure that they will be informed about their designated assets.
Advertisement
The app features multi-layer encryption to ensure that all of the information is stored securely.
“The most important thing about DGLegacy is that it allows you to not only catalog very securely and easily your digital assets, but also has a proprietary protocol for detecting a fatal event,” Peter told TechCrunch. “Only when a fatal event is detected, then we trigger the digital inheritance.”
DGLegacy detects a fatal event through several different measures. If you connect the app to your social networks, it monitors your public posts to ensure you’re alive. If you have given the app access to biometric logins, DGLegacy monitors your logins. If the app notices a pause in both of these things, DGLegacy sends you an email to check in on you. If the company still doesn’t hear from you, it will give you a call.
After a fatal event is confirmed, DGLegacy supports your beneficiaries in the process of identifying, locating, and claiming assets.
Ana and Peter believe that their app can help the everyday person protect their assets and ensure their loved ones can access them once they pass away.
Advertisement
“Let’s be honest, if someone is very rich, they have private bankers,” Peter said. “Our solution is for the middle class, for the regular people, and also people in war zones. We were super surprised when the war in Ukraine started and we had so many signings from Ukraine. We also have quite a lot of sign-ups from Gaza.”
Ana came up with the idea for DGLegacy 15 years before the startup’s official founding in January 2021.
She recalls being nervous before every trip she and Peter took, as she was concerned about what would happen to their children if something terrible were to occur on their travels.
“I invited my mother-in-law to show her all of the files and folders at home and said: ‘If something happens to us, I know you don’t have the money to take care of our kids, please know that we have this and that. So if something happens to us, you have our money to continue to keep the quality of life of our kids’,” Ana told TechCrunch. “This was the very beginning of the ideation of DGLegacy.”
Advertisement
As she was doing this, she remembers thinking to herself that there must be a better way of doing so. While people with high net worths have contingency plans to protect their assets, Ana believed there should be a solution for middle-class families as well.
After doing some research, Ana and Peter discovered that there are tens of billions of dollars of unclaimed cash and benefits in the United States alone in the form of abandoned bank accounts, stock holdings, unclaimed life insurance, and more.
The duo also heard personal stories from people around them who had needed a solution like DGLegacy. For instance, they knew someone whose partner passed away in Dubai and received zero transparency about their partner’s assets and bank account.
Fast-forward to 2017, Peter pitched Ana’s idea to a friend he met at a TechCrunch event in Berlin. Peter told his friend, who worked at Facebook, about Ana’s idea and asked if he had heard of anyone in Silicon Valley working on something to solve the issue. After his friend told him that he was looking for a solution himself and wasn’t aware of anyone working on one, Peter and Ana decided that it was time to bring Ana’s idea to life.
DGLegacy operates on a freemium model. Free users can protect up to three assets and assign one beneficiary per asset, while Gold users get unlimited assets and beneficiaries for $6.99 per month or a one-time fee of $199. For people who want additional protection, DGLegacy offers a Platinum plan with cyber breach monitoring of your assets, the ability to manage assets with your family, dedicated beneficiary support and more for $8.99 a month or a one-time fee of $299.
Advertisement
The startup has been bootstrapped until now, and plans to raise its first VC round later this year or early next year.
Apple Intelligence has finally launched in US English, and if you’re in the EU, you’ll be able to use the new AI features on your iPhone and iPad starting in April, according to an Irish Apple newsroom post.
When the features roll out to iPhones and iPads in the EU, they’ll include “include many of the core features of Apple Intelligence, including Writing Tools, Genmoji, a redesigned Siri with richer language understanding, ChatGPT integration, and more,” Apple says in the post.
However, if EU users want to get a taste of Apple Intelligence sooner, they can try the initial features on their Mac that are now available with macOS Sequoia 15.1. That first batch of features includes AI-powered writing tools, improvements to Siri, and email summaries in Mail.
Apple also announced that Apple Intelligence will launch in localized English in Australia, Canada, Ireland, New Zealand, South Africa, and the UK in December. Presumably, they’ll be included with iOS 18.2, which is set to add a bunch more Apple Intelligence features like Siri’s ChatGPT upgrade.
Lenovo remains the only brand among recent handheld manufacturers that is yet to build a successor or upgrade to its original handheld device; Asus released the improved ROG Ally X earlier this year and Valve launched the Steam Deck OLED in November 2023. There have been reports of a Lenovo Legion Go ‘Lite’ ‘leak’, which might have a smaller screen and an HDMI output, but would reportedly stick with the Ryzen Z1 chip.
The rumors surrounding the purported Ryzen Z2 Extreme chip suggest it could feature RDNA 3.5 for better gaming performance and battery life. Since Asus ROG Ally prices fell drastically before the launch of the improved Ally X, the timing here could mean Lenovo may be about to follow in the same direction.
Z2 Extreme means better battery life for gaming handhelds? Yes please
Valve’s Steam Deck is a prime example of a gaming handheld device that prioritizes battery life (even if it could still be much better). Compared to the ROG Ally and Legion Go, it is currently the best at allowing gamers to get the most time out of their gaming sessions on the go. While the recent Ally X offered a significant bump in battery life, this was achieved thanks to a much larger battery than the one seen in the original Ally.
Advertisement
While there is no official confirmation yet, the Z2 Extreme promises to enhance gaming performance and battery life – this could be highly beneficial for a Legion Go successor, which we noted in our review was in dire need of stronger battery performance.
Asus’ next Ally is also rumored to come with three variants, if the ‘Z2G’ chip reports are true – this could support the Legion Go Lite leak mentioned earlier, potentially leading to stronger competition in the gaming handheld market. In other words, things are starting to get interesting…
You might also like…
Sign up for breaking news, reviews, opinion, top tech deals, and more.
A typically fragile quantum superposition has been made to last exceptionally long, and could eventually be used as a probe for discovering new physics
You must be logged in to post a comment Login