Cyber Attack Number 14/15: Eavesdropping Attack
/This is when an attacker sniffs or snoops information transmitted by a device such as a smart phone or computer, over a network.
Example: Just a few days ago, the Kr00k bug was announced, which is a serious vulnerability in Wi-Fi chips that has been discovered that affects billions of devices worldwide. The bug breaks common security encryption used my most Wi-Fi users.
The chips affected are manufactured by Broadcom and Cypress and are found in devices from several manufacturers, such as Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi). ESET also found the bug to be present in access points (APs) and routers by Asus and Huawei - Threatpost.
An attacker can trigger the attack in an ongoing fashion and start collecting data, which could be passwords, credit card information or anything else the user may be sending to the internet over Wi-Fi.
Risk Mitigation: What many don't realise is that hardware also needs software, or firmware updates. Most manufacturers have released fixes, but the devices must be updated.