PODCASTIs your used car still connected to its old owner? Just how did Apple manage to identify the teenager hacker who stole 90GB of the firm’s files? And why on earth would a firm of lawyers start producing pornographic videos? You’ll be surprised by the answers!
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.
Yes, Amazon is now offering free in-car delivery to customers in some cities.
If you’re comfortable with a stranger remotely unlocking your car, of course.
A firm which sells Xenon HID headlight conversion kits, reversing cameras, parking sensors and other high-tech gear for motorists, has warned customers to be wary after a security breach.
“You could disable the air bags, the anti-lock brakes, or the door locks, and steal the car,” says researcher.
David Bisson reports.
A benevolent hacker has helped a family regain access to their car after they misplaced its corresponding one-of-a-kind key.
David Bisson reports.
Hyundai tells customers to update their Blue Link smartphone app to protect against hackers targeting their cars.
David Bisson reports.
PODCASTThe Lazarus malware attempts to trick you into believing it was written by Russians, second-hand connected cars may be easier to steal, and is your child a malicious hacker?
All this and more is discussed in the latest podcast by computer security veterans Graham Cluley, Vanja Svajcer and Carole Theriault.
Oh, and Carole gets Graham and Vanja to apologise for mistakes of their past…
Until more effort is made by vendors to integrate the internet in a safe way into the myriad of devices that surround us, we are going to hear more and more stories of security breaking down like this.
Read more in my article on the We Live Security blog.
Chinese hackers literally open a backdoor on a Tesla car…
US motor company General Motors is recalling four million vehicles worldwide due to a software bug that has been linked to at least one death.
Read more in my article on the Hot for Security blog.
Wired writes:
Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Skoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
The researchers are led by University of Birmingham computer scientist Flavio Garcia, who was previously blocked by a British court, at the behest of Volkswagen, from giving a talk about weaknesses in car immobilisers.
At the time Volkswagen argued that the research could “allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car.” That researchers finally got to present their paper a year ago, detailing how the Megamos Crypto system – an RFID transponder that uses a Thales-developed algorithm to verify the identity of the ignition key used to start motors – could be subverted.
The team’s latest research doesn’t detail a flaw that in itself could be exploited by car thieves to steal a vehicle, but does describe how criminals located within 300 feet of the targeted car might use cheap hardware to intercept radio signals that allow them to clone an owner’s key fob.
The researchers found that with some “tedious reverse engineering” of one component inside a Volkswagen’s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. “You only need to eavesdrop once,” says Birmingham researcher David Oswald. “From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want.”
Sounds to me like it’s time to turn to the car manufacturers to ask what on earth they are going to do to fix the millions of potentially vulnerable vehicles they have sold in the last couple of decades.
Read more, including the researcher’s paper, on Wired.
What car hacking researchers Charlie Miller and Chris Valasek have discovered is worrying enough. But it sends a shudder down the spine to even contemplate how much worse things could be.
Read more in my article on the We Live Security blog.
If you’ve got a Mitsubishi Outlander hybrid electric car then you’ve also got a problem.
Read more in my article on the Hot for Security blog.
VIDEOSo, err… What happens when your iPhone battery dies?
Check out my latest video to find out more.
Researchers warned General Motors that millions of its cars and trucks were vulnerable to attacks as far back as the spring of 2010.
Guess how long it took them to fix the problem…
Read more in my article on the Hot for Security blog.
A researcher who has already found security holes impacting GM cars, has turned his attention to the iOS apps of other vehicle manufacturers.
Heaven help us as the internet of things continues its steady expansion, with so little thought as to privacy and security.
