Securelist's report on the security vulnerabilities in Android-based "connected cars" describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away.
They reported their findings yesterday at the RSA conference. It's a timely reminder that cars are just computers we put our bodies into.
"The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks," said Chebyshev.
"We expect that car manufacturers will have to go down the same road that banks have already gone down with their applications. Initially, apps for online banking did not have all the security features listed in our research," the expert added. "Now, after multiple cases of attacks against banking apps, many banks have improved the security of their products."
"Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right," Chebyshev noted. "The attack surface is really vast here."
Mobile apps and stealing a connected car [Mikhail Kuzin and Victor Chebyshev/Securelist]
Millions of Smart Cars Vulnerable Due to Insecure Android Apps
[Catalin Cimpanu/Bleeping Computer]
In 2014, IKEA, the Swedish-based global furniture company, sent a cease-and-desist letter to a blogger by the name of Jules Yap. Yap ran the extremely popular website IKEAhackers.net, which helped people “hack” IKEA furniture into new, creative, and unexpected designs. The site was already almost a decade old when IKEA’s lawyers demanded that Yap hand over the URL. What follows is a case study from Superfandom: How Our Obsessions are Changing What We Buy and Who We Are.
CSIR-Tech is the commercial arm of the Indian government’s Council of Scientific and Industrial Research; after spending ₹50 crore (about USD7.6M) pursuing more than 13,000 “bio-data patents” (patents of no real value save burnishing the credentials of the scientists whose names appear on them), they have run out of money and shut down.
Troy Hunt, proprietor of the essential Have I Been Pwned (previously) sets out the hard lessons learned through years of cataloging the human costs of breaches from companies that overcollected their customers’ data; undersecured it; and then failed to warn their customers that they were at risk.
What could be more fun than a slingshot that shoots tiny airplanes? A slingshot that shoots tiny glowing airplanes of course! These toy planes are outfitted with ultra-bright LEDs, so you can fly all night without losing them in the trees.Whether you are a regular-sized child, or an overgrown adult one, these light-up flyers offer […]
You know the drill. You go to the dentist and they ask you how often you floss. You lie through your teeth and say, “every day!” (Bonus points if you have some cilantro or chives stuck in your gums from lunch). You don’t want to keep up the charade any longer, but rubbing that tiny strand […]
The Raspberry Pi Foundation has done outstanding work packing a fully capable desktop computer into a package the size of a deck cards—especially one that only costs $35. But if you already have a working laptop, why should you care? Oh, how much you have to learn. Besides operating well as a compact digital media hub, […]