Return of Dieselgate: 3 more hidden programs found in VW Audi/Porsche firmware

2008-2010_Porsche_Cayenne_S_--_03-21-2012

The German newspaper Bild am Sonntag says that US investigators have discovered three more hidden cheat apps in a Volkswagen product line: these ones were discovered in 3-liter Audi diesels. Read the rest

Proof-of-concept ransomware for smart thermostats demoed at Defcon

1470580434407450

Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin. Read the rest

Researchers learn about wire-fraud scam after Nigerian scammers infect themselves with their own malware

image001_wire-wire

In Wire Wire: A West African Cyber Threat, researchers from Secureworks reveal their findings from monitoring a Nigerian bank-fraud ring whose members had unwittingly infected themselves with their own malware, which captured their keystrokes and files and uploaded them to a file-server from which the researchers were able to monitor their activities and methodologies. Read the rest

1 billion computer monitors vulnerable to undetectable firmware attacks

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1153

A team led by Ang Cui (previously) -- the guy who showed how he could take over your LAN by sending a print-job to your printer -- have presented research at Defcon, showing that malware on your computer can poison your monitor's firmware, creating nearly undetectable malware implants that can trick users by displaying fake information, and spy on the information being sent to the screen. Read the rest

BBC will use surveillance powers to sniff Britons' wifi and find license-cheats

BLW_TV_Detector_Van (1)

If you live in the UK and watch live TV or use the Iplayer video-on-demand service, you have to pay a "license fee" that directly supports public media in the UK (in other countries, public media is funded out of the tax-coffers, but in the UK, it's a direct transfer from viewers to the media, which is meant to make the BBC independent of the whims of government and thus more able to hold it to account). Read the rest

EFF and partners reveal Kazakh government phished journalists, opposition politicians

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1152

At Defcon, researchers from the Electronic Frontier Foundation, First Look Media and Amnesty International, revealed their findings on a major phishing attack through which the government of Kazakhstan was able to hack opposition journalists and arrange for an opposition politician's extradition from exile in Italy to Kazakhstan. Read the rest

Airport lounges will let anyone in, provided you can fake a QR code

IMG_8177-482x362

When computer security expert and hardcore traveller Przemek Jaroszewski found that he couldn't enter an airline lounge in Warsaw because the automated reader mistakenly rejected his boarding card, he wrote a 600-line Javascript program that generated a QR code for "Batholemew Simpson," a business-class traveller on a flight departing that day. Read the rest

Spoofing GPS is surprisingly easy; detecting it is surprisingly hard

Mjc5MDkzOQ

GPS security is increasingly implicated in both physical and information security: from steering a super-yacht (or a super-tanker) into pirate-friendly waters to diverting self-driving cars or even unlocking geo-tagged tokens and AR game objectives. Read the rest

Decision to retain personally identifying information puts Australian census under threat

Without an accurate census, it's virtually impossible to make good national policy, which is why so many countries make census participation mandatory (when former Canadian Prime Minister Stephen "Dumpster Fire" Harper made the long-form census optional, statisticians and policy wonks quailed) -- which is why the Australian government's decision to collect and retain -- for 10 years -- personally identifying information on census participants is such a big deal. Read the rest

Big rigs can be hijacked and driven with software-based attacks

animation

In a two-month-long class assignment, researchers from the University of Michigan found vulnerabilities in J1939, the standard for networking in big rigs and other large industrial vehicles, that allowed them to control the acceleration, braking, and instrument panels of their target vehicles. Read the rest

Iranians connected to phishing attempt on tortured Syrian activist

1-Syria-publicly-reported-threat-actors

Former Syrian National Council vice-president Nour Al-Ameer fled to Turkey after being arrested and tortured by the Assad regime -- that's when someone attempted to phish her and steal her identity with a fake Powerpoint attachment purporting to be about the crimes of the Assad regime. Read the rest

Hacker puppets explain how they find your passwords in non-technical ways

animation

Gus the hacker puppeteer writes, "Last weekend was the Hackers On Planet Earth conference (where, ICYMI, Cory was the keynote address). I always come away from HOPE wishing there were easier ways to share what I learned there with friends and family. Fortunately, the Internet Society has been streaming and storing videos of HOPE talks for the past two conferences. (My own talk, on getting into the minds of everyday computer users, should be up there eventually.)" Read the rest

Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information

Consumer Reports Labs tested Glow, a very popular menstrual cycle/fertility-tracking app, and found that the app's designers had made a number of fundamental errors in the security and privacy design of the app, which would make it easy for stalkers or griefers to take over the app, change users' passwords, spy on them, steal their identities, and access extremely intimate data about the millions of women and their partners who use the app. Read the rest

Russia and other states could hack the US election by attacking voting machines

291981104_69292356e3_o

It's been more than 16 years since faulty voting machine technology called into question a US presidential election, and in the ensuing 1.6 decades, the voting machine industry has used bafflegab, intimidation and salesmanship to continue selling faulty goods, whose flaws surface with despressing regularity. Read the rest

Bruce Schneier on the coming IoT security dumpster-fire

Brain-Controlled_Prosthetic_Arm_2

Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. Read the rest

EFF is suing the US government to invalidate the DMCA's DRM provisions

Bunnie_Huang

The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. Read the rest

Ed Snowden and Andrew "bunnie" Huang announce a malware-detecting smartphone case

Acr821342097496832-8341-1024x768

Exiled NSA whistleblower Edward Snowden and legendary hardware hacker Andrew bunnie" Huang have published a paper detailing their new "introspection engine" for the Iphone, an external hardware case that clips over the phone and probes its internal components with a miniature oscilloscope that reads all the radio traffic in and out of the device to see whether malicious software is secretly keeping the radio on after you put it in airplane mode. Read the rest

More posts