UCSD computer scientist Stefan Savage and colleagues will present their work at Usenix Security: they were able to disable the brakes on a 2013 Corvette by breaking into a Mobile Devices/Metromile Pulse dongle, used by insurance companies to monitor driving in exchange for discounts on coverage.
Uber offers insurance to its drivers through Metromile; those drivers use Metromile devices. Metromile claims it has patched all the devices, but by scanning the Internet, the researchers were able to locate thousands of vulnerable vehicles on the road today that used the Mobile Devices dongle distributed in the US by Metro Mile.
Other insurance company/automotive telematics devices, including the Snapshot (mandated by Progressive Insurance), are also vulnerable. Federal regulations require federal agencies with more than 20 vehciles in their fleets to use the devices as well.
In the Mobile Devices dongles specifically, the UCSD team found a slew of serious security bugs. The gadgets had their “developer” mode enabled, allowing anyone who scanned for the devices to access them via SSH, a common protocol for remotely communicating with a computer. They stored the same private key on every device, which a hacker could immediately extract to gain complete “root” access on any of the dongles. And the Mobile Devices dongles were also configured to accept commands via SMS, a protocol with virtually no authentication. By sending texts to the devices from a certain phone number, anyone could rewrite their firmware or simply begin issuing commands to a connected car.
Russia’s communications regulator says it has blocked IP addresses owned by Google and Amazon because Moscow claims the internet addresses are used by the Telegram messaging service that was banned by Putin’s regime this week.
A group of Belgian academic security researchers from KU Leuwen have published a paper detailing their investigation into improving the security of neurostimulators: electrical brain implants used to treat chronic pain, Parkinson's, and other conditions.
The United States and Britain today accused Russia of launching a new wave of internet-based attacks targeting routers, firewalls and other computer networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.
Another year, another iteration of Samsung’s Galaxy smartphone—except this time around Samsung sought to redefine what a smartphone can do completely. Boasting a 6.2″ Quad HD+ Super AMOLED (2960×1440) infinity display, and an elite 10nm 64-bit Octa-Core Processor with 6GB RAM, the S9+ is an absolute powerhouse with a price tag to match. However, you […]
Competition in the job market is getting stiff, and while experience and a four-year degree can put you on the map, most employers prefer applicants versed in the tools that power their industry. To this end, certifying your skills with Salesforce is a smart move. The world’s #1 Customer Relationship Management (CRM) platform, Salesforce is […]
Warmer weather is coming, and so too is the hankering for iced coffee. But, since most of us don’t have the time—or foresight—to make a batch of cold brew the night before, we’ll be chilling our cups of Joe with ice cubes and watering them down in the process. The HyperChiller Coffee Chiller offers a different […]