Securelist's report on the security vulnerabilities in Android-based "connected cars" describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away.
They reported their findings yesterday at the RSA conference. It's a timely reminder that cars are just computers we put our bodies into.
"The main conclusion of our research is that, in their current state, applications for connected cars are not ready to withstand malware attacks," said Chebyshev.
"We expect that car manufacturers will have to go down the same road that banks have already gone down with their applications. Initially, apps for online banking did not have all the security features listed in our research," the expert added. "Now, after multiple cases of attacks against banking apps, many banks have improved the security of their products."
"Luckily, we have not yet detected any cases of attacks against car applications, which means that car vendors still have time to do things right," Chebyshev noted. "The attack surface is really vast here."
Mobile apps and stealing a connected car [Mikhail Kuzin and Victor Chebyshev/Securelist]
Millions of Smart Cars Vulnerable Due to Insecure Android Apps
[Catalin Cimpanu/Bleeping Computer]
An Australian developer named Mark Watkins painstakingly reverse-engineered the proprietary data generated by Continuous Positive Airway Pressure (CPAP) machines and created Sleepyhead, a free/open piece of software that has become the go-to tool for thousands of sleep apnea sufferers around the world who want to tune their machines to stay healthy.
Denuvo bills itself as the best-of-breed in games DRM, the most uncrackable, tamper-proof wrapper for games companies; but its reputation tells a different story: the company's products are infamous for falling quickly to DRM crackers and for interfering with game-play until you crack the DRM off the products you buy.
Locking bootloaders with trusted computing is an important step towards protecting users from some of the most devastating malware attacks: by allowing the user to verify their computing environment, trusted computing can prevent compromises to operating systems and other low-level parts of their computer's operating environment.
There are two times you never want to just “eyeball” it: Conducting brain surgery and matching shades of paint for your walls. Whether you’re painting or repainting, make sure you’re never just “close enough” to the color you want. Not when the Nix Mini Color Sensor can scan and match any color perfectly. Small enough […]
In photography as in film, all the real artistry is in post-production – increasingly so, with the new possibilities cropping up in digital imaging. If you’re ready to get serious about your photography, may we suggest HDR Projects 2018 Pro. As working photographers can tell you, this imaging software can help you re-imagine even the […]
A picture can be worth a heck of a lot more than just a thousand words. If you’ve squinted for ages trying to get just the right photo, you might have the right passion for a career behind the camera. You might even have the right equipment, but do you have the know-how? The Beginner-To-Expert […]