According to Space.com (This article and its images were originally posted on Space.com September 3, 2018 at 08:05AM.)
(Cover Image)
Australian software engineer Sarah Spencer hacked a 1980’s knitting machine to create “Stargazing: a knitted tapestry” to show the universe in a totally unique way.
Credit: Sarah Spencer
By hacking a domestic knitting machine, a software engineer advanced modern knitting and made a massive equatorial star map in tapestry form.Australian software engineer Sarah Spencer spent years hacking and programming a 1980s domestic knitting machine for fun. This hobby grew into much more, however, as Spencer developed a new computer algorithm that did something never before accomplished with such machines. Her accomplishment — knitting with bird’s-eye backing using one knit per pixel in three colors — might not mean much to anyone outside of the knitting community. But this achievement allowed Spencer to make something truly out of this world.
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com.
To see more posts like these; please subscribe to our newsletter. By entering a valid email, you’ll receive top trending reports delivered to your inbox.
__
This article and its images were originally posted on [Space.com] September 3, 2018 at 08:05AM. All credit to both the author Chelsea Gohd, @chelsea_gohd and Space.com | ESIST.T>G>S Recommended Articles Of The Day.
Donations are appreciated and go directly to supporting ESIST.Tech. Thank you in advance for helping us to continue to be a part of your online entertainment!
Your daily selection of the hottest trending tech news!
According to The Hacker News (This article and its images were originally posted on The Hacker News August 17, 2018 at 08:09AM.)
Well, there’s something quite embarrassing for Apple fans.
Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible.
The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts.
The teen told the authorities that he hacked Apple because he was a huge fan of the company and “dreamed of” working for the technology giant.
What’s more embarrassing? The teen, whose name is being withheld as he’s still a minor, hacked the company’s servers not once, but numerous times over the course of more than a year, and Apple’s system administrators failed to stop their users’ data from being stolen.
When Apple finally noticed the intrusion, the company contacted the FBI, which took the help of the Australian Federal Police (AFP) after detecting his presence on their servers and blocking him.
Apple Hack: The “Hacky Hack Hack” Folder
The AFP caught the teenager last year after a raid on his residence and seized two Apple laptops, a mobile phone, and a hard drive.
“Two Apple laptops were seized, and the serial numbers matched the serial numbers of the devices which accessed the internal systems,” a prosecutor was quoted as saying by Australian media The Age. “A mobile phone and hard drive were also seized, and the IP address matched the intrusions into the organization.”
After analyzing the seized equipment, authorities found the stolen data in a folder called “hacky hack hack.”
Besides this, authorities also discovered a series of hacking tools and files that allowed the 16-year-old boy to break into Apple’s mainframe repeatedly.
According to the authorities, the teenager also used Whatsapp to share his offending with others.
At Apple’s request, authorities did not disclose details regarding the methods the teenager used to hack into its secure servers, though investigators said his ways “worked flawlessly” until the company noticed.
The FBI and the AFP kept everything secret until now, as the teen’s defense lawyer said the boy had become so well known in the international hacking community that even mentioning the case in detail could expose him to risk.
In a statement given by Apple to the press today, the company assured its customers that no personal data was compromised in the hack, though it is still unclear what kind of data the teen stole.
The teen has pleaded guilty to a Children’s Court, but the magistrate has postponed his sentencing till next month (20 September).
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com.
To see more posts like these; please subscribe to our newsletter. By entering a valid email, you’ll receive top trending reports delivered to your inbox.
__
This article and images were originally posted on [The Hacker News] August 17, 2018 at 08:09AM. Credit to Author Mohit Kumar and The Hacker News | ESIST.T>G>S Recommended Articles Of The Day.
Your daily selection of the hottest trending tech news!
According to The Next Web (This article and its images were originally posted on The Next Web August 13, 2018 at 09:25AM.)
It was Sunday afternoon when I installed the roof rack on my new BMW F30 320i.
We were about to go on a 2 week trip to France and were intending to leave next Friday.
During that night, my girlfriend and I were fast asleep, when at 03:45 the doorbell rang. We looked at each other dazed. I got out of bed and attempted to journey downstairs in my boxers when the doorbell rang again.
Before opening the door I went into the living room to gaze out of the window. A police car with 2 policemen was standing in front of our house. I opened the door and was welcomed with the question whether I owned a BMW with a specific license plate.
They said that a car burglary had taken place.
The follow-up question was whether or not the alarm system was linked to an emergency call center. I knew my car was equipped with a class 3 alarm system but wasn’t sure whether or not that meant that it actually communicated with an external call center.
They told me that the call they received was from an emergency call center so it must have an external connection.
Mere vandalism?
After putting on some clothes, we went to the car to inspect the damage. The front window on the passenger’s side was partially broken. After looking around the car, I entered the car through the driver’s door and tries to turn on the interior lighting.
For some reason, none of the interior lighting buttons worked. Being sure that they weren’t broken before, but probably out of sheer tiredness, I didn’t think much of it at that time.
I only cared for it not being stolen. I looked around the car and couldn’t find anything missing or out of order. Was this simply a case of vandalism?
The police advised me to report it first thing in the morning. I decided to seal the window with a duct-taped garbage bag and went back to bed for the 1.5 hours I had before my alarm clock went off.
The next day
The first thing next morning was a phone call to my insurance company and to Car Glass, the glass repair company. I was able to get an appointment for 10:30 the same day.
When it was time to head out to Car Glass, I switched on the ignition and faced a severe error and a warning on the BMW iDrive interface. The severe error stated that there was an issue with the passenger’s side seatbelt.
The warning stated that the SOS button on the ceiling wasn’t in contact with BMW anymore.
The window was replaced within 30 minutes and I hoped that maybe after replacing the window, the warning and error notifications would also disappear.
Unfortunately, this was not the case. I decided to call the local BMW dealer. They advised me to drop by in the afternoon so that they could take a look at it.
A nasty surprise
That afternoon, on my way home, I dropped by the BMW dealer. After explaining the situation, one of the service employees followed me to my car.
He looked all around, trying to figure out what the burglars were trying to achieve. After being puzzled for a while, another service employee joined the search.
Neither of them had a clue why the car would suddenly malfunction like this, just because of a broken window.
It felt like they were about to dismiss the issues and ask me to come back after my holiday when one of the service employees saw a small opening on the inside of the jamb. He pulled it away.
We were able to see one end of the airbag and also a wire loom running through the jamb up to the ceiling of the car. After close inspection, I noticed that the wire loom was cut through.
The interior panel of the jamb after pulling it away
My first thought at that time was, does the interior alarm actually still work? We closed the doors and locked the car.
Not all too surprising, the alarm light underneath the interior mirror didn’t blink as it normally would. At that time, the service employee strongly advised me not to take my car home.
Cut through cable loom
Digging deeper
He explained that behind the air vents located on the ceiling, two sensors are located for detecting break-ins. The first is a radar, used for movement detection inside the car.
The other one was an air pressure sensor, used for detecting sudden changes in air pressure. This is the sensor that will, among other things, detect a broken window.
We looked at each other, less puzzled than before. It was crystal clear that these burglars were not ignorant. They knew exactly what they were doing.
Their grand scheme was to make it look like a simple break-in without theft, while cleverly disabling the internal alarm systems, and covering their tracks as best as possible.
Most likely, if I parked the car in front of our house the next night, they would break in again, without triggering an alarm. That would give them more than enough time to bypass the ignition interlock and steal the car entirely.
The service employee told me that he’d never seen this before and after asking around in the local dealership, nobody seemed to have heard of this modus operandi for stealing a BMW.
The follow-up
When I went back to the dealer a few days later to return the replacement rental car, I spoke to a different employee who was wondering which external call center rang the police.
He told me that a class 3 alarm system doesn’t have a tracking option. I told him about the cut wire and how it disabled the SOS button.
His thought was that it was actually the BMW call center which is hooked up to the SOS button. His suspicion was that, as soon as the button loses connection with BMW, they get notified.
I decided to call the police to inquire about the phone call. The officer I spoke to was unable to tell me which phone number or external call center it was, but that it was, in fact, a call center.
The message they passed on was that there was either a burglary attempt or that my car was involved in an accident. They gave the police the exact coordinates of my car and it only took the surveilling car 5 minutes to get to the car.
I explained the burglar’s modus operandi to the officer, and she would pass on the message, hoping that this would prevent other attempts.
The BMW service employee also told me that he rang the national BMW damage repair center. They confirmed that they also never seen a car theft attempt like this before.
As both the Dutch police and BMW in the Netherlands has never witnessed this modus operandi, I hope that by sharing this story I will be able to save other people from actually having their cars stolen in this way.
What about the vacation?
The BMW dealer had a 4 week waiting list for appointments but due to the severity of the case and my personal situation with the upcoming holiday, they really wanted to help out.
Unfortunately, they weren’t able to help me within the 3 days that were left before our planned vacation. As fortunate as we are, my girlfriend also has a car, so we were still able to leave.
TL;DR
So, if you find your passenger’s front side window broken and a warning regarding the SOS button having lost connection to BMW appears, immediately contact your dealer and make sure it’s parked at the dealer’s or in a secured area.
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com.
To see more posts like these; please subscribe to our newsletter. By entering a valid email, you’ll receive top trending reports delivered to your inbox.
__
This article and images were originally posted on [The Next Web] August 13, 2018 at 09:25AM. Credit to Author Marc Rooding and The Next Web | ESIST.T>G>S Recommended Articles Of The Day.
Your daily selection of the hottest trending tech news!
According to Wired (This article and its images were originally posted on Feed: All Latest August 13, 2018 at 07:06AM.)
When the cybersecurity industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters. Lots of them.
At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices an attacker would need to simultaneously hijack to disrupt the stability of the power grid.
Their answers point to a disturbing, if not quite yet practical scenario: In a power network large enough to serve an area of 38 million people—a population roughly equal to Canada or California—the researchers estimate that just a one percent bump in demand might be enough to take down the majority of the grid. That demand increase could be created by a botnet as small as a few tens of thousands of hacked electric water heaters or a couple hundred thousand air conditioners.
“Power grids are stable as long as supply is equal to demand,” says Saleh Soltan, a researcher in Princeton’s Department of Electrical Engineering, who led the study. “If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want.”
Just a one percent bump in demand might be enough to take down the majority of the grid.
The result of that botnet-induced imbalance, Soltan says, could be cascading blackouts. When demand in one part of the grid rapidly increases, it can overload the current on certain power lines, damaging them or more likely triggering devices called protective relays, which turn off the power when they sense dangerous conditions. Switching off those lines puts more load on the remaining ones, potentially leading to a chain reaction.
“Fewer lines need to carry the same flows and they get overloaded, so then the next one will be disconnected and the next one,” says Soltan. “In the worst case, most or all of them are disconnected, and you have a blackout in most of your grid.”
Power utility engineers, of course, expertly forecast fluctuations in electric demand on a daily basis. They plan for everything from heat waves that predictably cause spikes in air conditioner usage to the moment at the end of British soap opera episodes when hundreds of thousands of viewers all switch on their tea kettles. But the Princeton researchers’ study suggests that hackers could make those demand spikes not only unpredictable, but maliciously timed.
The researchers don’t actually point to any vulnerabilities in specific household devices, or suggest how exactly they might be hacked. Instead, they start from the premise that a large number of those devices could somehow be compromised and silently controlled by a hacker. That’s arguably a realistic assumption, given the myriad vulnerabilities other security researchers and hackers have found in the internet of things. One talk at the Kaspersky Analyst Summit in 2016 described security flaws in air conditioners that could be used to pull off the sort of grid disturbance that the Princeton researchers describe. And real-world malicious hackers have compromised everything from refrigerators to fish tanks.
Given that assumption, the researchers ran simulations in power grid software MATPOWER and Power World to determine what sort of botnet would could disrupt what size grid. They ran most of their simulations on models of the Polish power grid from 2004 and 2008, a rare country-sized electrical system whose architecture is described in publicly available records. They found they could cause a cascading blackout of 86 percent of the power lines in the 2008 Poland grid model with just a one percent increase in demand. That would require the equivalent of 210,000 hacked air conditioners, or 42,000 electric water heaters.
Building a botnet of the same size out of more power-hungry IoT devices is probably impossible today, says Ben Miller, a former cybersecurity engineer at electric utility Constellation Energy and now the director of the threat operations center at industrial security firm Dragos. There simply aren’t enough high-power smart devices in homes, he says, especially since the entire botnet would have to be within the geographic area of the target electrical grid, not distributed across the world like the Mirai botnet.
‘If you have a very large botnet of IoT devices, you can really manipulate the demand, changing it abruptly, any time you want.’
Saleh Soltan, Princeton University
But as internet-connected air conditioners, heaters, and the smart thermostats that control them increasingly show up in homes for convenience and efficiency, a demand-based attack like the one the Princeton researchers describes could become more practical than one that targets grid operators. “It’s as simple as running a botnet. When a botnet is successful, it can scale by itself. That makes the attack easier,” Miller says. “It’s really hard to attack all the generation sites on a grid all at once. But with a botnet you could attack all these end user devices at once and have some sort of impact.”
The Princeton researchers modeled more devious techniques their imaginary IoT botnet might use to mess with power grids, too. They found it was possible to increase demand in one area while decreasing it in another, so that the total load on a system’s generators remains constant while the attack overloads certain lines. That could make it even harder for utility operators to figure out the source of the disruption.
If a botnet did succeed in taking down a grid, the researchers’ models showed it would be even easier to keep it down as operators attempted to bring it back online, triggering smaller scale versions of their attack in the sections or “islands” of the grid that recover first. And smaller scale attacks could force utility operators to pay for expensive backup power supplies, even if they fall short of causing actual blackouts. And the researchers point out that since the source of the demand spikes would be largely hidden from utilities, attackers could simply try them again and again, experimenting until they had the desired effect.
The owners of the actual air conditioners and water heaters might notice that their equipment was suddenly behaving strangely. But that still wouldn’t immediately be apparent to the target energy utility. “Where do the consumers report it?” asks Princeton’s Soltan. “They don’t report it to Con Edison, they report it to the manufacturer of the smart device. But the real impact is on the power system that doesn’t have any of this data.”
That disconnect represents the root of the security vulnerability that utility operators need to fix, Soltan argues. Just as utilities carefully model heat waves and British tea times and keep a stock of energy in reserve to cover those demands, they now need to account for the number of potentially hackable high-powered devices on their grids, too. As high-power smart-home gadgets multiply, the consequences of IoT insecurity could someday be more than just a haywire thermostat, but entire portions of a country going dark.
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com.
To see more posts like these; please subscribe to our newsletter. By entering a valid email, you’ll receive top trending reports delivered to your inbox.
__
This article and images were originally posted on [Wired] August 13, 2018 at 07:06AM. Credit to Author and Wired | ESIST.T>G>S Recommended Articles Of The Day.
last week and modifying the content of its repositories and pages.
The hackers not only managed to change the content in compromised repositories but also locked out Gentoo developers from their GitHub organisation.
As a result of the incident, the developers could not be unable to use GitHub for a total of five days.
What Went Wrong?
Gentoo developers have revealed that the attackers were able to gain administrative privileges for its Github account, after guessing the account password.
The organisation could have been saved if it was using a two-factor authentication, which requires an additional passcode besides the password in order to gain access to the account.
“The attacker gained access to a password of an organization administrator. Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated web pages,” Gentoo wrote in its incident report.
Besides this, Gentoo developers did not also have a backup copy of its GitHub Organization detail. What’s more? The systemd repo was also not mirrored from Gentoo but was stored directly on GitHub.
What Went Well? (Luckily)
However, Gentoo believed the project got lucky that the attack was “loud,” as knocking all other developers out of the targeted GitHub account caused them to be emailed.
Quick action from both Gentoo and Github put an end to the attack in about 70 minutes.
“The attack was loud; removing all developers caused everyone to get emailed,” the Gentoo maintainers said. “Given the credential taken, it’s likely a quieter attack would have provided a longer opportunity window.”
Moreover, the report also added that by force pushing commits that attempted to remove all files, the attacker made “downstream consumption more conspicuous,” which could have eventually “blocked git from silently pulling in new content to existing checkouts on ‘git pull’.”
As the project previously said, the main Gentoo repositories are kept on Gentoo hosted infrastructure, and Gentoo mirrors to GitHub in order to “be where the contributors are.”
Therefore, the private keys of the account were not impacted by the incident, and so the Gentoo-hosted infrastructure.
Impact of the Cyber Attack
As a result of the incident, the Gentoo Proxy Maintainers Project was impacted as many proxy maintainers contributors use GitHub to submit pull requests, and all past pull requests were also disconnected from their original commits and closed.
The attackers also attempted to add “rm -rf” commands to various repositories, which if executed, would have deleted user data recursively. However, this code was unlikely to be executed by end users due to various technical guards in place.
rm is a Unix command which is used for removing files, directories and similar, and rm -rf denotes a more forcible removal, which “would cause every file accessible from the present file system to be deleted from the machine.”
Steps Taken to Prevent Future Cyber Attacks
Following the incident, Gentoo has taken many actions to prevent such attacks in the future. These actions include:
Making frequent backups of its GitHub Organization.
Enabling two-factor authentication by default in Gentoo’s GitHub Organization, which will eventually come to all users the project’s repositories.
Working on an incident response plan, particularly for sharing information about a security incident with users.
Tightening up procedures around credential revocation.
Reducing the number of users with elevated privileges, auditing logins, and publishing password policies that mandate password managers.
Introducing support for hardware-based 2FA for Gentoo developers
Currently, it is not known who was behind the Gentoo Hack. Gentoo did not say if the incident has been reported to law enforcement to hunt for the hacker(s).
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com. To see more posts like this please subscribe to our newsletter by entering your email. By subscribing you’ll receive the top trending news delivered to your inbox.
__
This article and images were originally posted on [The Hacker News] July 5, 2018 at 06:29AM. Credit to Author Swati Khandelwal and The Hacker News | ESIST.T>G>S Recommended Articles Of The Day.
Your daily selection of the hottest trending gaming news!
According to IGN Video Games (This article and its images were originally posted on IGN Video Games July 2, 2018 at 06:05PM.)
A hoax and nothing more.
Despite a persistent message occurring for some players in Grand Theft Auto Online, Grand Theft Auto 6 has definitely not been announced for a 2019 release.
Rockstar’s official support account on Twitter recently responded to user @KolosisYT, dismissing the message by saying, “This is a hoax made with the use of mods, and not an official message or statement from Rockstar Games.”
The hoax message in question prompted many GTA Online players to take to Rockstar’s official support website, sharing the message that regularly appeared on their user interface above the game’s mini-map. The message stated: “GTA VI Coming 2019” with a general link to Rockstar’s official website, which shows nothing about Grand Theft Auto 6.
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com. To see more posts like this please subscribe to our newsletter by entering your email. By subscribing you’ll receive the top trending news delivered to your inbox.
__
This article and images were originally posted on [IGN Video Games] July 2, 2018 at 06:05PM. Credit to Author Colin Stevens and IGN Video Games | ESIST.T>G>S Recommended Articles Of The Day.
Your daily selection of the hottest trending tech news!
According to The Hacker News (This article and its images were originally posted on The Hacker News June 29, 2018 at 05:02AM.)
Downloaded anything from Gentoo’s GitHub account yesterday?
Consider those files compromised and dump them now—as an unknown group of hackers or an individual managed to gain access to the GitHub account of the Gentoo Linux distribution on Thursday and replaced the original source code with a malicious one.
Gentoo is a free open source Linux or FreeBSD-based distribution built using the Portage package management system that makes it more flexible, easier to maintain, and portable compared to other operating systems.
In a security alert released on its website yesterday, developers of the Gentoo Linux distribution warned users not to use code from its GitHub account, as some “unknown individuals” had gained its control on 28 June at 20:20 UTC and “modified the content of repositories as well as pages there.”
According to Gentoo developer Francisco Blas Izquierdo Riera, after gaining control of the Gentoo Github organization, the attackers “replaced the portage and musl-dev trees with malicious versions of the ebuilds intended to try removing all of your files.”
Ebuild are bash scripts, a format created by the Gentoo Linux project, which automates compilation and installation procedures for software packages, helping the project with its portage software management system.
“We are still working to determine the exact extent and to regain control of the organization and its repositories. All Gentoo code hosted on GitHub should for the moment be considered compromised,” the alert said.
However, Gentoo assured its users that the incident did not affect any code hosted on the Gentoo’s official website or the mirror download servers and that users would be fine as long as they are using rsync or webrsync from gentoo.org.
This is because the master Gentoo ebuild repository is hosted on its own official portal and Github is just a mirror for it.
“Also, the gentoo-mirror repositories including metadata are hosted under a separate Github organisation and likely not affected as well. All Gentoo commits are signed, and you should verify the integrity of the signatures when using git,” the developer said.
In an update later on its website, the organisation said it has regained control of the Gentoo Github Organization, but advised users to continue to refrain from using code from its Github account, as they are still working with Github, which was recently acquired by Microsoft
for US$7.5 billion, on establishing a timeline of what happened.
Got any news, tips or want to contact us directly? Feel free to email us: esistme@gmail.com. To see more posts like this please subscribe to our newsletter by entering your email. By subscribing you’ll receive the top trending news delivered to your inbox.
__
This article and images were originally posted on [The Hacker News] June 29, 2018 at 05:02AM. Credit to Author Swati Khandelwal and The Hacker News | ESIST.T>G>S Recommended Articles Of The Day.
Your daily selection of the hottest trending gaming news!
According to Forbes – Games
This escalated quickly. First a permanent boot exploit was found in the Nintendo Switch allowing hackers to run unsigned code, alongside confident claims that Nintendo is unable to patch the exploit with software or firmware updates. Weeks later, fail0verflow transformed the Switch into a fully-featured Linux tablet. Now the homebrew — and likely piracy — scenes are about to be cracked wide open as the tools, tips and tricks to execute the Switch hack have gone public.
The multi-step methods to actually bypassing Switch boot security and running your own code are complex, and well above my skill level. As such I’m not going to dive too deeply into them as I’m sure interested parties can simply visit fail0verflow’s detailed blog post containing instructions.
3D-print your way to a hackable Nintendo Switch
Additionally, Ars Technica spotted an entry on GitHub written by hacker Katherine Temkin of ReSwitched, who discloses details of the vulnerability. Guess what? It’s not just limited to the Nintendo Switch. Temkin has discovered that the exploit extends across Nvidia’s entire line of Tegra X1 processors.
“By carefully constructing a USB control request, an attacker can leverage this vulnerability to copy the contents of an attacker-controlled buffer over the active execution stack, gaining control of the Boot and Power Management processor (BPMP) before any lock-outs or privilege reductions occur,” Temkin writes.
This effectively means that a user can overload a Direct Memory Access (DMA) buffer within the bootROM and then use it to gain high-level access before the security part of the boot process runs. Since this all happens in Read-Only memory, the exploit cannot be patched.
The instructions to get to this screen are now public, posted by hardware hacker Katherine Temkin
“Since this bug is in the Boot ROM, it cannot be patched without a hardware revision, meaning all Switch units in existence today are vulnerable, forever,” writes fail0verflow. “Nintendo can only patch Boot ROM bugs during the manufacturing process.”
But how do you actually get to this point? First, a user would need to engage the USB recovery mode present in all Tegra-based devices. It’s a lot like the days of tethered jailbreaks on the iPhone, but now we live in a world with 3D printing. And wires…
Hilariously, fail0verflow points out that you can use a simple piece of wire to bridge Pin 10 and Pin 7 on the console’s right Joy-Con connector. They’ve also linked to a 3D-printable accessory that can be created in tandem with a micro-USB connector. It’s only a few short steps, and acts as a “permanent” solution since the exploit needs to be executed at every boot. For now.
After USB recovery mode is active, the exploit needs to be put into play, which can be done with any vanilla Linux distribution on PC, and theoretically most Android phones. The solution for doing the latter has not yet been created. And again, the rest of the process makes my eyes glaze over, but it’s probably catnip for coders who want to get their hands dirty turning the Switch into a homebrew machine.
The Two Sides of the Switch Exploit
With any vulnerability like this, there are always two schools of thought. One is security and public disclosure, and the other is profit and piracy. In her extensive FAQ on the vulnerability itself, Temkin writes that it is “notable due to the significant number and variety of devices affected, the severity of the issue, and the immutability of the relevant code on devices already delivered to end users. This vulnerability report is provided as a courtesy to help aid remediation efforts, guide communication, and minimize impact to users.”
Later she calls out Team Xecutor, who she believes are preparing to sell an easier consumer version of the exploit, likely in the form of a mod chip or other peripheral device. Team Xecutor themselves are boasting that their solution “will work on ANY Nintendo Switch console regardless of the currently installed firmware, and will be completely future proof.”
Wow. At this point Nintendo has shipped roughly 15 million Switch consoles globally, so the implications here are significant. Although it’s a ripe opportunity for homebrew developers to reach a sizable audience on the Switch, you can’t escape the piracy conversation. How Nintendo will combat this is unknown, but you can bet it’s an inevitable battle at this point.
Me? I just want to back up my game saves. If a simple solution surfaces for that as result of this exploit, I’ll be all over it.
As always I’ll keep you updated on these developments. They certainly aren’t slowing down any time soon!
Wanna talk about it? Reach out to me on Twitter and Facebook.
Got any news, tips or want to contact us directly? Email esistme@gmail.com
__
This article and images were originally posted on [Forbes – Games] April 24, 2018 at 07:10AM. Credit to Author and Forbes – Games | ESIST.T>G>S Recommended Articles Of The Day
Your daily selection of the hottest trending tech news!
According to The Next Web
Another day, another heist: Ian Balina, a cryptocurrency YouTuber known for his (sponsored) ICO reviews, was apparently hacked out of $2 million during a livestream session.
Balina was reviewing ICOs on his channel as usual, when a viewer suddenly notified him that “someone” had moved all tokens out of his wallet.
“Ian, did you know that somebody transferred all your tokens from your account,” one user asked in the comments. “Hope that it’s controlled movement.”
While Balina continued with his review, not taking any notice of the comment, the live feed eventually went down 15 minutes later.
The livestream was purportedly disrupted by a power-cut, and Balina returned to continue his review a few hours later.
This is when he noticed that he had been signed out of his Google Sheets profile:
Balina later took to his own Telegram channel to reveal that he was forced to end the livestream abruptly because he got hacked.
Here’s what he said:
He later tweeted about the incident as well:
Crypto Family, I need you now more than ever. I ended today's live stream b/c I am being hacked. I'm not worried about the money. I learned my lesson. I only care about catching the hacker. Please email any information to ibalina88@gmail.com. Thank you all the support. $ETH$BTC
Balina is a known name in the ICO industry — especially as an influencer to casual investors. His YouTube channel boasts over 116,00 subscribers, while his Telegram channel has more than 26,000 members.
The wallet transactions on Etherscan show that almost all of Balina’s tokens were withdrawn from his account during the livestream. This included more than 20 million Nucleus Vision, 2 million Pareto Network, and 1 million Loom among others.
Balina believes the attackers were able to access his account via his old college email:
This is how I think I got hacked. My college email was listed as a recovery email to my Gmail. I remember getting an email about it being compromised, and tried to follow up with my college security to get it resolved, but wasn’t able to get it handled in fast manner and gave up on it thinking it was just an old email.
I kept text versions of my private keys stored in my Evernote, as encrypted text files with passwords. I think they hacked my email using my college email, and then hacked my Evernote.
This entire fiasco serves as a good reminder for everyone to adhere to proper security standards – especially those holding large amounts of crypto.
Meanwhile, Balina says the hackers have gradually began moving his coins to popular exchange desks like Binance and KuCoin. We’ll update the story if there are any interesting developments.. We’ll update the story if there are any interesting developments.
Got any news, tips or want to contact us directly? Email esistme@gmail.com
__
This article and images were originally posted on [The Next Web] April 16, 2018 at 08:47AM. Credit to Author and The Next Web | ESIST.T>G>S Recommended Articles Of The Day
you’ll want to look for security patches for all the smart home gadgets in your house; depending on how they’re configured, they could be hacked to leak data, and allow hackers to copy or change passwords on your locks and alarm systems.
Your daily selection of the hottest trending tech news!
According to The Next Web
Sorry to start off your week with some bad news: the WPA2 encryption protocol that protects your Wi-Fi router and connected devices from intrusions is rumored to have been cracked.
That means that a hacker who is within physical range of your home or office network could crack your Wi-Fi password, listen in on your internet activity and intercept unsecured or unencrypted data streams (such as a password entered on a non-HTTPS site, or video from your crappy home security camera to the cloud).
That’s to be expected, seeing as how WPA2 is about 13 years old now. The proof-of-concept of this attack is called KRACK (Key Reinstallation Attacks). The CVE outlining the security flaw is expected to be published at 8AM PST on Monday, and the site krackattacks.com which will carry more information isn’t entirely live yet, so that’s when we’ll know for sure just how bad things are.
Your daily selection of the hottest trending tech news!
According to New on MIT Technology Review
No, it actually isn’t the plot of a movie. It’s a chain of events described in a New York Times article claiming that Israeli intelligence agents caught Russian spies using compromised Kaspersky Lab software to search millions of American computers for U.S. intelligence data.
The report explains that an Israeli team had actually hacked into Kaspersky’s systems, and then found that software vulnerabilities were being used by Russian hackers to scour computers for references to American intelligence programs. That was made possible by a flaw that enabled them to see file names of documents that were being scanned by the antivirus system.
The Times says that the Israeli intelligence team provided details of the observations to American officials, and that ultimately led the Department of Homeland Security to ban the Russian software from U.S. government use over security concerns.
The story lends weight to a report from last week that claimed the National Security Agency lost cyberdefense details to Russian hackers after a contractor left documents on a home computer protected by Kaspersky software. What remains to be seen now is just how many other systems may have been tapped in the same way.
Damn computer hackers, always trying to steal all my stuff.
Getty Images / C.J. Burton
This article was originally published on Scott Helme’s blog and is reprinted here with his permission.
We have a little problem on the web right now and I can only see it becoming a larger concern as time goes by: more and more sites are obtaining certificates, vitally important documents needed to deploy HTTPS, but we have no way of protecting ourselves when things go wrong.
Certificates
We’re currently seeing a bit of a gold rush for certificates on the Web as more and more sites deploy HTTPS. Beyond the obvious security and privacy benefits of HTTPS, there are quite a few reasons you might want to consider moving to a secure connection that I outline in my article Still think you don’t need HTTPS?. Commonly referred to as “SSL certificates” or “HTTPS certificates”, the wider Internet is obtaining them at a rate we’ve never seen before in the history of the web. Every day I crawl the top one million sites on the Web and analyze various aspects of their security and every 6 months I publish a report. You can see the reports here, but the main result to focus on right now is the adoption of HTTPS.
Not only are we continuing to deploy HTTPS, the rate at which we’re doing so is increasing, too. This is what real progress looks like. The process of obtaining a certificate has become more and more simple over time and now, thanks to the amazing Let’s Encrypt, it’s also free to get them. Put simply, we send a Certificate Signing Request (CSR) to the Certificate Authority (CA) and the CA will challenge us to prove our ownership of the domain. This is usually done by setting a DNS TXT record or hosting a challenge code somewhere on a random path on our domain. Once this challenge has been satisfied the CA it issues the certificate and we can then present it to visitors’ browsers and get the green padlock and “HTTPS” in the address bar.
I have a few tutorials to help you out with this process, including how to get started, how to set up smart renewal, and how to use dual certificates. So, this is all great. What’s the problem?
The problem is when things don’t go according to plan and you have a bad day.
“We’ve been hacked!”
Nobody ever wants to hear those words, but the sad reality is that we do—more often than any of us would like. Hackers can go after any number of things when they gain access to our servers and often one of the things they can access is our private key. The certificates we use for HTTPS are public documents—we send them to anyone that connects to our site—but the thing that stops other people using our certificate is that they don’t have our private key. When a browser establishes a secure connection to a site, it checks that the server has the private key for the certificate it’s trying to use, and this is why no one but us can use our certificate. If an attacker gets our private key, though, things change.
Now that an attacker has managed to obtain our private key, they can use our certificate to prove that they are us. Let’s say that again: if your key is stolen, that means there is somebody on the Internet who is not you, who can prove that they are you. This is a real problem, and before you think “this will never happen to me,” you should recall Heartbleed. This tiny bug in the OpenSSL library allowed attackers to steal private keys and you didn’t even have to do anything wrong for it to happen. On top of this there are countless ways that private keys are exposed by accident or negligence. The simple truth is that we can lose our private keys, and when this happens, we need a way to stop an attacker from using our certificate. We need to revoke the certificate.
Revocation
In a compromise scenario we revoke our certificate so that an attacker can’t abuse it. Once a certificate is marked as “revoked,” Web browsers will know not to trust it, even though the certificate is valid. The owner has requested revocation and no client should accept it.
Once we know we’ve had a compromise, we contact the CA and ask that they revoke our certificate. We need to prove ownership of the certificate in question, and once we do that, the CA will mark the certificate as revoked. Now that the certificate is revoked, we need a way of communicating this revocation to any client that might require the information. Right after the revocation, visitors’ browsers doesn’t know about it—and of course, that’s a problem. There are two mechanisms that we can use to make this information available: a Certificate Revocation List (CRL), or the Online Certificate Status Protocol (OCSP).
Certificate Revocation Lists
A CRL is a really simple concept and is quite literally just a list of all certificates that a CA has marked as revoked. A client can contact the CRL Server and download a copy of the list. Armed with a copy of the list the browser can check to see if the certificate it has been provided is on that list. If the certificate is on the list, the browser now knows the certificate is bad and it shouldn’t be trusted. The browser should throw an error and abandon the connection. If the certificate isn’t on the list then everything is fine and the browser can continue the connection.
The problem with a CRL is that they contain a lot of revoked certificates from the particular CA maintaining it. Without getting into too much detail, they are broken down by each intermediate certificate a CA has and the CA can fragment the lists into smaller chunks. Regardless of how it’s broken up, the point I want to make remains the same: the CRL is typically not an insignificant size. The other problem is that if the client doesn’t have a fresh copy of the CRL, it has to fetch one during the initial connection to your site—which can make your site look much slower than they actually are.
This doesn’t sound particularly great—so how about we take a look at OCSP?
Online Certificate Status Protocol
The OCSP provides a much nicer solution to the problem and has a significant advantage over the CRL approach. With OCSP, we ask the CA for the status of a single, particular certificate. This means all the CA has to do is respond with a good/revoked answer, which is considerably smaller than a CRL. Great stuff!
It is true that OCSP offers a significant performance advantage over fetching a CRL, but, that performance advantage comes with a cost (don’t you hate it when that happens?). The cost is a pretty significant one, too: your privacy.
When we think about what an OCSP request is—the request for the status of a very particular, single certificate—you may start to realize that you’re leaking some information. When you send an OCSP request, you’re basically asking the CA this:
Is the certificate for pornhub.com valid?
So, not exactly an ideal scenario. You’re now advertising your browsing history to some third party that you didn’t even know about, all in the name of HTTPS—which set out to give us more security and privacy. Kind of ironic, huh?
Hard fail
But wait: there’s something else. I talked about the CRL and OCSP responses above, the two mechanisms a browser can use to check if a certificate is revoked. They look like this.
CRL and OCSP checks.
Scott Helme
Upon receiving the certificate, the browser will reach out to one of these services and perform the necessary query to ultimately ascertain the status of the certificate. But what if your CA is having a bad day and the infrastructure is offline? What if it looks like this?
CRL and OCSP servers down.
Scott Helme
The browser has only two choices here. It can refuse to accept the certificate because it can’t check the revocation status, or it can take a risk and accept the certificate without knowing the revocation status. Both of these options come with their advantages and disadvantages. If the browser refuses to accept the certificate, then every time your CA has a bad day and their infrastructure goes offline, your sites goes offline, too. If the browser continues and accepts the certificate then it risks using a certificate that could have been stolen, and exposes the user to the associated risks thereof.
It’s a tough call—but right now, today, neither of these actually happen.
__
This article and images was originally posted on [Ars Technica] July 3, 2017 at 08:14AM
At this point, 8 years after Google put a spotlight on self-driving technology, there are over 2 dozens somewhat serious companies with autonomous driving programs at different stages of development.
Tesla’s Autopilot is among the most well-known and arguably one of the most exciting since it’s already powering features in vehicles owned by customers. For better or worse, it lets people experiment with some aspect of it and through those experimentations, we now get a look at the Autopilot’s debugging mode – giving insights into the back-end of Tesla’s semi-autonomous system.
Tesla’s second generation Autopilot is quite complex, but in short, it consists a computer vision technology called Tesla Vision that uses images fed from 8 cameras around the vehicle (currently mainly the 3 front-facing cameras) in order to steer the vehicle with the help of GPS and radar data.
With the data gathered through its entire fleet, Tesla is also building “high-precision maps” and its vehicles can download “tiles” based on their location and use them to better autonomously steer itself.
At any given time, Autopilot uses one of these technologies or a fusion of them in order to operate. The Tesla Vision system can also use either a lead vehicle or detect lane markings in order to steer.
Tesla’s Autopilot debug mode, which Tesla Motors Club member ‘verygreen’ managed to hack, tells us exactly which of those metrics the system is using to take its decisions. He posted his latest discoveries from the system in an interesting thread on the forum.
It shows some Autopilot settings currently unavailable to Tesla owners (picture credits to ‘verygreen’):
Of course, ‘Augmented Vision’ caught everyone’s attention, especially after all the talk about heads-up displays, but the options in the tab is not telling us a lot about it:
verygreen noted that it should “be displaying a video feed of some sort”, but he can’t make it work on his car.
As we previously noted in reports about Tesla owners hacking their vehicles, Tesla has one software build that it pushes to all its vehicles which is then limited on the user’s end. For example, a development vehicle in Tesla’s internal fleet could have the same software build as verygreen’s but with access to the functions that he is seeing in the debug mode.
When driving with the debug mode, he can see in real-time the information that Autopilot is using, like the GPS data and map tiles:
He even posted a video of the debug mode as he was driving his Model S. You can see what the Autopilot is seeing in real-time:
__
This article and images was originally posted on [Electrek] May 15, 2017 at 06:39AM
A tweet from Hello Games co-founder and No Man’s Sky director Sean Murray stating that the game was “a mistake” was written while the account was hacked, according to a statement from Hello Games. After reports initially suggested the comment was genuine, the developer clarified that the tweet was from “a disgruntled employee” who hacked Murray’s accounts.
The incident has caused more confusion than the average social media account hack, primarily because the hacker not only published the tweet, but impersonated Murray and commented on the tweet to a reporter. Shortly after the tweet was deleted, Polygon reached out to Hello Games, and an email allegedly coming from Murray himself responded, stating he was responsible for the post.
“The tweet is from me, but somebody from the team took it down,” Murray’s email said. “We have not been coping well.”
The Twitter account briefly went private, but Murray stated in a separate response message to Forbes that he was, in fact, not responsible for the tweet, and it actually came from a “disgruntled employee.”
No Man’s Sky launched back in August for PlayStation 4 and PC, and players soon accused developer Hello Games and Steam creator Valve of misrepresenting the game to the public. The Advertising Standards Authority, an independent consumer advocacy group in the UK, has opened in investigation into the game based on those complaints.
In our review, we said that the game was “too grand for its own good” and that its wondrous “sense of discovery” didn’t last very long. For a game with billions and billions of planets, they essentially all feature the same few ingredients, and the “objectives” in the game are too vague to keep your attention for an extended amount of time.
No Man’s Sky has seen a significant player drop-off in the few months since its release, with PC players per hour dropping from nearly 200,000 to only 2,123.
Check out our Flipboard magazineESISTIf you enjoy reading our posts. All of our handpicked articles will be delivered to the flipboard magazine every day.
Chinese electronics company Hangzhou Xiongmai is recalling its webcams in the US following last week’s massive distributed denial-of-service attack that shut down multiple websites, including Github, Amazon, and Twitter. Some security researchers, including security firm Flashpoint, blamed the attack on Xiongmai’s lagging security practices and use of a default username and password in its software and camera components. That weakness, and similar weaknesses in other IoT products, allowed criminals to create a massive botnet of compromised connected devices. Xiongmai told the BBC that its webcams didn’t make up the majority of the devices in the botnet, however.
The DDoS attack relied on a malware called Mirai to compromise connected devices that use default passwords and usernames. (Friendly reminder: always change your connected device’s username and password!) Unidentified attackers assembled those infected devices into a botnet to target Dyn, a DNS service provider, on Friday, as well as security blogger Brian Krebs. Mirai’s source code was publicly released earlier this month, which researchers said would lead to higher profile attacks. So far, Mirai has infected at least 493,000 devices. Before the source code was released, only 213,000 devices had been compromised. This is likely only one of many DDoS attacks we’ll see as Mirai continues to search out and exploit vulnerable devices.
Check out our Flipboard magazineESISTIf you enjoy reading our posts. All of our handpicked articles will be delivered to the flipboard magazine every day.
A website used to fund the campaigns of Republican senators was infected with malware that for more than six months collected donors’ personal information, including full names, addresses, and credit card data, a researcher said.
The storefront for the National Republican Senatorial Committee was one of about 5,900 e-commerce platforms recently found to be compromised by malicious skimming software, according to researcher and developer Willem de Groot. He said the NSRC site was infected from March 16 to October 5 by malware that sent donors’ credit card data to attacker-controlled domains. One of the addresses—jquery-code[dot]su—is hosted by dataflow[dot]su, a service that provides so-called bulletproof hosting to money launderers, sellers of synthetic drugs and stolen credit card data, and other providers of illicit wares or services.
De Groot said it’s not clear how many credit cards were compromised over the six months the site was infected. Based on data from TrafficEstimates, the NRSC site received about 350,000 visits per month. Assuming 1 percent of those visits involved the visitor using a credit card, that would translate to 3,500 transactions per month, or about 21,000 transactions over the time the site was compromised. Assuming a black market value of $4 to $21 per compromised card, the crooks behind the hack may have generated revenue of $600,000.
“This clever form of card skimming has been going for a while, at least since March,” de Groot wrote in an October 4 post revealing the NSRC compromise. “The culprits are hiding behind a shell company in Belize. Their business is growing rapidly.”
The NSRC site was disinfected on October 6, two days after the post. Word of the NSRC site compromise didn’t receive much attention until it was reported Monday by CSO Online.
In a report published last week, de Groot said he uncovered 5,900 online platforms that were similarly compromised. He identified three distinct malware families and nine variants responsible, a finding that suggested that multiple people or groups are involved. In some cases, e-commerce platforms were running outdated versions with known security vulnerabilities that allowed attackers to gain control. Other times, attackers appeared to exploit weak passwords used to protect administrator accounts. Below is a video demonstrating how the hack worked:
FURTHER READING
Word of the NRSC compromise comes a few months after the disclosure of hacks affecting the Democratic National Committee and the Democratic Congressional Campaign Committee. Those attacks have resulted in the publication on WikiLeaks and elsewhere of tens of thousands of private e-mails belonging to senior democratic officials. According to both FBI officials and some independent researchers, the hacks targeting Democrats were carried out by attackers sponsored by the Russian government in an attempt to disrupt or influence the US presidential election. By contrast, the compromise of the NRSC appears to be carried out by financially motivated criminals.
Check out our Flipboard magazineESISTIf you enjoy reading our posts. All of our handpicked articles will be delivered to the flipboard magazine every day.
Project Soli, which debuted at Google I/O in 2015, is a tiny chip that uses radar to detect discreet hand and finger motions. It was designed as a unique way to interact with mobile devices, but students at the University of St. Andrews found a way to use the simple chip to give electronics an actual sense of touch.
The chip, developed by Google’s Advanced Technologies And Projects group, or ATAP, uses the same kind of radar as airports use to track arriving and departing planes. As radio waves bounce back to the Project Soli chip from your hand, the unique signals detected can be used to decipher even the tiniest of motions.
But the computer science students at St Andrews, including Hui-Shyong Yeo, Gergely Flamich, Patrick Schrempf, David Harris-Birtill and Aaron Quigley, discovered that different materials produced unique signals too, and through the use of machine learning, eventually a computer can be given the ability to determine what the Project Soli chip is touching.
The research, called RadarCat, isn’t only limited to just figuring out what an object is made from—be it metal, plastic, or wood. In the video demonstration we see the RadarCat software correctly identify an empty drinking glass, but then also recognize when that same glass is being filled with water. It might not always make an accurate prediction when faced with a new material, but the use of machine learning means it will get better over time through future interactions.
While the Project Soli isn’t quite small enough to squeeze inside of a smartphone as of yet, there are still useful applications for RadarCat in its current form. For example, instead of relying on only high-speed cameras to sort waste in a recycling facility, machines could actually feel an object to determine what it’s made of, and how it should be properly dealt with.
The potential for improving how robots interact with the world using this technology is also very exciting. They could immediately know when they’re touching human skin, and need to be extra gentle to prevent injuries. Or if they’ve grabbed a metal object that is probably quite heavy, and to brace for the weight if they try and lift it.
The company that builds Ubuntu, a popular Linux distribution, has said its forums were hacked Thursday.
Canonical, which develops the operating system, said in a statement on Friday that two million usernames, email addresses, and IP addresses associated with the Ubuntu Forums were taken by an unnamed attacker.
The attacker was able to exploit an SQL injection vulnerability in an add-on used by older vBulletin forum software.
That gave the attacker access to the forum’s databases, but the company said that only limited user data was accessed and downloaded.
The statement stressed that no code or repository data was accessed, and the attacker couldn’t write data to the database or gain shell access. The attacker also didn’t gain access to any other Canonical or Ubuntu service.
Since the breach, the servers were wiped, rebuilt, and hardened, passwords were changed, and the forum software was fully patched.
After a series of celebrity Twitter handle hacks over the past few months, Jack Dorsey, the CEO of Twitter, had his account compromised briefly on Saturday, a media report said.
A group by the name of “OurMine” — the same group that claimed credit for compromising Facebook chief Mark Zuckerberg’s and Google CEO Sundar Pichai’s social media accounts — took credit for hacking Dorsey’s account in a tweet.
“After the hackers posted a few benign video clips, a tweet went up at 2:50AM ET saying ‘Hey, its OurMine, we are testing your security’ and linking to their website. That tweet was quickly deleted,” technology website engadget.com reported.
The message was linked to a short clip on entertainment network Vine.
“All of the OurMine messages posted to Dorsey’s account (which, as of 3:25AM or so appears to have been scrubbed of the hacker’s tweets), came through from Vine,” the report noted.
It might be possible due to the fact that Dorsey had an old/shared password on his Vine account or somehow connected it to another service that was compromised, which could have given “OurMine” access, the report said.
When clicked on the Twitter link provided by the hackers, a message, “The link you are trying to access has been identified by Twitter or our partners as being potentially harmful” was returned.
Also, the other link that was connected to Vine returned “The record was deleted by the user” message.
This hack has added another name in the list of high-profile people whose accounts have been compromised.
Recently, the group hacked the Twitter account of the microblogging site’s co-founder and former CEO Evan Williams.
Soon after the news of Twitter Co-founder Evan Williams’s account hack surfaced on Thursday, another report said that hackers might have used malware to collect more than 32 million Twitter login credentials.
According to the report on technology website Techcrunch.com, these credentials were being sold on the dark web.
Spotify’s Daniel Ek, singers Drake and Lana Del Rey, professional American football league NFL and actress-comedienne Chelsea Handler have all been hit in recent months.
In early 2015, Twitter’s Chief Financial Officer and Head of Twitter Ventures, Anthony Noto’s account was hacked that resulted in many spam messages.
Recently, popular career-oriented platform LinkedIn notified about data breach and alerted its 400 million members to stay safe.
Hit by a massive data breach that put nearly 167 million users’ passwords and personal information in the hands of hackers four years back, LinkedIn came out with an explanation and steps it has taken to protect users.
The alarm on Mitsubishi’s Outlander hybrid car can be turned off via security bugs in its on-board wi-fi, researchers have found.
The loophole could mean thieves who exploit the bugs gain time to break into and steal a vehicle.
The vulnerability can also be used to fiddle with some of the car’s settings and drain its battery.
Mitsubishi recommended that users turn off the wi-fi while it investigates the issues with the system.
Helping thieves
Security expert Ken Munro said the investigation started when he was waiting to collect his children from school and noticed an unusual wi-fi access point pop up on a list on his smartphone.
He realised it was on a nearby Mitsubishi Outlander that belonged to a friend who then showed him the associated app and how it could be used to control some aspects of the vehicle.
About 100,000 Outlander hybrid cars are believed to have been sold
“I got playing with it and soon realised it was vulnerable so I stopped,” he told the BBC.
Mr Munro then bought an Outlander and set about investigating how the car’s owner communicates with their vehicle via the app.
Many other car makers use a web-based service that supports apps for connected cars so owners can lock them remotely or otherwise control them. Typically, commands sent to a car pass through these servers before being sent to the car over the mobile network.
Image copyrightKEN MUNROImage captionReplaying commands let security researchers turn off the car’s alarm
By contrast, Mitsubishi has decided to only let apps talk to cars via the onboard wi-fi. Unfortunately, said Mr Munro, there were serious shortcomings with the way the wi-fi has been set up.
To begin with, said Mr Munro, the format for the name of the access point on the car is very distinct. This has led to the location of many Mitsubishi hybrids being logged on websites that gather the names of access points.
“Some were spotted while driving and others when parked at their owner’s house,” wrote Mr Munro in a blog outlining his findings. “A thief or hacker can therefore easily locate a car that is of interest to them.”
Short-term fix
Although Mr Munro owned the vehicle, he and his colleagues at Pen Test Partners security firm carried out their investigation as if they had no special access to it. This involved using well-known techniques that let the researchers interpose themselves between car and owner and watch data as it flowed between the two.
The team used this access to replay commands sent to an Outlander allowing them to flash the lights, tweak its charging settings and drain the battery.
Mr Munro said he was “shocked” to find out that he could also turn off the car alarm via this replay attack.
A thief who is sure the alarm could not go off would have plenty of time to use other techniques to unlock a car and gain entry, he said.
A history of car hacking
The Mitsubishi Outlander is the latest in a series of cars that have been found wanting when it comes to security.
Chrysler’s 2014 Jeep Cherokee, the Tesla Model S and the Nissan Leaf have all been shown to be vulnerable to hack attacks of different degrees of severity.
The most startling was the attack staged on the Jeep which allowed the researchers to take control of the vehicle remotely. The discovery led to 1.4 million vehicles being recalled for a software update.
Security researchers fear that the more cars get connected to phones and the web, the more holes will be found.
But car makers are always playing catch-up when it comes to security as it takes far longer to develop a vehicle than it does to find, expose and share the flaws in their onboard computer systems.
“Once unlocked, there is potential for many more attacks,” he said. “The on-board diagnostics port is accessible once the door is unlocked.”
Access to the diagnostics port could allow thieves to connect customised hardware that would let them start the car, suggested Mr Munro.
A demonstration of the problems with the on-board wi-fi was given to Mitsubishi in the UK on 3 June where the bugs were shown to still work on the latest version of the app.
Mr Munro said he had been impressed by the cooperation he had received from Mitsubishi in exploring the bugs and seeking ways to fix them.
In a statement, Mitsubishi said: “This hacking is a first for us as no other has been reported anywhere else in the world.”
February bugs in apps for the Nissan Leaf were exposed by security researchers
It said it “took the matter seriously” and was keen to get Mr Munro talking to its engineers in Japan to understand what he found and how it could be remedied.
It added that although the bugs were “obviously disturbing” the hack only affected the car’s app and would give an attacker limited access to the vehicle’s systems.
“It should be noted that without the remote control device, the car cannot be started and driven away,” it said.
While Mitsubishi investigated it recommended that owners deactivate their onboard wi-fi via the “cancel VIN Registration” option on the app or by using the remote app cancellation procedure.
A longer-term fix would require some action from Mitsubishi, said Mr Munro.
“New firmware should be deployed urgently to fix this problem properly, so the mobile app can still be used,” he said.
Thank you in advance for helping us to continue to be a part of your online entertainment!
About 100,000 Outlander hybrid cars are believed to have been sold
February bugs in apps for the Nissan Leaf were exposed by security researchers
ESIST 