More potential for hacking cars has been announced with manufacturers such as BMW announcing integration with Amazon Echo / Alexa. Rather than use WI-Fi, a much more secure mobile phone app control method would be using GSM or a web service. Capturing the handshake allowed them to mount a man-in-the-middle attack, and by replaying messages from the mobile app could figure out how to turn the lights on and off, change the charging program, switch the aircon on/off to drain the battery, and disable the alarm. The format of the Wi-Fi key was sufficiently short for it to be cracked. The car’s mobile phone app connected to the car using Wi-Fi. June – Mitsubishi Outlander car alarm disabled in hack exercise by Pen Test Partners. This led to Oculus reversing its decision on 24th June. May – Oculus DRM cracked, days after it backtracked on a promise not to lock down its games software to its VR headset. But the lessons to be learned here about protecting databases are not so obviously taken in by public agencies responsible for administering elections. Whether it was rigged in his favour or not by Russia we’ll leave as “an exercise for the student”. Fast forward a few months and Donald Trump’s concerns over the US election being ‘rigged’ don’t sound so outlandish. No easy technical solution to this one, but given the seriousness of what might go wrong in health, it will probably only be solvable with government legislation.Īpril – 55m Philippine voter details leaked / ‘no password’ database error exposes info on 93m Mexican voters. Something has to give here: either equipment providers have to provide security upgrades and maintenance for the entire lifecycle of their product, even if it is 20 or 30 years, or the equipment needs replacing as part of the support contract. They are simply not geared up for change, in many cases (such as the NHS) money is tight – the same story ran for the NHS in December. They have huge inertia in changing these systems. Hospitals consist of numerous systems from PCs for data entry to medical instruments. March – Centurion medical supply dispensing system still running Windows XP – 1400 vulnerabilities found. In fact, when you have hackers backed up by big governments, few passwords are safe, it’s time to look at multi-factor authentication. Apparently, the site was using PHPass to hash the passwords, which can be cracked. The hackers also obtained a dump of the user forum, complete with passwords, a copy of which was on sale on the dark web. While debate has raged about security on Mint in connection with its update policy, in this case it wasn’t Mint running on people’s computers that was hacked, it was the web server that hosted the ISOs. Malware-infested ISO files were distributed from its web site. Mint itself is a great distro, the most popular one out there. Far too many people are still using HTTP 1.1, or versions of OpenSSL containing heartbleed, years after the vulnerabilities have been made public.įebruary – Linux Mint hacked. Future versions of BB8 will use SSL for updates, at the time of writing it wasn’t clear if the update had been released yet. The potential to do damage with a BB8 is limited, but it communicates with a mobile phone via Bluetooth, and any potential vulnerability in the Bluetooth stack could then be used to take control of the mobile. A simple exercise conducted by Pen Test Partners decoded its commands using Wireshark. January – Star Wars BB8 updates over HTTP not SSL. With increasing numbers of embedded devices becoming connected, we are going to hear more and more about security breaches, and guaranteeing security in increasingly sophisticated end-to-end systems is becoming an increasingly difficult task. In researching this blog, I found over 400 hack-related stories in The Register alone. IoT security has been headline news for at least the past 12 months, and we’ve also had an unprecedented number of incidents affecting consumers in more traditional areas: online banking account thefts, online fraud, OS vulnerabilities, you name it, it’s probably happened.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |