Saturday, July 29, 2017

Perfect timing?  Remember, it’s the hack that aren’t shared that you have to worry about.
Tesla Model X Hacked by Chinese Experts
Security researchers from China-based tech company Tencent have once again demonstrated that they can remotely hack a Tesla.  The vulnerabilities they leveraged were quickly patched by the carmaker.
Tencent’s Keen Security Lab published a video last year showing how they could hack a Tesla Model S, both while it was parked and on the move.  They took control of the sunroof, turn signals, displays, door locks, windshield wipers, mirrors, the trunk and even the brakes.
At the time, Tesla patched the vulnerabilities within 10 days, but claimed that the vulnerabilities were not as easy to exploit as it appeared from the video published by Keen Security Lab researchers.
In a new video and blog post published this week, the researchers claim they’ve once again managed to hack a Tesla, this time a Model X, via a Controller Area Network (CAN bus) and Electronic Control Unit (ECU) attack.
   In its video, Keen Security Lab showed that it managed to remotely unlock the doors and trunk in parking mode, control the brake in driving mode, and put on a light show using the car’s headlights and taillights by taking control of multiple ECUs.


Rumba attempts a foot-ectomy after sticking its foot firmly in its mouth. 
iRobot, the maker of Roomba, made big news this week when an interview with its CEO mentioned plans to sell the map data of customers’ homes to third parties.  Today, the company launched damage control measures and the CEO is spreading assurances that this is all just a big misunderstanding.
   We reached out to a spokesperson for iRobot, who tells Gizmodo that Reuters’ original article about iRobot contained “an unintentional misinterpretation of Colin’s statements.”  In fact, Reuters issued a correction today.  The paragraph that set off a firestorm has now replaced the words “sell maps” with “share maps for free with customer consent.”
   So we know that Reuters admits to the misunderstanding, but iRobot is still saying that it’s considering sharing all that map data, just that they won’t sell it for cash.  And a great way to guarantee “iRobot will never sell your data” would be to include those exact words in Roomba’s privacy policy. But iRobot wouldn’t commit to that.
   We’ve attempted to get more information about exactly what data is being stored by iRobot but company reps have avoided specificity.


For the next time I teach Computer Security.
Brad D. Williams reports:
Critical infrastructure operators have long faced the formidable security challenges of zero-day vulnerabilities and advanced persistent threats (APTs), both of which were employed in some of the most prominent cyberattacks in the sectors to date.  But one researcher is warning leaders in government and industry of an old threat that, fueled by recent legislation and commercial practices, is quickly surpassing zero days and APTs as perhaps the greatest risk to critical infrastructure security.
The threat is what might be called “weaponized metadata,” and the risks are detailed extensively in a new report, Metadata: The Most Potent Weapon in this Cyberwar, recently published by the Institute for Critical Infrastructure Technology (ICIT), a Washington, D.C.-based cybersecurity think tank.
Read more on Federal Times.


The second-best way works too.  (If you can’t out talk them, bomb them)
The US-Led Coalition Is Steadily Decimating ISIS’s Propaganda Operation
U.S.-executed decapitation strikes are eliminating key ISIS propaganda leaders and hacking away at the terror group’s ability to broadcast its jihadist message across the world from its dwindling holdfasts in Syria and Iraq, Operation Inherent Resolve announced on July 27.

No comments: