Tesla Model X Hacked by Chinese Experts
Security researchers from
China-based tech company Tencent have once again demonstrated that they can
remotely hack a Tesla. The
vulnerabilities they leveraged were quickly patched by the carmaker.
Tencent’s Keen Security Lab published a video last year
showing how they could hack a Tesla Model S, both while it was parked and on
the move. They took control of the
sunroof, turn signals, displays, door locks, windshield wipers, mirrors, the
trunk and even the brakes.
At the time, Tesla patched the vulnerabilities within 10
days, but claimed that the vulnerabilities were not as easy to exploit as it
appeared from the video published by Keen Security Lab researchers.
In a new video and blog
post published this week, the researchers claim they’ve once again
managed to hack a Tesla, this time a Model X, via a Controller Area Network
(CAN bus) and Electronic Control Unit (ECU) attack.
… In its video,
Keen Security Lab showed that it managed to remotely unlock the doors and trunk
in parking mode, control the brake in driving mode, and put on a light show
using the car’s headlights and taillights by taking control of multiple ECUs.
Rumba
attempts a foot-ectomy after sticking its foot firmly in its mouth.
iRobot, the maker of Roomba, made big news this week when an interview with its CEO mentioned plans to sell
the map data of customers’ homes to third parties. Today, the company launched damage control
measures and the CEO is spreading assurances that this is all just a big
misunderstanding.
… We reached out
to a spokesperson for iRobot, who tells Gizmodo that Reuters’ original article about iRobot contained “an
unintentional misinterpretation of Colin’s statements.” In fact, Reuters issued a correction today. The paragraph that set off a firestorm has now
replaced the words “sell maps” with “share maps for free with customer
consent.”
… So we know that
Reuters admits to the misunderstanding, but iRobot is still saying that it’s
considering sharing all that map data, just that they won’t sell it for cash. And a great way to guarantee “iRobot will never
sell your data” would be to include those exact words in Roomba’s privacy
policy. But iRobot wouldn’t commit to that.
… We’ve attempted
to get more information about exactly what data is being stored by iRobot but
company reps have avoided specificity.
For the next time I teach Computer Security.
Brad D. Williams reports:
Critical infrastructure operators
have long faced the formidable security challenges of zero-day vulnerabilities
and advanced persistent threats (APTs), both of which were employed in some of
the most prominent cyberattacks in the sectors to date. But one researcher is warning leaders in
government and industry of an old threat that, fueled by recent legislation and
commercial practices, is quickly surpassing zero days and APTs as perhaps the
greatest risk to critical infrastructure security.
The threat is what might be
called “weaponized metadata,” and the risks are detailed extensively in a new
report, Metadata:
The Most Potent Weapon in this Cyberwar, recently published by the
Institute for Critical Infrastructure Technology (ICIT), a Washington,
D.C.-based cybersecurity think tank.
Read more on Federal
Times.
The second-best way works too. (If you can’t out talk them, bomb them)
The US-Led Coalition Is Steadily Decimating ISIS’s Propaganda
Operation
U.S.-executed decapitation strikes are eliminating key
ISIS propaganda leaders and hacking away at the terror group’s ability to
broadcast its jihadist message across the world from its dwindling holdfasts in
Syria and Iraq, Operation Inherent Resolve announced on July 27.
No comments:
Post a Comment