TweakTown NewsRefine News by Category:
White hat hacker Samy Kamkar recently posted a video discussing how he found a way to "locate, unlock and remote-start" General Motors vehicles by compromising the OnStar vehicle communications system.
Using the gadget, which cost around $100 to make, the system makes it possible to locate, unlock, and start the engine. Once a small wireless device has been placed near a GM car with OnStar, Kamkar was able to gain unauthorized access to the vehicle.
Dubbed the "OwnStar" system, Kamkar showed he was able to intercept communication from the OnStar service and OnStar RemoteLink mobile app. Technical details will be revealed during Def Con next week.
The FBI isn't finding it very easy to beef up its cybersecurity ranks, largely due to lower salaries, according to a report from the US Department of Justice.
In addition to higher salaries in the private sector, trying to get a government position related to cybersecurity involves multiple hoops that people won't have to jump through if they simply go to Silicon Valley. Applicants have to undergo extensive background checks, drug screenings, and other hurdles that private sector companies typically don't bother with.
Under the Justice Department's Next Generation Cyber Initiative, which went live in 2012, the FBI has successfully recruited just 52 of the 134 computer scientists it was granted permission to hire.
United Airlines, the No. 2 largest airline company in the world, was apparently attacked by Chinese hackers in May or June.
If true, it looks like hackers could have been able to collect movement data on millions of American travelers. Passengers, flight origins and destinations, and other data was likely taken by the hackers, according to unnamed officials speaking with Bloomberg.
"Speculation that China is responsible for the United Airlines breach is interesting but at this point, irrelevant," said Jason Polanich, founder and chief architect of SurfWatch Labs. " Too many companies have a false sense of security, thinking it won't happen to them. Pair that with the fact that hacking tools are available to virtually everyone today via illicit trade on the Dark Web and in other places and you've got a recipe for disaster.
The United States faces an overwhelming number of foreign-based cyberattacks, and there is no clear strategy on how to defend - and retaliate - against these attacks.
"We have known for a long time that there are significant vulnerabilities and that these vulnerabilities are gonna accelerate as time goes by, both in systems within government and within the private sector," Obama noted during an international summit last month.
Even though it's important to be able to conduct surveillance - the United States, which arguable has more to lose in the cybersecurity space than other nations - should have worked more diligently to improve its security infrastructure.
As part of its "Operation Anon Down," the Anonymous hacker collective promises to continue leaking documents from the Canadian Security Intelligence Service (CSIS). In its first data release, Anonymous shared a 2014 Treasury Board memo regarding funding of the Canadian spy agency's operational ability overseas.
During a protest of a dam project, the Royal Canadian Mounted Police (RCMP) shot and killed James McIntyre, a protester wearing a Guy Fawkes mask. The police said McIntyre ignored their commands while approaching in an "aggressive manner." Here is what Independent Investigations Office said:
"According to the police, officers were responding to a report of a male causing a disturbance at a public information session. Upon arrival, police encountered a masked individual outside, believed to be connected to the complaint. A confrontation occurred and the male affected person was shot."
Edward Snowden doesn't have very many fans when it comes to people in the US government and the National Surveillance Agency (NSA).
"It is hard to quantify this harm, such as it is, but I think the inflammatory nature of the way the Snowden affair played out really set back our collective discussion on cybersecurity," said Rajesh De, former general counsel for the NSA, when asked about Snowden's data leaks during the Big Law Business Summit.
The White House recently responded to a petition to the White House that sought an official pardon for Snowden. Of course, that's not going to happen:
Alaska Airlines has teamed up with the airport security firm CLEAR to test a biometrics platform that could one day replace traditional boarding passes. The biometrics system should make it even easier to check-in, and save passengers a bit of time before boarding a flight.
A kiosk machine at the Mineta San Jose International Airport scans a traveler's eye, or checks fingerprints, before hopping on a plane. It's a groundbreaking effort that costs members $179 per year, and is currently being tested in 12 US airports.
"We have no specific timeline, but we look forward to working with Alaska Airlines to expand our relationship to other cities in their network," said Ken Cornick, president and CFO of CLEAR, in a statement published by the San Jose Mercury News. "Having direct access to a boarding pass and not needing to print it or download it into their phone is both a significant customer advantage and security advantage."
The White House has responded to an online petition to pardon Edward Snowden, which generated more than 167,000 signatures since going live in June 2013.
The petition had the following description: "Edward Snowden is a national hero and should be immediately issued a full, free, and absolute pardon for any crimes he has committed or may have committed related to blowing the whistle on secret NSA surveillance programs."
"Instead of constructively addressing these issues, Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it," said Lisa Monaco, President Obama's Advisor on Homeland Security and Counterterrorism.
The Obama Administration and law enforcement officials want access to encrypted data, arguing the government and law enforcement need to be able to retrieve information. Ideally, the government would receive warrants and conduct a legal and transparent operation, but companies are willing to stand their ground regardless.
Here is what cryptologist Matt Blaze said during a recent event in Washington, DC (per Washington Times):
"I don't think [FBI] Director [James] Comey wants the world that he's asking for," said .... "I think the world in which we build systems with this added constraint of ensuring law enforcement access is going to cause such an increase in the kinds of digital crimes that are going to become more serious that - even if we take all of the things that we disagree about about values and put them aside - we are going to have the things that we agree about get a lot worse, and that really scares me as we rely on those systems more and more."
It looks like the Zimperium mobile security firm may have found the largest Google Android smartphone flaw, with an estimated 950 million phone owners at risk.
There is no user interaction required for the remote code execution vulnerability, and attackers simply need to know your mobile phone number.
"This happens even before the sound that you've received a message has even occurred," said Joshua Drake, cybersecurity researcher at Zimperium, in a statement published by NPR. "That's what makes it so dangerous. [It] could be absolutely silent. You may not even see anything."