recentpopularlog in

pierredv : hacking   142

« earlier  
Stalking cheap Chinese GPS child trackers is as easy as 123... 456 – because that's the default password on 600k+ of these gizmos • The Register, Sep 2019
"Concerned parents who strap GPS trackers to their kids to keep tabs on the youngsters may be inadvertently putting their offspring in danger. Hundreds of thousands of the gizmos ship with pathetic security, including a default password of 123456, allowing them to be potentially monitored by strangers, it is claimed."

"White hats at Avast announced on Thursday they discovered 29 models of gadgets, designed to track their child wearers, had that weak default passcode. "

"once into an account, you can see the kid's GPS coordinates, eavesdrop on the built-in microphone, access any photos on the device, and potentially even make a call to the child"

"The security pros scanned a million account numbers, and said they found more than 600,000 vulnerable devices are in circulation"
TheRegister  GPS  China  cyber-spectrum  cybersecurity  hacking  Avast  surveillance  tracking 
5 weeks ago by pierredv
Hacking Iridium Satellites With Iridium Toolkit - RTL-SDR, Sep 2019
"Over on YouTube TechMinds has uploaded a video showing how to use the Iridium Toolkit software to receive data and audio from Iridium satellites with an Airspy. Iridium is a global satellite service that provides various services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too. It consists of multiple low earth orbit satellites where there is at least one visible in the sky at any point in time, at most locations on the Earth.

The frequencies used by the older generation Iridium satellites are in the L-band, and the data is completely unencrypted. That allows anyone with an RTL-SDR or other SDR radio to decode the data with the open source Iridium Toolkit."

Cf. https://www.rtl-sdr.com/talk-decoding-data-from-iridium-satellites/ : "they discuss how Iridium security is moderate to relaxed, pointing out that Iridium claims that the majority of ‘security’ comes from the complexity of the system, rather than actual security implementations"
RTL-SDR  Iridium  hacking  satellite 
5 weeks ago by pierredv
Hackers Made an App That Kills to Prove a Point | WIRED, Jul 2019
"... yet months of negotiations with Medtronic and regulators to implement a fix proved fruitless. So the researchers resorted to drastic measures. They built an Android app that could use the flaws to kill people."

"The researchers, who also include Jesse Young and Carl Schuett, say they found it easy to reverse engineer the simple encoding and validity checks meant to protect the signal, enabling an attacker to capture the fob's commands. A hacker could then use readily available, open source software to program a radio that masquerades as a legitimate MiniMed remote, and send commands that the pumps will trust and execute. After establishing that initial contact, hackers can then control that radio through a simple smartphone app to launch attacks"

"Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature. "

"Rios says the research group demonstrated its proof of concept app to FDA officials in mid-June of this year; Medtronic announced its voluntary recall program a week later. "
hacking  security  cyber-spectrum  Wired  Medtronic  vulnerability 
july 2019 by pierredv
Serious Zoom security flaw could let websites hijack Mac cameras - The Verge, Jul 2019
"Today, security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conferencing app on Macs. He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That’s possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn’t. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention."
TheVerge  cybersecurity  hacking  vulnerability  Zoom  Mac 
july 2019 by pierredv
Medtronic Recalls MiniMed Insulin Pumps as FDA Warns About Hacking Risk | WNEP.com
Via Jeff Reed, June 2019

"The US Food and Drug Administration issued a warning on Thursday about possible risk of hacking for some diabetes patients’ insulin pumps. Certain insulin pumps from Medtronic MiniMed have been recalled due to potential cybersecurity risks and it’s recommended for people who use those insulin pumps to switch to different models, according to the FDA."

"In the United States, Medtronic has identified about 4,000 patients who are potentially using insulin pumps that are vulnerable to this issue"
FDA  hacking  cyber-spectrum  cybersecurity 
july 2019 by pierredv
Israel’s Airstrike on Hamas Hackers: First Real-Time Physical Retaliation Against Cyberattack - CircleID May 2019
"Amid escalating violence between Israel and Gaza this weekend, the Israeli Defense Force claimed it bombed and partially destroyed the base of an active Hamas hacking group in Gaza"

"Although physical retaliations have occurred against cyberattacks in the past including in Estonia, Georgia and US 2015 airstrike to assassinate Islamic state hacker Junaid Hussain, these were all planned events plotted out over several months, notes Newman. Israel's weekend attack was a real-time response to the alleged base of an active Hamas hacking group. "
Israel  CircleID  hacking  retaliation  cybersecurity  cyberwar 
may 2019 by pierredv
Captain Midnight broadcast signal intrusion - Wikipedia
"On April 27, 1986, American electrical engineer and business owner John R. MacDougall, using the pseudonym Captain Midnight, jammed the Home Box Office (HBO) satellite signal on Galaxy 1 "

FCC penalities were nugatory then, too: under a plea bargain, John MacDougal "received a $5,000 fine, one year unsupervised probation, and his amateur radio license was suspended for a year." It’s amazing he was even found; "a tourist overheard him discussing the incident on a pay phone off Interstate 75"

"Satellite hijacking only became a felony only after this event."
jamming  spectrum-vulnerability  hacking  FCC  Wikipedia  stories  people 
april 2019 by pierredv
Hacker Finds He Can Remotely Kill Car Engines After Breaking Into GPS Tracking Apps - Motherboard Apr 2019
The hacker, who goes by the name L&M, told Motherboard he hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that companies use to monitor and manage fleets of vehicles through GPS tracking devices. The hacker was able to track vehicles in a handful of countries around the world, including South Africa, Morocco, India, and the Philippines. On some cars, the software has the capability of remotely turning off the engines of vehicles that are stopped or are traveling 12 miles per hour or slower, according to the manufacturer of certain GPS tracking devices.
automobile  GPS  hacking  cybersecurity  Motherboard 
april 2019 by pierredv
Ransomware Behind Norsk Hydro Attack Takes On Wiper-Like Capabilities | Threatpost Mar 2019
"Researchers are still looking for answers when it comes to LockerGoga’s initial infection method – and what the attackers behind the ransomware really want."
hacking  ransomware  NorskHydro  malware 
april 2019 by pierredv
Researchers find 36 new security flaws in LTE protocol | ZDNet
"A group of academics from South Korea have identified 36 new vulnerabilities in the Long-Term Evolution (LTE) standard used by thousands of mobile networks and hundreds of millions of users across the world.

The vulnerabilities allow attackers to disrupt mobile base stations, block incoming calls to a device, disconnect users from a mobile network, send spoofed SMS messages, and eavesdrop and manipulate user data traffic."

"The research team's discoveries aren't exactly new. Several academic groups have identified similar vulnerabilities in LTE over the past years on numerous occasions --July 2018, June 2018, March 2018, June 2017, July 2016, October 2015 ... These vulnerabilities have been the driving force behind efforts to create the new and improved 5G standard --which, unfortunately, isn't that secure either, with some researchers already poking holes in it as well."

"They discovered this sheer number of flaws by using a technique known as fuzzing --a code testing method that inputs a large quantity of random data into an application and analyzes the output for abnormalities, which, in turn, give developers a hint about the presence of possible bugs."

"Because the flaws reside in both the protocol itself and how some vendors have implemented LTE in their devices, researchers believe many other flaws still exist in the real world."
cybersecurity  cyber-spectrum  spectrum-vulnerability  LTE  cellular  vulnerability  fuzzing  hacking 
april 2019 by pierredv
A Dangerous, Norm-Destroying Attack - CircleID
"Briefly, some crew of attackers — I suspect an intelligence agency; more on that below — has managed to abuse ASUS' update channel and private signing key to distribute bogus patches. These patches checked the victims' MAC address; machines on the list (about 600 of them) downloaded the malware payload from a bogus website that masqueraded as belonging to ASUS. "

"This isn't the first time that code-signing keys have been abused — Stuxnet did it, too — but it's not a common thing. This alone shows the attacker's sophistication. "

"MAC addresses aren't secret, but they're not trivially available to most parties. They're widely available on-LAN; that might suggest that the attacker already had a toehold in the targets' networks."
cybersecurity  ASUS  Steven-Bellovin  hacking  supply-chain 
april 2019 by pierredv
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers - Motherboard Mar 2019
The Taiwan-based tech giant ASUS is believed to have pushed the malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines.
malware  security  hacking  cybersecurity 
march 2019 by pierredv
Family tracking app leaked real-time location data for weeks - Engadget Mar 2018
"Family tracking apps can be very helpful if you're worried about your kids or spouse, but they can be nightmarish if that data falls into the wrong hands. Security researcher Sanyam Jain has revealed to TechCrunch that React Apps' Family Locator left real-time location data (plus other sensitive personal info) for over 238,000 people exposed for weeks in an insecure database. It showed positions within a few feet, and even showed the names for the geofenced areas used to provide alerts. You could tell if parents left home or a child arrived at school, for instance."

"While the data is safe for now, the incident illustrates a problem with tracking apps as a whole: it's difficult to verify that developers are securing your location info every step of the way. If they don't and there's a breach, it could lead to very real threats that could include physical danger."
Engadget  GPS  surveillance  data-leaks  hacking  spectrum-vulnerability  cyber-spectrum  vulnerability 
march 2019 by pierredv
Hackers once stole casino database through lobby fish tank thermometer - Business Insider
= The CEO of the cybersecurity firm Darktrace says hackers are increasingly targeting unprotected "internet of things" devices, such as air-conditioning systems and CCTV, to get into corporate networks.

= She told the WSJ CEO Council Conference that in one incident, a casino was hacked through the thermometer in its lobby aquarium.

= A former director of the UK's Government Communications Headquarters also called for laws outlining minimum security standards for internet-of-things devices.
hacking  BusinessInsider  IoT 
march 2019 by pierredv
GPS spoofing, low-cost GPS simulator - DEF CON 23 , 2015
DEFCON-23-Lin-Huang-Qing-Yang-GPS-Spoofing.pdf
HUANG Lin, YANG Qing
Unicorn Team – Radio and Hardware Security Research
Qihoo 360 Technology Co Ltd
GPS  spoofing  DefCon  China  hacking 
february 2019 by pierredv
Yes, you can remotely hack factory, building site cranes. Wait, what? • The Register
"Did you know that the manufacturing and construction industries use radio-frequency remote controllers to operate cranes, drilling rigs, and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro."

"In addition to basic replay attacks, where commands broadcast by a legitimate operator are recorded by an attacker and rebroadcast in order to take over a targeted plant, attack vectors also included command injection, "e-stop abuse" (where miscreants can induce a denial-of-service condition by continually broadcasting emergency stop commands) and even malicious reprogramming. During detailed testing of one controller/receiver pair, Trend Micro researchers found that forged e-stop commands drowned out legitimate operator commands to the target device."

"Just to keep site managers' blood pressure high, Trend Micro highlighted that not only could script kiddies carry out some of these types of attack against industrial plants, a remote attacker could achieve persistent access by using a battery-powered cellular modem dropped off at a quiet part of a site with a drone."
TheRegister  hacking  cyber-spectrum  vulnerability  cybersecurity 
january 2019 by pierredv
Lessons from the O2 Network Outage: The Real Cost of Manual Processes, Juha Holkkola Dec 2018
"While the finding that network downtime constitutes 93.5% of the real total cost of manual network management steps was a real eye-opener, these numbers reveal an even more interesting finding. That is, if one invests 20 million into automating the propagation of human errors, the chances are that the cost of downtime can greatly exceed the value of the actual automation investment itself. "
spectrum-vulnerability  denial-of-spectrum  cyber-spectrum  CorcleID  O2  hacking 
december 2018 by pierredv
Your USB Serial Adapter Just Became a SDR | Hackaday, Dec 2018
"With a Python script, a length of wire attached to the TX pin, and a mastery of the electron that we mere mortals can only hope to achieve, [Ted] has demonstrated using a common USB to serial adapter as an SDR transmitter."
hacking  SDR  cybersecurity  USB  RF 
december 2018 by pierredv
Starwood Reservation Database Security Incident Dec 2018
Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. This site has information concerning the incident, answers to guests’ questions and steps you can take.
hacking  cybersecurity  Starwood  Marriott 
december 2018 by pierredv
Thieves steal a Tesla Model S by hacking the entry fob - Engadget Oct 2018
"A Tesla owner who recorded thieves stealing his Model S by hacking the passive entry system has published the video on YouTube so we can all watch (and learn). It shows the crooks using a tablet to apparently capture the passive signal from his keyfob, then using the data to open the vehicle. "

"Tesla has recently implemented features to deter passive entry theft, but the owner sheepishly admitted he didn't use them. Namely, he failed to activate the "PIN to drive" feature that requires a further code before you can drive off. He also left passive entry -- which opens the car when you walk up to it with the fob -- enabled, even though it was parked outside. He also didn't use a "Faraday pouch" to store the fob, which would have prevented the thieves from nabbing the signals."
Engadget  Spectrum  cybersecurity  automobile  automotive  security  hacking 
october 2018 by pierredv
[pdf] Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System
Usenix 20, 2011
Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze

"We found a number of protocol, implementation, and user interface weaknesses that routinely leak information to a passive eavesdropper or that permit highly efficient and difficult to detect active attacks.
"new selective sub-frame jamming attacks against P25
active attacker with very modest resources can prevent specific kinds of traffic (such as encrypted messages) from being received, while emitting only a small fraction of the aggregate power of the legitimate transmitter
"found that a significant fraction of the “encrypted” P25 tactical radio traffic sent by federal law enforcement surveillance operatives is actually sent in the clear, in spite of their users’ belief that they are encrypted"
P25  public-safety  hacking  spectrum  cybersecurity 
october 2018 by pierredv
Why you should wrap your car keys in aluminum foil | Fox News, Aug 2018
"Your key fob uses an electronic signal, and newer models don't even require you to press a button. Just approach your car, and the doors will unlock automatically. In some vehicles, the engine will also turn on."

If you have a true keyless car model, thieves can intercept the signal. How do they do it? Understanding the mechanics of a “car hacking” can help you prevent it.
FoxNews  automobile  automotive  hacking  spectrum 
october 2018 by pierredv
Expert Commentary: The Dark Side of Detect and Avoid - Inside Unmanned Systems, Mar 2018
"Your task is to penetrate U.S. air surveillance networks, slip drones into American airspace and spy on critical infrastructure like dams, power plants, factories, etc. "

"EASY WAY NO. 1: Simply have 3PLA, the Third Department of the People’s Liberation Army’s General Staff Department—China’s equivalent to the U.S. NSA. hack into the databases of the NASA-designed future Unmanned Traffic Management (UTM) system to get fine-grained ground based DAA (GBDAA) data from the hundreds of radars that will be connected to UTM.... find out which companies are flying near your targets of interest, ... and then get 3PLA to hack into the target’s imagery servers. "

"EASY WAY NO. 2: This option is a bit more expensive, but gives you more control over the intelligence gathered. You do all the steps from easy way No. 1, but instead of just waiting, you take over their drone and gather your own imagery"

"EASY WAY NO. 3: Put your own data links on buildings near targets and take over drones to do your spying. A drawback to easy way No. 2 is that cell phone company cyber security is actually quite good, making it tough to hack into their network and fly them from China directly. Easy way No. 3 gets around cell phone company security by simply taking direct control of unwitting American drones. ... There’s a chance that upcoming airworthiness standards for beyond line of sight (BLOS) drone operations will err on the side of reliability and toss security out the window ... links that don’t ask too many questions when lost also don’t care if a slightly higher powered antenna takes over from their original ground station and gives their drone orders for a bit."

"EASY WAY NO. 4 (THIS SHOULD PROBABLY BE CALLED DEAD EASY WAY NO. 1): Start your own drone critical infrastructure inspection front company and make money while you spy!"

"The cell phone companies already have impressive cyber security for the relay portion of the network; your cell phone calls are very secure while they’re being relayed between cell towers. The problem remains with the drone data links themselves. The FAA simply must write drone command and communications standards that give link reliability and security equal footing."

"The issue will be the sheer volume of vetting required to manage the same level of security screening for the unmanned aviation business community."
drones  UAS  UAV  cybersecurity  hacking  UTM  spectrum  reliability 
october 2018 by pierredv
How Facebook Was Hacked And Why It's A Disaster For Internet Security, Forbes Sep 2018
What’s most worrying of all, though, is what the hack has proven: that a company with the resources and power of Facebook can be robbed of keys that allow access to millions of accounts across the web. Given the keys allowed the hacker to take over any account using a Facebook login, the real number of affected individuals is likely far higher than 50 million.
Forbes  Facebook  cybersecurity  hacking 
september 2018 by pierredv
BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid | USENIX
Via Bruce Schneier

"We demonstrate that an Internet of Things (IoT) botnet of high wattage devices–such as air conditioners and heaters–gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid. We study five variations of the MadIoT attacks and evaluate their effectiveness via state-of-the-art simulators on real-world power grid models. These simulation results demonstrate that the MadIoT attacks can result in local power outages and in the worst cases, large-scale blackouts. Moreover, we show that these attacks can rather be used to increase the operating cost of the grid to benefit a few utilities in the electricity market. This work sheds light upon the interdependency between the vulnerability of the IoT and that of the other networks such as the power grid whose security requires attention from both the systems security and power engineering communities."
IoT  utilities  electricity  infrastructure  hacking  cybersecurity  botnets 
september 2018 by pierredv
“No encryption, no fly” rule proposed for smallsats - SpaceNews.com Aug 2018
"Small satellites that have propulsion systems, but don’t have encrypted commanding systems, pose a small but real threat of being hacked and endangering other satellites, according to a new study."

"The concern, then is a scenario where hackers are able to take control of a satellite and redirect it quickly. Government satellites, as well as many commercial ones, have security measures like encryption that make it unlikely they could be hacked. However, many satellites run by academic institutions don’t have such security, often because of funding or technical limitations."
SpaceNews  smallsats  hacking  encryption  cybersecurity  Communications 
august 2018 by pierredv
Watch a Hacker Install a Firmware Backdoor on a Laptop in Less Than 5 Minutes - Motherboard Jul 2018
"This demo shows that “evil maid attacks,” hacks where an attacker has physical access to a target computer, are not as complicated as you may think. "

"In early July, security firm Eclypsium posted a video showing how Mickey Shkatov, one of its researchers, hacks into a laptop by opening it up, connecting a device directly to the chip that contains the BIOS, and installing malicious firmware on it—all in just over four minutes"
cybersecurity  vulnerability  hacking 
july 2018 by pierredv
Hacking, tracking, stealing and sinking ships | Pen Test Partners
Ship security is in its infancy – most of these types of issues were fixed years ago in mainstream IT systems.

The advent of always-on satellite connections has exposed shipping to hacking attacks. Vessel owners and operators need to address these issues quickly, or more shipping security incidents will occur. What we’ve only seen in the movies will quickly become reality.
maritime  shipping  hacking  GPS  cybersecurity 
june 2018 by pierredv
Report: “Taking the Pulse of Hacking: A Risk Basis for Security Research” | Center for Democracy & Technology
Via Blake Reid

"Over the past three decades, the community that investigates vulnerabilities in computers and networks – the computer and information security research community – has grown. Beginning as a hobby of early computer scientists such as Cliff Stoll, the security research community has become a well-defined industry element that seeks to help defend information systems and networks, and to discover and repair new weaknesses in systems that billions use everyday.

We sought to study the interaction between the law, technology, and this community. Specifically, since security researchers tend to push into grey areas where the law is unclear, an understanding of the law’s “chilling effects” (inhibition or discouragement) on security research has been a major concern of those who work in and with information security."
CDT  risk-assessment  cybersecurity  hacking  law 
april 2018 by pierredv
Everything You Know About the Vulnerability Equities Process Is Wrong - Lawfare Aug 2016
Via Dan Geer, "Rubicon"

"The vulnerability equities process (VEP) is broken. While it is designed to ensure the satisfaction of many equities, in reality it satisfies none—or at least, none visible to those beyond the participants of the insular process. Instead of meaningfully shaping best outcomes, the VEP provides thin public relations cover when the US government is questioned on its strategy around vulnerabilities."
hacking  intelligence  exploits  cybersecurity  governance 
april 2018 by pierredv
CCleaner malware hack: What it is and how to avoid it | PCWorld Sep 2017
"On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data."

"Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version. "

"Cisco Talos also studied the malware’s command server and reports that it was attempting to infiltrate PCs in technology organizations, including Intel, Samsung, HTC, VMWare, Cisco itself, and others. "
PCWorld  CCleaner  cybersecurity  exploit  hacking 
december 2017 by pierredv
Who are the Shadow Brokers? Signs point to an intelligence insider, Jul 2017
While the group's blog posts are written in broken English that suggests Russian-speaking authors, Suiche said the language was likely an operations security (opsec) tactic to obscure the true identities of the Shadow Brokers. Suiche said the people behind the Shadow Brokers group have "an interesting sense of humor" and demonstrated strong familiarity with the National Security Agency's Tailored Access Operation (TAO), which was the first sign that the Shadow Brokers were, in fact, insiders, rather than Russian threat actors. The group has also expressed anger at former members of TAO and threatened to reveal the identities of current TAO hackers.
cybersecurity  hacking 
august 2017 by pierredv
The Chaos Computer Club Is Fighting to Save Democracy - Bloomberg
"All this has made CCC into something that sounds alien to American ears: a popular, powerful, tech-focused watchdog group, one whose counsel has been sought by both WikiLeaks and Deutsche Telekom AG."
Bloomberg  hacking  cybersecurity  Germany  history 
july 2017 by pierredv
Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systems - Schneier on Security
"I've previously written about the serious vulnerabilities in the SS7 phone routing system. Basically, the system doesn't authenticate messages. Now, criminals are using it to hack smartphone-based two-factor authentication systems"
cellular  security  hacking  SS7  Bruce-Schneier 
may 2017 by pierredv
French spectrum regulator organises "Hackathon" — PolicyTracker: the spectrum management newsletter
"This evening a mix of engineering and business students and ICT professionals will gather in Paris to discuss plans for the second annual Agence Nationale Des Fréquences (ANFR) Hackathon. The event next weekend aims to find innovative new uses for the store of data that ANFR, like all spectrum regulators, has at its disposal."
PolicyTracker  ANFR  hacking  spectrum 
may 2017 by pierredv
Origin of Wireless Security: the Marconi Radio Hack of 1903 | Hackaday
"Towards the end of Professor Flemings lecture, the receiver sparks into life, and the morse code printer started printing out one word repeatedly: “Rats”. It then spelled out an insulting limerick: “There was a young man from Italy, who diddled the public quite prettily”. Marconi’s supposedly secure system had been hacked.


Nevil Maskelyne, circa 1903. Wikipedia.
Nevil Maskelyne, circa 1903. From the Royal Institution.
The person behind this hack was Nevil Maskelyne, an inventor, magician, and general troublemaker who was a long-time rival of Marconi."
hacking  radio  stories 
march 2017 by pierredv
Go Ahead, Hackers. Break My Heart | WIRED
"I realized that my heart was now wired into the medical Internet of Things, and this was done without informing me or asking for my consent."

"Part of the problem with doing security research in this field is that the medical devices appear as black boxes. How can I trust the machine inside my body when it is running on proprietary code and there is no transparency? . . . A significant battle was, however, won when the DMCA exemptions for medical device security research were granted in October of last year."

"The medical device industry got a wake-up call last year when researcher Billy Rios demonstrated that drug infusion pumps had vulnerabilities that would allow unauthorized firmware updates that could give patients lethal medication dosages."
Wired  IoT  hacking  healthcare  medical-devices  DMCA  cybersecurity 
february 2017 by pierredv
Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units
how the Russian military is tracking Ukrainian field artillery units by compromising soldiers' smartphones and tracking them.
via Bruce Schneier https://www.schneier.com/blog/archives/2016/12/russian_militar.html
CrowdStrike  hacking  Russia 
january 2017 by pierredv
Melbourne man arrested for broadcasting fake messages to pilots • The Register
Australian Federal Police (AFP) confirmed to Vulture South Sant is not alleged to have "hacked" any aviation system, contrary to reports, but merely used broadcasting equipment to make transmissions to pilots in contravention of aviation security laws.
TheRegister  aviation  hacking  spoofing 
november 2016 by pierredv
IoT security attacks: A timeline of the internet of things' darkest hours
"While it isn’t possible to know every single breach that has occurred within the IoT security space (either they haven’t been found, or enterprises are wanting to keep them a secret) we have compiled a troubling timeline of some of IoT’s darkest hours."
IoT  RCRWireless  history  hacking 
november 2016 by pierredv
Utility hack led to security overhaul | Computerworld - Feb 2006
Apprehending a notorious hacker rarely involves a car chase or a team of dedicated private investigators, but in the case of Vitek Boden, life imitated a Hollywood script.

Boden had waged a three-month war against the SCADA (Supervisory Control and Data Acquisition) system of Maroochy Water Services in Australia beginning in January 2000, which saw millions of gallons of sewage spill into waterways, hotel grounds and canals around the Sunshine Coast suburb. He was caught only after a team of private investigators hired by Maroochy Water Services alerted police to his location.
SCADA  IoT  Computerworld  history  hacking 
november 2016 by pierredv
IoT worm can hack Philips Hue lightbulbs, spread across cities • The Register
Researchers have developed a proof-of-concept worm they say can rip through Philips Hue lightbulbs across entire cities – causing the insecure web-connected globes to flick on and off.

The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF], exploits hardcoded symmetric encryption keys to control devices over Zigbee wireless networks. This allows the malware to compromise a single light globe from up to 400 metres away.
Philips  ZigBee  IoT  hacking 
november 2016 by pierredv
DEFCON - The Full Documentary - YouTube
A film about the world's largest hacking convention and its 20th year running. Filmed over the summer of 2012 and containing hundreds of hours of interviews, parties, presentations and spectacle.
Over 280 hours of footage was recorded in support of the documentary, and five separate camera crews were in action
DEFCON  documentary  video  hacking  conference 
september 2016 by pierredv
USBee: Leaking Data from Air-Gapped Computers and Receiving it with an RTL-SDR - rtl-sdr.com - Aug 2016
This Monday researchers from Ben-Gurion University of Negev released an academic paper detailing their research in showing how attackers could cause your PC to wirelessly leak data. They write that usually covertly modified USB devices are required to leak data, as is the case with the NSA’s COTTONMOUTH device which is detailed in their ANT catalog. However, the innovation from these researchers is that their own implementation can be used to turn any unmodified USB device into a make shift transmitter.
RTL-SDR  Tempest  surveillance  cybersecurity  hacking  USB  exfiltration 
september 2016 by pierredv
New App Detects Government Stingray Cell Phone Trackers - Slashdot - Jan 2015
"SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates." say German security researchers Alex Senier, Karsten Nohl, and Tobias Engel, creators of the app which is available now only for Android. The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area."
SDR  hacking  cellular  IMSI-catchers  Stingray  Slashdot 
august 2016 by pierredv
How To Detect And Find Rogue Cell Towers | Hackaday Aug 2016
"From what we saw at HOPE in New York a few weeks ago, we’re just months away from being able to put a femtocell in a desktop computer for under $3,000. In less than a year, evil, bad hackers could be tapping into your cell phone or reading your text message from the comfort of a van parked across the street. You should be scared, even though police departments everywhere and every government agency already has this capability."
"For the last few months [Eric Escobar] has been working on a simple device that allows anyone to detect when one of these Stingrays or IMSI catchers turns on. With several of these devices connected together, he can even tell where these rogue cell towers are."
"To build his rogue-cell-site detector, [Eric] is logging this information to a device consisting of a Raspberry Pi, SIM900 GSM module, an Adafruit GPS module, and a TV-tuner Software Defined Radio dongle."
SDR  Hackaday  cellular  IMSI-catchers  Stingray  hacking 
august 2016 by pierredv
Hacker Spoofs Cell Phone Tower to Intercept Calls | WIRED Jul 2010
"A security researcher created a cell phone base station that tricks cell phones into routing their outbound calls through his device, allowing someone to intercept even encrypted calls in the clear."
Only works for 2G GSM
SDR  cellular  IMSI-catchers  Stingray  Wired  GSM  hacking 
august 2016 by pierredv
This machine catches stingrays: Pwnie Express demos cellular threat detector | Ars Technica Apri 2015
At the RSA Conference in San Francisco today, the network penetration testing and monitoring tool company Pwnie Express will demonstrate its newest creation: a sensor that detects rogue cellular network transceivers, including "Stingray" devices and other hardware used by law enforcement to surreptitiously monitor and track cell phones and users.
ArsTechnica  cellular  hacking  IMSI-catchers  Stingray 
august 2016 by pierredv
Unlocking Almost Any Vehicle with an SDR or Arduino - rtl-sdr.com
"researchers from the University of Birmingham have discovered two vulnerabilities that can be used to unlock almost any car. The first vulnerability concerns Volkswagen Group vehicles (VW, Audi, SEAT, Skoda) sold since 1995. Essentially their research found that the keyless entry systems of VW Group vehicles relies only on a few global master keys which they have been able to recover through reverse engineering of an undisclosed component used in a VW car. Then by sniffing the wireless key’s signal with an RF module or SDR like the RTL-SDR or HackRF they are able to recover the cryptographic algorithms used and then using the global key clone the wireless key signal, which can then be re-transmitted with a simple Arduino.

In their second research findings, the researcher’s write how they have been able to crack the Hitag2 rolling code system which is used in many vehicles such as Alfa Romeo, Chevrolet, Citroen, Dacia, Fiat, Ford, Lancia, Mitsubishi, Nissan, Opel, Peugot and Renault. Again, the hack works by sniffing a few wireless keyfob rolling code signals with an SDR or other device. Once the signals have been sniffed a simple laptop computer can reportedly break the encryption within one minute."
RTL-SDR  exploits  hacking  Volkswagen  vehicles  cybersecurity  automobile  automotive 
august 2016 by pierredv
Motherboard: How Hackers Could Wirelessly Bug Your Office - rtl-sdr.com
Cui shows how he infected a desktop telephone, as well as a desktop printer. The malware running on the phone causes the phone to transmit an RF signal of the voices heard by the microphone, and the malware running on the printer causes the printer to emit a binary coded transmission of the text being printed. The malware is able to do this by forcing a GPIO, PWM or UART interface on the printer to modulate in a similar way to what is done with the Raspberry Pi FM transmitter project, rpitx. To receive and decode the signal Cui uses a software defined radio and a GNU Radio program.
RTL-SDR  hacking  surveillance  * 
august 2016 by pierredv
HOPE Hacker Conference Shows Off New Tricks - IEEE Spectrum
"Another session focused on reverse engineering the Iridium satellite communications network. Stefan Zehl and “Schneider” from the Munich Chaos Computer Club (CCC) used software-defined radio systems to look at and decode the signals streaming down from orbit. Each Iridium satellite uses beam antennas to illuminate roughly 400-kilometer-wide spots as it passes over the Earth, so a message intended for a recipient anywhere in that area is broadcast over the entire spot. When Iridium was originally designed in the 1990s, the difficulty of receiving signals without the network’s own hardware made amateur surveillance impossible, so much of the traffic on the network is not encrypted. But now the CCC hackers claim a modified GPS antenna and a software radio is all that’s required to pick up and demodulate signals. By studying packets on a byte-by-byte basis, they were able to identify and decode a number of the different types of messages transmitted by the satellite constellation—including pager messages, emails, and even voice calls, albeit not yet in real time—and presented several samples of each. (Iridium will soon begin launching a new generation of satellites, but they will be backward compatible with existing equipment, so a lot of unencrypted traffic is still likely to flow over the network.)"
IEEE-Spectrum  Iridium  SDR  hacking 
august 2016 by pierredv
A New Wireless Hack Can Unlock 100 Million Volkswagens | WIRED - Aug 2016
"Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle’s doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995."
"Both attacks use a cheap, easily available piece of radio hardware to intercept signals from a victim’s key fob, then employ those signals to clone the key. The attacks, the researchers say, can be performed with a software defined radio connected to a laptop, or in a cheaper and stealthier package, an Arduino board with an attached radio receiver that can be purchased for $40."
"Plenty of evidence suggests that sort of digitally enabled car theft is already occurring. Police have been stumped by videos of cars being stolen with little more than a mystery electronic device."
Volkswagen  SDR  cryptography  theft  hacking 
august 2016 by pierredv
Hacking A Phone's GPS May Have Just Got Easier - Forbes 2015
"Now a team of researchers at Chinese Internet security firm Qihoo 360 claim they’ve found a way to make a GPS emulator that can falsify the GPS location of smartphones and in-car navigation systems, more cheaply."
Defcon
GPS  hacking  Defcon 
august 2016 by pierredv
2-DAY TRAINING 2: Hacking the IoT with Software Defined Radio « HITBSecConf2016 – Amsterdam
"One of the key attributes of the Internet of Things (IoT) is that it makes heavy use of wireless communications to allow for mobility and easy-of-installation. It is important to note this is not just Wi-Fi, but all manner of other Radio Frequency (RF) protocols: Bluetooth, BTLE, ZigBee, Z-Wave – to name just a few. The increasing ubiquity of such devices and networks promises to make life easier (smart fridges, …), however manufactures often overlook the security in the implementation of this RF communication systems.

This course will teach you the fundamentals of how to use Software Defined Radio (SDR) to analyse, demodulate and decode RF signals used in the wireless IoT, and then how you can perform your own research and penetration testing to test whether a system is secure, or vulnerable to attack."
IoT  hacking  SDR  training 
july 2016 by pierredv
Disruptive Robocalling - Global Guerrillas
"In my scenario, robocalling was used to shut down polling places to skew election results and plunge the US into chaos:

Robocalls pour in to police departments and polling places in heavily (Rep or Dem) polling locations with bomb/terrorist threats. Widespread poll closures occur. Calls continue until late."
hacking  jamming  spoofing  POTS  robocalling  risk-assessment 
july 2016 by pierredv
Cheating at Pokémon Go with a HackRF and GPS Spoofing - rtl-sdr.com
Since the game is GPS based, Stefan Kiese decided to see if he could cheat at the game by spoofing his GPS location using a HackRF software defined radio. When playing the game, players often walk from Pokéstop to Pokéstop, collecting Pokémon along the way, and replenishing their items. By spoofing the GPS signal he is able to simulate walking around in the physical world, potentially automating the collection of Pokémon and replenishment of items at Pokéstops.
Pokemon  GPS  SDR  HackRF  hacking  spoofing 
july 2016 by pierredv
Envisioning the Hack That Could Take Down NYC -- NYMag
"No one had yet realized that New York City had just been hit by a cyberattack — or that, with the city’s water system, mass transportation, banks, emergency services, and pretty much everything else now wired together in the name of technological progress, the worst was yet to come."
"The group of European black-hat hackers who launched the attack against New York ... self-identified anarchists with a reflexively nihilistic will to power"
Interference  hacking  jamming  NYMag 
june 2016 by pierredv
Stealing a Drone with Software Defined Radio - rtl-sdr.com
PHDays (Positive Hack Days) is a yearly forum with a focus on ethical hacking and security. During this years forum which took place in June, the organizers set up a competition where the goal was to “steal” or take control of a Syma X8C quadcopter drone. The drone runs on the nRF24L01 module, which from previous posts we have seen can easily be sniffed and decoded with an RTL-SDR or other SDR.

To reverse engineer the drones wireless communications system the teams used software defined radios like the HackRF and BladeRF, and also an alternative method involving just using an Arduino and nRF24L01+ receiver chip.
RTL-SDR  drones  hacking  SDR 
june 2016 by pierredv
Slovenian University Student & Security Researcher Almost Jailed for Researching TETRA with an RTL-SDR - rtl-sdr.com
"Dejan Ornig, a 26 year old student at the University of Maribor’s Faculty of Criminal Justice and Security was recently almost jailed for finding a security flaw in Police TETRA communications in his home country of Slovenia."
RTL-SDR  Slovenia  hacking  TETRA 
may 2016 by pierredv
Nissan Disables App That Let You (And Everyone Else) Remotely Access Leafs - IEEE Spectrum Feb 2016
“What’s weird about this, as Hunt discovered, is not so much that the Nissan app had poor security: it’s more that the security was utterly nonexistent, to the extent that Hunt and his colleagues think it must have been a conscious choice by Nissan.”
iot  cybersecurity  hacking  automobile  IEEE-Spectrum 
march 2016 by pierredv
HACKING ALARM SYSTEMS WITH AN RTL-SDR AND RFCAT
"Back in 2014 the author of boredhackerblog.blogspot.com did a final year project for his wireless security class on hacking home alarm systems. His presentation was titled “How we broke into your house”. In his research the author used both an RTL-SDR and a simple RFcat wireless transmitter and performs a simple replay attack on a cheap $50 alarm system. "
RTL-SDR  home-security  hacking  sdr 
march 2016 by pierredv
Car Owners Try to Foil Criminals Hacking Key Fob Signals « CBS San Francisco
"Frank Scafidi of the National Insurance Crime Bureau said key fob hacking isn’t exactly common, but it is increasing. “We’ve been seeing examples since early 2013,” Scafidi told KPIX 5 ConsumerWatch. " "And a third possibility: A jamming device combined with a code-grabber, a small gizmo that’s made overseas, costs about $100 online, and can clone a key fob code from a short distance away."
hacking  cybersecurity  automobile  key-fob  jamming 
march 2016 by pierredv
How White Hat Hackers Stole Crypto Keys from an Offline Laptop in Another Room | Motherboard
via Bruce Schneier and Blake Reid "researchers from Tel Aviv University and Technion have gone a step further than past efforts, and found a way to steal data from air-gapped machines while their equipment is in another room." “During the decryption of the chosen ciphertext, we measure the EM leakage of the target laptop, focusing on a narrow frequency band,” the paper reads. The signal is then processed, and “a clean trace is produced which reveals information about the operands used in the elliptic curve cryptography,” it continues, which in turn “is used in order to reveal the secret key.” The equipment used included an antenna, amplifiers, a software-defined radio, and a laptop. This process was being carried out through a 15cm thick wall, reinforced with metal studs, according to the paper.
cybersecurity  SDR  TEMPEST  hacking 
march 2016 by pierredv
P25 digital radio systems highly vulnerable to jamming and unauthorized decryption - Nov 2011
"On August 17, 2011 at the 20th Usenix Security Symposium, Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu, and Matt Blaze presented a paper Why (Special Agent) Johnny (Still) Can’t Encrypt: A Security Analysis of the APCO Project 25 Two-Way Radio System. These noted experts conducted in-depth research on the numerous vulnerabilities of digital P25 radio systems when operated in the encrypted and clear mode. ... According to these cryptography scientists, P25 systems are strikingly vulnerable to denial of service." "... the NID is error corrected separately from the rest of the frame. This makes it possible for an attacker to effectively prevent an entire voice frame from being correctly received by synchronizing a jamming transmitter to interfere only with the 64 bit NID field"
P25  cybersecurity  vulnerability  jamming  public-safety  spectrum  hacking 
february 2016 by pierredv
Reverse Engineering the SimpliSafe Wireless Burglar Alarm - rtl-sdr.com Feb 2016
SimpliSafe is a home security system that relies on wireless radio communications between its various sensors and control panels. They claim that their system is installed in over 300,000 homes in North America. Unfortunately for SimpliSafe, earlier this week Dr. Andrew Zonenberg of IOActive Labs published an article showing how easy it is for an attacker to remotely disable their system. By using a logic analyser he was able to ... discover which packets were the “PIN entered” packets. He then created a small electronic device out of a microcontroller that would passively listen for the PIN entered packet, save the packet into RAM, and then replay it on demand, disarming the alarm. A few days later Micheal Ossmann (wireless security researcher and creator of the HackRF SDR and YardStick One) decided to have a go at this himself, using a YARD Stick One and a HackRF SDR.... he is able to recover the actual PIN number entered by a home owner from a distance ...
home-security  SDR  RTL-SDR  hacking 
february 2016 by pierredv
Bypassing Rolling Code Systems - CodeGrabbing/RollJam - rtl-sdr.com
"A while back we posted about Samy Kamkars popular “RollJam” device, which was a $32 home made device that was able to defeat rolling code based wireless security systems such as those used on modern cars. Wireless security researcher Andrew Macpherson became interested in RollJam and has now written up a post showing how to create a similar device using the YardStickOne and RFcat wireless tools. In his post Andrew shows how he automates the replay attack side of things using a Python script and two RFcat devices"
SDR  cyberspace  IOT  automobile  hacking 
february 2016 by pierredv
You've seen things people wouldn't believe – so tell us your programming horrors • The Register
"To kickstart things, let's begin with one terrifying bug, two classics, and one final example from personal experience."
TheRegister  programming  hacking 
january 2016 by pierredv
U.S. Says Only Jeeps Had Hacker Vulnerability Via Radios - WSJ
"But the fear of widespread vulnerability to hackers appears to be unfounded. NHTSA investigators said in documents that similar radios made by Harman International went to Volkswagen, Audi and Bentley, but that those vehicles have safety systems that would stop hackers." "The agency also said Sprint, Fiat Chrysler’s wireless provider, blocked access to a radio communications port that was unintentionally left open. The recall also included software changes that thwarted hackers, the agency said."
WSJ  hacking  jamming  Jeep  cybersecurity  NHTSA  automobile  automotive 
january 2016 by pierredv
Comcast's Xfinity home alarms can be disabled by wireless jammers • The Register
"Comcast's wireless home alarm systems can be trivially jammed, rendering them useless and allowing burglars to slip in undetected. By flooding the airwaves around an Xfinity Home Security System with network deauthentication frames, crooks can prevent intrusion sensors from sending data to the base station in the customer's house or apartment. This means the alarm system is cut off from its sensors, which may have detected a break-in." "Rapid7 security researcher Phil Bosco found that by jamming the 2.4GHz ZigBee radio channel used by Comcast's gear, the base station can't communicate with its sensors, and defaults to reporting a "closed" state on doors and windows, even if the sensors detect an "open" state." "the system assumes everything is OK in the event of a network collapse"
TheRegister  Comcast  jamming  hacking  ZigBee 
january 2016 by pierredv
« earlier      
per page:    204080120160

Copy this bookmark:





to read