Tag Archives: What The Hack

$60 hack can trick LIDAR systems used by most self-driving cars


A security researcher has created a $60 system with Arduino and a laser pointer that can spoof the LIDAR sensors used by most autonomous vehicles. 


Many self-driving cars use LIDAR sensors to detect obstacles and build 3D images to help them navigate. However, one security researcher has developed a $60 device with “off-the-shelf parts” that can trick the systems into seeing objects which don’t actually exit, thereby forcing the autonomous vehicles to take unnecessary actions, like slowing down or stopping to avoid a collision with the phantom thing. Ultimately, this further highlights the need for stringent security measures for automobiles that would otherwise be vulnerable to cyber criminals armed with nothing more than a low-power laser and pulse generator.

JeffKowalskyCorbis4254044417-1441388783311-2

“It’s kind of a laser pointer, really. And you don’t need the pulse generator when you do the attack. You can easily do it with a Raspberry Pi or an Arduino,” explains researcher Jonathan Petit, principle scientist at Security Innovation.

According to IEEE Spectrum, Petit began by simply recording pulses from a commercial IBEO Lux LIDAR unit. The pulses were not encoded or encrypted, which allowed him to replay them at a later point. He was then able to create the illusion of a fake car, wall, cyclist or pedestrian anywhere from 65 to 1,100 feet from the LIDAR system, and make multiple copies of the simulated obstacles. In tests, the attack worked at all angles — from behind, the side and in front without alerting the passengers — and didn’t always require a precise hit of the device for it to achieve its goal.

“I can spoof thousands of objects and basically carry out a denial of service attack on the tracking system so it’s not able to track real objects,” Petit adds.

As IEEE Spectrum notes, sensor attacks are not limited to self-driving cars, either. The same homebrew laser pointer can be employed to carry out an equally devastating denial of service attack on a human motorist by simply dazzling them, and without the need for sophisticated laser pulse recording, generation or synchronization equipment.

toyota_self-driving_car_lidar_laser-100020089-orig

While the DIY system won’t necessary affect everyone, it does state the case that security should be at the forefront of auto design. Petit concludes. “There are ways to solve it. A strong system that does misbehavior detection could cross-check with other data and filter out those that aren’t plausible. But I don’t think carmakers have done it yet. This might be a good wake-up call for them.”

The researcher described his proof-of-concept hack in a paper entitled “Potential Cyberattacks on Automated Vehicles,” which will be presented at Black Hat Europe in November.

[Images: Jeff Kowalsky/IEEE Spectrum, TechHive]

Sense HAT is an add-on board for the Raspberry Pi


This Raspberry Pi HAT features an 8×8 RGB LED matrix, a five-button joystick and a number of sensors. 


The Sense HAT is a sensor-laden, add-on board for the Raspberry Pi that will soon be headed into space as part of the Astro Pi mission.

IMG_8883s

For those familiar with the initiative, Astro Pi is a collaboration between Raspberry Pi, British astronaut Tim Peake, UK Space and the European Space Agency that was formed to offer students a chance to devise their own experiments and run them in space. In December, a pair of RPi computers will be connected to a new Astro Pi board and sent to the International Space Station. During the mission, the astronaut will deploy the units in a variety of locations onboard the ISS, load up the winning codes while in orbit, set them running, collect the data generated and then download this to Earth where it will be distributed.

As for the Sense HAT, the board is packed with a gyroscope, an accelerometer, a magnetometer, a temperature sensor, a barometric pressure sensor and a humidity sensor, as well as a five-button joystick and an 8×8 RGB LED matrix — all powered by an LED driver chip and an ATTiny88 MCU running custom firmware. By attaching the board to your Pi’s GPIO pins, Makers can use the integrated circuit-based sensors for any number of experiments, apps and games. Raspberry Pi has also devised a Python library for easy access to everything on the HAT.

“The Sense HAT was originally developed around James Adams’ idea to make a cool toy-style board that showed off just how much you could do with your average modern MEMS gyroscope, 64 RGB LEDs and some Atmel microcontroller hackery,” the team writes. “Somewhere between prototype and production, it seems to have attracted extra features like a pressure sensor, a humidity/temperature sensor and a teeny joystick.”

AstroPiRainbow-500x329-1

The LED matrix will provide a feedback mechanism and enhanced interactivity for astronaut Tim Peake when he’s tasked with deploying the Astro Pi board on the ISS. One of the winning entries – Reaction Games – has even programmed a whole suite of joypad-operated games played via the LED matrix. According to the Raspberry Pi crew, Snake is hilarious on an 8×8 screen!

“The Atmel [MCU] is responsible for sampling the joystick. We didn’t have enough pins left on the Atmel to dedicate the five that we needed to sample the joystick axes independently, so they’ve been spliced into the LED matrix row selects. The joystick gets updated at approximately 80Hz, which is the scan rate of the LED matrix,” its creators explain. “All of the sensors (and the base firmware for the Atmel) are accessible from the Pi over I2C. As a fun bonus mode, the SPI peripheral on the Atmel has been hooked up to the Pi’s SPI interface – you can reprogram your HAT in the field!”

Intrigued? Head over to the Raspberry Pi blog, where you will find an elaborate log of the Astro Pi mission.

You can hack what?!


From skateboards and trucks to medical devices and rifles, these recent hacks show that every “thing” is at risk.


Musicians have the GRAMMYs. Actors have the Emmys. Athletes have the ESPYS. Hackers, well they have Black Hat. Every year, more than 10,000 security pros converge in Las Vegas to explore the latest network flaws, device vulnerabilities and cyber attacks of the past, present and future. While these demonstrations typically focused on how to take control of computers, given the rise of the Internet of Things, it seems like just about any “thing” can be susceptible to malicious intruders. As we gear up for what will surely be an insane amount of coverage across all media channels, here are a few hacks that’ll surely grab your attention.

OnStar vehicles

Serial hacker Samy Kamkar has devised a tablet-sized box that could easily tap into and wirelessly take control of a GM car’s futuristic features. With connected car security a hot topic at this year’s conferences, the Los Angeles-based entrepreneur has created a device — dubbed OwnStar — that can locate, unlock and remotely start any vehicle with OnStar RemoteLink after intercepting communication between the RemoteLink mobile app and OnStar servers.

clky0h4wgaesaly

The system is driven by a Raspberry Pi and uses an ATmega328 to interface with an Adafruit FONA for cellular connection. After opening the OnStar RemoteLink app on a smartphone within Wi-Fi range of the hacking gadget, OwnStar works by intercepting the communication. Essentially, it impersonates the wireless network to fool the smartphone into silently connecting. It then sends specially crafted packets to the mobile device to acquire additional credentials and notifies the attacker over 2G about the new vehicle it indefinitely has access to, namely its location, make and model.

With the user’s login credentials, an attacker could do just about anything he or she wants, including tracking a car, unlocking its doors and stealing stuff nside (when carjacking meets car hacking), or starting the ignition from afar. Making matters worse, Kamkar says a remote control like this can give a malicious criminal the ability to drain the car’s gas, fill a garage with carbon monoxide or use its horn to drum up some mayhem on the street. The hacker can also access the user’s name, email, home address, and last four digits of a credit card and expiration date, all of which are accessible through an OnStar account.

Tesla Model S

Researchers said they took control of a Tesla Model S car and turned it off at low speed, one of six significant flaws they found that could provide hackers total access to vehicles, the Financial Times reported.

Tesla

Kevin Mahaffey, CTO of Lookout, and Marc Rogers, principal security researcher at Cloudflare, claimed they decided to hack a Tesla car because the company has a reputation for understanding software than most automakers. The hackers had to physically gain entry into the vehicle, which made it more difficult than many other attacks. Once they were connected through an Ethernet cable, they were later able to access the systems remotely. These included the screens, speedometer, windows, electronic locks, and the ignition.

“We shut the car down when it was driving initially at a low speed of five miles per hour. All the screens go black, the music turns off and the handbrake comes on, lurching it to a stop,” Rogers describes.

Tesla has since issued a patch to fix the flaws.

Electric skateboards

After his own electric skateboard abruptly stopped working last year, unable to receive commands from its remote control, Richo Healey decided to delve a bit deeper into the incident. What he discovered was that, the volume of Bluetooth traffic in the surrounding the intersection interfered with his RC’s connection to the board.

Hack

Cognizant of this defect, Healy teamed up with fellow researcher Mike Ryan to examine the hackability of his and other e-skateboards on the market today. The result was an exploit they developed called FacePlant that can give them complete control of someone’s gadget.

The duo describes FacePlant as “basically a synthetic version of the same RF noise” that Healey experienced at the intersection in his hometown of Melbourne. The exploit ultimately allows them to gain total control of someone cruising down the street or sidewalk, which means they could easily cold stop a board or send it flying in reverse, tossing the rider.

They found at least one critical vulnerability in each board they examined, all of which hinge on the fact that the manufacturers of the boards failed to encrypt the communication between the remotes and the boards. The attack for controlling them is essentially identical across the board (no pun intended), but the mechanism for conducting it differs somewhat for each one. As a result, they’ve only completed an exploit for the Boosted board at this time.

Square readers

Three former Boston University students have highlighted a vulnerability in the hardware of Square readers that would enable hackers to convert it into a credit card skimmer in less than 10 minutes. The rigged PoS device could then be used to steal personal information with a custom-recording app.

h_butoday_register.02-640859785726568a44d6465746406445

Computer engineering grads Alexandrea Mellen, John Moore and Artem Losev unearthed the flaw last year in a project for their cybersecurity class. They also found that Square Register software could be hacked to enable unauthorized transactions at a later date.

“The merchant could swipe the card an extra time at the point of sale. You think nothing of it, and a week later when you’re not around, I charge you $20, $30, $100, $200… You might not notice that charge. I get away with some extra money of yours,” Moore explains.

The group says there is no evidence that either of the vulnerabilities have been employed to scam credit card holders, but does warn that their findings raise red flags for the fast-emerging mobile commerce industry.

Medical devices

The U.S. Food and Drug Administration and Department of Homeland Security have both issued advisories warning hospitals not to use the Hospira infusion system Symbiq due to cybersecurity risks. While no known attack has occurred, hackers could theoretically tamper with the intravenous infusion pump by accessing a hospital’s network.

“This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies,” the FDA said in a statement.

Hospira has since discontinued the manufacture and distribution of the Symbiq Infusion System, because of unrelated issues, and is working with customers to transition to alternative systems. However, amid the latest string of security woes, the FDA strongly encourages healthcare facilities to begin transitioning to other infusion systems as soon as possible.

This isn’t the first time vulnerabilities in medical devices have been in the spotlight. Back in 2014, Scott Erven and his team found that drug infusion pumps could be remotely manipulated to change the dosage doled out to patients. On top of that, a WIRED article noted that “Bluetooth-enabled defibrillators could be hacked to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring, X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.”

Semi trucks

Asset-tracking systems made by Globalstar and its subsidiaries were discovered to have flaws that would enable a hijacker to track valuable and sensitive cargo and then disable the location-tracking device used to monitor it. From here, criminals could potentially fake the coordinates to make it appear as if the shipment was still traveling its intended route. Or, as WIRED points out, a hacker who simply wanted to cause chaos could add false coordinates to companies and militaries monitoring their assets and shipments to make it appear as if they’d been taken over.

Intercepting-Satellite-Comms-from-Plane-768x1024

These findings were brought to light by Colby Moore, a researcher with the security firm Synack. The same vulnerable technology isn’t only employed for tracking cargo, it’s used in people-tracking systems for search-and-rescue missions and in SCADA environments as well.

As Moore tells the magazine, the Simplex data network that Globalstar uses for its satellites doesn’t encrypt communication between the tracking devices, orbiting satellites and ground stations, nor does it require the communication be authenticated so that only legitimate data gets sent. Subsequently, a hacker could intercept the communication, spoof it or jam it.

“Each device has a unique ID that’s printed on its outer casing. The devices also transmit their unique ID when communicating with satellites, so an attacker targeting a specific shipment could intercept and spoof the communication. Often the unique IDs on devices are sequential, so if a commercial or military customer owns numerous devices for tracking assets, an attacker would be able to determine other device IDs, and assets, that belong to the same company or military based on similar ID numbers.”

Rifles

Security researchers Runa Sandvik and Michael Auger have hacked a pair of $13,000 TrackingPoint self-aiming rifles. The duo has developed a set of techniques that could let an attacker compromise the gun via its Wi-Fi connection and exploit vulnerabilities in its software. According to WIREDthe tactics can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing.

Hack

“The first of these has to do with the Wi-Fi, which is off by default, but can be enabled so you can do things like stream a video of your shot to a laptop or iPad. When the Wi-Fi is on, the gun’s network has a default password that allows anyone within Wi-Fi range to connect to it. From there, a hacker can treat the gun as a server and access APIs to alter key variables in its targeting application.”

Additionally, the researchers shared that a hacker could alter the rifle in a way that would persist long after that Wi-Fi connection is broken. It’s even possible, they tell WIRED, to implant the gun with malware that would only take effect at a certain time or location-based on querying a user’s connected phone.

Hijacking data as sound waves

Reuters has reported that a team of researchers led by Ang Cui have demonstrated the ability to hijack standard equipment inside computers, printers and millions of other electronic devices to send information through sound waves.

funtenna.jpg.CROP.promovar-mediumlarge

The project, called Funtenna, refers to a software payload that intentionally causes its host hardware to act as an improvised RF transmitter using existing hardware, which is typically not designed for electromagnetic emnation.

The program works by taking control of the physical prongs on general-purpose input/output circuits and vibrates them at a frequency of the researchers’ choosing, which can be audible or not. The vibrations can be picked up with an AM radio antenna a short distance away.

The new transmitting antenna adds another potential channel that would be hard to detect because no traffic logs would catch data leaving the premises. Cui tells Reuters that hackers would need an antenna close to the targeted building to pick up the sound waves, as well as find some way to get inside a targeted machine and convert the desired data to the format for transmission.

Smart homes

Tobias Zillner and Sebastian Strobl of Cognosec uncovered flaws in the Zigbee standard, which is widely used by countless IoT appliances. Specifically, the researchers shed light on the fact that the protocol’s reliance on an insecure key link with smart gadgets opens the door for hackers to spoof them and potentially gain control of your connected home. According to Cognosec, the items that have been tested and proven to be susceptible include ight bulbs, motion sensors, temperature sensors and door locks.

“If a manufacturer wants a device to be compatible to other certified devices from other manufacturers, it has to implement the standard interfaces and practices of this profile. However, the use of a default link key introduces a high risk to the secrecy of the network key,” the team states in its recent paper. “Since the security of ZigBee is highly reliant on the secrecy of the key material and therefore on the secure initialisation and transport of the encryption keys, this default fallback mechanism has to be considered as a critical risk. If an attacker is able to sniff a device and join using the default link key, the active network key is compromised and the confidentiality of the whole network communication can be considered as compromised.”

[Images: Samy Kamkar, Tesla, Colby Moore, Square, WIRED, Ang Cui]

Breach Brief: Hackers threaten to expose 37 million AshleyMadison.com users


Hacker group targets AshleyMadison.com because it has allegedly been lying to customers with their “full delete” feature. 


Hackers are threatening to leak the personal details of more than 37 million users of the notorious affair website AshleyMadison.com, after claiming they broke into the site’s systems.

55acaea31700004000bafce5

What happened? According to Krebs on Security, the intruders are a group of hackers who go by the name of “Impact Team.” The team claims to have broken into the systems belonging to Avid Life Media, the owner of the site with the tagline of “Life is short. Have an affair.”

Who’s behind the attack? The hackers’ main reason for the breach is that, although AshleyMadison.com says that its $19 fee to completely erase the information of its users, this is not the case. “Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie. Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed,” the Impact Team reveals.

What information was breached? The group claims to have complete access to the Avid Life Media’s database, including not only user records for every single member, but financial and other proprietary information. For now, the Impact Team has only released 40MB of data, such as credit card details and several important documents.

What they’re saying: “We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies. We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system. At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible,” the company explained in a statement.

The intrusion of AshleyMadison.com comes in the wake of several other breaches, some of which in the same space. One in particular, AdultFriendFinder, was hacked earlier in the year exposing the personal information of about almost 4 million members. With the number of cyber incidents on the rise and no apparent end in sight, taking the necessary measures to safeguard networks has never been so paramount.

Breach Brief: UCLA Health data breach may affect 4.5 million people


Hackers have gained access into the network of the Ronald Reagan UCLA Medical Center and three other hospitals.


A cyber attack on the UCLA Health system may have exposed the information of as many as 4.5 million people, officials say.

(Source: Wikipedia)

(Source: Wikipedia)

What information was breached? During the breach, which was announced Friday, the attackers accessed parts of the computer network that contain personal information, including names, addresses, dates of birth, social security numbers, medical record numbers, Medicare and health plan IDs, as well as some medical information like conditions, medications, procedures, and test results.

How many were affected? At this time, it is believed that as many as 4.5 million patients may have been affected across the network, which includes Ronald Reagan UCLA Medical Center and three other hospitals.

When did it occur? Suspicious activity was first detected in the network last October, prompting an investigation assisted by the FBI. Based on the investigation, it appears that the attackers may have even had access to these parts of the system as early as September 2014. It was only on May 5, 2015 that UCLA Health discovered that the part of the network in question had, in fact, been accessed.

What they’re saying: “At this time, there is no evidence that the attacker actually accessed or acquired individuals’ personal or medical information. Because UCLA Health cannot conclusively rule out the possibility that the attackers may have accessed this information, however, individuals whose information was stored on the affected parts of the network are in the process of being notified,” the healthcare provider wrote in a statement.

The latest incident demonstrates that healthcare is among one of the top industries at risk of being targeted by cyber criminals, raising concerns over the safeguarding of electronic medical records and other sensitive data. This attack comes on the heels of several other breaches, namely Anthem which had impacted80 million Americans earlier this year. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network is protected?

Breach Brief: Trump Hotel Collection likely victim of data breach

The Trump Hotel Collection appears to be the latest organization to be hit with a major credit card breach, according to a report from Krebs on Security

(Source: Trump Hotel Collection)

(Source: Trump Hotel Collection)

What happened? Sources reveal that several banks have traced a pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels.

What they’re saying: “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties. We are committed to safeguarding all guests’ personal information and will continue to do so vigilantly,” Eric Trump, EVP of Development and Acquisitions said in a statement.

If confirmed, the incident would be the latest in a long string of breaches involving the hospitality industry, which include Mandarin Oriental and White Lodging this past spring. With the number of hacks on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?

Breach Brief: Cyberattack on LOT Polish Airlines grounds 10 flights


Hackers grounded 10 flights and delayed another 12 by Polish airline LOT after breaching their computer system.


Nearly 1,400 passengers of the Polish airline LOT were affected at Warsaw’s Chopin airport on Sunday after hackers managed to access the computer system responsible for issuing flight plans.

(Source: Wikipedia)

(Source: Wikipedia)

What happened? The cyberattack targeted computers issuing flight plans at Warsaw’s Chopin Airport, officials said. As a result, LOT was forced to ground 10 flights and delayed another 12 including those to Hamburg, Dusseldorf and Copenhagen. The breach took place in the afternoon and, upon being detected, required just about five hours to repair the damage. However, the source of the hack remains unknown.

What they’re saying: In a statement, the airline said that the airport itself wasn’t affected, nor were flights already in the air compromised by the breach. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” company spokesman Adrian Kubicki said. “We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry.”

This latest incident comes amid growing concerns that even the most trusted sites and systems can be used by hackers aimed at infiltrating sensitive industries. With the number of breaches on the rise and no apparent end in sight, how can you ensure that your network and its data are protected?