In-brief: In this Security Ledger podcast, Paul speaks with Sameer Dixit of Spirent Security Labs, a leading tester of connected (“smart”) vehicles. Truly secure, connected vehicles may be years away, he says. In the meantime, security flaws and poorly implemented features are a major issue, Dixit says, with many car companies still preferring bolt on security fixes over secure design.
In-brief: Intel issued a patch for a serious vulnerability in firmware that has shipped with its chipsets for almost nine years, but it could take months for patches to reach affected customers from OEMs. (Editor’s note: updated with analysis from Matthew Garrett. PFR May 2, 2017.)
In-brief: The security firm Anubis Networks said in a blog post that it has discovered a mystery code by the firm Ragentek that is used in a number of low-cost Android smart phones, used across 55 different device models.
In-brief: software used in at least one brand of smart phones sold in the U.S. was found to secretly send private information about the phone’s owner back to servers in China, according to a report by the security firm Kryptowire.
In-brief: Lookout said it identified an active threat that was using three critical iOS zero-day (that is: previously unknown) vulnerabilities. When exploited, the three vulnerabilities “form an attack chain that subverts even Apple’s strong security environment.”
