A non-profit group that represents prominent computer security researchers has issued an open letter to the automotive industry calling for more collaboration on cyber security issues. The group, I Am The Cavalry said the automotive industry needs to elevate cyber security to put it on par with other vehicle safety issues. The announcement, on Friday at DEF CON 22 in Las Vegas – an annual hacker conference – included a letter to CEOs in the automotive industry, calling for the adoption of “five key capabilities that create a baseline for safety relating to the computer systems in cars.” The letter asks for safety to be built into the design of computer systems in vehicles. “Increasing reliance on computer systems and internet connectivity in cars is opening up a whole new area of consumer risk, much of which is still being investigated and understood,” the group said. “Modern cars are computers […]
Recent Posts
New Calls For A Common Hardware Vulnerability Database At Black Hat
The Black Hat briefings made its reputation as a forum for star security researchers to unveil hair raising vulnerabilities in hardware and software. But Black Hat has become a more corporate event and collaboration is much in evidence these days. The latest example: the first roundtable discussion ever held at Black Hat. Speaking on Wednesday, Don Bailey, CEO of Lab Mouse Security, and Zach Lanier, Senior Security Researcher at Duo, facilitated a lively discussion of embedded system security before a group of attendees arranged around a table with a few more chairs off to the side. Bailey asked the audience to start the conversation, and he and Lanier then moderated the discussion. The conversation started with discussion of new secure chipsets, such as ARM TrustZone, and the fact that few institutions are using them. One factor is cost. Some organizations are gravitating toward open source chipsets such as Ardinuio, which […]
Remote Car Hacks Depend On The Internal Design, Say Researchers
When purchasing your next car, you face many options. You want a good price, but also good gas mileage and perhaps an entertainment system for the kids in back. But for Dr. Charlie Miller, Twitter, and Chris Valasek, director of vehicle security research at I/OActive, the main criteria is whether or not the car is a likely candidate to be hacked. In particular they said they were interested in cars that would be more susceptible to remote hacking. Work done previously by Professor Stefan Savage along with graduate students from the University of Santa Barbara and the University of Washington used the Onboard Diagnostic port to control a car. Last year Miller and Valasek used internal wiring to gain control of their test cars. This year the pair said they wanted to take a step back and look at how cars in general communicate internally as a predictor of hacking […]
Punch Out: Security Holes In Time Clock Bite TSA, Others
A common time clock that is used by companies and government agencies, including the Transportation Security Administration (TSA) contains pre-programmed “back door” user accounts that could allow malicious attackers to gain access to sensitive networks, according to research by a security researcher at Qualys Inc. Speaking before an audience at the Black Hat Briefings in Las Vegas on Wednesday, Billy Rios, the Director of Threat Intelligence at Qualys Inc., revealed research on the Kronos 4500, a “time and attendance” product (aka time clock) that employees use to ‘punch in’ and ‘punch out’ from work. Rios said that an in-depth analysis of the Kronos equipment and the software that it runs revealed two types of backdoor accounts (user names and passwords) that will provide access to any deployed 4500 device. The accounts are particularly worrying because some vulnerable devices can be discovered using Internet searches, and because TSA is known to use Kronos attendance […]
Vulnerable Mobile Software Management Tool Reaches Into IoT
You could be forgiven for never having heard of Red Bend Software. The company is small – just 250 employees- and privately held. Red Bend’s headquarters is a suite of offices in a nondescript office park in Waltham, Massachusetts, just off Route 128 – America’s “Silicon Highway.” But the company’s small profile belies a big footprint in the world of mobile devices. Since 2005, more than 2 billion devices running the company’s mobile management software have been sold worldwide. Today, the Red Bend is believed to control between 70 and 90 percent of the market for mobile software management (MSM) technology, which carriers use to service mobile devices. The software enables mobile carriers to do critical tasks, including firmware-over-the-air (FOTA) software updates, mobile device configuration and other on-device changes. Red Bend counts many of the world’s leading companies in the mobile, enterprise and manufacturing sectors as clients, including Intel, Qualcomm, Samsung, Sharp, LG, Sony, Huawei, China Mobile and Lenovo. For the most part, Red […]
