We’ve interviewed security researcher Nitesh Dhanjani before. In the last year, he’s done some eye-opening investigations into consumer products like the Philips HUE smart lightbulbs. We did a podcast with Nitesh in December where we talked more generally about security and the Internet of Things. Now Dhanjani is in the news again with research on one of the most high-profile connected devices in the world: Tesla’s super-smart electric cars. In a presentation at Black Hat Asia on Friday, he released findings of some research on the Tesla Model S that suggests the cars have a weakness common to many Web based applications: a weak authentication scheme. (A PDF version of the report is here.) Specifically: Tesla’s sophisticated cars rely on a decidedly unsophisticated security scheme: a six-character PIN. Dhanjani’s research discovered a variety of potentially exploitable holes that would give even an unsophisticated attacker a good chance at breaking into […]
Recent Posts
Analysis Finds Blurry Lines Between Rovio, Advertisers
Rovio, the maker of the massively popular Angry Birds, makes no secret about collecting personal data from those who download and play its games. But an analysis from the advanced threat detection firm FireEye is helping to expose the extend of data harvesting, and also to sketch out the blurry line that separates Rovio and third-party advertising networks it contracts with. In a blog post on Thursday, FireEye analysts Jimmy Suo and Tao Wei described the findings of an investigation into the interaction between Rovio’s mobile applications, including the latest version of Angry Birds, and third party ad networks such as Jumptap and Millenial Media. Using FireEye’s Mobile Threat Prevention (MTP), the two gathered and analyzed network packet capture (PCap) information and analyzed the workings of Angry Birds and its communications with third-party ad networks. The two were able to reveal a multi-stage information sharing operation, tracking code paths from the reverse-engineered […]
Cisco To Invest $1B Building Secure Cloud For Internet Of Things
Cisco Systems announced that it will invest more than $1 billion building what it calls an “Intercloud” – a network of cloud platforms that will support a variety of new business applications, including those supporting connected devices that are part of the Internet of Things. The company said on Monday that the new initiative will greatly expand its cloud business over the next two years and provide APIs (application program interfaces) that will allow application developers to rapidly create new products suitable for use in the enterprise or by resellers and service providers. A range of Cisco’s existing partners have committed to deliver products or services for Cisco’s Intercloud Cloud Services including the Australian firm Telstra, Allstream, a Canadian communications provider and Ingram Micro Inc.a major technology wholesaler. Services provider SunGard Availability Services and Integralis have signed on, as has the IT consulting firm Wipro Ltd. “Together, we have the […]
Perverse Security Incentives Abound In Mobile App Space
Security problems abound in the mobile device space – and many of them have been well documented here and elsewhere. While mobile operating systems like Android and iOS are generally more secure than their desktop predecessors, mobile applications have become a major source of woe for mobile device owners and platform vendors. To date, many of the mobile malware outbreaks have come by way of loosely monitored mobile application stores (mostly in Eastern Europe and Russia). More recently, malicious mobile ad networks have also become a way to pull powerful mobile devices into botnets and other malicious online schemes. But my guests on the latest Security Ledger podcast point out that mobile application threats are poised to affect much more than just mobile phone owners. Jon Oberheide, the CTO of DUO Security and Zach Lanier, a researcher at DUO, note that mobile OS platforms like Android are making the leap […]
Google: Android Wear Isn’t Ready For Health Data
I didn’t get a chance to write about Google’s (big) announcement that it was expanding its Android operating system franchise to wearable products. If you haven’t been following the news: the company unveiled a developer preview of Android Wear, software that will allow developers to outfit wearable devices that can interact with Android devices like mobile phones and tablet. The announcement is important: it shows Google continuing to grow its footprint in the wearables space beyond the (controversial) Glass technology. In fact, noted tech luminary Robert Scoble and others have wondered aloud whether Google is ready to let Glass go the way of Wave, Buzz and other skunkworks projects. The announcement of Wear and attendant deals with watch makers like Fossil and others suggests that, if nothing else, Google is ready to get out of the wearable hardware business and leave that to companies that are better suited to […]
