Archive for October 30, 2017

The Tesla Model X Hacked by Chinese Researchers

Researchers from a China-based security firm, Tencent Keen Security Lab has managed to hack into a Tesla car, Model X.

Last year, the same group of researchers had hack Tesla's Model S cars, in which they took control of various in-built systems.

They have found several zero-day exploits within in-car module like open its doors, blink the lights, control in-car displays, and, when the car is in motion researchers were able to activate the brakes.

Keen Lab's researchers managed to hack the car by bypassing the car's  firmware signing system, after which they installed their own new firmware that they could manipulate commands according to their needs.

The research team notified the automaker about the existing security vulnerabilities, and as a result, the company patched up the flaws within no time as part of its 8.1 software update.

A Tesla spokesperson released a  full statement regarding the vulnerabilities and related research:

By working closely with this research group following their initial findings last year, we responded immediately upon receiving this report by deploying an over-the-air software update (v8.1, 17.26.0+) that addresses the potential issues. While the risk to our customers from this type of exploit is very low and we have not seen a single customer ever affected by it, we actively encourage research of this kind so that we can prevent potential issues from occurring. This demonstration wasn't easy to do, and the researchers overcame significant challenges due to the recent improvements we implemented in our systems. In order for anyone to have ever been affected by this, they would have had to use their car's web browser and be served malicious content through a set of very unlikely circumstances. We commend the research team behind this demonstration and look forward to continued collaboration with them and others to facilitate this kind of research.




Third-party swipes Dell’s web address for a month

A third-party took over the web address used by recovery software on Dell PCs for a month last summer after a contractor apparently failed to update it. The web address was used by Dell to help customers restore their data. Many of the firm's recovery application and backup is installed by default, allowing users to restore factory settings to their computers.

Brian Krebs, a security expert and author, reported the issue saying that the site may have been hijacked "From early June to early July 2017.”

A software backup and imaging company called SoftThinks, one of Dell's partners, previously had control of this address but was taken over by another party at some point between June and July this year.
The domain name called DellBackupandRecoveryCloudStorage.com was checked regularly by software installed as standard on many Dell PCs, so whoever snapped it up could use it to spread malware to unsuspecting Dell customers.

DellBackupandRecoveryCloudStorage.com was the property of Dmitrii Vassilev of "TeamInternet.com," a company listed in Germany that specializes in selling what appears to be typosquatting traffic. Team Internet also appears to be tied to a domain monetization business called ParkingCrew."

Krebs said in his blog: “Approximately two weeks after Dell’s contractor lost control over the domain, the server it was hosted on started showing up in malware alerts.”

Dell admitted to losing control of the domain name but said the problem had been “addressed” in a recent statement. The company said no malware was transferred.

Dell said to the BBC: “We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device.”

A spokeswoman for Dell said that, on 9 July, the developer of the program bought the domain back from the third party that snapped it up - but she would not confirm how much this cost.

Pune organizes event to increase awareness about cybersecurity

The City Police of  Pune has organised “Cy-Fi Karandak 2017,” cyber-security gala events of one-act plays in order to increase the awareness against increasing cyber crimes around the city. This festival is being organized in association with the Quick Heal Foundation and Expressions Lab, a theatre organisation.

The finale of the event is scheduled to be held in Pune from December 21 to 25, at Bharat Natya Mandir. There are more than 100 teams from Maharashtra and Goa who have applied for this, while only 28 finalists will now compete on the theme “Human Life in the Cyberworld — How Convenient, How Vulnerable?” for cash prizes and the Karandak trophy.

To promote this event, an online Karandak was launched, the interested teams submitted their videos via social media; the finals of which will also be held in December.

“The amount of Cyber Crimes reported in Pune is surprisingly high- even higher than that of Delhi and NCR,” said Senior Police Inspector Radhika Phadke. “We need this kind of a platform to create awareness about the psychological and emotional consequences of these crimes. Especially in cases of matrimony fraud, the victim suffers extreme emotional distress. Through theatre, we can convey the human side of it,” she added.

“Cyber-crime would account for nearly 80 percent of all crimes in coming years,” said assistant commissioner of police Milind Patil

DoubleLocker Ransomware Locks Android devices


A ransomware dubbed as DoubleLocker has infected Android devices by changing the security PIN of the device and encrypting all the data stored.

Researchers from cybersecurity firm ESET have discovered the Double Locker ransomware, that is a two-step ransomware which adopts a dual-locking approach.

According to researchers, the ransomware is dispersed through a fake Adobe Flash Player apps. The ransomware's code is based on banking Trojan known as Android.BankBot.211.origin, which compels users to grant administrative permissions, and activate the device’s admin rights and set itself as the default home application.

The attackers have set the ransom at 0.013 Bitcoin (approx. USD 70), which is demanded to be paid within 24 hours of the attack. “Double Locker affects the android devices primarily in two ways: first, encrypts all the data files with AES encryption mechanism and corrupts the same with the .cyreye file extension, thus becoming a perfect case for a ransom demand. Additionally, the malicious software also affects the accessibility of the devices by changing the pin of the device, which cannot be accessed by the users,” explained Sandeep Sharma, Associate Research Manager – Software and Services at IDC.

Researchers stated that the Double Locker ransomware is much more advanced as compared to other types of Android ransomware. This ransomware has an ability to abuse the device accessibility setting to have access to device administrator in order to control the device.

 After getting all the admin rights, the malware sets itself as the default home application on the device, and further, after this, it blocks the users from bypassing the lock.

The best way to remain unaffected y this kind of ransomware is to backup of all data regularly, and even after getting attacked by the ransomware you can get your original device without paying ransomware by resetting your device to factory reset.

Kaspersky Lab: Deleted NSA’s hacking code

Russia-based antivirus software company Kaspersky Lab said that a security mistake by US National Security Agency's  contractor led to leaking confidential hacking tools to the cybersecurity firm.

The Lab claimed that after realizing that the downloaded secret hacking tools were classified, they deleted every file.  In September, US officials ordered the probe saying the firm was influenced by Kremlin, and compromised data could harm national security.

"The archive was deleted from all our systems. The archive was not shared with any third parties," Kaspersky Lab said on Tuesday.

According to Kaspersky Lab's investigation, on  11 September 2014,  the NSA's contractor was working on his personal computer at home when he detected a piece of malware.

"US law tolerates inadvertent acquisition of classified data but doesn't allow to distribute it. We deleted it to follow the law," the company's CEO Eugene Kaspersky tweeted on Wednesday. The Russian security firm added: "Kaspersky Lab has never created any detection of non-weaponized (non-malicious) documents in its products based on keywords like 'top secret' and 'classified'."

The company was not able to pinpoint the exact date as the contractor apparently disabled the Kaspersky antivirus software. On 4 October 2014, the contractor again turned the antivirus software back on.

“The user appears to have downloaded and installed pirated software on his machines, as indicated by an illegal Microsoft Office activation key generator,” Kaspersky says. “The malware dropped from the trojanised keygen was a full-blown backdoor, which may have allowed third parties access to the user’s machine.”

While reviewing the file’s contents, the company removed all the files and reported the matter to Chief Executive Eugene Kaspersky.

“We deleted the archive because we don’t need the source code to improve our protection technologies and because of concerns regarding the handling of classified materials,” said Kaspersky spokeswoman Sarah Kitsos.