Security Chatter Archive

Hackers Will One Day Take Over Your Car Because It is a Giant Computer On Wheels

Little do you know, modern-day cars are like big computers rolling on 4 wheels. There are multiple electronic components on cars, many of which use microprocessors like the computer or smartphone you are reading this article on. Fundamentally, your car has more computing power than was used to launch the rockets and pilot the spacecrafts during the Apollo space program landing many men on the Moon. Thing kicker is, with cars having all of this technology and computer equipment, hackers can take advantage of it and gain control of your vehicle.

Imagine one day you are cruising down the interstate hovering around 70 mph, when suddenly your brakes lock up, and you cause a massive pileup. That wouldn’t be very cool would it. The thing is, this could very well happen if a hacker gained control of the computers on your car, it has been done in testing environments proving case in point.

On any given modern-day car, there are about 50 to over 100 small computers that control several components of your car from the power steering, brakes or your airbags. All of these components must work in sync to provide you with simple transportation from point A to B. You can think of it all like a central nervous system or a main CPU with multiple components or i/o devices attached to it via USB connections. If a hacker infiltrates the CPU, they have unadulterated control over all connected components.

The complexity of cars now days is growing, which leaves vehicles vulnerable to issues and even remote attacks. If a hacker were able to connect to a vehicle in some form, they can seriously wreak havoc on a car and basically cause the vehicle to crash, no matter what the driver did to help prevent it. The video below is a demonstration, which may be considered to be extreme due to hackers physically connecting to the car’s computer systems, of hackers controlling a cars steering and brakes.

After viewing the video above, you can conclude that cars are, in fact, hackable. With newer connectivity modules, such as those found in the new Tesla Model S or new Audi vehicles, there is a WIFI or wireless connection that links systems up to the vehicle in ways to get diagnostic reports, remedy an electronic issue or update firmware on the car. This would be the future gateway for hackers to infiltrate a vehicle without physically connecting to it with wires.

Security experts and those who work on various wireless systems to integrate infotainment systems of vehicles all agree that it will take a while for the auto industry to move to a more security internal network than what we are working off of today. This alone is pretty scary.

Have you ever seen the movie Eagle Eye when crooks take over and virtually drive a Porsche Cayenne SUV (clip posted below with NSFW language)? Yeah, that is probably what we may face one day when hackers finally crack the proverbial computer code to control vehicles. Will you be ready?

Popularity: 6%

CoinKrypt Malware Using Android Phones to Pilfer Data for Casinocoin, Dogecoin and Litecoin

Virtual currencies are becoming popular and useful in many ways in the internet-driven and techie age we live in. With each step of opening up currencies to the virtual world we find ourselves faced with an abundance of hackers who use advanced malware to basically steal the funds, which is taking place using the recently discovered CoinKrypt malware.

CoinKrypt malware is a clever piece of software designed to target Android phones where it efficiently mines certain virtual currencies. Among the virtual currencies that CoinKrypt malware has mined are newer ones like Casinocoin, Dogecoin and Litecoin. Because Bitcoin, one of the popular virtual currencies around, uses advanced methods for protection, which requires malware have a lot of computing power to defeat, it is not on the radar screen for CoinKrypt.

The way CoinKrypt is designed to efficiently utilize the complete battery power of an Android phone to mine Casinocoin, Dogecoin and Litecoin, is simply astonishing and clever. It gives certain cybercrooks the proper tools to basically rob a bank in the form of Casinocoin, Dogecoin and Litecoin currencies and then turn around and use them for other purchases that take such means of funds.

CoinKrypt seems to be the go-to for mining and basically stealing virtual funds from Casinocoin, Dogecoin and Litecoin through Android phones, which is claimed to be a million times easier to pilfer than Bitcoin. Although the coins from these services are not as valuable as Bitcoins, hackers still are hoping for the time when they become nearly as valuable as Bitcoins.

For now, cybercriminals have the market cornered from attacking Casinocoin, Dogecoin and Litecoin using the CoinKrypt malware on Android phones. Their efforts for these attacks can only grow and improve over time, which leads many researchers to believe that virtual currency is a seriously fragile paramount.

Popularity: 3%

WiFi Chips Found in Chinese Appliances Distributing Malware

There is an old saying that what someone does not know won’t hurt them. This statement cannot be any farther from the truth when it comes to certain Chinese appliances found to have hidden WiFi chips that distribute malware onto computers that connect to the broadcasted WiFi network of the particular device.

Chinese appliances and electronics are everyone and in recent shipments of small modified appliances coming out of China are apparently appearing primarily in Russia and other places around the world. Some of these modified appliances, ranging from cell phones to dashboard cameras, were outfitted with a WiFi device that is designed to port malware to connected computers.

It was found that the WiFi-equipped devices broadcast an unsecured WiFi network, much like local coffee shops do. This will enable computer users within 200 meters to locate and connect to the device thinking that it is just another means of free WiFi. In such a case the free WiFi is much more than you bargained for as it will serve up spam and push other malware that may potentially control a victim’s system.

It is possible that these malicious WiFi chips could start sniffing other WiFi traffic for usernames and passwords to infiltrate vulnerable systems to collect potential payment processing data. The possibilities of this new scheme could surmount to other computer security issues.

Just think, the next time you are in a hotel your trusty iron could by spying on your computer and you may not even know it. All you wanted to do is connect to the internet through some Free WiFi, the ultimate bargain – or not.

Popularity: 12%

Hacker Claims He can Shut Down Apple MacBook Battery

How would you like to wake up one day to a fiery house all because some hacker decided he was going to hack into your MacBook’s battery and blow it up? That would not make for a good day to say the least.

A famous Apple hacker, Charlie Miller, has found a way to hack into Apple Macbooks battery and manipulate the software that controls the battery to basically shut it down. In other words, Miller is able to modify the battery power controller chip, the chip that monitors and controls all laptop battery functions and power management, and shut down the laptop having access to its own battery.

Miller explained how this is possible at a recent presentation at the Black Hat security conference Thursday in Las Vegas.

The exceedingly scary part about Millers discovery is he thinks it could be a way for a hacker with this know-how to actually make the Macbook explode.

CNN sat down the Miller in a Q and A session. The edited transcript is available below for your entertainment. Hopefully what Miller is explaining cannot be replicated by the average hacker or all of some Macbook users may be in for some serous trouble.

CNN: Tell me what you were able to do with Apple’s laptop batteries.
It’s sort of complicated, but the way batteries get charged in your laptop is there’s a little chip in your battery and the computer talks to that chip to figure out what’s going on. That chip will tell it how much charge it has, how much charge it needs, how much charge it should give it — that sort of thing. What I figured out was how to change the software that runs on that chip.
When it comes from the factory, they don’t want you messing with it, so they set up passwords and stuff to prevent you from doing that. There’s two passwords, actually, and Apple didn’t change those, so you can just find documents on the Internet that said what those were and then I could change the firmware on the chips to make it (the battery) do whatever I wanted.

So what does that allow you to do?
Well, you could make it not work anymore. You can make the battery to where the computer doesn’t even know it’s plugged in. …
My goal was to see if I could make one blow. I never did that. There’s lots of different protections to stop that from happening, and also I was a little scared to blow one up in my house, you know.

Why blow it up? Why was that the goal?
I approach it like, what can people do to me, right? So I don’t want to wake up one day and have my computer blow up. I want to be the one looking at that — not the bad guys.
So I found this thing where Apple didn’t change their passwords. Well, now they’re hopefully going to change their passwords, right? So then next time I buy a laptop from Apple I won’t have to worry quite so much that someone will do something (bad).
I released a tool that you could run, if you’re particularly paranoid, that would fix this problem.

Is this the first time a hack has targeted a battery?
No one that I know has ever looked at it — or no one has ever published anything about it. You carry this thing around with you, and it has a chemistry set in it.
Other people go into a store, and they think about what to buy. I think about how to steal stuff. I don’t (actually) do it — that’s just kind of how I think.

You target Apple products primarily. Tell me why you’ve chosen to do that?
That’s a good question. I started this gig four years ago — and so back then the Apple products were way easier to break into than, say, Windows.

Really?
Yeah, they were very far behind in security.
That goes against the common perception.
Yeah, I know. People thought they were secure when they weren’t. And when I told people that, no one would believe me.
So the reason I started is it was easy. But since then, with (OS X) Lion coming out, it’s caught up. Now it’s not any easier anymore. I either have to find something else that’s easier to work on — or whatever.

Do you like Apple products?
Yeah, I have an iPhone in my pocket right now. That’s another reason. If I use it, I want it to be secure. I don’t want Steve Jobs having a commercial saying it’s secure — I want it to actually be secure. That’s my job to figure out what’s secure and what’s not.

Currently, do you think Apple products are more secure than their counterparts?
(Apple) iOS is definitely more secure than Android. Lion is basically comparable to Windows 7. You can nitpick on those two, but they’re basically both really good.
Android is lacking a couple of features that iOS has, so it’s behind.

Do you have any security tips for iPhone users?
Make sure to set a passcode for it. Otherwise, if someone picks up the phone, there’s nothing there. So set a passcode. It’s not going to protect it forever, but at least it’s some barrier for some kid that picks it up.
Don’t jailbreak your phone if you care about the security of it — because that breaks all of the security. Make sure to configure for remote “locate and wipe,” so if you lose it you can either find it or blow away all of your data on it.

How long is your mobile password?
It’s four digits, which Dino (fellow Apple hacker Dino Dai Zovi) showed in his talk you can break in 18 minutes. So if I don’t get my phone back in 18 minutes I’m in trouble. I’ve tried longer ones, but it’s just impractical. I couldn’t stick with it.

How did you get into hacking in the very beginning?
I’ve been into computers and thought hacking was cool. I got my Ph.D. in math from Notre Dame and I got hired by the NSA (National Security Agency) to be a cryptographer. But when I got there, I didn’t really like that, so they had a training program in computer security, so I learned the basics of my training there in an internship.

Where do you do your work?
At my house. I work out of my house. I’m a consultant. I spend half my time doing consultant work and the rest of my time doing research — like this kind of stuff.

Where do you live?
St. Louis.

How long did it take you to do the battery hack?
It took about seven months — it took a really long time. Most of my research projects are like two weeks, or a month or something. But this one was so far from my comfort zone, and there had been so little written about it that it really took a long time.
So basically you’re giving away information about how to break things in an effort to make it more secure. Some people might be confused by that.
I mean, people think that — like with my battery thing — that if people didn’t talk about this, no one would have ever found out about it. And that’s just not the case.
No matter what we talk about here, there’s always bad guys — or guys who are trying to do this to make money — that are just as smart as us. And there are way more of them.
All we can do is present to everyone what we know. You can’t defend against something you don’t know.

Do you feel paranoid using Apple products knowing how many flaws you’ve been able to find in them?
A little bit. But they’ve gotten so much better. Like the iPhone. For the first year, when the iPhone came out, it was horrible. It was awful. It had no security in it, basically — at all. And then when the second iPhone came out it was much better. And since March it’s had basically every feature a security guy would want.
It’s not just me. I think it’s everyone saying they want more secure devices.

Do you work with Apple?
Not exactly. I have a cordial relationship with them. I shared with them my paper on the battery stuff like three weeks before the talk. But then again, if they would have told me not to do it I would have said, “Go to hell.” I don’t want to be their adversary. I want to have them fix stuff — and I want them to get better. I try to share with them.

Are they working on this battery thing?
Unfortunately, there’s not a lot they can do except start again and get it right.

Have hackers ever targeted you?
If they have, I haven’t caught ‘em.
I’d be pretty easy to hack, I think. I don’t practice the best security myself. I’m impatient. So anytime security is going to add a lot of hassle I’m not going to do it.
I’m the cobbler whose kids have no shoes or whatever. And everyone knows exactly the software I use, the hardware I have, so it probably wouldn’t be that hard.
I just try to be a really nice guy so no one wants to go after me.

So, are you anymore scared than you were before reading the transcript above?

Popularity: 10%

What is ‘Best Malware Protection’ and How to remove it from your PC?

Best Malware Protection is a program that I ran across last month on my PC that has be second guessing whether I installed it or not. After doing some extensive research on Best Malware Protection it was later discovered that I was dealing with a fake security program designed by hackers.

Best Malware Protection is a rogue anti-spyware program that can easily be passed off to a novice computer user as a trusted security program designed to detect and remove malware. Furthermore, Best Malware Protection looked as if it found all types of Trojans, spyware files and malware on my PC and I was about to buy the full program so it could remove them. Boy am I glad I did not purchase Best Malware Protection because after reading more about the program, it was found that it will basically take your money in return for basically nothing.

Sources found via Google search to determine what exactly Best Malware Protection is:

The purchased version of Best Malware Protection was found to be identical to the trail or free edition. That means that a purchased edition of Best Malware Protection will NOT legitimately detect or remove malware from your computer.

Programs such as Best Malware Protection are designed with one thing in mind and that is to grant its creators a quick payday. That payday almost came at the expense of my failure to do research on the Best Malware Protection program which I am glad I did in the end.

Let this be a warning and help guide for you. Do not trust the Best Malware Protection program and no matter how legitimate or convincing a ‘security program’ may look, do some research on it via a simple Google search before you trust it.

Popularity: 7%

How to Avoid and Remove Facebook Malware

If you utilize Facebook enough, then you have probably run across some form of Facebook Malware that may infect your computer with a virus, post spam on your wall or post spam on your friends’ walls. You know, those silly posts you may see on your friends Facebook feed saying:

“oh s**t, one more really freaky video O_O
IMF boss Dominique Strauss-Kahn Exclusive Rape Video – Black lady under attack!
[LINK]“

Yea, that is a totally bogus message and is basically a scam to get you to click on the LINK. Don’t do it or you may be sorry.

It is all extremely annoying and there is an easy way to keep it from happening again. Cnet, one of my favorite techie places to visit for tips and tutorials like this, did a video on avoiding and removing Facebook malware. Check it out below and be sure to post your experiences below in the comments area.

Popularity: 13%

The Top 5 Facebook Hacks, Attacks and Scams You Need to Know About

facebook-security-hacks-scams-attacksLately myself, along with upwards of over 500 million people, have used Facebook and spent a bit too much time on it attempting to tweak settings so we do not become the next victim of a new Facebook scam. Little did we know, all we had to do was know about the top 5 Facebook hacks, attacks and scams so we could avoid them.

Recently I have noticed that it seems to be an abundance of scam links on Facebook not only from bogus accounts, but from my very own Facebook friends. In looking into some of these scams I have found out that the majority of them are composed of some type of enticing link or one that appears to offer a video of a woman in a bikini. Sure, I don’t mind perusing a nice looking female specimen every once in a while but not at the expense of sharing the same link with every friend I have on Facebook and compromising my personal information. Unfortunately, that is exactly what is happening in one of my top 5 Facebook hacks, attacks and scams that you need to know about.

Facebook is a great place and the only social network that connects so many people from around the world. Facebook over the course of 2 years has done wonders in improving privacy and basically giving the user more settings than the space shuttle. Every Facebook user must, however, learn about some of the most common scams and attacks usually rendered by hackers over the internet. These attacks can range from a simple link to a rogue Facebook application designed to steal personal data.

Here are the Top 5 Facebook Hacks, Attacks and Scams You Need to Know About

#1 Clickjacking: This is a process that has become very popular on Facebook where an enticing, eye-catching, too-good to be true link is posted on someone’s profile asking that you copy and paste it to your web browser or click on it to view. After doing so, the user’s Facebook wall is then populated with the same link which essentially spreads it to all of their Friends luring them to click on the same link. Ultimately, clickjacking could allow a hacker to gain access to a user’s Facebook account.

#2 Fake Questionnaires or Polls: Facebook has recently implemented a polling system that allows users to post a poll full of questions that they choose and share it with their friends. Unfortunatly there has been an onslaught of fake polls and questionnaires circulating Facebook. These fake polls sometimes redirect users to pages outside of Facebook were they can act as a Phishing site designed to steal personal information. Furthermore, these fake polls could lead to malware laden sites that offer quizzes and online games that could prove to be harmful to a PC.

#3 Fake Friend requests: Let’s face it; some people on Facebook do not have much of a life outside of their computer screen. For those who fall into this virtual trap, hackers are seeking them out by sending friend requests for the purpose of extracting data from the Facebook user. If a Facebook user’s privacy settings are set to block non-friends, then by requesting to be a friend will bypass that feature provided the user on the other end accepts the friend request. It is best to only accept friend requests from people that you actually know instead of a stranger.

#4 Fake Facebook Pages Spam: There is an abundance of fake page profiles setup on Facebook that are usually headlined with some type of feature that is not offered by Facebook such as a ‘Dislike button’ feature. These fake pages are usually created by hackers who look to steal personal information from users after they either LIKE the page or choose to ‘attend’ a page’s newly created event. .

#5 Rogue Applications: Fake Facebook apps have been a growing problem since the conception of apps on Facebook. It is already bad enough that Facebook apps have access to obtain personal information from your Facebook profile. Rogue apps takes it a step further by potentially posting bogus links to your wall or even reposting something personal about you. Anytime that a user chooses to use a Facebook app, they have to click Allow when the app requests initial permission to access information about you thus opening it up to pilfer your personal data.

What do you do to avoid Facebook attacks, scam and hacks? Will you continue to use Facebook in knowing that so much ‘bad stuff’ can happen?

The video below on how Facebook beefed up security in response to all of the daily scams circulating the largest social network in the world.

Popularity: 14%

Mobile Device Privacy Debate Heats Up: Apple, Google Summoned to Senate Hearing

By now you have probably seen on the news or a media website reporting that the Apple iPhone can track your location potentially evading your privacy. Lately there has been a big uproar about privacy and the US Department of Justice, Federal Trade Commission and others are now having a conversation about all of the hoopla involving iPhones and other mobile devices and their ability to track locations without the user knowing about it.

Senator Al Franken has summoned Apple and Google to participate in an upcoming hearing with the Judiciary Subcommittee to talk about privacy, mainly Mobile device privacy.

iphone-privacy

“Recent advances in mobile technology have allowed Americans to stay connected like never before and put an astonishing number of resources at our fingertips,” Franken said in a statement. “But the same technology that has given us smartphones, tablets, and cell phones has also allowed these devices to gather extremely sensitive information about users, including detailed records of their daily movements and location. This hearing is the first step in making certain that federal laws protecting consumers’ privacy-particularly when it comes to mobile devices-keep pace with advances in technology.”

Sure the media has attempted to make a mountain out of a mole hill in talking about how the iPhone purportedly records your location and it can be retrieved in some form or fashion. What Apple may be claiming is that data is only accessible by the iPhone user but we all know if there is a way hackers will find it.

So far, Google nor Apple have admitted to being summoned by Franken to go over these ‘Privacy issues’.

What do you think about iPhone and other mobile device privacy? Is it a major issue? Should they address it NOW instead of later when several lawsuits are smacking Apple in the face?

Popularity: 14%

How I Was Able to Detect and Remove Antivirus .NET From My Malware Infected PC

antivirus-dot-net-rogueI recently encountered an application called ‘Antivirus .NET’. At first thought I was sure Antivirus .NET was some website message that came from the domain ‘antivirus.net’ but I was completely wrong. Antivirus .NET was nothing other than a fake antivirus program. I found out it was fake from the various program notification messages that it kept displaying. These messages were not going to back-down until I took some action.

Unfortunately, the actions that the Antivirus. NET program wanted me to take were to spend over $60 for a program that offered services that I knew I do not need. How did I know that I do not need Antivirus .NET? Because I have Avast installed on my system and it does all of the anti-virus protection that I need. Furthermore, Avast had detected 2 malicious sites and one virus in the past 3 months for me saving my butt from either loosing personal data or keeping my system from crashing. Who knows what these malware parasites are capable of.

What did I do after discovering I had Antivirus .NET installed on my PC?

I attempted to have Avast scan my system to detect the parasite but for reasons unknown, it did not find it. After that, I started to do a few Google searches on Antivirus .NET and found out for certain it was what some security expert sites call a ‘Rogue Anti-Spyware’ program. These are fake security applications created with the purpose of extorting money as one site explained. Of course it was. Antivirus .NET had me feeling like I needed to just purchase it just to stop the aggravating popups. Has this ever happened to you?

How did I finally remove Antivirus .NET?

This is where things got a little dicey. I attempted to manually remove Antivirus .NET by booting my system into safe mode (pressing F8 at boot sequence) and then located each individual Antivirus .NET file and registry entry. Little did I know there was some additional related registry entries located in my Windows system registry that somehow brought Antivirus .NET back to life upon rebooting my system. I was at wits end in trying to remove this garbage. So I decided to try out the malwarebytes application, suggested by bleepingcomputer, which seemed to have detected some other malware, mainly trojan horse parasites, on my system and removed it with no problem but I was still plagued by Antivirus .NET after my 3rd restart of my PC. I later found another application from enigmasoftware which seemed to have detected Antivirus .NET on the first scan. So I bit the bullet and purchased their software and it simply removed Antivirus .NET from my system only while in safe mode. After the next reboot, Antivirus .NET did not reappear. I could have taken extra steps to finish the manual removal process but why should I if someone else can do it for me? I guess I am just that lazy.

After this experience I have decided to no longer allow my little brother to utilize my computer for his “extra-curricular activities” of searching for adult entertainment. In other words, he somehow encountered malware on adult sites that may have installed Antivirus .NET on my system among other malware parasites.

Popularity: 6%

How To Identify and Avoid Spam Email

spam-emailsJust about every computer user who uses email has received some type of spam email in their past but usually at one time failed to identify or avoid it.

Spam is a type of email that computer users consider to be junk email that usually contains unsolicited information and/or advertisements. Some spam may be harmful to a computer due to a malicious attachment or link included in the email. Spammers are known to send out spam messages in bulk to several different recipients all at once. Many spam filters are able to catch these messages and either delete them or send them to a spam queue depending on the settings that the user specifies.

In identifying spam messages, computer users are now accustomed to looking for those messages that solicit items such as Viagra pills, pharmaceutical drugs and even emails that claim they have won something. Because about 78% of emails sent are considered to be spam, it can be difficult to tell what a legitimate email is and what a spam message is. Sometimes, to identify other types of spam messages, you must run through a checklist.

An email message is probably spam if it meets the circumstances below.

  • The email sender keeps asking for personal information from you.
  • The email is from someone you do not know.
  • The email asks for banking account information or online passwords.
  • The email asks you to send money to a person, account or organization.
  • The email includes a .zip attachment with executable files.
  • The email offers to send copies of certified documents to prove a claim.
  • The email asks you TO verify your name, address or other personal data that should otherwise already be on file.

Spam can be avoided if you practice the following actions:

  • Never download suspicious attachments included in an email MESSAGE from someone you do not know.
  • Always preview email messages before opening them up completely.
  • Use anti-virus, anti-spyware and spam prevention software at all times while keeping the applications up to date.
  • Never forward chain emails or trust them.
  • Never reveal personal information on an email reply to someone you do not know.
  • Try to view messages in ‘plain text’ instead of HTML.

What do you practice on your computer to avoid spam email messages?

Popularity: 7%