spoofing – SSL and internet security news

Successful Hack of Time-Triggered Ethernet

November 18, 2022 infossl

cyberattack, embedded systems, hardware, Security technology, spoofing, Uncategorized

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it: On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single … Read More “Successful Hack of Time-Triggered Ethernet” »

Another Attack Against Driverless Cars

July 31, 2019 infossl

academicpapers, cars, drones, internetofthings, Security technology, spoofing

In this piece of research, attackers successfully attack a driverless car system — Renault Captur’s “Level 0” autopilot (Level 0 systems advise human drivers but do not directly operate cars) — by following them with drones that project images of fake road signs in 100ms bursts. The time is too short for human perception, but … Read More “Another Attack Against Driverless Cars” »

Digital Signatures in PDFs Are Broken

March 6, 2019 infossl

academicpapers, Security technology, signatures, spoofing, vulnerabilities

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article. Powered by WPeMatico

Security Vulnerability in Internet-Connected Construction Cranes

October 29, 2018 infossl

internetofthings, replayattacks, Security technology, spoofing, vulnerabilities

This seems bad: The F25 software was found to contain a capture replay vulnerability — basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. “These devices use fixed codes that are … Read More “Security Vulnerability in Internet-Connected Construction Cranes” »

Detecting Phishing Sites with Machine Learning

August 9, 2018 infossl

certificates, machinelearning, phishing, Security technology, spoofing

Really interesting article: A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io, that allow humans to specifically search through the massive pile of certificate log entries for sites that spoof certain brands or functions common … Read More “Detecting Phishing Sites with Machine Learning” »

Fooling Face Recognition with Infrared Light

March 27, 2018 infossl

academicpapers, biometrics, facerecognition, Security technology, spoofing

Yet another development in the arms race between facial recognition systems and facial-recognition-system foolers. BoingBoing post. Powered by WPeMatico

Impersonating iOS Password Prompts

October 12, 2017 infossl

apple, impersonation, ios, passwords, Security technology, socialengineering, spoofing, vulnerabilities

This is an interesting security vulnerability: because it is so easy to impersonate iOS password prompts, a malicious app can steal your password just by asking. Why does this work? iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps … Read More “Impersonating iOS Password Prompts” »

GPS Spoofing Attacks

September 25, 2017 infossl

gps, russia, Security technology, spoofing, transportation

Wired has a story about a possible GPS spoofing attack by Russia: After trawling through AIS data from recent years, evidence of spoofing becomes clear. Goward says GPS data has placed ships at three different airports and there have been other interesting anomalies. “We would find very large oil tankers who could travel at the … Read More “GPS Spoofing Attacks” »

Gaming Google News

June 16, 2017 infossl

google, Security technology, spam, spoofing

Turns out that it’s surprisingly easy to game: It appears that news sites deemed legitimate by Google News are being modified by third parties. These sites are then exploited to redirect to the spam content. It appears that the compromised sites are examining the referrer and redirecting visitors coming from Google News. Powered by WPeMatico

Acoustic Attack Against Accelerometers

April 4, 2017 infossl

academicpapers, internetofthings, Security technology, sensors, spoofing

Interesting acoustic attack against the MEMS accelerometers in devices like FitBits. Millions of accelerometers reside inside smartphones, automobiles, medical devices, anti-theft devices, drones, IoT devices, and many other industrial and consumer applications. Our work investigates how analog acoustic injection attacks can damage the digital integrity of the capacitive MEMS accelerometer. Spoofing such sensors with intentional … Read More “Acoustic Attack Against Accelerometers” »