SSL and internet security news

theft

Auto Added by WPeMatico

Ethereum Hacks

The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they’re not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency — in this case, digital wallets.

This is the second Ethereum hack this week. The first tricked people in sending their Ethereum to another address.

This is my concern about digital cash. The cryptography can be bulletproof, but the computer security will always be an issue.

Powered by WPeMatico

Clever Physical ATM Attack

This is an interesting combination of computer and physical attack:

Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a $15 homemade gadget that injects malicious commands to trigger the machine’s cash dispenser. And though they won’t name the ATM manufacturer or the banks affected, they warn that thieves have already used the drill attack across Russia and Europe, and that the technique could still leave ATMs around the world vulnerable to having their cash safes disemboweled in a matter of minutes.

“We wanted to know: To what extent can you control the internals of the ATM with one drilled hole and one connected wire? It turns out we can do anything with it,” says Kaspersky researcher Igor Soumenkov, who presented the research at the company’s annual Kaspersky Analyst Summit. “The dispenser will obey and dispense money, and it can all be done with a very simple microcomputer.”

Powered by WPeMatico

Apple Patents Collecting Biometric Information Based on Unauthorized Device Use

Apple received a patent earlier this year on collecting biometric information of an unauthorized device user. The obvious application is taking a copy of the fingerprint and photo of someone using as stolen smartphone.

Note that I have no opinion on whether this is a patentable idea or the patent is valid.

Powered by WPeMatico

Hackers Stealing Cars

We’re seeing car thefts in the wild accomplished through hacking:

Houston police have arrested two men for a string of high-tech thefts of trucks and SUVs in the Houston area. The Houston Chronicle reports that Michael Armando Arce and Jesse Irvin Zelaya were charged on August 4th, and are believed to be responsible for more than 100 auto thefts. Police said Arce and Zelaya were shuttling the stolen vehicles across the Mexican border.

[…]

The July video shows the thief connecting a laptop to the Jeep before driving away in it. A Fiat-Chrysler spokesman told ABC News that the thieves used software intended to be used by dealers and locksmiths to reprogram the vehicle’s keyless entry and ignition system.

Powered by WPeMatico