Modifying a Tesla to Become a Surveillance Platform

From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car’s built-in cameras­ — the same dash and rearview cameras providing a 360-degree view used for Tesla’s Autopilot and Sentry features­ — into a system…

August 22, 2019
Read More >>

Google Finds 20-Year-Old Microsoft Windows Vulnerability

There’s no indication that this vulnerability was ever used in the wild, but the code it was discovered in — Microsoft’s Text Services Framework — has been around since Windows XP. Tags: Google, Microsoft, vulnerabilities, Windows Posted on August 21, 2019 at 6:46 AM • 0 Comments Source: https://www.schneier.com

August 21, 2019
Read More >>

Influence Operations Kill Chain

Influence Operations Kill Chain Influence operations are elusive to define. The Rand Corp.’s definition is as good as any: “the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent.” Basically, we know it when we see it, from bots controlled by the Russian Internet Research Agency to Saudi attempts to plant fake stories and manipulate political…

August 19, 2019
Read More >>

Friday Squid Blogging: Robot Squid Propulsion

Interesting research: The squid robot is powered primarily by compressed air, which it stores in a cylinder in its nose (do squids have noses?). The fins and arms are controlled by pneumatic actuators. When the robot wants to move through the water, it opens a value to release a modest amount of compressed air; releasing the air all at once generates enough thrust to fire the robot squid completely out…

August 17, 2019
Read More >>

Software Vulnerabilities in the Boeing 787

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System. The CIS/MS is responsible for applications like maintenance systems and the so-called…

August 16, 2019
Read More >>

Bypassing Apple FaceID’s Liveness Detection Feature

Apple’s FaceID has a liveness detection feature, which prevents someone from unlocking a victim’s phone by putting it in front of his face while he’s sleeping. That feature has been hacked: Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim’s FaceID and log into their phone simply by putting a pair of modified glasses on their face. By merely placing tape…

August 15, 2019
Read More >>

Side-Channel Attack against Electronic Locks

Blog > Side-Channel Attack against Electronic Locks Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring. Tags: hacking, locks, side-channel attacks, vulnerabilities Posted on August 14, 2019 at 12:36 PM • 0 Comments Comments Subscribe to comments on this entry Sidebar photo of Bruce Schneier by Joe MacInnis. Source: https://www.schneier.com

August 14, 2019
Read More >>

Attorney General Barr and Encryption

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access. But, in the world of cybersecurity, we do not deal…

August 14, 2019
Read More >>

Phone Pharming for Ad Fraud

Interesting article on people using banks of smartphones to commit ad fraud for profit. No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high — here’s an article that places losses between $6.5 and $19 billion annually — and something companies like Google and Facebook would prefer remain unresearched. Tags: Facebook, fraud, Google, smartphones Posted on August 6, 2019 at 6:20 AM •…

August 14, 2019
Read More >>

Exploiting GDPR to Get Private Information

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance. “Generally if it was an…

August 13, 2019
Read More >>