This $5 Device Can Hack Your Locked Computer In One Minute. From Motherboard.
Next time you go out for lunch and leave your computer unattended at the office, be careful. A new tool makes it almost trivial for criminals to log onto websites as if they were you, and get access to your network router, allowing them to launch other types of attacks.
Hackers and security researchers have long found ways to hack into computers left alone. But the new $5 tool called PoisonTap, created by the well-known hacker and developer Samy Kamkar, can even break into password-protected computers, as long as there’s a browser open in the background.Kamkar explained how it works in a blog post published on Wednesday.
- Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, and PINs. From Beeling Computer.
The way users move fingers across a phone’s touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.
This type of attack, nicknamed WindTalker, is only possible when the attacker controls a rogue WiFi access point to collect WiFi signal disturbances.
Control over the WiFi access point is also imperial since the attacker must also know when to collect WiFi signals from the victim, in order to capture the exact moment when the target enters a PIN or password.
Researchers hack Philips Hue smart bulbs from the sky. From PC World.
Security researchers in Canada and Israel have discovered a way to take over the Internet of Things (IoT) from the sky.
Okay, that’s a little dramatic, but the researchers were able to take control of some Philips Hue lights using a drone. Based on an exploit for the ZigBee Light Link Touchlink system, white hat hackers were able to remotely control the Hue lights via drone and cause them to blink S-O-S in Morse code.
- Your home’s online gadgets could be hacked by ultrasound. From New Scientist. This may have happened to you. You idly browse a pair of shoes online one morning, and for the rest of the week, those shoes follow you across the Internet, appearing in adverts across the websites you visit.
But what if those ads could pop out of your browser and hound you across different devices? This is the power of ultrasound technology, says Vasilios Mavroudis at University College London – and it offers a whole new way in for hacking attacks and privacy invasions. He and his colleagues will spell out their concerns at next week’s Black Hat cybersecurity conference in London.
American vigilante hacker sends Russia a warning. From KSAT.
An American vigilante hacker — who calls himself “The Jester” — has defaced the website of the Russian Ministry of Foreign Affairs in retaliation for attacks on American targets.
On Friday night, the Jester gained access to the Russian government ministry’s website. And he left a message: Stop attacking Americans.
“Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message,” he wrote. “Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed.”
- Apple Watch Banned From Cabinet Meetings Over Spy Fears. From TechWeek Europe. Ministers have been forbidden to wear the Apple Watch during cabinet meetings due to the risk they could be hacked by Russian agents, according to a report.
Prime minister Theresa May imposed the new rules following several high-profile hacks that have been blamed on Russia, according to The Telegraph, which cited unnamed sources.
Cybercriminals’ Superior Business Savvy Keeps Them Ahead. From Dark Reading. Rick Holland of Digital Shadows visits the Dark Reading News Desk at Black Hat to explain how the attackers’ superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
- Volkswagen partners with former Israel’s Shin Bet intelligence agency chief on cybersecurity. From Jerusalem Online. Israel has emerged as a leader in the race to keep cars secure and prevent hacking your vehicle. International groups including Volkswagen, Harman International Industries and IBM have already bought local companies or invested in research centers.
Today, Volkswagen announced a joint new automotive cyber security venture, with the former head of Israel’s Shin Bet intelligence agency Yuval Diskin. “To develop cybersecurity systems for Internet-connected cars and self-driving vehicles,” the partners said in a statement Wednesday.
“To enable us to tackle the enormous challenges of the next decade, we need to expand our know-how in cybersecurity in order to systematically advance vehicle cybersecurity for our customers,” said Volkmar Tanneberger, head of electrical and electronic development at Volkswagen.
- Alibaba fires employees for hacking their way to free mooncakes. From ArsTechnica.
Alibaba offered its employees one free mooncake each—complete with a plush Alibaba mascot hidden inside, rather than the traditional duck yolk. Additional cakes were sold at cost to employees for friends and family through an internal e-commerce page. The four employees—software engineers at the company—were able to surreptitiously insert additional software into the website, directing extra mooncakes to themselves. Alibaba’s internal security team detected the hack and found that the four were “cheating using technology” to amass 124 boxes of the cakes (with four cakes per box). All four employees were dismissed.
One alleged cake hacker confessed on the question-and-answer site Zhihu (a Chinese equivalent of Quora). He claimed he had been unable to buy a cake through the internal website and created his own “plug-in” to hack for cakes after he discovered others were doing the same. The individual claimed that while he shifted his attention to other tasks, the hack he had created ordered 16 boxes of free cakes. Within two hours, he claimed, he was caught by corporate security and was asked to leave.
A Teenage Hacker Figured Out How to Get Free Data on His Phone. From Motherboard.
Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that Teens do online these days without alerting his parents with overage fees.
Memes? Mixtapes? Googling if you can get sick from too much peppermint liqueur? Hell if I know, but Ajit can apparently do it all now, for free. “Honestly, I just investigated this out of curiosity, and to learn a bit about how these networks are configured,” Ajit wrote me when I reached him over email. “T-Mobile will likely fix this soon, but I wanted to share my findings with the community in the meantime.”