Information Security News
by Jonathan M. Gitlin
Several weeks ago, New York Times columnist Nick Bilton wrote about his car being broken into in front of him. After speaking with security researchers, Bilton arrived at the theory that his car was snatched with the help of a signal repeater that boosted the range of the keyless entry fob. That seemed like a reasonable explanation to us; we reported on a spate of car burglaries in southern California in 2013, arriving at a similar conclusion. In both cases, the work of a Swiss-based security expert named Boris Danev was central to pointing the finger at signal repeaters. This week, Bozi Tatarevic at The Truth About Cars wrote up his attempt to test this potential exploit in quite some detail.
Danev's 2010 paper "Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars" demonstrated the vulnerability of keyless entry fobs to signal amplification, but doing so required a lab bench full of equipment, and an AC power supply. Tatarevic was unable use Danev's approach to create a low-cost cordless signal amplifier and instead concludes that the burglaries were more likely the result of a brute force attack against the rolling codes that some manufacturers use for their unlocking signals.
Tatarevic bases this on the work of Silvio Cesare, another security researcher who demonstrated such an attack at last year's Black Hat conference. That attack involved using a laptop and a software-defined radio (SDR) to send the car code after code until the right one unlocked the doors, something that could take up to two hours. That could fit with the facts; in each burglary, the cars had been parked for some time. This trick would also only unlock the car, unlike amplifying the signal of a keyless entry system, which would allow the car to be started, if only once.
Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don't use it at all.
The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the Match.com dating service, the Safeway supermarket chain, and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users' handsets.
AppBugs CEO Rui Wang told Ars that the Match.com app uses unencrypted hypertext transfer text protocol when sending user passwords, making it trivial for people in a position to monitor the traffic—such as someone on the same Wi-Fi network—to read the credentials. Other apps, such as NBA Game Time and those from Safeway and PizzaHut use HTTPS encryption but don't implement it correctly. As a result, a man-in-the-middle attacker can use a self-signed or otherwise fraudulent digital certificate to read the login data.
Infosec 2015: Has GCHQ lost the cyber security plot?
Infosecurity 2015 has been a great place to be if you care about IT security either from the vendor or enterprise perspective. The biggest event of its type in Europe, you would have expected a big-hitter to open things and that's what you got in the ...