A safe with an exposed USB port? That’s really asking for trouble. The safe in question is a “secure” digital safe. Unfortunately it appears to be running Windows XP, an OS that’s no longer supported. Even if it’s supported I doubt anyone will connect the safe to the Internet to receive Windows Update. 😉 The problem however, appears not with Windows XP, but with the USB port. That’s as good as giving someone keyboard/mouse access to the console.
Android users please take note. This time you don’t even have to download anything or visit any malware website to get hit by malware. A truly scary prospect if someone exploits it nefariously. According to another report cited, 99% of mobile malware targets Android. The lack of a controlled OS patching process is probably why attackers target Android. In contrast, majority of iOS users upgrade to the latest version within weeks of release.
Singapore’s connection to the Hacking Team – it’s well known that HT has a Singapore presence. The local market appears to be quite receptive of them. In one of the leaks, it was revealed that they also tried to recruit local researchers to develop 0-day for them.
In April of 2014, Hacking Team attended the SyScan conference in Singapore with the intention of recruiting new exploit developers.
They succeeded in making contact with several researchers interested in working with them, including Eugene Ching.
Interestingly, Eugene’s responsibility with the Singaporean Army, presumably for his mandatory service, is to test and fix 0day exploits that they purchase.
Read more details here.
Another grim reminder of the problems brought about by digitization and so-called IoT – basically connecting everything to the Internet. In this case, hackers were able to remotely control a vehicle driving on real roads. Fortunately in this case it was a controlled exploit. Think of what cybercriminals can do if (or rather when) they take hold of critical infrastructures.
Update (2015-07-21): Chrysler has earlier asked owners to update their software.
Update (2015-07-24): Chrysler is now forced to take a more proactive step to recall millions of vehicles to fix this.
Update (2015-08-14): Black Hat USA 2015: The full story of how that Jeep was hacked
Infamous company Hacking Team was hacked.