Monthly Archives: July 2015

DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds

A safe with an exposed USB port? That’s really asking for trouble. The safe in question is a “secure” digital safe. Unfortunately it appears to be running Windows XP, an OS that’s no longer supported. Even if it’s supported I doubt anyone will connect the safe to the Internet to receive Windows Update. 😉 The problem however, appears not with Windows XP, but with the USB port. That’s as good as giving someone keyboard/mouse access to the console.

Gone in 60 seconds. Security researchers will demonstrate at an Aug. 8 DefCon presentation how they can crack a modern Brink’s safe in just a minute.

Source: DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds

Major Flaw In Android Phones Would Let Hackers In With Just A Text : All Tech Considered : NPR

Android users please take note. This time you don’t even have to download anything or visit any malware website to get hit by malware. A truly scary prospect if someone exploits it nefariously. According to another report cited, 99% of mobile malware targets Android. The lack of a controlled OS patching process is probably why attackers target Android. In contrast, majority of iOS users upgrade to the latest version within weeks of release.

A security gap on the most popular smartphone operating system was discovered by security experts in a lab and is so far not widely exploited. It would let malicious code take over a phone instantly.

Source: Major Flaw In Android Phones Would Let Hackers In With Just A Text : All Tech Considered : NPR

Hacking Team: a zero-day market case study

Singapore’s connection to the Hacking Team – it’s well known that HT has a Singapore presence. The local market appears to be quite receptive of them. In one of the leaks, it was revealed that they also tried to recruit local researchers to develop 0-day for them.

In April of 2014, Hacking Team attended the SyScan conference in Singapore with the intention of recruiting new exploit developers.

They succeeded in making contact with several researchers interested in working with them, including Eugene Ching.

Interestingly, Eugene’s responsibility with the Singaporean Army, presumably for his mandatory service, is to test and fix 0day exploits that they purchase.

Read more details here.

Hackers Remotely Kill a Jeep on the Highway

Another grim reminder of the problems brought about by digitization and so-called IoT – basically connecting everything to the Internet. In this case, hackers were able to remotely control a vehicle driving on real roads. Fortunately in this case it was a controlled exploit. Think of what cybercriminals can do if (or rather when) they take hold of critical infrastructures.

I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Source: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Update (2015-07-21): Chrysler has earlier asked owners to update their software.

Update (2015-07-24): Chrysler is now forced to take a more proactive step to recall millions of vehicles to fix this.

Update (2015-08-14): Black Hat USA 2015: The full story of how that Jeep was hacked