keep moving

A safe with an exposed USB port? That’s really asking for trouble. The safe in question is a “secure” digital safe. Unfortunately it appears to be running Windows XP, an OS that’s no longer supported. Even if it’s supported I doubt anyone will connect the safe to the Internet to receive Windows Update. 😉 The problem however, appears not with Windows XP, but with the USB port. That’s as good as giving someone keyboard/mouse access to the console.

Gone in 60 seconds. Security researchers will demonstrate at an Aug. 8 DefCon presentation how they can crack a modern Brink’s safe in just a minute.

Source: DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds

Android users please take note. This time you don’t even have to download anything or visit any malware website to get hit by malware. A truly scary prospect if someone exploits it nefariously. According to another report cited, 99% of mobile malware targets Android. The lack of a controlled OS patching process is probably why attackers target Android. In contrast, majority of iOS users upgrade to the latest version within weeks of release.

A security gap on the most popular smartphone operating system was discovered by security experts in a lab and is so far not widely exploited. It would let malicious code take over a phone instantly.

Source: Major Flaw In Android Phones Would Let Hackers In With Just A Text : All Tech Considered : NPR

Another grim reminder of the problems brought about by digitization and so-called IoT – basically connecting everything to the Internet. In this case, hackers were able to remotely control a vehicle driving on real roads. Fortunately in this case it was a controlled exploit. Think of what cybercriminals can do if (or rather when) they take hold of critical infrastructures.

I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Source: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Update (2015-07-21): Chrysler has earlier asked owners to update their software.

Update (2015-07-24): Chrysler is now forced to take a more proactive step to recall millions of vehicles to fix this.

Update (2015-08-14): Black Hat USA 2015: The full story of how that Jeep was hacked

Infamous company Hacking Team was hacked.

Hacking Team hacked, attackers claim 400GB in dumped data | CSO Online.

Ok this is not as bad as Superfish, but it’s bad enough. Samsung is disabling Windows Update so that it doesn’t have to deal with driver update issues.

When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.

via Debugging and reverse engineering: Samsung deliberately disabling Windows Update.

iOS and OS X attacks are likely to get more frequent as the platform becomes a valuable attack target, just like Windows in the past.

via Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X • The Register.