Category Archives: Panda Security

Panda Security

Panda Security

What you need to know to avoid becoming a victim of Cryptolocker

While happily working on your computer getting stuff done, little do you suspect that in the background, your important files are being subjected to a military-grade encryption to which you don’t have the key.

Suddenly, a Cryptolocker alert appears on the screen—you have only days to pay the ransom or lose all your encrypted files forever. A countdown is already ticking on your screen.

cryptolocker

Nothing New Just A Little Better

An updated and more virulent on-line version of a very old crime – taking something you really care about or need hostage, and extorting money to get it back.

Ransomware is the term for any malicious software which restricts access to users’ devices by locking access or encrypting their important files.

Compared to its predecessors CryptoLocker employs advanced techniques as the first ransomware to request payment through Bitcoins and making use of effectively unbreakable encryption methods to reignite this aggressive sector of the cybercrime landscape and using an affiliate model to spread more rapidly than any of its contemporaries.

Growth in Ransomware & techniques

Security reports highlight the continuing increase in malware with over 230,000 new samples detected every day, and a 6-fold growth in ransomware in H1 2015 compared to last year.

The successful growth is down to the continuing release of new variants for evading security software, emails, and an “affiliate” program that offers accomplices a percentage of ransom payments in return for flooding cyberspace with higher-quality phishing messages.

How Cryptolocker works

CryptoLocker is generally spread through visits to infected websites, social media or phishing emails using social engineering techniques.

So the victim may receive an email purporting to be from a logistics company or your bank. With a password-protected ZIP file containing either a double-extension file such as *.pdf.exe, making it look innocuous or more recently a resurgence in macro-enabled Word documents.

As soon as the user runs the file it encrypts valuable files using an asymmetric encryption algorithm that only the cyber-criminal can provide the unlock key for. All files on local and network drives are vulnerable.

When Cryptolocker has finished encrypting files it will then display the ransom message to the user with details of how to pay and a countdown timer.

Cryptolocker is far worse in a corporate environment as single infected computer will also encrypt files on the file server. Even worse, some organizations use a file-server drive as a shared backup drive for multiple users, meaning that all online backup files could be encrypted too.

You’d think it would be simple to track down the criminals given that they’re taking a ransom, but it’s not that simple. Since CryptoLocker demands payment through wire transfer, premium rate text messages, and Bitcoins, it’s much more difficult to follow the money.

The ransomware business has proven to be profitable returning millions in revenue. So much that there are even specialist variants such as TeslaCrypt which locks and acts like CryptoLocker but focuses on encrypting file types associated with video games and music elated software.

An ounce of prevention is worth a pound of cure

The threat of ransomware and data loss can be reduced by following these simple steps:

  1. Update – Windows and other applications such as Chrome, Firefox, Flash Player and the Adobe Reader and even WinRAR are known gateways for malware threats. By keeping them up to date the threat opportunity is reduced.
  2. Backup – Make backup copies: Make regular backups of all your important files – from your photos to your tax documents.

Backup options are now more cost effective than ever with one-press backup boxes for consumers, various solutions for businesses and cloud-solutions for all. This will not only mitigate damage caused by malware infections, but also hardware failures and other incidents as well.

  1. Secure – For consumers a reputable security solution with antivirus and firewall plus additional layers on top such as; Antiexploit, Application Control to stop your files being encrypted and Process Monitor to increase visibility of unknown applications is required.

Businesses provide a higher profile target for Ransomware so in addition to Endpoint Protection, they should also be considering Endpoint Detection & Response solution such as Adaptive Defense 360 which ensures 100% application trustability.

cryptolocker protection

  1. Be Safe – Despite being around for several years many people are not aware of Ransomware, make sure people know about the virus before they get infected.

Educate users on safe behaviour such as being particularly wary of emails from senders you don’t know, especially those with attached files, and websites which require you to download an add-on to view information or a video.

Be careful where you click. Not all websites are safe and some hide nasty surprises. If your browser says that something’s not right, then pay attention to its warning.

Data lost, what should you do?

It is not recommended to give in to this type of extortion, it will simply encourage these criminals and other to continue developing these Trojans and techniques.

The post What you need to know to avoid becoming a victim of Cryptolocker appeared first on MediaCenter Panda Security.

Panda Security

2015, the year of Cryptolocker

malware

At the end of 2013 the first signs of what would eventually become one of the most lucrative attacks for cybercriminals were spotted. Cryptolocker is the name of the most popular family of ransomware, which has ended up being used as the name for all threats of this type.

The threat always works on the same, simple premise: it encodes documents and demands a ransom in order for them to be returned.

They usually geo-locate the IP of the victim to show the message containing instructions on how to pay the ransom, which is always displayed in the language of the corresponding country. The payments have to be done using Bitcoin and all contact with the cybercriminal is carried out via Tor, which helps the attackers to remain at large from the authorities.

These attacks became more and more popular throughout the course of 2014, starting out with isolated attacks on individuals before turning their focus towards corporations, which turned out to be far more rewarding – the stolen information had a higher value and the ransom (usually around €300) was spare change to the majority of businesses.

In 2015 we have seen how they have fine-tuned the attacks to try and overcome any defenses that were put in their way:

  • They no longer commit errors when encoding files. These mistakes allowed security companies to create tools to recover documents without paying the ransom.
  • New families of threats have appeared – more groups of cybercriminals are using Cryptolocker, which has become the most popular type of threat at the moment.
  • All of them use Bitcoin as a payment method, meaning they can’t be traced.
  • They have focused on two paths of distribution:
    • Via Exploit Kits
    • By email with a compressed attachment
  • They are creating new forms of attack, and we have seen them start to use PowerShell scrips, which come by default with Windows 10.
  • In terms of mobile devices, although we have seen some attacks (such as that which changed the access codes to the device), they are still the exception to the rule.

How to protect against Cryptolocker

As regards protecting ourselves, we must remember that Cryptolocker has different “needs” when compared to a traditional malware – it isn’t persistent (once the documents are encoded, it doesn’t need to remain on the system and, in fact, some variations delete themselves), and it doesn’t care if it is detected by an antivirus (all that matters is that it can launch its attack before being detected, any time after that makes no difference).

Traditional forms of detection are now rather useless, as before launching an attack it will check that these technologies can’t detect the sample, and it will change itself in order to evade them if this isn’t the case. Behavioral analysis isn’t capable of detecting what it does in the majority of cases, as it usually installs itself in the processing systems to encode the files from there, making it look like a normal operation.

Only a system that monitors everything that is running on the computer, such as Adaptive Defense 360, can be an effective method of stopping these attacks on time, before they put our documents at risk.

INTERACTIVE DEMO ADAPTIVE DEFENSE 360

The post 2015, the year of Cryptolocker appeared first on MediaCenter Panda Security.

Panda Security

Beware of the hackers hiding behind fake LinkedIn profiles

linkedin

There has been news lately highlighting a trend in hackers using LinkedIn, the popular social media platform for professionals looking to connect with like-minded individuals, to dupe unwitting victims. This includes the creation of fake profiles with the aim of stealing personal information. The fake profiles pose as recruiters and quickly begin to add contacts in the field of their chosen victim. Once they have what appears to be a reputable profile, they then add their victim as a contact having gained their trust as they usually have lots of common contacts in the related sector.

The text that is used for the fake profiles is usually copy and pasted directly from other sources, usually genuine profiles. The accompanying profile photo, which is generally of a woman, is also taken from other professional profiles or, in some cases, a stock photo. It is also revealed that they use keywords such as “reservoir engineer”, “exploration manager” and “cargo securement training” which are likely to help them to attract visibility through the site’s built-in search engine. The majority of the terms relate to the logistics, information security and oil and gas industries.

Boasting over 400 million users worldwide, LinkedIn is seen as a way for professionals to create circles of similar workers in their sector with the aim of using the platform as a form of self-promotion, doing away with the traditional methods of job hunting. It has also become a valuable tool for businesses, who are able to head hunt top talent as well as posting content relating to their company.

In response to the fears of its many users, LinkedIn said: “We investigate suspected violations of our Terms of Service, including the creation of false profiles, and take immediate action when violations are uncovered. We have a number of measures in place to confirm authenticity of profiles and remove those that are fake. We encourage members to utilize our Help Center to report inaccurate profiles and specific profile content to LinkedIn.”

Some advice for users who may be concerned that they are at risk include doing a reverse image search by dragging and dropping the profile picture into Google Images and seeing what it brings up. You can also copy and paste the job information in Google to reveal whether it has been taken from somewhere else.

Seeing as this isn’t the first time that there have been concerns over fake profiles and spamming on LinkedIn, it might be worth your while to do a quick bit of research before you accept a new contact. As always, it pays to be careful with information that you share online as it can save you many potential problems in the future.

The post Beware of the hackers hiding behind fake LinkedIn profiles appeared first on MediaCenter Panda Security.

Panda Security

Worry for Samsung Galaxy users as calls could be intercepted

samsung

Whenever we talk over the phone we tend to give away lots of information about ourselves without even thinking about it. Whether it’s where we are or where we’re going to, confidential details about our professional life, or just daily complaints and events, we do so thinking that what we say is only going to be heard by the other person on the line. Sometimes we even reveal information relating to banking details, such as the account number and our date of birth, if we have to make a call to our bank.

As we like to keep a tab on our personal privacy, it’s normal for us to go to an empty room to continue a conversation or to even use a lower tone of voice so as to avoid being overheard. However, these measures might not mean an awful lot if you happen to use a Samsung Galaxy.

According to a demonstration by Daniel Komaromy and Nico Golde, two IT experts, at the recent Mobile Pwn2Own conference in Tokyo, it is possible to intercept calls made on Galaxy S6, S6 Edge, and Note 4 models.

samsung button

The investigators used the baseband chip of the devices to carry out the attack, as the chip is used to complete all radio communications. To access it, the pair used a “man-in-the-middle” attack – a classic technique that allows a cybercriminal to read and intercept a victim’s messages without them knowing a thing.

In this case, they managed to intercept voice calls by connecting these two devices with a false station, making the smartphones near to it think that it was actually a legitimate communication tower.

Once connected, these security experts were able to communicate remotely with the baseband processor without alerting the user. From that moment on they were free to intercept, listen, and even record phone calls. With a simple method, these two investigators managed to spy on these devices.

So, does this mean that any cybercriminal might be able to easily control your Galaxy device and listen to everything that I share in confidence? Komaromy and Golde have highlighted that the system that they have presented is just an example – the idea would be to later redirect the calls to a proxy to carry out the real attack and allow for the call to reach its true destination.

What’s more, these experts haven’t divulged all of the details of their experiment and have informed Samsung of their findings, so that the company can quickly find a way to clear up this vulnerability before it’s too late.

smatphones

Unfortunately, this is only one of many methods that can be used by a cyber attacker to wreak havoc. As we’ve already told you, some cybercriminals have already developed programs that activate the microphone on our smartphones so as to spy on us.

A group of investigators from the University of Stanford even developed Gyrophone, an application that used the gyroscope to capture sound vibrations created by a human voice to spy on calls.

Although we’re not going to tell you to stop using your phone for calling, we would recommend that you try to avoid giving out details relating to your bank account or access codes for your smartphone or computer while on the phone.

This piece of advice is particularly important if your job requires a high degree of privacy. Worrying about whether your smartphone is safe enough to not be targeted by cybercriminals is another thing to keep in mind, as you never know if one of them is interested in listening in on your conversations.

The post Worry for Samsung Galaxy users as calls could be intercepted appeared first on MediaCenter Panda Security.

Panda Security

How Christmas lights and other appliances slow down your Wi-Fi

christmas lights

You know the routine: you’re sat at home, trying to relax by watching a series online or by trying to get some work done. However, your Wi-Fi connection that you pay so much for is slow, unreliable, and likely doesn’t reach every part of your home with a signal strength that you’d like.

So, what is the problem? You’ve called the provider and they’ve confirmed that the connection is working as it should be and you have made sure to close unnecessary tabs to ensure you’re not taxing the signal too much. Still, you find yourself having to strategically locate yourself around the house to get the best signal possible.

If this sounds familiar than the problem may be less to do with your router, and more to do with your home and the objects, or barriers, that are in it. Following a study by Ofcom, a UK regulator, which stated that Christmas fairy lights could be behind slower Internet speeds in the home, we’ve laid out a few of the main causes for interference with your Internet connection… and some of them may be surprising to you!

Reasons why your home Wi-Fi signal is slow and how to improve it

1. Household appliances

Microwaves are the worst of the lot, as it’s basically a metal box that when turned on uses high-powered microwaves at around 2.4GHz (the same frequency as Wi-Fi) creating a black hole around it for Wi-Fi signals.

Other culprits include ovens, freezers, fridges, washing machines, dishwashers… you name it. If it’s metal and has liquid-filled pipes in it, it’s going to kill your Wi-Fi signal.

2. Cordless telephones, televisions, speakers

In most cases people have their router placed near the telephone, which is hard to avoid, but they both work off the same frequency and this can prove to be detrimental.

The same goes for televisions, which on their own aren’t bad, but when placed directly near a router have a negative effect on its performance. The same goes for speakers, which are basically just electromagnets.

3. Piping and insulation

These are pretty much unavoidable in the home, but water-filled pipes absorb any signals and insulation pretty much does as its name suggests, and insulates a room from external forces, including Wi-Fi signals.

4. Your neighbor’s router

Depending on how close your router is to someone else’s, there can be a direct effect on its performance. This might prove to be even more problematic if you live in an apartment, as you could be exposed to different signals from all sides. This means that the more interference that there is, the more your router ups its broadcasting, which causes your neighbor’s router to do the same… which just perpetuates the problem.

5. Humans

Yes, you too are a problem! We humans are a fantastic absorber of Wi-Fi, so that’s also something to keep in mind when lamenting the poor performance of your internet connection.

Luckily, there are a few things you can do to try and improve your Wi-Fi, but short of turning your home into a Faraday shield which would also mean no telephone or FM connection, none will guarantee a perfect signal strength.

6. Place your router in the center of your home

A router transmits the signal in all directions, so it makes sense to have it at the center of the home. Unfortunately this isn’t always possible due to the cables that come with it.

7. Check your cables

In general, a shorter and higher quality cable will mean a faster connection speed. Also, it is better to use Ethernet cables from your modem to a separate router than run long phone cables.

8. Invest in a new router

There’s no need to break the bank on a new, fancy router, but some of the newer ones on the market offer a notable boost in signal and speed.

9. Change your Wi-Fi channel

Your router may do this automatically, but if you change your Wi-Fi channel you may find that there is less interference from other routers near to you. Any two channels separated by five or more do not overlap.

As always, we recommend you take precautions to ensure that not only is your Wi-Fi connection working to the best of its abilities, but that your privacy is also secure, so always use a good Wi-Fi protector and monitor to ensure that nobody can access your network.

The post How Christmas lights and other appliances slow down your Wi-Fi appeared first on MediaCenter Panda Security.

Panda Security

Demand grows across the world for cybersecurity experts

people

During the second quarter of 2015 there were 230,000 new malware samples created daily. This is one of the alarming details to emerge from the latest PandaLabs report, the security laboratory of Panda Security, which analyzes cyberattacks carried out during this period. The document also reveals that the threats aren’t just directed at individuals, but also at private businesses.

Some example include Ryanair, which suffered a loss of $5 million, or the online dating site AdultFriendFinder, which saw its users’ sensitive information published online.

Businesses are continually becoming more and more conscious of the danger posed by these attacks, both in economic terms and what it means for their customers. According to a survey carried out by PwC, budgeting for IT security, on a global level, has grown by 24% during the last year.

money

Businesses nowadays can count on a team of experienced and specialized security experts who can help to protect their networks and systems. However, the sheer scale, complexity, and amount of malware that is created by cybercriminals means that, in many cases, IT departments aren’t able to cope with the onslaught.

In the State of Cybersecurity 2015 report, experts from U-Tad analyze the threats that affect businesses, institutions, and individuals. They reflect that, although 37% of companies plan on employing more cybersecurity professionals, 92% of them claim to have problems finding candidates that meet the requirements.

These experts claim that there is a lack of specialized workers in this sector and estimate a shortfall of more than one million people on a global level.

people working

From a business point of view, this information is an opportunity in the cybersecurity market, which will grow from $106 million in 2015 to over $170 million in 2020, according to MarketsandMarkets.

As the U-Tad experts indicate, the sectors most interested in safeguarding their systems against threats are banking, aerospace, and the manufacturing industry. SMEs also need professionals, especially those involved in cloud based storage solutions.

The survey done by U-Tad also reveals another significant statistic – 75% of the organizations surveyed are believed to be exposed to the risked related to the actions of their own employees. Practices such as BYOD (Bring Your Own Device), whose risks we’ve already explained to you, are responsible for this.

In Spain, for example, the National Cybersecurity Institute estimates that there are more than 42,000 professionals working in the IT security sector, and that the demand for workers continues to grow. The organization even offers grants to students, because the only way to cover the demand for professionals is to create specialists that can tackle the goals of the present and future.

The post Demand grows across the world for cybersecurity experts appeared first on MediaCenter Panda Security.

Panda Security

How to keep your kids safe on Snapchat

snapchat

If your child has a smartphone then it’s likely that they’ve installed one of the many different social networks that place photos as their primary way of communication. It seems almost unthinkable that a few years ago we weren’t all worrying about the best angle for a selfie or whether to snap a quick picture of our food to upload to Instagram before it goes cold.

A photo and video messaging app that has seen a huge surge in popularity is Snapchat. This app, which is primarily aimed at a younger audience, allows users to send videos and images to their contacts with the premise that these messages will be automatically eliminated after a few moments. Users set a time limit for how long recipients can view their Snaps (as of September 2015, the range is from 1 to 10 seconds) after which Snapchat claims they will be deleted from the company’s servers.

However, the application has seen some worrying issues relating to its security. For example, just last year the credentials of 4.6 million U.S. Snapchat users, such as usernames and phone numbers, were made public on the Internet. Despite introducing a new two-step verification process to help boost the app’s security, here are a few things to keep in mind before you let your child get too snap-happy.

How to keep your kids safe on Snapchat

  1. Warn your child over what content to send

Even though your child might think that they are sending the picture of video to their friends, remind them that the app has been hacked in the past and that if it happens again, their images could be made public. So advise them not to send something they wouldn’t want the whole world to see.

  1. Remind them that pictures can be saved

Despite the notion that pictures sent to contacts expire automatically after a set period of time, there are various ways around this and it’s worth pointing it out to your children.

For example, users are often able to take screenshots of photos and videos which are intended to be ephemeral using standard screen capture features on their smartphone or even by using special software to save the image.

  1. Don’t let strangers contact your children

So after following the above steps, next is to ensure that a stranger can’t send your child unsuitable images or contact them. To change the settings to ensure that only their friends can send them messages, tap the ghost icon at the top of the screen to access your child’s profile, then tap the gear cog icon in the upper-right corner, under the Settings menu go to “Receive Snaps from…” and ensure that it says “My Friends” instead of “Everyone”.

Finally, if someone has been harassing your child you can delete and block them from the same section of the menu as the step above. You can also write to [email protected] and they will resolve the issue. If still don’t feel comfortable letting your child use the app, you can delete their account and entering the username and password.

Remember, no matter how much freedom you want to allow your children when using social media, it always pays to keep them informed of the dangers it can pose, too.

The post How to keep your kids safe on Snapchat appeared first on MediaCenter Panda Security.

Panda Security

Why Big Data is the new focus for information security

big data

Big Data is the current buzzword in the technology sector, but in fields such as security it is much more than this – businesses are starting to bet strongly on the implementation of tools based on the collection and analyzing of large volumes of data to allow them to detect malicious activity. What started out at a fashionable term has turned into a fundamental part of how we operate.

So, what exactly are the advantages of Big Data? Well, have a think about the current situation in which the use of mobile devices is growing, the Internet of Things has arrived, the number of Internet users is reaching new highs, and quickly you realize that all of this is prompting an increase in the number of accesses, transactions, users, and vulnerabilities for technology systems. This results in a surge in raw data (on the World Wide Web, on databases, or on server logs), which is increasingly more complex and varied, and generated rapidly.

Given these circumstances, we are encouraged to adopt tools that are capable of capturing and processing all of this information, helping to visualize its flow and apply automatic learning techniques that are capable of discovering patterns and detecting anomalies.

Big Data and Machine Learning: looking for a needle in a haystack

A lot of existing cyberattacks have something in common – they are designed to block the noises made by IDS/IPS alters (a medium-sized company could experience tens of thousands of alerts each day), hiding itself among the large amount of information generated by the daily operations of the targeted businesses. The key to detecting these intrusions lies in recognizing this small trail of anomalies, which is like a modern version of finding a needle in a haystack. Luckily, this is exactly what Big Data does.

Faced with the daily wave of alerts, it is inevitable that a human alone would be incapable of detecting, in real-time, unusual concentrations of attack with specific sources, types, or aims. However, where the human fails, algorithms of machine learning (low-level algorithms that don’t follow specific instructions, but rather detect patterns in the data) are able to “learn” normal system activity and detect, in real-time, any unusual activity on the device.

The key for using Big Data for security analysis is based on the promise that while humans are less effective given the increase in the amount of data to analyze, machines can use this information to improve the detection of anomalies, in the same way that surveys are more reliable when they include more people.

Adaptive Defense, Panda’s Big Data based solution

Adaptive Defense, a product recently launched by Panda to put an end to APTs, a new generation malware that traditional antiviruses are incapable of combatting, is an example of how to successfully apply Big Data and Machine Learning to security tools.

Adaptive Defense is capable of continuously analyzing, in real-time, software that tries to run on a system, automatically classifying all of the applications thanks to the Machine Learning algorithms. This allows the user to receive immediate alerts with detailed reports explaining the nature and activity of the malware, and even activating blocking modes that only allow for the running of software classified as goodware.

Keep in mind: Big Data is data, too

Using Big Data as a central tool in cybersecurity strategies beings with it, as we’ve already seen, an extensive list of advantages, but it also generates new worries. If the analysis of these massive volumes of data perfects the detection of malicious activity that is capable of generating leaks, the possibility that this new type of data could cause a leak could have massive legal and trust repercussions than we have ever seen.

The post Why Big Data is the new focus for information security appeared first on MediaCenter Panda Security.

Panda Security

Black Friday and Cyber Monday: How to shop safely online

shopping online

As the year draws to a close, many retailers take the opportunity to slash the prices on goods, allowing us to take advantage of some great offers. With Christmas just around the corner, events such as Black Friday are great ways to get gifts for friends and family at significantly lower prices.

However, the if the idea of being surrounded by hundreds of frantic shoppers, worn out sales assistants, and long queues fills you with dread, then perhaps Cyber Monday is the shopping event for you. This term, which was coined in 2005 and falls on the Monday following Thanksgiving in the USA, was thought up by marketers to promote online shopping, with special deals that aren’t available in-store.

So, now that you don’t have to worry about the stressful experience of going to the store, we’ve put together a few tips to ensure you won’t have any stressful experiences after shopping online. Take a look below and make sure your Cyber Monday is a safe and stress-free one!

Black Friday and Cyber Monday: How to shop safely online

  1. Stick to well-known websites

The first thing you can do to be safe while shopping online is to only use trusted, official websites. Start your shopping by going directly to the store’s website as opposed to using a search engine to find what you need. Also, only continue if you see that the website is secure by checking that the URL begins with HTTP and that the lock symbol is present. 

  1. Only use a secure Wi-Fi connection

This is a fundamental one, yet people continue to ignore it. Public Wi-Fi may be convenient, especially if you are relaxing at a café and spot a bargain online which you can’t resist. However, it’s best to carry out purchases from the safety of your home, where you have control over who else is connected to your network.

  1. Check your statements

Keep up to date with all transactions carried out with your bank account as the sooner you spot something unusual, the quicker and easier it will be to avoid bigger problems. If you spot something suspicious, contact your bank immediately.

  1. Be aware of the returns policy

When shopping online, remember that the returns or exchange policy may be different to that in store. Also, some stores may only offer store credit on reduced goods, so always check before you buy.

  1. Keep your computer updated and protected

Giving out your bank details online involves an element of trust, so the best way to ensure that nobody else gets their hands on you sensitive information is to have a protected and up-to-date computer. Keep your operating system updated and always use a trusted antivirus that best fits your needs.

  1. Be wary of email offers

It’s common to be bombarded with emails offering you great discounts or offers, but treat them with suspicion. Avoid clicking on links sent via email and verify that the offers are valid on the official website instead.

The post Black Friday and Cyber Monday: How to shop safely online appeared first on MediaCenter Panda Security.

Panda Security

The security flaws affecting connected cars

cars

If we imagine a world where the only cars that are on the highways are all smart cars, then we can rest assured that driving will be a lot safer. These cars are able to communicate between themselves to avoid collisions and can take alternative routes if they detect that there has been an accident ahead.

They are also unable to jump red lights as they receive orders which impede them from doing so. In fact, it’s possible that in the future we’ll see that traffic police needn’t even have to raise their arm to stop the cars, as this can be done remotely. The Internet of Things has arrived with the mission to save lives in the automotive industry.

The National Highway Traffic Safety Administration (NHTSA) in the United States estimates that the technology based on these cars could prevent more than half  a million accidents and more than one million deaths each year in the United States alone. General Motors has already announced that vehicle to vehicle technology will be launched on the Cadillac in 2017.

However, the fact that these cars are able to communicate with one another is a worry for security experts, as they could be prey for cyber-attackers.

The problem arises when someone is able to listen in on these communications between the cars to guess where the vehicle is. This has already been demonstrated by the security expert Jonathan Petit at the Black Hat Europe conference.

Just one month ago this investigator showed that a simple laser pen was able to confused a smart car, making it think that there was an object in front of it when it reality there was nothing. Now he explains how these cars can be tracked easily.

smartcar

Connected cars use a Wi-Fi range to be able to communicate from hundreds of meters. This helps them to avoid collisions with one another as they have a complete map of all cars in their proximity. The difference between them and smart cars, which draw up outlines of their surroundings by using the LIDAR which is placed on the roof of the car, connected cars don’t see those around them, but rather detect them.

The information sent from car to car is encrypted and is only related to their position and speed. They don’t send information such as the registration plate, but each message has a digital signature so as to avoid false messages and misunderstandings that could provoke accidents.

Petit took advantage of this digital signature to carry out his tests, at the University of Twente in the Netherlands. He placed two sniffing stations in different points around the campus, which were dedicated to collecting the information from this network. He also parked a V2X vehicle (vehicle-to-everything) on the campus, which was able to collect all information that came from a connected car, be it with another vehicle or object.

Fifteen days later, the vehicle had transmitted more than two and a half million messages and the sniffing stations had detected nearly forty thousand, just 3% of the total. With this information and the digital signatures, he was able to identify the vehicles, predict where they were situated on the campus with a precision of 78%, and even guess where they were with a 40% success rate.

traffic

Petit and the group of investigators from the University of Twente believe that governments or cybercriminals could use this system on a larger scale to be able to monitor all of the cars within a city. “The thieves could wait until police cars are out of a determined area to commit a theft”, explained Petit.

It’s as easy as that to compromise the security of connected and smart cars using this technique, which allows someone to guess the location, speed, and direction of the car.

Considering that the stations currently cost around $550 (€511), Petit thinks that for the moment the only way to carry out this attack would be with a Raspberry Pi and a Wi-Fi radio.

For some experts, one of the possible alternatives would be the every message is signed off with a pseudonym which changes every five minutes in the hope that the cybercriminal wouldn’t be able to identify the car and track it.

Petit has explained that this modification would only imply an additional cost of 50% for the attacker, who would only need to install more stations.

That said, for now there is no reason to panic. This security expert is working with Ford, General Motors, and other manufacturers in the development of strategies so that connected cars are safer. In a few years we will be able to enjoy the advantages of these cars with the security guarantee that we deserve.

The post The security flaws affecting connected cars appeared first on MediaCenter Panda Security.