Tag Archives: Hacking

AVG

How secure is your new car?

Car manufacturers regularly introduce new features to make our motoring lives easier and more secure. However in recent week, vulnerabilities have emerged that highlight potential dangers of smart car connectivity.

As reported by The Register, a vulnerability was discovered affecting BMW cars allowing an attacker to open doors and windows via a weakness in the My BMW Remote smartphone app.

BMW have reportedly deployed a software patch for all affected models remotely, but it is worth double-checking with your dealer to make sure it has been applied.

Worryingly, this type of vulnerability is not new.  Keyless entry systems for cars built within the last decade have increasingly come under attack, and exploits only get more sophisticated over time.

In 2011, Swiss security researchers from ETH Zurich University conducted experiments covering 10 cars from different manufacturers and found serious flaws that could allow someone to open the doors and start the engine of your car using a “relay station attack”.

 

Relay Attack

Image courtesy of Wikipedia

 

The research demonstrated that some modern cars using a “Passive Keyless Entry System” (PKES), where you don’t need to insert a key into the car to start it, could be stolen by using a trick to amplify the radio signal transmitted by your keyless remote.

When you park your car at night, where do you leave your keys?  I’ll be placing mine inside a lead box from now on – or taking the battery out!  And let’s hope the car manufacturers eventually get it right in the meantime.

Until next time, stay safe out there.

AVG

Celebrity hacks – why do they continue?

This week we saw yet another hack of a top celebrity, this time the Twitter account of pop star Taylor Swift.  The bad guys, whoever they are, hacked the account sent out messages, distributed personal information and claim to have personal pictures.

Taylor Tweet

 

Its not uncommon for accounts to be hacked, especially when the security is reliant on just a password, but Twitter offers users much more than this.

Most online services today offer two factor authentication as an additional layer of security. The concept of this is very simple as to login you need to have something and know something. The most common use of this authentication is your ATM card, you need the card and you need to know the number.

The same theory applies on online accounts. You enter your login and password, and then the service waits for you to type in a verification number that is automatically sent to your phone. The phone is something you have and the code is something you know. Of course your phone is protected with a pin which adds yet another layer of security.

Video

Video: What is Two Factor Authentication

 

Hacking a celebrity’s account would be difficult if they switched on this two factor authentication. Here lies the problem, celebrities may tweet some things themselves, but it’s likely that they have a team managing their social media accounts for them.

Having multiple people running an account prevents the use of two factor authentication as the code can be only sent to one phone.

I am sure I just upset many celebrity fans who thought that celebrities actually managed their own social accounts.  The reality is that celebrities are busy people and social networks are marketing tools that their teams use to keep them in the news.

In the case of Taylor Swift, the hack may of course be more complex and someone could have cloned her phone. This would take effort, access to the device and would have put the hackers in a much riskier environment. I hope that they have secured the data and account and that the damage is limited as no one should be hacked. Having the right security settings is the best protection.

How to set up two factor authentication

  1. Login in to Twitter and go to settings. If you’re on a PC then this entered by clicking on your picture in the top right corner.
  2. In the left hand menu select ‘Security and Privacy’
  3. There are a few options, SMS to a phone or using the app. Select the one of your choice.
  4. Scroll down and save the changes

I use the text to a phone option but either of the SMS or app options require you and your phone to be together to access your account so both offer effective protection.

Now that you have successfully enabled two factor authentication, your account should be a lot more secure.

Follow me on twitter @tonyatavg

Title image courtesy of billboard.com

ESET

20 million dating site profiles targeted by hacker

20 million usernames and email addresses for a popular Russian dating website have been leaked, according to Bloomberg. Techworld highlights the targeted website as Topface, which has 91.5 million users. Anti-fraud firm Easy Solutions claimed that of the leaked users, 50 percent were Russian citizens, and 40 percent from the EU. Seven million of the logins

The post 20 million dating site profiles targeted by hacker appeared first on We Live Security.