Two cyber crime researchers have uncovered a potential flaw in a Chrysler vehicle after remotely hacking and assuming control of its systems. As expected, the car company is in the process of providing succor and has advised customers to update the on-board software in their vehicles.
The world has embraced electronics as a norm and the automotive industry has not been left behind. The industry is gradually evolving its means of operations from mechanical to electronics and with this, comes new challenges and vulnerabilities.
According to a Wired report, two white-hat security experts have surprisingly hacked and assumed total control of a Jeep Cherokee while on the road. The driver of the Jeep who is also a Wired writer, won’t let go of the ride experience any time soon.
Loss of Control
Both security researchers, Charlie Miller, a former NSA staff and Chris Valasek of IOActive, first uncovered a distinct defect in the Uconnect system, an infotainment software that is built in Fiat Chrysler cars. The system which also supports vehicle to vehicle communication through Sprint’s network, is done over the air and allows vehicle owners to locate their cars through GPS, remotely turn on engine and ensure safety through the installed anti-theft features.
The hack process was straightforward:
- Valasek and Miller commenced the hack, using an Android phone that was running on Sprint’s cellular network, 10 miles from the Jeep Cherokee
- With the Android phone, they established a connection with the Uconnect system of the Jeep Cherokee which been driven, through its IP address.
- Already plugged in, they hacked into a chip that powered the Uconnect system and proceeded to rewrite the firmware that powered the hardware.
- At this stage, having total control of system, the researchers killed the car’s brakes and blurred the driver’s visibility by activating the windshield wipers
- Even of greater concern is the fact that they were able to shut off the vehicle’s engine completely.
- With the connection between the phone and the vehicle established, they even hooked up a Macbook to scan for vehicles on the same network that were vulnerable.
The researcher came to a conclusion that about 471,000 vehicles are vulnerable to the total care-compromising hack and the affected models are;
- 2015 Chrysler 200s
- 2013-14 models of the Dodge Ram.
- 2014 Jeep Cherokee, Jeep Grand Cherokee and the Dodge Durango
- 2013-14 Dodge Viper
- 2015 Jeep Cherokee and Jeep Grand Cherokee.
“Though I hadn’t touched the dashboard, the vents in the Jeep Cherokee started blasting cold air at the maximum setting,” wrote Wired writer Andy Greenberg, narrating the incidence. “Next the radio switched to the local hip hop station … I spun the control knob left and hit the power button, to no avail. Then the windshield wipers turned on, and wiper fluid blurred the glass.”
As it stands now, Chrysler doesn’t look too happy about the whole hijacking stunt carried out by both white hat researchers, but they appreciated the work done and are already on the look out to remediating the flaws.
“We appreciate the contributions of cybersecurity advocates to augment the industry’s understanding of potential vulnerabilities,” Chrysler said.
However, we caution advocates that in the pursuit of improved public safety they not, in fact, compromise public safety.
Images from Vladimirs Gorelovs and Shutterstock.
The Pirate Bay is Hijacking PCs to Stealth-Mine Cryptocurrency
For the second time in as many months, The Pirate Bay has been caught mining cryptocurrency on your computer without consent. The torrent platform was actually test-driving cryptocurrency mining in your browser – no doubt a lucrative revenue stream.
The Pirates Are At It Again
The news was later confirmed by Bleeping Computer, which reported that,”The Pirate Bay, the internet’s largest torrent portal, is back at running a cryptocurrency miner after it previously ran a short test in mid-September.”
Estimates indicate that the scheme has earned the pirates a total of $43,000 over a three-week period.
Users had no way to opt their computers out of being test-driven by the torrent network. Back in September, The Pirate Bay got away by telling people it was just a test. The site’s owners cannot use the same excuse this time around.
CoinHive advises websites to let their visitors know their browser is being used to mine cryptocurrency.
“We’re a bit saddened to see that some of our customers integrate CoinHive into their pages without disclosing to their users what’s going on, let alone asking for their permission,” the company said.
The good news is most ad-blockers and antivirus programs will block CoinHive, given its recent abuses. That means not all visitors of The Pirate Pay were being used as a conduit for mining Monero.
Monero Joins Global Crypto Rally
The value of Monero (XMR) shot up nearly 8% on Friday, and was last seen trading at $94.17. With more than 15.2 million XMR tokens in circulation, the total market cap for Monero is $1.4 billion, according to CoinMarketCap. That’s enough for ninth on the global cryptocurrency list.
Twelve cryptos have now crossed the $1 billion valuation mark. A handful of others have made their way north of $500 million.
Coders Safeguard Vulnerable Ethereum Wallets Following Security Breach
Ethereum suffered large-scale security breaches last week after anonymous hackers targeted vulnerable wallets in the network, resulting in the loss of tens of millions of dollars. However, it didn’t take long for a volunteer group of coders to “rescue” the funds in 500 at-risk wallets before the same attackers could get to them too.
White Hat Group Takes Charge
The so-called White Hat Group showed initiative by “rescuing” the funds using the same techniques the thieves employed to compromise $32 million USD worth of ether from three multi-signature wallets. As of Monday, the White Hat Group of ethical hackers was in possession of $86 million worth of ether and an additional $122 million in tokens.
Tokens are digital assets that are sold during an Initial Coin Offering (ICO) fundraising event. They have proven to be extremely popular.
Tens of millions of dollars worth of ether and tokens have already been returned to their owners. The White Hat Group says it will issue full refunds by the end of July.
Blockchain-based trading platform Coindash was also breached last week, resulting in the loss of more than $7 million worth of ether.
Security Breaches Nothing New in Crypto World
For all its benefits, cryptocurrency has been vulnerable to several high-profile security breaches. Last summer, Hong Kong-based Bitfinex was the target of a major attack that resulted in the theft of around $70 million worth of bitcoins. In response, the exchange announced a controversial plans to “socialize” its losses among all users. Each Bitfinex trader was docked 36% as a result.
Bitcoin prices declined sharply following the attack, stopping what had been a blistering summer of gains.
Ethereum Enterprise Alliance
For anyone doubting the potential of the ether, take a look at the list of companies participating in the Enterprise Ethereum Alliance (EEA). The EEA is a forum that connects Fortune 500 companies, startups and academics with ethereum subject matter experts. The EEA is made up of multinational banks and some of the world’s biggest technology companies.
The forum has made cyber security a top priority, according to a May 22 press release. In the release, companies like Infosys, Mitsubishi UFJ Financial Group, Synechron and others expressed their intent to contribute to the future of ethereum’s security.
Hackers Only Need Seconds to Figure Out Card Details
Experts from Newcastle University in England has found that hackers only need six seconds to figure out the card number, expiry date, and security code for a Visa debit or credit card by simple guesswork, according to a report from The Telegraph.
According to figures from the Office of National Statistics, in the U.K. the number of bank account fraud cases reported up to June 2016, from the beginning of the year, amounted to over 2.3 million.
The researchers found that all that a hacker needs is a computer and an Internet connection. It is believed that hackers simply utilize what is known as a Distributed Guessing Attack enabling them to get around security features that help prevent online fraud.
By using the Distributed Guessing Attack, the system was unable to detect multiple attempts made by hackers.
Process of Elimination
As such, within a matter of seconds hackers were able to determine the correct information on a person’s card by a process of elimination.
Only recently Tesco bank account customers were subjected to hacking after criminals were able to gain access to their accounts. It is believed that these hackers may have used the Distributed Guessing Attack to siphon money from peoples’ accounts.
Payment Cards Remain Vulnerable
Unfortunately, even though Visa debit and credit cards remain popular and convenient forms of payment, they remain vulnerable as well.
And hackers know this, which is why reports of online card fraud are becoming more prevalent in today’s technologically-advanced world.
Visa states though:
The research does not take into account the multiple layers of fraud prevention that exist within the payments system, each of which must be met in order to make a transaction possible in the real world.
However, while this may be the case, it seems something is amiss if cybercriminals can simply determine a person’s card details in six seconds through guesswork.
Bitcoin to the Rescue?
The digital currency bitcoin, however, may provide an answer to this problem.
As a type of digital currency that is held and created electronically with no central bank governing it, bitcoin is considered the cash of the Internet.
Due to its popularity more people are turning to it instead of fiat currency.
It was recently reported that Sweden is considering the issuance of its own digital currency, ekrona, in an effort to address the significant decline of the use of cash in the country.
Whereas India has announced that digital currency will become the new normal in the country as it attempts to reduce the amount of cash transactions with the banning of its biggest banknotes, the Rs 500 and Rs 1,000.
While these are just a few instances of how bitcoin is revolutionizing how we see money, many are quickly catching on to how safe and effective bitcoin is as a form of payment in a world where hackers are gaining easy access to a person’s Visa debit and credit cards.
Featured image from Shutterstock.
- Daily Analysis: Dollar Rally Continues amid Fed Chair Confusion October 17, 2017
- Technical Analysis: NEO Jumps as Broad Markets Turns Lower October 17, 2017
- Trade Recommendation: Syscoin October 17, 2017
- Trade Recommendation: Lisk October 17, 2017
- Information on Russia’s Regulation of Cryptocurrency Surfaces October 17, 2017
- Gold Creating Kilonova October 17, 2017
- Asian Market Update – Tuesday: Cryptocurrency prices consolidate after strong rally October 17, 2017
- Former Fed Chief Bernanke Backs Blockchain, but Not Bitcoin October 17, 2017
- Bitcoin Takes a Breather as Prices Drop Below $5,700 October 17, 2017
- ICO Analysis: Genesis Vision October 17, 2017
Ethereum1 week ago
Ethereum’s Hard Fork Is Coming
ICO1 week ago
ICO Analysis: TripAlly
Analysis5 days ago
Analysis: Bitcoin Price at $5200, How Much is There Left in the Tank?
Analysis4 days ago
Technical Analysis: Ethereum, Monero, and Litecoin Jump as Bitcoin Goes Parabolic
Analysis2 days ago
5 Things to Watch Next Week: Byzantium, Bitcoin Stretched, Gold’s Strength, The Next Fed Chair, Kirkuk and Crude Oil
Cryptocurrencies6 days ago
Trade Recommendation: Monero
ICO3 days ago
ICO Analysis: UTRUST
Analysis5 days ago
Technical Analysis: Litecoin Follows Bitcoin Higher as Market Tops $165 billion