Hackers Could Take Control of Your Car. This Device Can Stop Them

Wired - Hackers Charlie Miller and Chris Valasek have proven more clearly than anyone in the world how vulnerable cars are to digital attack. Now they’re proposing the first step towards a solution.

Last year the two Darpa-funded security researchers spent months cracking into a Ford Escape and a Toyota Prius, terrifying each other with tricks like slamming on the brakes or hijacking the vehicles’ steering with only digital commands sent from a laptop plugged into a standard data port under the dash. At the Black Hat security conference in Las Vegas next month, they’ll unveil a prototype device designed to foil the same unnerving tricks they’ve demonstrated: An intrusion-detection system for automobiles. “These attacks seemed serious enough that we should actually consider how to defend against them,” says Miller, who holds a day job as a security researcher for Twitter. “We actually wanted to do something to help solve this problem.”¹

They built their anti-hacking device for $150 in parts: an mbed NXP micro controller and a simple board. This plugs into a jack underneath a car or truck’s dashboard known as the OBD2 port. Power it on for a minute during routine driving, and it captures the vehicle’s typical data patterns. Then switch it into detection mode to monitor for anomalies like an unusual flood of signals or a command that should be sent when the car is parked but shows up when you’re instead doing 80 on the highway.   Read More

Samsung takes inspiration from Fort Knox for mobile security

 
PCWorld - BARCELONA—Samsung on Monday announced an improved version of its SAFE management and security system for popular Samsung-branded Android smartphones and tablets.
Samsung dubbed the updated tool set KNOX, after the famous Fort Knox in Kentucky, where much of the U.S. gold reserves are stored.

The KNOX technology, to be demonstrated at Mobile World Congress here this week, means that Samsung smartphone and tablet users will soon be able to take advantage of a dual persona or containerization approach, where corporate and personal data are kept in separate spaces on the Android OS.

Samsung said its new software is not a hypervisor, but runs in the BIOS (basic input output system) firmware of the Android OS with file system encryption, to protect against data leaks, viruses and malware.

More

London Residents May Get Anti-Aircraft Missiles on Their Rooftops to Defend the Olympic Games

PopSci - The workaday residents of London are again being asked to participate in the defense of the city. Bow Quarter in East London is a white collar, somewhat pedestrian neighborhood populated by young families and professional types, but this summer residents very well might see their sleepy enclave militarized. Over the weekend the Ministry of Defense notified residents of a few different neighborhoods around London’s Olympic Park that they could become home to batteries of high-velocity surface-to-air missiles. In other words, Londoners are getting rockets on their rooftops.

London’s security operation for the Games (running from July 27 to August 12) is pretty spectacular, and the military will be playing a central role alongside police and more conventional security officers. Britain’s MoD has already confirmed that up to 13,500 troops, two warships, Typhoon fighter jets, military explosives ordnance disposal teams, and combat helicopters will all be deployed around the country for the duration of the Olympics. But the militarization of their rooftops came as a surprise to residents, who were informed via the post that roughly 10 troops and a variety of hardware could be installed atop their buildings for up to two months this summer.               More

HTTPS and Tor: Working Together to Protect Your Privacy and Security Online – For Firefox & Chrome

EFF - This week EFF released a new version its HTTPS Everywhere extension for the Firefox browser and debuted a beta version of the extension for Chrome. EFF frequently recommends that Internet users who are concerned about protecting their anonymity and security online use HTTPS Everywhere, which encrypts your communications with many websites, in conjunction with Tor, which helps to protect your anonymity online. But the best security comes from being an informed user who understands how these tools work together to protect your privacy against potential eavesdroppers.

Whenever you read your email, or update your Facebook page, or check your bank statement, there are dozens of points at which potential adversaries can intercept your Internet traffic. By using Tor to anonymize your traffic and HTTPS to encrypt it, you gain considerable protection, most notably against eavesdroppers on your wifi network and eavesdroppers on the network between you and the site you are accessing. But these tools have important limitations: your ISP and the website you are visiting still see some identifying information about you, which could be made available to a lawyer with a subpoena or a policeman with a warrant.

Protecting your security and anonymity against real-time government wiretapping is considerably more difficult. In a country where ISPs are controlled by the government or vulnerable to government bullying, Internet users should be especially aware of what kinds of information is still visible to ISPs and may be subject to government surveillance. To a lesser degree, websites may be subject to the same kinds of government bullying and may be compelled to give up information about their customers.               More

Top 4 Ways to Secure Android

PCMag.Com - Last week Google said it had fixed the latest security flaw in Google Wallet, whereby a determined thief could root your non-rooted device ex post facto and retrieve your Google Wallet prepaid card. That was partly true. From what we can tell the technical issue still remains, even if Google Wallet itself is safer.

To recap the Google Wallet brouhaha this month, first researcher Joshua Rubin from zvelo revealed a quick, simple brute force technique to extract the Google Wallet PIN from a rooted phone. That actually requires some skillz, but the next day The Smartphone Champ revealed that even in a non-rooted Nexus smartphone with Google Wallet, a thief can steal your Google Wallet prepaid card by simply wiping Google Wallet settings and attaching the app to a new Google account. Finally, Rubin reported how a thief can root your non-rooted phone ex post facto and steal your Google Wallet funds. This works because some root privileges do not remove all the data on your Android device, and Google prepaid cards are stored in the device, not in one’s Google Wallet account.

Google responded to Rubin’s discovery by suspending new prepaid cards on Sunday. It began re-issuing Google Wallet prepaid cards on Tuesday, claiming it had fixed the problem. But as a spokesman told my colleague Neil Rubenking, Google’s “fix” was to require users to contact Google Support to re-activate a Google Wallet account. So yes, the technical issue still remains.              More

Air Force UAV Controls Infected with Virus

DefenseTech - I’m sure you’ve all heard this, but just in case you haven’t, the Internet is abuzz with reports that the Air Force’s UAV ground control systems (GCS) at Creech Air Force Base, Nev., have been infected by a computer virus. The virus, that’s apparently recording drone operators’ keystrokes, was detected about two weeks ago. While it hasn’t prevented the service from flying UAV missions, it has proven to be difficult to remove — Air Force technicians are having to completely wipe the GCS’ internal hard drives to get rid of the virus. Service officials still aren’t 100 percent sure how it penetrated Creech’s firewalls nor do they know where it came from. It may be a run of the mill computer virus that somehow made its way into the base’s systems or it may be a sophisticated cyber espionage tool specifically targeting the U.S.’ drone program — no one knows yet.           More