Iot Blog

A flaw in a connected alarm system exposed vehicles to remote hacking

Calamp takes the matter of IT and data security seriously. Once we received the bug report, our team promptly investigated and developed a patch to address it. We believe that this matter has been resolved without issue, the spokesperson said.

Inside the global terror watchlist that secretly shadows millions

Lawsuits threaten infosec research just when we need it most

Rail Europe had a three-month long credit card breach

How is the war on fake news going? Facebook answers

Microsoft says no known ransomware runs on Windows 10 S so we tried to hack it

Britain has passed the most extreme surveillance law ever passed in a democracy

Its not the first instance of car hacking weve seen.

Stykas shared several screenshots withZDNetof the server, which included vehicle history reports, alarm sounding histories, and payment charts.

Millions of Verizon customer records exposed in security lapse

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit theNewsletter Subscription Center.

US cell carriers are selling access to your real-time phone location data

You could easily exploit it and as we had full access to the database, said Stykas in an email. We could do a lot of stuff — pretty much any scenario that we could think of was disastrous, like mass stealing cars or turning off vehicle via panic button when going with a high speed, he said.

Leaked document reveals UK plans for wider internet surveillance

This web site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To find out more and change your cookie settings, pleaseview our cookie policy.

Open source: Companies skipping security update face big risk

Mirai botnet adds three new attacks to target IoT devices

One in four APAC firms not sure if they suffered security breach

ByZack WhittakerforZero DayMay 17, 2018 — 15:38 GMT (23:38 GMT+08:00)Topic:Security

A spokesperson for Calamp said it patched the flaw and continues to investigate.

Infotainment systems area prime target for hackers, which can be targeted over long ranges using the cellular network.

NSAs Ragtime program targets Americans, leaked files show

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

You might not even realize youre a Calamp user. Many apps, including the vehicle tracking app Viper SmartStart, which lets users locate, start, and control their car from their phone, connects to the outside world using a Calamp modem to its cloud-based servers.

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-7558849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

US government pushed tech firms to hand over source code

By registering you become a member of the CBS Interactive family of sites and you have read and agree to theTerms of UsePrivacy PolicyandVideo Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services. You will also receive a complimentary subscription to the ZDNets Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.

The researchers said it was easy to locate a nearby car, unlock it, and drive away.

Stykas said he wasnt sure how many companies or vehicles were affected by the server bug. Calamp sayson its sitethat it actively manages more than 7 million devices.

Using the same credentials as the app, the researchers were also able to log in and gain complete access to the Calamp server, the researchers saidin their write-up.

Joint police operation brings down infamous bulletproof provider MaxiDed

Please review our terms of service to complete your newsletter subscription.

Ina disclosure this week, the researchers Vangelis Stykas and George Lavdanis detailed a bug in a misconfigured server run by Calamp, a telematics company that provides vehicle security and tracking, which gave them direct access to most of its production databases.

Car hacking has become a major focus in the security community in recent years, as more vehicles are hooked up to the cellular internet. But while convenient to control your car from your phone, its also opened up new points for attack — which could have real-world consequences.

Meet the shadowy tech brokers that deliver your data to the NSA

The researchers said that they could track the location history of every vehicle in the database, even though the logged in user had limited, mostly read-only permissions. They could also see usernames and masked passwords, but had no way to export the data.

By querying the database, Stykas said it was possible to find a car by looking up nearby latitude and longitude coordinates, reset the password, unlock the drivers side door, start the engine, and drive away.

The bug was fixed after the researchers contacted the company.

Education ranked as Australias most attacked industry

A bug in Keeper password manager leads to sparring over zero-knowledge claim

198 million Americans hit by largest ever voter records leak

A bug that allowed two researchers to gain access to the backend systems of a popular internet-connected vehicle management system could have given a malicious hacker everything they needed to track the vehicles location, steal user information, and even cut out the engine.

Calamps back-end database. (Image: supplied)

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

In 2016, hackers tookfull controlof the brakes on a Jeep Cherokee, which caused controversy aftertesting the hackon a highway. That research largely opened the floodgates to a new focus on car hacking. Last year, an unpatchable flaw on most modern cars put drivers atrisk from a vulnerabilitythat could disable safety features, like switching off the airbag.

Calamp has since addeda new bug reporting pagefollowing the disclosure.

IBM warns of instant breaking of encryption by quantum computers: Move your data today

The researchers found thatthe Viper mobile app, while secure, was connecting to two different servers — one used by Viper, and another run by Calamp.

Leaked TSA documents reveal New York airports wave of security lapses

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

Exit mobile version