Tag: charging | Page 2

DOJ Clarifies Policy on Charging Computer Fraud and Abuse Act

June 10, 2022/in Computer Security

On May 19, 2022, the Department of Justice (“DOJ”) announced significant clarifications to its policy on charging Computer Fraud and Abuse Act (“CFAA”) violations that give some comfort to cyber security consultants who engage in network testing and related operations. Such activity has long been a gray area for “white hat” hackers.

The CFAA, 18 U.S.C., §1030, provides the government with the authority to prosecute cyber-based crimes by making it a crime to “intentionally access[ ] a computer without authorization or exceed[ ] authorized access and thereby obtain[ ] (A) information contained in a financial record of a financial institution…(B) information from any department or agency of the United States; or, (C) information from any protected computer.” Most computers have the potential to fall under Section 1030’s definition of a “protected computer,” which includes any computer “used in or affecting interstate or foreign commerce or communication.” The new guidance demonstrates an evolving view of how the statute should be enforced with the ultimate aim of leaving the public safer as an overall result of government action. In this regard, the DOJ directive expressly states that good faith security research should not be prosecuted.

Good faith security research is defined by the DOJ as “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability.” The update further clarifies that “such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

The updated policy further explains that, generally speaking, security research is not per se conducted in good faith. For example, research conducted for the purposes of identifying security flaws in devices and then profiting from the owners of such devices, does not constitute security research in good faith. This…

Source…

YouTuber Demonstrates Fake Charging Cable That Can Hack Your Computer

May 23, 2022/in Computer Security

Whether you use Android or an iPhone, you’ve probably collected a fair tangle of charging cables by now: USB-C, micro-USB, mini-USB, lightning, you name it.

Moreover, a lot of other devices use the same cables to charge: Bluetooth headphones, speakers, keyboards, mice, photo cameras and more. Chances are you have a charging cable right now in your bag or on your desk.

But how much do you trust your charging cable? Did it come with the device? Is it the cheapest replacement you found online? Did you just borrow it from someone? Do you even remember where you got it?

These questions would usually seem silly, but not anymore because apparently not all chargers are what they seem. Although they look identical to the original, some can turn out to be complex electronic contraptions meant to track you, hack your devices, or even destroy them in a hardware attack.

Arun Maini demonstrates how similar to normal cables they are

The little cable that could

In a video posted on his YouTube channel, that quickly scooped up over 1.2 million views, British tech vlogger Arun Maini, also known as Mrwhosetheboss, quickly demonstrates how a USB stick, a charging cable, and a USB adapter that look like ordinary tech products can be used to remotely control a computer they’re plugged into, track your location if connected and wreak all kinds of havoc, from stealing passwords and information to deploying malware and destroying the device.

While Maini’s approach isn’t the most scientific one, and attack hardware like weaponized USB sticks have been around for a long time – for example, they’ve famously been used to attack a nuclear plant in the Middle East after an employee working at an industrial facility wanted to watch La La Land on his lunch break – he does prove a scary point.

Weaponized charging cables that look just like the real deal are commercially available and can be used even by the untrained. They can double as functioning charging cables and can even self-destruct if the malicious actor who planted them wants to cover his tracks.

What can you do to stay safe?

So, how can you tell a fake charging cable from a real one? You can’t. The only way to protect yourself, your home devices and…

Source…

ORNL targets electric grid security, EV battery charging

January 25, 2022/in Internet Security

Oak Ridge National Laboratory researchers are taking innovative steps to meet energy challenges of national interest.

Richard Raines, director of the Electrification and Energy Infrastructures Division at Oak Ridge National Laboratory, takes U.S. Secretary of Energy Jennifer M. Granholm, right, on a tour of GRID-C at ORNL's Hardin Valley campus in Knoxville, Tenn., on Monday, Nov. 22, 2021. Raines recently spoke to a Friends of ORNL audience about electric vehicles, batteries and more.

In November 2021, Secretary of Energy Jennifer Granholm (beige coat, lower left corner) visited ORNL’s Grid Research Integration and Deployment Center (GRID-C) and learned about its building-to-grid and vehicle-to-grid research from ORNL Director Thomas Zacharia (bottom) and Richard Raines, director of ORNL’s Electrification and Energy Infrastructures Division, which has 150 staff, mostly engineers.

They are addressing the following questions.

How can the efficiency and resilience of the U.S. electric grid be improved? Can the grid be better protected from weather-related outages and cyberattacks?

Can American batteries be manufactured using materials from domestic rather than foreign sources? Can they be recharged faster? And, can spent batteries and their materials be reused, recycled and kept out of landfills to protect the environment?

Rick Raines speaks to Friends of ORNL via Zoom on ORNL research on electric grid resilience and security and on the manufacture, charging and recycling of lithium-ion batteries for electric vehicles and the grid.

Can high-power battery charging technology be embedded in parts of interstate highways so potential consumers of electric vehicles (EVs) will be less concerned about driving range and the availability of battery recharging stations?

In a recent talk to Friends of ORNL, Richard A. Raines, director of ORNL’s Electrification and Energy Infrastructures Division, said, “We are making a difference. We are developing capabilities in the lab that are being field tested.”

He added that ORNL is working with partners, sponsors and other national labs on improving an increasingly complex electrified infrastructure ecosystem.

Much of this work is being done at a new 52,000-square-foot facility outfitted safely during the 2020 pandemic with 11 laboratories. Called the Grid Research Integration and Deployment Center (GRID-C), it is located, along with the National Transportation Research Center and the Manufacturing Demonstration Facility, at ORNL’s Hardin Valley campus off Pellissippi Parkway in Knox County.

GRID-C was visited in November by U.S. Secretary of Energy Jennifer Granholm, former governor of Michigan. She expressed support for ORNL’s planned demonstration this spring of dynamic wireless charging of lithium-ion batteries in moving electric vehicles (EVs) at the American Center for Mobility in Michigan.

This innovative ORNL technology has been licensed to the HEVO company based in Brooklyn, N.Y. Granholm unveiled a Department of Energy Technology Commercialization Fund award in which HEVO and ORNL will co-develop and demonstrate a wireless charging system based on the innovative ORNL converter and associated power…

Source…

UTSA researcher part of team protecting EV charging stations from cyberattacks | UTSA Today | UTSA

January 13, 2022/in Internet Security

Bou-Harb and his fellow researchers wanted to explore the real-life implications of cyberattacks against EV charging systems and how to utilize cybersecurity countermeasures to mitigate them. His team also assessed how exploited systems can attack critical infrastructure such as the power grid.

“Electrical vehicles are the norm nowadays. However, their management stations are susceptible to security exploitations,” said Bou-Harb, who is an associate professor in the Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security. “In this work, we endeavored to uncover their related security weaknesses and understand their consequences on electrical vehicles and the smart grid while providing recommendations and sharing our findings with relevant industry for proactive security remediation.”

The team identified 16 electrical vehicle charging managing systems, which they divided into separate categories such as firmware, mobile, and web apps. They performed an in-depth security analysis on each one.

“We devised a system lookup and collection approach to identify a large number of electrical vehicle charging systems, then leveraged reverse engineering and white-/black-box web application penetration testing techniques to perform a thorough vulnerability analysis,” Bou-Harb said.

The team discovered a range of vulnerabilities amongst the 16 systems and highlighted the 13 most severe vulnerabilities such as missing authentication and cross-site scripting. By exploiting these vulnerabilities, attackers can cause several issues, including manipulating the firmware or disguising themselves as actual users and accessing user data.

According to a recent white paper study by the researchers, “while it is possible to conduct different attacks on various entities within the electrical vehicle ecosystem, in this work, we focus on investigating large-scale attacks that have severe impact on the compromised charging station, its user and the connected power grid.”

During this project, the team developed several security measures, guidelines and best practices for developers to mitigate cyberattacks. They…

Source…

Tag Archive for: charging

The little cable that could

What can you do to stay safe?