Tag Archive for: hacking

The ELD Hacking Threat: Q&A with Serjon’s Urban Johnson – Safety & Compliance

/in



ELDs are an easy gateway for hackers to get into a fleet's IT network and do major damage, warns Serjon's Urban Johnson. - HDT Graphic/Serjon headshot

ELDs are an easy gateway for hackers to get into a fleet’s IT network and do major damage, warns Serjon’s Urban Johnson.

HDT Graphic/Serjon headshot


Did you know your fleet’s electronic logging devices may be vulnerable to hackers?

It’s true. Serjon, a cybersecurity firm specializing in fleet transportation security, held a press conference during the Technology & Maintenance Council annual meeting in New Orleans in early March. Urban Johnson, senior vice president, information technology and cybersecurity services for Serjon, briefed media on the threats facing fleets with compromised ELDs.

ELDs are essentially communication devices used to record and report truck driver hours of service. Due to certain technical requirements of the regulations, ELDs require the ability to “write” messages to the truck’s network to obtain information, such as engine hours. The ELD also requires internet access to report the HOS information.

This creates a truck network-to internet communication bridge that introduces significant cybersecurity concerns.

We sat down with Johnson to learn more about this new cybersecurity threat to North American fleets and what they can do to protect themselves. (This interview has been lightly edited for clarity)

HDT: Many fleets aren’t aware that ELDs can be hacked. Talk a little about how hackers can gain access to an ELD.

Johnson: Different ELD vendors use different designs to deliver the functionality required by the ELD mandate. A common design is a hardware device that connects to the vehicle’s on-board diagnostics (OBD) port and then uses a Bluetooth or Wi-Fi connection to a cellular device, such as a tablet or cellphone, to collect the ELD information and report it.

That ELD information can be attacked by hackers locally (close to the truck) or remotely across the internet.

In a recent paper presented at VehicleSec’241, the researchers were able to compromise an ELD device locally by simply connecting to the ELD Wi-Fi connection point, which had a predictable SSID [network name] and a weak default password….

Source…

Cybersecurity agencies issue warning over Chinese hacking group

/in


Government cybersecurity authorities in the US and allied nations are sounding the alarm bell again over the Chinese hacking group known as Volt Typhoon.

In a joint advisory issued on Tuesday, the US Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), FBI, and eight international partners warned that the Beijing-backed Volt Typhoon gang may be gearing up for disruptive or destructive cyber strikes targeting critical infrastructure organisations.

“Volt Typhoon has been pre-positioning themselves on US critical infrastructure organisations’ networks to enable disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies,” the advisory warns.

“This is a critical business risk for every organisation in the United States and allied countries.”

This latest alert comes just over a month after the same coalition of agencies revealed that Volt Typhoon had compromised the networks of multiple critical infrastructure victims in the US.

The alert recommends that organisations prioritise security efforts through tools like the Cybersecurity Performance Goals and engage with designated Sector Risk Management Agencies. It also urges implementing robust logging practices to detect stealthy “living off the land” techniques favoured by Volt Typhoon, which leverage legitimate software to blend into target environments.

Developing comprehensive incident response plans, conducting cybersecurity drills, and hardening supply chains are also highlighted as critical measures to thwart potential Volt Typhoon intrusions and attacks.

The repeated warnings underscore the grave concerns over Volt Typhoon’s capabilities and suspected destructive intentions against critical infrastructure providers in the US and allied nations amid heightened geopolitical tensions.

(Photo by Thomas Kelley)

See also: Nations demand tech firms tackle scammers

Unified Communications is a two-day event taking place in California, London, and Amsterdam that delves into the future of workplace collaboration in a digital world. The comprehensive event is co-located with Digital Transformation Week,…

Source…

Pokemon resets some users passwords after hacking attempts

/in


The Pokemon Company said it detected hacking attempts against some of its users and reset those user account passwords.

Last week, an alert was visible on Pokemon’s official support website, which said that “following an attempt to compromise our account system, Pokemon proactively locked the accounts of fans who might have been affected.”

The alert about hacking attempts that The Pokemon Company posted on its official support website.The alert about hacking attempts that The Pokemon Company posted on its official support website.

The alert about hacking attempts that The Pokemon Company posted on its official support website.

The alert about hacking attempts that The Pokemon Company posted on its official support website.

As of Tuesday, the alert is gone. A spokesperson for the company said there was no breach, just a series of hacking attempts against some users.

“The account system was not compromised. What we did experience and catch was an attempt to log in to some accounts. To protect our customers we have reset some passwords which prompted the message,” said Daniel Benkwitt, a Pokemon Company spokesperson.

Pokemon is a wildly popular game franchise with hundreds of millions of players around the world.

Benkwitt said that only 0.1% of the accounts targeted by the hackers were actually compromised, and reiterated that the company already forced the impacted users to reset their passwords, so there isn’t anything to do for people who have not been forced to reset their passwords.

The description of the Pokemon account breaches sounds like credential stuffing, where malicious hackers use usernames and passwords stolen from other breaches and reuse them on other sites.

A recent example of a similar incident is what happened last year to the genetic testing company 23andMe. In that case, hackers used leaked passwords from other breaches to break into the accounts of around 14,000 accounts. By breaking into those accounts, the hackers were then able to access the sensitive genetic data on millions of other 23andMe account holders.

That prompted the company (and several other of its competitors) to roll out mandatory two-factor authentication, a security feature that prevents credential stuffing attacks.

For its part, the Pokemon Company does not allow its users to enable two-factor on their accounts, when TechCrunch checked.

Source…

U.S. still finding victims of advanced China-linked hacking campaign, NSA official says

/in


The U.S. is still identifying victims targeted by an extensive China-backed hacking campaign that became the subject of a recent FBI takedown operation and other advisories from officials over the past year, a top NSA cyber official said.

Rob Joyce, the agency’s outgoing cybersecurity director, said on Friday that the U.S. is still finding victims of the Volt Typhoon hacking collective that’s been latching onto critical infrastructure through compromised equipment including internet routers and cameras, and that NSA is not yet done with efforts to eradicate such threats.

The clandestine activities, which are said to be backed by the Chinese government, have allowed the hackers to conceal their intrusions into U.S. and foreign allies’ systems for at least five years, officials have previously said. 

The FBI in January announced it had jettisoned a significant portion of the group’s operations from compromised equipment it had burrowed into. These claims were subsequently affirmed by analysis from the private sector. But Friday’s remarks indicate there is still a way to go before Volt Typhoon is completely eradicated from U.S. networks.

Joyce, who was speaking to a group of reporters, declined to give a precise account of how many victims were remaining, but said the Chinese cyberspies are using tradecraft that’s difficult to uncover because of its reliance on stolen administrator credentials which allow them to more easily mask exploits.

The Volt Typhoon group has been carrying out “station keeping” activities, in an effort to preposition themselves to take down key infrastructure like transportation networks, he said. As for when the dismantling order would come down from Chinese authorities, the agency assesses it would be a “pretty high bar” reserved for major conflict like a possible Chinese invasion of Taiwan, he said.

The Volt Typhoon hackers have been using “living off the land techniques” that allow them to hide inside systems and bypass detection, previous U.S. reports said, noting that they have breached American facilities in Guam, as well as other key infrastructure in facilities both inside and outside the U.S.

Joyce added that NSA has been able to…

Source…