Tag Archive for: owners

Cybersecurity experts alert car owners to new hacking methods

/in


The evolving technological world is dynamic. While some people create solutions, there are others trying to exploit the vulnerability in the solution created to create a different problem.

Automobile thieves seem to be making desperate efforts to stay ahead of technological advancements created to beat them. From the days of smashing car windows to gain access or hotwiring a vehicle to steal it, automobile robbers graduated to hacking a vehicle using computer codes.

Car hacking is done by accessing a car’s computer systems through software such as CAN bus, Bluetooth pairing, or via physical access to connectors and ports.

However, when hacking became widespread, experts recommended car trackers, to trace and retrieve stolen vehicles.

But the bad men are constantly trying to beat advancing technology. With modern technology, the hackers have devised methods such as carjacking, jamming, cloning key fobs, defeating immobilisers and scanners to steal automobiles.

Researcher project that in the near future, motorists may have to worry about their the possibility of their vehicles being remotely hijacked and driven to specific locations by hackers and robbed of their vehicles.

When trackers were recommended, car owners heaved a sigh of relief. However, this won’t last for a long time as hackers have also identified a vulnerability in trackers, which they now use negatively to their advantage.

In a recent report by Forbes, a weakness has been detected in the tracking system of modern cars, which enables hackers to gain access to a car owner’s cellphones to steal their data.

What is bewildering is that fact that the technology that makes it possible for the hackers to do this is exactly what security agencies are using to check car theft through hacking.

According to the report, these are same technologies that security agencies are regularly exploiting in the United States, with immigration and police investing more in tools to extract mass data — from passwords to location — from as many as 10,000 different car models.

The report stated that the latest hacking was due to cars’ shared telematics…

Source…

Android owners warned of hidden risk when downloading apps on holiday – The US Sun

/in


ANDROID owners have been warned the apps they download on holiday may not be as secure as at home – even if they look and feel exactly the same.

Most apps are available globally and appear completely identical no matter where in the world you choose to download them.

Apps aren't necessarily the same throughout

1

Apps aren’t necessarily the same throughoutCredit: SOPA Images/LightRocket via Gett

But experts have revealed that beneath the surface things could be functioning quite differently – and not necessarily for the better.

User privacy and security can vary considerably when using the same app from country to country, according to the University of Michigan.

A team investigated more than 5,600 popular apps and uncovered hundreds with hidden changes depending on country.

127 of them had so-called “geodifferences” in permissions requested.

iPhone and Android owners urged to delete DOZENS of dubious apps now
Android users urged to DELETE 'dangerous' apps that rinse your bank account

49 of these made requests which are deemed “dangerous”.

And more than 100 had very different privacy policies based on country.

Apps in Bahrain, Tunisia and Canada requested the most additional dangerous permissions, experts claim.

“While our study corroborates reports of takedowns due to government requests, we also found many differences introduced by app developers,” said study co-author Renuka Kumar.

“We found instances of apps with settings and disclosures that expose users to higher or lower security and privacy risks depending on the country in which they’re downloaded.”

The research also lifted the lid on the huge number of geoblocked apps – apps which can only be downloaded in certain countries.

They found 3,672 apps in total were blocked in at least one of the 26 countries included in the study.

Iran and Tunisia apparently had the highest blocking rates, with popular apps like Microsoft Office, Adobe Reader, Flipboard and Google Books banned.

VPN apps were often blocked in Turkey and Russia too.

“Blocking by developers was significantly higher than takedowns requested by governments in all our countries and app categories,” Kumar wrote on The Conversation.

“App stores allow developers to target their apps to users based on a wide array of factors, including their country and their device’s specific features.”

Best Phone and Gadget tips and hacks

Looking for tips and…

Source…

Android mobile phone privacy settings: Warning for billions of Android owners

/in


Mobile phone owners across the world are being warned to check their Wi-Fi settings, due to a little-known privacy concern with Android mobiles.

A viral TikTok video has revealed that simply turning off Wi-Fi on an Android device doesn’t mean it is not working, and it could still be running in the background.

WATCH IN THE VIDEO ABOVE: How to truly turn off Wi-Fi on Android phones

Watch the latest News on Channel 7 or stream for free on 7plus >>

TikTok star @tatechtips shared the advice in a video, advising users to check their Wi-Fi scanning settings.

“Turning off your Wi-Fi, doesn’t necessarily mean you’ve turned off your Wi-Fi,” he said.

The video went on to explain users should go to ‘Location Services’ in settings and then ‘Wi-Fi Scanning’, where an option asks if apps can ‘use Wi-Fi for location detection even when Wi-Fi is turned off’.

Billions of Android users are being warned of the little-known privacy concern.  Credit: TikTok/ @tatechtips 

“So that means when you’ve turned your Wi-Fi off, but you’ve got your scanning on, your phone is still constantly sending probe requests for Wi-Fi,” he said.

“So if you want an extra level of privacy, turn your Wi-Fi scanning off as well.”

The video has received more than 67,000 likes, with many users commenting that they had no idea the Wi-Fi could still be running in the background.

“Thank you, I’ve always wanted to turn it off but never knew how,” one user said.

“Thanks. More privacy, the better. Turn it off immediately,” another added.

Source…

GM credential stuffing attack exposed car owners’ personal info

/in


General Motors logo on a building

US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed some customers’ information and allowed hackers to redeem rewards points for gift cards.

General Motors operates an online platform to help owners of Chevrolet, Buick, GMC, and Cadillac vehicles manage their bills, services, and redeem rewards points.

Car owners can redeem GM rewards points towards GM vehicles, car service, accessories, and purchasing OnStar service plans.

Targeted in credential stuffing attack

GM disclosed that they detected the malicious login activity between April 11th and April 29th, 2022, and confirmed that the hackers redeemed customer reward points for gift cards in some cases.

“We are writing to follow up on our [DATE] email to you, advising you of a data incident involving the identification of recent redemption of your reward points that appears to be without your authorization,” explains a data breach notification sent to affected customers.

GM states they will be restoring rewards points for all customers affected by this breach.

However, these breaches are not a result of a General Motors being hacked but rather are caused by a wave of credential stuffing attacks targeting customers on their platform.

Credential Stuffing attacks are when threat actors use collections of username/password combinations leaked in other sites’ data breaches to gain access to user accounts on a website.

“Based on the investigation to date, there is no evidence that the log in information was obtained from GM itself,” explains a different data breach notification from GM

“We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.”

GM requires affected users to reset their passwords before logging in to their accounts again.

Personal information exposed

When the hackers successfully breached a GM account, they could access certain information stored on the site. This information includes the following personal details:

  • First and last name,
  • personal email address,
  • personal address,
  • username and phone number for…

Source…