Tag: unlock | Page 3

Keyless hack can unlock and start cars — including Teslas

May 17, 2022/in Internet Security

Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of electric vehicles.

A hack effective on the Tesla Model 3 and Y cars would allow a thief to unlock a vehicle, start it and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group.

By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models. Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Tesla vehicles. The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said.

The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as a method that hackers exploit to unlock smart technologies, including house locks, cars, phones and laptops, Khan said. NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. Kevo smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in the lock app.

A…

Source…

Tesla hacker demonstrates how to unlock doors, start the electric motor

May 16, 2022/in Computer Security

Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of the electric vehicles.

A hack effective on the popular S and Y Tesla cars would allow a thief to unlock a vehicle, start the electric motor and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group. By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models.

Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Teslas.

The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as method that hackers exploit to unlock smart technologies including house locks, cars, phones and laptops, Khan said.

NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in lock app. A…

Source…

Pixel 6 Pro setup screen accidentally reveals face unlock option for one user

April 13, 2022/in Mobile Security

What you need to know

New evidence of face unlock support for the Pixel 6 Pro has surfaced.
The unreleased biometric feature inadvertently appeared as a backup security option when a user was setting up their new Pixel 6 Pro.
However, it remains inoperable on Google’s latest flagship phone.

Face unlock support for the Pixel 6 Pro has been rumored since late last year, but Google has yet to enable the security method despite having released two Feature Drops. Now, a new piece of evidence suggests the search giant is preparing to launch it in a future update.

According to a Reddit user who recently purchased a new Pixel 6 Pro, the face unlock option showed up during the phone’s initial setup as one of the backup screen lock methods. It specifically appeared alongside the PIN, pattern, password, and fingerprint options on the “Choose a screen lock” page.

Face unlock option appearing in the Pixel 6 Pro's initial setup screen — Face unlock option appears in the Pixel 6 Pro’s initial setup screen (Image credit: Special_Command7893 / Reddit)

Unfortunately, the feature is not functional because the user found no option to turn it on during the phone’s configuration. Face unlock was nowhere to be found in the settings menu either. It’s anybody’s guess why it appeared on the setup page right now.

According to 9to5Google, the face unlock reference has been tucked away inside the Pixel 6 Pro’s Android 12 builds since as early as October 2021. These findings seem to back up earlier speculation that Google ditched the feature at the last minute before unveiling the Pixel 6 series. Face unlock was rumored to be a feature of Google’s best Android phones prior to their launch, but they only arrived with an in-display fingerprint sensor.

Most recently, traces of the feature were spotted in Google’s Android 12 QPR3 Beta 1.1 interim update.

What’s curious about its latest sighting is that it showed up on the stable channel. While the feature’s appearance on the Pixel 6 Pro might have been a fluke, Pixel fans may now have another reason to hope for its future arrival.

That said, Google has consistently kept the release date of face unlock a closely guarded secret, and only time will tell whether it will be included in a future software update.

Google Pixel 6 Pro

Source…

Sorry, Tool to Unlock Nvidia’s Ethereum Mining Limiter Delivers Malware

February 23, 2022/in Computer Security

Yep, it was too good to be true. A software tool claiming it can remove the Ethereum mining limiter on Nvidia’s RTX 3000 graphics cards is actually capable of delivering malware.

The tool’s creator, a mysterious developer known as “Sergey,” released a beta of the “LHR Unlocker” program this morning on his GitHub page, a few days ahead of a promised Saturday launch. However, a component inside the installer can fetch an Nvidia GeForce driver file that 18 different antivirus scans will detect as malware.

The malicious nature of LHR Unlocker was noticed by a Russian data scientist named Mikhail Stepanov, who posted an antivirus scan of the driver file on Sergey’s own GitHub page.

A virus scan of the malicious driver file.

A virus scan of the malicious driver file.
(VirusTotal)

Stepanov, who mines cryptocurrency at his home, said he unpacked the installer and launched it on a virtual machine, but found no evidence it’ll unlock the Ethereum mining limiter on Nvidia’s RTX 3000 GPUs. Instead, the installer can fetch a malicious driver file from a server under the domain “drivers.sergeydev[.]com.”

“This is a common Trojan,” Stepanov told PCMag in a chat on Telegram. “Most likely they wanted to build a botnet.”

screenshot

The URL to the malicious driver file is inside one of the installer’s components.

PCMag also unpacked the LHR Unlocker installer, and found that a component inside called “AI_FileDownload” does indeed lead to the domain “drivers.sergeydev[.]com” to fetch the malicious Nvidia driver file. Antivirus scans from Kaspersky, McAfee, Avast, Symantec, and Microsoft all detect it as a malicious file or as a Trojan. There is a chance the antivirus scans flagged the Nvidia driver file incorrectly. But in its current state, the beta LHR Unlocker program doesn’t work.

Meanwhile, a separate malware scan using Joe Sandbox shows the LHR Unlocker installer will also try to prevent Windows Defender from detecting it, according to Tom’s Hardware.

Recommended by Our Editors

So far, Sergey hasn’t commented on the malware allegations. His background is unclear, but a domain lookup shows sergeydev[.]com is registered to a person in Poland named Sergey Bronovsky.

The tool was released as…

Source…

Tag Archive for: unlock

What you need to know

Recommended by Our Editors