Tag: Unlocks | SpinSafe

SiriusXM hack unlocks, starts cars

December 8, 2022/in Internet Security

Curry, who works for New York-based Yuga Labs, a blockchain-based software development company, is known in cybersecurity circles for his interest in automobile telematics.

In September 2022, a hacker reached out to Curry to show him how he had breached Uber’s backend systems and compromised the ride-hailing service’s Amazon and Google-hosted cloud environments where the company stores its source code and customer data.

The automakers and SiriusXM said no mishaps resulted from the potential security breach.

“Honda is aware of a reported vulnerability involving SiriusXM connected vehicle services provided to multiple automotive brands, which, according to SiriusXM, was resolved quickly after they learned of it,” Jessica Fini, a Honda spokeswoman, said in a statement. “Honda has seen no indications of any malicious use of this now-resolved vulnerability to access connected vehicle services in Honda or Acura vehicles.”

In a statement, SiriusXM Connected Vehicle Services said that “the issue was resolved within 24 hours after the report was submitted. At no point was any subscriber or other data compromised, nor was any unauthorized account modified using this method.”

Hyundai spokesman Ira Gabriel told Automotive News that the automaker worked with third-party consultants to investigate the vulnerability as soon as Curry and his team brought the security issues to their attention.

“Importantly, other than the Hyundai vehicles and accounts belonging to the researchers themselves, our investigation indicated that no customer vehicles or accounts were accessed by others as a result of the issues raised by the researchers,” Gabriel said.

To hack a Hyundai, Gabriel said one needed the email address associated with the account, along with the VIN and the script, or code, used by the hackers.

Nevertheless, Hyundai implemented countermeasures within days of notification to further enhance the safety and security of its systems, he said.

Curry told Automotive News that he thought automakers could make their smartphone applications more secure through standardization, but they each take separate approaches in developing their applications.

“This is a really complicated issue, but I’d like to…

Source…

Kingston’s New Encrypted SSD Unlocks Via Touch Screen

May 23, 2022/in Computer Security

Kingston’s latest encrypted external SSD is designed to be as friendly for consumers to use as it is devilish for hackers to try and crack. The new Kingston IronKey Vault Privacy 80 External SSD VP80ES unlocks like a smartphone, with its intuitive touchscreen, and then enables simple drag-and-drop file transfers. Meanwhile, hackers face a FIPS 197 certified OS-independent device which safeguards against Brute Force attacks and BadUSB with digitally-signed firmware and XTS-AES 256-bit encryption.

Many storage devices you can buy nowadays come with some kind of encryption tools bundled, or if not you can use BitLocker (might be an extra to pay for depending on your version of Windows). However, some of the software is OS specific, or it will require you complete a number of preparatory tasks some users will be tempted to put off until ‘later’. Kingston reckons its IronKey Vault Privacy 80 External SSD VP80ES addresses all these weaknesses, and is a friction free alternative to secure data storage needs for any platform.

The first thing you will notice about the VP80ES is its handy compact shape is dominated by a color touch screen on one side. You will mostly be interacting with the touch screen to unlock the drive after plugging it into your computer or other smart device. In many of the pictures you can see a numpad for inputting a passcode or PIN. You can flip to text input to use a password or phrase instead (6-64 characters). As well as unlocking the device you will use the touchscreen for setup / configuration, and it will display useful status messages.

Some specifics about passcode and passphrase access provided by Kingston include the fact that there are multi-level password options. Specifically, you can set up admin and user passwords. It has an option to respond to brute-force attacks by crypto-erasing the drive “if the Admin and User passwords are entered incorrectly 15 times.” Users can set this data destruction to kick in at their own choice of between 10 and 30 wrong password attempts.

The drive is similarly protected against USB firmware shenanigans. The publicity materials for the VP80ES mention it is protected against BadUSB, which is a computer security attack…

Source…

New GandCrab Decryptor Unlocks Files of Updated Ransomware – Threatpost

March 3, 2019/in Internet Security

New GandCrab Decryptor Unlocks Files of Updated Ransomware Threatpost

Yet another free decryptor is available for GandCrab ransomware victims. The tool, released Tuesday, is the third decryptor update in the past year that thwarts …

“exploit kit” – read more