Just like water leaks from pipes, so do electric signals from USB ports, indirectly exposing sensitive data to a knowledgeable attacker. The phenomenon is known as "channel-to-channel crosstalk leakage" and affects USB-based devices plugged into adjacent ports.
"Electricity flows like water along pipes – and it can leak out," said project leader Dr. Yuval Yarom. "In our project, we showed that voltage fluctuations of the USB port’s data lines can be monitored from the adjacent ports on the USB hub." This scenario implies the presence of a malicious USB device inserted in a nearby port that the attacker can use to monitor data flows in adjacent ports.Read more
Hacking air-gapped machines — computers that are not connected to the internet, so theoretically less vulnerable — is always pretty interesting.
On Wednesday, Wikileaks published a series of alleged CIA documents that supposedly show how the intelligence agency's malware was designed to infect these sort of targets. Naturally, the documents indicate how the CIA has continued to develop its own hacking tools, allegedly targeting devices from smart TVs to internet routers. According to one of the documents, "Brutal Kangaroo is a tool suite for targeting closed networks by air gap jumping using thumbdrives."Read more
A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting — Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users.
The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Until now, all smart TV exploits relied on attackers having physical access to the device, in order to plug in an USB that executes malicious code.Read more
To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums.
Tractor hacking is growing increasingly popular because John Deere and other manufacturers have made it impossible to perform "unauthorized" repair on farm equipment, which farmers see as an attack on their sovereignty and quite possibly an existential threat to their livelihood if their tractor breaks at an inopportune time. Most all the new equipment requires a download to fix.Read more
Snatching the login credentials of a locked computer just got easier and faster, thanks to a technique that requires only $50 worth of hardware and takes less than 30 seconds to carry out.
Rob Fuller, a principal security engineer at R5 Industries, said the hack works reliably on Windows devices and has also succeeded on OS X, although he's working with others to determine if it's just his setup that's vulnerable. The hack works by plugging a flash-sized minicomputer into an unattended computer that's logged in but currently locked. In about 20 seconds, the USB device will obtain the user name and password hash used to log into the computer.Read more
Chances are that each of us has found ourselves in a situation where our phone is dying and we had no charger on hand, but at the same time we desperately need to stay connected — to answer an important call, receive a text message or email, whatever.
It’s perfectly normal to look for any source of precious electricity on such occasions — any USB port would do. But is it safe? No. In fact, it can be dangerous: Over a USB connection someone can steal your files, infect your smartphone with something nasty — or even brick it. Before we get to the problem of thieves, we must point out that not all electricity is equally good for your phone.Read more
FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.
The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. To lower the chances that the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers.Read more
Two security researchers, Roberto Paleari and Aristide Fattori, have revealed the technical details of an exploit they've discovered in Samsung Galaxy devices that allows an unauthorized third-party to start calls or send SMS texts from locked devices.
According to a technical write-up published on GitHub two days ago, an attacker that has temporary access or has stolen a Samsung Galaxy device, can connect it via USB to a Linux workstation and send malicious commands that initiate hidden calls and send SMS messages. This trick works without leveraging any software vulnerability, and even if the phone has USB debugging or USB tethering turned off.Read more
Car Hacking is a hot topic today. Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means that a majority of car's functions are electronically controlled, from instrument cluster to steering, brakes, and accelerator.
No doubt these auto-control systems makes your driving experience better, but at the same time they also increase the risk of getting hacked. Previously researchers demonstrated how hackers can remotely hijack your car to control its steering, brakes and transmission. And now hackers can successfully disable car's airbags.Read more
We are very used to dividing the concept of IT security into two unequal subcategories, hardware- and software-centric. The hardware is usually considered relatively safe and clean — as opposed to software which is usually the layer suffering from bugs and malware.
This value system has been functioning for quite a while, however lately it has been showing signs of changing. Certain firmware responsible for managing discrete hardware components has been getting increasingly complex and is subject to vulnerabilities and exploits. Let’s review the top 5 dangerous hardware vulnerabilities that have recently been found in today’s PCs.Read more