A team of computer hackers have demonstrated how the Tesla Model S can be located, unlocked and driven away without the key. By compromising the car's companion smartphone application, they used a laptop to remotely unlock the doors, start the electric car and 'steal' it from a colleague.
The hack exposes the internet weaknesses of products which can be accessed via apps and the internet. The Tesla app is commonly used by owners to check the battery level and charging status, see the location of their car, as well as set the climate control before getting in, and flash the lights to help find the car in a car park.
Read moreA group of malware hunters has caught a new Android spyware in the wild. The spyware is marketed to governments and police forces and was made in Italy—but it wasn’t built by the infamous surveillance tech vendor Hacking Team.
Researchers released a technical report on a new type of Android malware designed to surreptitiously record video and audio, turn the GPS on and off, steal data from the phone and take screenshots, among other functions—”run-of-the-mill, boring, commercial spyware junk.” The researchers said the spyware infected a victim working for a government, and they suspected it was made by Hacking Team.
Read moreDo you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours. You heard that right.
Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours. Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.
Read moreIf you don’t go to suspicious sites, malware can’t get you — right? Well, no. Even those who do not open unreliable e-mail attachments, avoid porn sites, and do not install apps from unofficial stores are not well-enough protected.
New developments suggest that malware can be found even on an absolutely legitimate site, as 318,000 thousand Android users found out when their Android devices were attacked by the Svpeng.q banking Trojan from Google AdSense advertisements. Google AdSense is the biggest ad network in the world, so a lot of criminals dream about finding a way to use the network to spread their malicious programs worldwide.
Read moreResearchers say they have discovered commodity Android spyware called Exaspy being used to spy on executives. The spyware is being sold as a $15-a-month turnkey service online and can be used to intercept nearly all phone-based communications including phone calls, text messages, Skype sessions, photos and much more.
Experts discovered the spyware in September when a customer identified a fake app called “Google Services” running on one of their executive’s phones with full administrative rights. The victim targeted by the spyware was a high-profile executive at a global technology company.
Read moreSecurity researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim.
A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chinese University of Hong Kong has found that most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0. It is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts.
Read moreAnother day, another Internet of Things security problem. This time Belkin, a company that’s been called out before for vulnerable home automation kit, has issued a firmware update that will prevent old school attacks on its WeMo kit that could have let malicious hackers haunt not just customers’ homes, but their Android smartphones too.
Whilst Belkin’s update addresses the issues, the hackers told it was possible to completely kill the update process on already-compromised devices, preventing any fix from ever being delivered. The first vulnerability uncovered by Tenaglia and Tanen was classed as a SQL injection bug, where they found they could inject data into databases used by WeMo devices.
Read moreA new Android banking Trojan, which masquerades as a Flash Player app, targeting customers of at least 90 major banks across the US and Europe has been uncovered. The malware can be considered to be highly advanced and dangerous, especially given its ability to bypass SMS-based two-factor authentication.
Some of the banking apps targeted by the malware include Deutsche Bank, Santander, American Express, Coinbase, Credit Karma, Paypal and Wells Fargo, among others. This banking malware can steal login credentials from 94 different mobile banking apps. The banking Trojan also comes with the ability to target some of the more popular social media apps.
Read moreMobile malware authors have come up with a new trick that helps Android.Lockscreen, a ransomware strain that targets Google's mobile OS, to start automatically whenever the user reboots his device.
Android ransomware is not as advanced as its Windows counterpart. Most of today's Android ransomware families lack the capability to encrypt user files, which greatly hinders their ability to extort users. Android.Lockscreen is one of the most effective ransomware families because it locks the user's screen with a random PIN number. Researchers revealed a new tactic, which now disguises its malicious code inside a "launcher app."
Read moreAn analysis of transactions originating from devices protected by Zscaler security products reveals that iOS applications leak private user information in more situations than Android apps.
The result of this study shows that the generally accepted theory of iOS being more secure than Android doesn't necessarily apply to the apps running on these two platforms. According to data gathered in the last quarter, Zscaler says it detected around 200,000 transactions from a total of 45 million, where an app has leaked user data. The type of leaked information includes personally identifiable information, geo-location data, and device metadata.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland