When you think of security vulnerabilities, the first thing that likely comes to your mind are flaws in Windows operating theatre apps like Adobe Reader that let hackers wreak mayhem on your Personal computer. But computers are everywhere these days, and with more computers hail more security headaches.
Join us as we look at ten hacks and vulnerabilities that strike threats to the next level. Somehow, things have gotten straight crazier since our last look at shocking security exploits.
Hackers crack the car
In-car sailing and docudrama systems can deeply better the driving feel for, but they can also open upward your car to security department issues that you might never have imagined.
Subject in steer: In July, security researchers Charlie Henry Miller and Chris Valasek managed to control a Landrover Cherokee's acceleration and braking—among other things—via the Internet. The pair victimized a vulnerability in the Jeep's Uconnect in-dash infotainment system, and used a smartphone to remotely brake the gondola while information technology was being compulsive.
The hack took Miller and Valasek three geezerhood of work to rive off. The fact that mortal could yield verify of a car done a hole in the infotainment system is worrisome, though, and the hack was serious adequate that Fiat Chrysler recalled 1.4 million vulnerable vehicles.
Hacked electric skateboard makes riders eat pavement
Image away Boosted Boards
But the auto isn't the solely manner of transportation that is potentially under fire to hacking. In early August, researchers Richo Healy and Mike Ryan demonstrated how they could remotely control an electric skateboard by exploiting the unbarred Bluetooth connexion betwixt the board and the remote used to control it.
In their demonstration, which they fittingly named FacePlant, Healy and Ryan used a laptop to attach control of a Boosted galvanizing skateboard, abruptly stopping it, and so sending the board in reverse. The rider would go flying off the board atomic number 3 a issue, ending up with a serious case of road rash.
Realistically, you probably don't have to vexation too much about becoming the victim of a hacked electric skateboard, but Healy and Ryan's research should serve as a wakeup call to makers of electric skateboards, scooters, and bicycles.
Malware gets into your BIOS
When you look upon malware, you probably think of viruses, spyware, and trojans that infect your PC at the OS level. But on that point's a whole family of future malware that targets your PC's underlying microcode.
A nibble of malware called badBIOS doesn't just infect a PC's BIOS—it's also nearly impossible to completely eradicate. According to researchers, badBIOS can persist on your system, even if you flash your BIOS. As a result, traditional detection and removal methods are useless against badBIOS.
Because malware that targets firmware sidesteps the operating organization, beautiful much some PC may be vulnerable, even if you run an Bone for which very brief malware exists. Last month, for example, researchers showed how malware can attack the EFI firmware that Apple uses on Macs.
Malware that uses sound to jump air gaps
BadBIOS had one different sinister trick up its sleeve: Although the malware spreads via infected USB trashy drives, researchers believed that it communicates with other infected computers via high-frequency audio signals.Researchers say that it's only one of several mathematical ways malware could communicate with other putrefactive machines without the aid of a web connection.
Yikes.
When good flash drives go nonfunctional
Malware delivered on flash drives via putrefactive files isn't recently, and it's a problem that you can mitigate away exercising caution and using a skillful antivirus software program. But when the photoflash drive itself is malicious, well, completely bets are off.
BadUSB, a toolkit put out by a pair of security researchers last fall behind, shows how flash drives can be modified for nefarious purposes. Victimisation attacks like BadUSB, a likely malware distributor could change the firmware happening the flash drive itself to arse around a Microcomputer into thinking the flash driving is a different openhearted of device.
For exemplar, as IDG News Service's Lucian Constantin explained, "a USB thumb drive connected to a computer crapper automatically switch its profile to a keyboard—and send keystrokes to download and install malware—operating room emulate the profile of a network controller to hijack DNS settings."
USB Killer kills PCs dead
Naturally, BadUSB isn't all a malicious flash cause seat do—one could potentially minor your PC.
USB Killer is a proof-of-concept attack in which an attacker would modify a flash drive's hardware so that it would deliver an electrical shock to your PC instead of data. The modified USB driving would cause an electrical-current feedback loop of sorts: Eventually, the electrical current would become strong enough—and reach a high-enough voltage—to pledge your PC's entrails.
WireLurker takes aim at Macs, iPhones
Image by Macworld (U.S.A)
When it comes to mobile malware, the iPhone has been remaining mostly unhurt. That doesn't mean iOS isn't vulnerable to plan of attack, though. Last fall, an attack qualification the rounds in PRC dubbed WireLurker used infected OS X apps to deliver malware that swiped personal data—look-alike call logs and contacts—from both jailbroken and unadapted iPhones alike.
At one time WireLurker got onto your Macintosh, it would wait for you to connect an iPhone to your estimator via USB. If it heard a jailbroken iPhone, information technology would look for peculiar apps for jailbroken phones and replace them with infected versions. On non-jailbroken phones, it would fork over its payload exploitation a characteristic that allows companies to set up bespoke apps on their employees' iPhones.
Apple pointless no meter and blocked WireLurker not far after researchers uncovered the malware attacks.
Your GPU: A future malware target?
Back in March, a group of developers created a malware proof-of-conception called JellyFish that incontestable how malware could potentially run on a PC's nontextual matter central processing unit.
While JellyFish was but an example to show to the security world how such an attack might work, malware like it could prove especially potent, because it can be readily adapted to attack machines operative WIndows, Linux, or OS X.
GPU-hosted malware would also glucinium more effortful for antivirus software to detect, though a new report from McAfee indicates that security measures software may—may—be able to detect IT aft all. Here's hoping.
Tech makes for a home security headache
An Internet-connected video camera seems like a good idea in possibility—after all, beingness capable to check in on your home while you're away stool raise your repose. But security measures researchers accept shown that so-called connected home devices often curb issues that could allow an attacker to compromise your privacy or security.
In February, security firm Synack discharged a written report on the return. As our Saul of Tarsu Lilly reportable at the time, Synack's research revealed "a long list of issues, including open ports, built-in backdoors, and lack of encoding." Just this month, researchers managed to hack into nine different Internet-siamese baby monitors—a terrifying prospect for any bring up.
If an attacker finds a way to remotely control a abutting home device on your network, they could potentially usage it as a way to intercept personal selective information (so much as usernames and passwords) from computers along your home network.
Computers and guns wear't mix
TrackingPoint makes a series of sensor-packed computer-assisted rifles that can make you a more accurate shot. At this year's DEFCON and Black Hat conferences in Las Vegas, security researchers Runa Sandvik and Michael Wimble incontestible how extraordinary of TrackingPoint's rifles tin be hacked.
The pair exploited a flaw in the gun's systems via its built-in Wi-Fi access point, to redirect shots absent from the intended target—and potentially toward something Beaver State someone else.
TrackingPoint responded to the hack, saying, "Since your triggerman does not have the ability to connect to the Internet, the gun can solitary be compromised if the hacker is actually physically with you. You can continue to use Wi-Fi (to download photos or connect to ShotView) if you are confident no hackers are within 100 feet."
OK then.
Note: When you buy something after clicking links in our articles, we may pull in a small commission. Read ouraffiliate connection policyfor more inside information.
Security
Nick is a freelance contributor and a former editor for TechHive and PCWorld. He likes puns and the color yellow.
0 Response to "10 weird and wild cutting-edge security threats - baileydoopeas"
Post a Comment