Tag Archives: hacking

Hackers claim Christmas day outage of Sony PlayStation and Microsoft’s Xbox networks

Earlier this month, as the Sony Entertainment breach was making headlines, Sony’s PlayStation Network (PSN) was knocked offline due to an alleged hacking attack. On Christmas morning, just as kids everywhere were unwrapping their new PlayStation and Xboxes, the PSN and Microsoft’s Xbox Live network were both disrupted leading to speculation that they were once […]

Avast revisits the biggest threats of 2014

      No Comments on Avast revisits the biggest threats of 2014

2014 has been an active year for cybercrime. Let’s start with the most recent and then take a look at some of the other important security events of the year. State-sponsored espionage We are ending the year with the most publicized and destructive hack of a major global company by another country – now identified […]

Self-propagating ransomware written in Windows batch hits Russian-speaking countries

Ransomware steals email addresses and passwords; spreads to contacts. Recently a lot of users in Russian-speaking countries received emails similar to the message below. It says that some changes in an “agreement’ were made and the victim needs to check them before signing the document. The message has a zip file in an attachment, which […]

Top 3 types of hacks against small websites

      No Comments on Top 3 types of hacks against small websites

This question, from a small-site owner with tens or hundreds of visitors per day, is an unfortunate but all too familiar one. One morning I started getting emails from my customers complaining that their antivirus reported my site as infected and won’t let them in. It must be some mistake because I don’t have an […]

????????????????????

      No Comments on ????????????????????

image1_8.png
 

最近の自動車には、高度な電子機器が多数搭載されており、あらゆるセンサー、処理装置、電子制御ユニットを接続するケーブルの全長は 1 km を超えるほどです。車両自体が大型のコンピュータのようになっており、これまでの歴史が示しているとおり、コンピュータがあれば必ず攻撃の対象として狙われます。車載ネットワークを通じて自動車を攻撃することの現実性については、過去数年間にいくつかの研究が行われています。大半の研究は、完全に物理的なアクセスによって自動車を攻撃する方法に終始していますが、なかには外部の攻撃経路を調査した研究もあります。

自動車に対して物理的なアクセスが可能な場合、攻撃者は CAN(コントローラエリアネットワーク)システムや OBD(車載診断)システムなどにもアクセスできますが、ブレーキに細工する、車両自体を盗むなど、ほかにも悪質な行為を行うことも可能です。一方、自動車に対するデジタルな改変操作を事後に証明することは、物理的な行為より困難な場合があります。このような攻撃は、リモートコード実行の余地がある他の攻撃と組み合わせることも可能であり、ペイロードの実証と捉える必要があります。

物理的にアクセスせずに車載システムに侵入する経路は、タイヤ圧監視システム、TMC(交通メッセージチャネル)のメッセージ、GSM 接続や Bluetooth 接続など、いくつかあります。車両の一部の機能を制御できるスマートフォン向けアプリを開発し始めたメーカーもあり、それも新しい攻撃経路として利用される可能性が出てきました。また、特別に細工した音楽ファイルを USB ドライブに潜ませ、車載システムの一部を乗っ取ることができたというケースも確認されています。

DARPA のプロジェクトに研究員として携わっているチャーリー・ミラー(Charlie Miller)氏とクリス・バラセク(Chris Valasek)氏は、車両に乗り込んだ場合にどの程度まで CAN をハッキングできるかを研究しています。DEFCON カンファレンス向けプレゼンテーションのプレリリース版ビデオによると、自動車の機能はほぼすべて制御またはトリガーすることができ、たとえばライトをすべて消灯する、エンジンを停止する、ブレーキを無効にする、一分ハンドル操作を行う、クラクションを鳴らす、システムディスプレイを操作することが可能です。これが深刻な事故につながりうることは容易に想像できます。悪質なファームウェア更新やシステム変更を利用すれば、このような改変を恒久的に、かつ見つからないようにすることも不可能ではありません。もちろん、ラップトップとモデムをグローブボックスに入れても同様の攻撃は可能ですが、この方法に比べれば発覚しやすいでしょう。攻撃者がこの研究と同じ手口を使ったしても、後部座席に攻撃者のラップトップがあるのに気づけば、きっと怪しむはずです。

自動車メーカーもこうした課題に気づいており、車載ネットワークのセキュリティについて何年間も改善を続けています。リモート攻撃の経路については特に、解析と保護対策が必要です。シマンテックでも、今後の改善に向けてこの分野の研究に注目しています。ミラーとバラセクの両氏の研究では、自動車が攻撃者にとって格好の標的になることが実証されていますが、運転中にハッカーに乗っ取られるよりもはるかに大きなリスクがすでに存在しています。個人的には、運転中にスマートフォンを操作している人がいることに脅威を感じます。少なくとも当面の間、自動車事故という点では、このほうがはるかに大きなリスクでしょう。運転は、どうぞ安全第一で。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Hit the brakes! How Secure is Your Car’s Computer?

As everyday items become increasingly computerized and Internet-connected, the convenience and efficiency of our lives has improved more than we could have imagined. Like something out of the Jetsons, we are seeing numerous technological advancements applied to kitchen appliances and other everyday household items to optimize our experience. Refrigerators, thermostats, cars and more are connecting Read more…

Hit the brakes! How Secure is Your Car’s Computer?

As everyday items become increasingly computerized and Internet-connected, the convenience and efficiency of our lives has improved more than we could have imagined. Like something out of the Jetsons, we are seeing numerous technological advancements applied to kitchen appliances and other everyday household items to optimize our experience. Refrigerators, thermostats, cars and more are connecting Read more…

When Car Hacking Turns Your Vehicle into a Video Game

image1_8.png
 

Modern cars contain a lot of nifty electronic gadgets, as well as more than one kilometer of cable wired to all kinds of sensors, processing units, and electronic control units. The cars themselves have become large computers, and as history shows, wherever there is a computer, there is someone trying to attack it. Over the past few years various studies have been conducted on how feasible it would be to attack a car through its onboard network. Most researchers focused on attacks with full physical access to the car, but some also explored external attack vectors.

If attackers have physical access to a car they can, for example, access the Controller Area Network (CAN) or the On-Board Diagnostic (OBD) system, but they can also perform other dangerous actions, such as physically tampering with the brakes or stealing the car. Digitally tampering with a car, on the other hand, might be much more difficult to prove after an accident. Such attacks could potentially be combined with other attacks that allow for a remote code execution and should be taken as a demonstration of payloads.

There are a few ways to get into a car’s system without having physical access to it, for example through tire pressure monitoring systems, traffic message channel (TMC) messages, or GSM and Bluetooth connections. Some manufacturers have started developing smartphone apps that can control some of the car’s functionalities, which opens another possible attack vector. There have also been some cases where specially crafted music files on USB drives were able to hijack some of the car’s systems.

Charlie Miller and Chris Valasek, two researchers working on a project for DARPA, explored how far they could go by hacking the Controller Area Network once inside the car. The pre-released video of their presentation for the upcoming DEFCON conference shows that nearly all of the car’s functions can be controlled or triggered including, switching off all lights, shutting down the engine, disabling the brakes, some limited steering, sounding the horn, and manipulating the system display. It doesn’t take much imagination to understand that this has the potential to cause serious accidents. Some of these changes could be made permanent and invisible with malicious firmware updates or system changes. Of course, a laptop with a modem in the glove box would work as well, but would not be as stealthy. If an attacker used the same method as the researchers, hopefully you would notice the attacker’s laptop on your backseat and wonder what was going on.

Car manufacturers are aware of these challenges and have been working on improving the security of car networks for years. Remote attack vectors, especially, need to be analyzed and protected against. At Symantec we are also monitoring this research field to help improve it in the future. Miller and Valasek’s research shows that cars can be an interesting target for attackers, but there are currently far bigger automobile-related risks than hackers taking over your car while driving. Personally, I’m more scared of people texting messages while driving and I assume they pose a far bigger risk than hackers when it comes to accidents, for now at least. Safe driving.

Password Safety In A Connected World

It has become increasingly common for personal and professional social media accounts to become ‘hacked’, or taken over by someone who doesn’t own the account. Twitter’s help center points out that this occurs from weak passwords, a pre-existing password-collecting virus on your computer or by entrusting your login credentials to malicious third-party websites and applications. Read more…

avast! Antivirus gets cameo role in Movies vs. Life viral video

A YouTube video called Movies vs. Life compares scenes embellished with movie magic to their real-life equivalents. We like to think that an avast! Antivirus cameo during a computer hacking scene (pay attention around 0:22 seconds) is one of the reasons that this hilarious video has gone viral. A round of applause from avast! to […]