Tag Archives | Security

Hacker Demonstrates Android Smartphone App To Hijack A Plane Midair

hijack a planeOn your next flight, you may want to look over your shoulder at what the person next to you is doing. Help Net Security reports:

An extremely well attended talk by Hugo Teso, a security consultant at n.runs AG in Germany, galvanized the crowd attending the Hack In The Box Conference in Amsterdam. Teso showcased an Andorid app, PlaneSploit, that remotely controls airplanes on the move.

Teso has been working in IT for the last eleven years and has been a trained commercial pilot for a year longer than that. By creating an exploit framework (SIMON) and an Android app (PlaneSploit) that delivers attack messages to the airplanes’ Flight Management Systems (computer unit + control display unit), he demonstrated the terrifying ability to take complete control of aircraft.

His testing laboratory consists of a series of software and hardware products. But the connection and communication methods, as well as ways of exploitation, are absolutely the same as they would be in an actual real-world scenario.

Read the rest
Continue Reading

Brazilian Doctor Arrested For Using Silicone Fingers To Fool Fingerprint-Based Biometric Check-In

Our key-less and password-less future will hinge on being identified via our fingerprints, irises, and vocal tones. The problem is, someone else may have a copy of your finger. Via the BBC:

A Brazilian doctor faces charges of fraud after being caught on camera using silicone fingers to sign in for work for absent colleagues, police say.

Thaune Nunes Ferreira, 29, was arrested on Sunday for using prosthetic fingers to fool the biometric employee attendance device used at the hospital where she works near Sao Paulo. She is accused of covering up the absence of six colleagues. Her lawyer says she was forced into the fraud as she faced losing her job.

Police said she had six silicone fingers with her at the time of her arrest, three of which have already been identified as bearing the fingerprints of co-workers.

Read the rest

Continue Reading

The Dangers Of The Growing Malware-Industrial Complex

Via the MIT Technology Review, Tom Simonite writes:

A freshly discovered weakness in a popular piece of software, known in the trade as a “zero-day” vulnerability, can be cashed in for prices in the hundreds of thousands of dollars from defense contractors, security agencies and governments. This trade in zero-day exploits is poorly documented, but it is perhaps the most visible part of a new industry that in the years to come is likely to swallow growing portions of the U.S. national defense budget.

It became clear that this type of assault would define a new era in warfare in 2010, when security researchers discovered a piece of malicious software known as Stuxnet. Now [known] to have been a project of U.S. and Israeli intelligence, Stuxnet was carefully designed to infect multiple systems needed to access and control industrial equipment used in Iran’s nuclear program.

No U.S. government agency has gone on the record as saying that it buys zero-days.

Read the rest
Continue Reading

Amazon Cuts Ties with “Neo-Nazi” Security

Disinfonaut Russell Grant tipped us that Amazon.com will no longer employ alleged Neo-Nazi security firm Hess.

Via Salon:

An Amazon spokeswoman in Germany, Ulrike Stoecker, said Monday the online retailer has ended its relationship with Hensel European Security Services “with immediate effect.”

A documentary shown on ARD public television last week showed staff of the security company – whose initials spell out the name of Adolf Hitler’s deputy Hess – wearing clothes linked to Germany’s neo-Nazi scene. It interviewed people claiming they were mistreated by the staff.

Stoecker told The Associated Press that Amazon has a “zero tolerance limit for discrimination and intimidation and expects the same of other companies it works with.”

Keep reading.

Thanks Russell!

Read the rest

Continue Reading

Silent Circle, The New Encryption App That Is Terrifying The Government

The idea is to “democratize encryption” by making it available to the non-tech-savvy with the push of a button. Will this be used for good or evil? Slate‘s Ryan Gallagher explains:

The startup tech firm Silent Circle’s groundbreaking encrypted data transfer app will enable people to send files securely from a smartphone or tablet at the touch of a button—photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds.

The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a “Silent Text” app. The sender of the file can set it on a timer so that it will automatically “burn”—deleting it from both devices after a set period of, say, seven minutes. It’s a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade surveillance.

Read the rest
Continue Reading

TSA To Cease Use Of Naked-Image Scanners In Airports

The machines are being removed, but the disturbing grayscale images of travelers’ bloated bodies will continue to haunt our nightmares. Via Boomberg:

The U.S. Transportation Security Administration will remove airport body scanners that privacy advocates likened to strip searches after OSI Systems Inc. (OSIS) couldn’t write software to make passenger images less revealing.

TSA will end a $5 million contract with OSI’s Rapiscan unit. The agency removed 76 of the machines from busier U.S. airports last year. It will now get rid of the remaining 174 Rapiscan machines, with the company absorbing the cost.

Airline passengers were offended by the revealing images, including those of children and the elderly. The Washington- based Electronic Privacy Information Center sued the agency in July 2010, claiming the scanners violated privacy laws and has called use of the machines equivalent to a “physically invasive strip search.”

Read the rest

Continue Reading

All Charges Dropped Against British ‘UFO Hacker’ Gary McKinnon

Gary McKinnon can now be referred to as “the man who hacked NASA and the Pentagon and got away with it all.” Via the Daily Mail:

Gary McKinnon’s ten-year nightmare was finally over yesterday after police and prosecutors decided he will not stand trial in Britain. The computer hacker won his fight against extradition two months ago when Theresa May blocked US demands to send him there. Now Director of Public Prosecutions Keir Starmer has announced that the 46-year-old Asperger’s sufferer will not face criminal charges in this country either.

His mother Janis Sharp said: ‘This will be the 11th Christmas since his arrest and it is the first time we can celebrate. If extradited, Mr McKinnon, from Wood Green, North London, faced up to 60 years behind bars for hacking into Pentagon and NASA computers looking for the existence of ‘little green men’.

Read the rest

Continue Reading

Bank Hackers Deny Being Iranian Agents

In short, to the U.S. government, anything anomalous is an Iranian conspiracy. Wired writes:

A slew of American officials have blamed Iran for attacks on the servers of Bank of America, Well Fargo, HSBC, and other western banks. But the hackers taking credit for the sophisticated distributed denial-of-service strikes say that’s all wrong; they claim they hit the financial institutions because they were pissed off about “The Innocence of Muslims,” the infamous viral video making fun of the Prophet Muhammad. Tehran didn’t have a thing to do with it.

“We are not dependent on any government. We merely wanted to protest against the insulting movie,” people claiming to be part of the Izz ad-Din al-Qassam Cyber Fighters [said].

Some security researchers believed the attacks to be so sophisticated, they could’ve only been pulled off with government help. ”This isn’t consistent with what hacktivists are capable of,” Michael Smith, a security specialist at Akamai, said in September.

Read the rest
Continue Reading

Increased Airline Security Has Killed Far More Americans Than 9/11

Businessweek points out a staggering study suggesting that the delays and hassle caused by post-9/11 TSA airport screening procedures encouraged travelers to go by car rather than the far safer choice of flying  – resulting in thousands of extra road fatalities which would not have otherwise occurred, a death toll dwarfing that of the attacks on the Twin Towers:

Created in the wake of the Sept. 11, 2001, attacks, the Transportation Security Administration has largely outlived its usefulness. These days, the TSA’s major role appears to be to make plane trips more unpleasant.

The inconvenience of air travel is pushing more people onto the roads. Compare the dangers of air travel to those of driving. To make flying as dangerous as using a car, a four-plane disaster on the scale of 9/11 would have to occur every month, according to analysis published in the American Scientist. Researchers at Cornell University suggest that people switching from air to road transportation in the aftermath of the 9/11 attacks led to an increase of 242 driving fatalities per month—which means that a lot more people died on the roads as an indirect result of 9/11 than died from being on the planes that terrible day.

Read the rest
Continue Reading

FBI Begins $1 Billion Face Recognition Project

Expect plastic surgery to be a booming field starting in 2014. Via New Scientist:

As part of an update to the national fingerprint database, the FBI has begun rolling out facial recognition to identify criminals.

It will form part of the bureau’s long-awaited, $1 billion Next Generation Identification (NGI) programme, which will also add biometrics such as iris scans, DNA analysis and voice identification to the toolkit. A handful of states began uploading their photos as part of a pilot programme this February and it is expected to be rolled out nationwide by 2014. In addition to scanning mugshots for a match, FBI officials have indicated that they are keen to track a suspect by picking out their face in a crowd.

But privacy advocates are worried by the broad scope of the FBI’s plans. They are concerned that people with no criminal record who are caught on camera alongside a person of interest could end up in a federal database, or be subject to unwarranted surveillance.

Read the rest
Continue Reading