Archive for the ‘security’ Category

Bluetooth’s Complexity Has Become a Security Risk

May 19th, 2019
Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly at the center of a lot of security lapses.

Posted in security | Comments (0)

Google Tracks What You Buy Online With Gmail

May 18th, 2019
Adobe fixes, an executive order, and more of the week's top security news.

Posted in security, Security / Security News | Comments (0)

The False Promise of “Lawful Access” to Private Data

May 16th, 2019
Opinion: As online extremism migrates to real-world violence, some suggest letting law enforcement intercept encrypted messages. But that’s a dangerous proposition.

Posted in Opinion, security, Security / Privacy | Comments (0)

Goznym Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

May 16th, 2019
Charges against 10 men across Eastern Europe associated with the Goznym malware crew reveal global law enforcement's reach—and its limits.

Posted in security, Security / Security News | Comments (0)

The FCC’s Robocall Plan Sounds Awfully Familiar

May 15th, 2019
FCC chairman Ajit Pai has proposed a set of rules to combat robocalls. Don't get your hopes up quite yet.

Posted in security, Security / Security News | Comments (0)

Google Will Replace Titan Security Key Over a Bluetooth Flaw

May 15th, 2019
Google will replace any Titan BLE branded security key, after disclosing that a nearby attacker could use it to compromise your accounts.

Posted in security, Security / Security News | Comments (0)

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

May 15th, 2019
A very bad vulnerability in Windows XP could have serious ramifications, even with a patch.

Posted in security, Security / Cyberattacks and Hacks | Comments (0)

The radio-navigation planes use to land safely is insecure and can be hacked

May 15th, 2019
A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway.

Enlarge / A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.)

Just about every aircraft that has flown over the past 50 years—whether a single-engine Cessna or a 600-seat jumbo jet—relies on radios to safely land at airports. These instrument landing systems are considered precision approach systems, because, unlike GPS and other navigation systems, they provide crucial real-time guidance about both the plane’s horizontal alignment with a runway and its vertical rate of descent. In many settings—particularly during foggy or rainy nighttime landings—this radio-based navigation is the primary means for ensuring planes touch down at the start of a runway and on its centerline.

Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking. Radio signals, for instance, aren’t encrypted or authenticated. Instead, pilots simply assume that the tones their radio-based navigation systems receive on a runway’s publicly assigned frequency are legitimate signals broadcast by the airport operator. This lack of security hasn’t been much of a concern over the years, largely because the cost and difficulty of spoofing malicious radio signals made attacks infeasible.

Now, researchers have devised a low-cost hack that raises questions about the security of ILS, which is used at virtually every civilian airport throughout the industrialized world. Using a $600 software defined radio, the researchers can spoof airport signals in a way that causes a pilot’s navigation instruments to falsely indicate a plane is off course. Normal training will call for the pilot to adjust the plane’s descent rate or alignment accordingly and create a potential accident as a result.

Read 36 remaining paragraphs | Comments

Posted in aviation, Biz & IT, exploits, Features, ils, instrument landing systems, security, vulnerabilities | Comments (0)

New speculative execution bug leaks data from Intel chips’ internal buffers

May 14th, 2019

First disclosed in January 2018, the Meltdown and Spectre attacks have opened the floodgates, leading to extensive research into the speculative execution hardware found in modern processors, and a number of additional attacks have been published in the months since.

Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have "Rogue In-Flight Data Load." From a team spanning Graz University of Technology, the University of Michigan, Worcester Polytechnic Institute, and KU Leuven, we have "Fallout." From Graz University of Technology, Worcester Polytechnic Institute, and KU Leuven, we have "ZombieLoad," and from Graz University of Technology, we have "Store-to-Leak Forwarding."

Intel is using the name "Microarchitectural Data Sampling" (MDS), and that's the name that arguably gives the most insight into the problem. The issues were independently discovered by both Intel and the various other groups, with the first notification to the chip company occurring in June last year.

Read 12 remaining paragraphs | Comments

Posted in Intel, meltdown, security, Spectre, speculative execution, Tech | Comments (0)

Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

May 14th, 2019
Two different groups of researchers found another speculative execution attack that can steal all the data a CPU touches.

Posted in security, Security / Cyberattacks and Hacks | Comments (0)