Security News for the Week Ending May 21, 2021
Teslas can be Hacked via a DRONE Without any Owner Interaction
Researchers have shown how they can hack a Tesla from a done without the owner even being aware that he or she is being attacked and particularly, without the owner being involved in the takeover of the car. The attack, called TBONE, was reported to Tesla under its bug bounty program. The attacker can open the doors (and therefore steal anything inside), modify configuration items like driving mode, steering and acceleration modes, but the drone can’t (yet) drive the car. The drone has to be within a 300 feet radius of the car to execute the attack. Of course, the attacker could also be sitting in a parked car nearby – doing the attack from a drone is just cooler. As a result, Tesla issued a patch that stopped using the vulnerable component, but, apparently, many other car makers still use it. Credit: Security Week
FBI’s IC3 Logs 1 Million Complaints in 14 Months
The FBI’s Internet Crime Complaint Center (IC3) took SEVEN YEARS to register its first million complains. The most recent million only took 14 months. Obviously, the IC3 is better known now, but this only considers people who go to the effort to file a complaint. This represents a 70% increase in complaints between 2019 and 2020. This is not a great trend. Credit: Dark Reading
Let the Lawsuits Begin – Bitcoin Speculation is, Well, Speculative
Bitcoin is worth somewhere between $1 and $50,000, depending. Depending on what? Depending on the mood of social media. Right now 1 coin is down about $15,000 from a week ago. That is timed to when Elon Musk said that his starting of DogeCoin was a joke. The drop also times with Musk saying that Tesla would no longer accept cryptocurrency for cars. He said they were concerned about all of the energy needed for Bitcoin mining. Assume lawsuits will follow, even though they don’t seem to have any merit. In the meantime, there is billions of dollars lost in speculation. Credit: Vice
Darkside Gets Taken to Hacker’s Court
For Not Paying Other Hackers
Darkside is the hacking group behind the Colonial Pipeline attack. After the attack, they were so toxic that they shut down – after taking all their Bitcoins with them. The problem with that is that they ran a ‘hack as a service’ model, so they owe other hackers lots of money. Therefore, the crooks are turning to the court system. No, not that court system. The hackers own court system. Just part of their business model. The good guys have been tracking this; they even have screen shots. To the hackers, it is just business. Credit: Threatpost
Attack on Florida Water Plant Was Not Its First
The Florida water treatment plant that was hacked earlier this year and nearly poisoned the entire town — that was not the first attempt on the plant. It turns out that a vendor that builds water treatment plants (infrastructure) hosted malicious code that was designed to attack water treatment plants in general. It is not clear that the attacks were successful. It looks like the hackers who had compromised that infrastructure vendor were only in the reconnaissance stage – collecting information about the visitors, but in the time window that the malware was active, 1,000 folks visited that web site. Clearly, the hackers are after the infrastructure. You could threaten to kill people or even destroy the plant. That would probably get them paid off. Credit: The Hacker News