Professor fools $80M superyacht’s GPS receiver on the high seas

A team from the University of Texas spoofed the GPS receiver on a live superyacht in the Ionian Sea.

One of the world’s foremost academic experts in GPS spoofing—University of Texas assistant professor Todd Humphreys—released a short video on Monday showing how he and his students deceived the GPS equipment aboard an expensive superyacht.

Humphreys conducted the test in the Ionian Sea in late June 2013 and early July 2013 with the full consent of the “White Rose of Drachs” yacht captain. His work shows just how vulnerable and relatively easy it is to send out a false GPS signal and trick the on-board receiver into believing it.

“What we did was out in the open. It was against a live vehicle, a vessel—an $80 million superyacht, controlling it with a $2,000 box,” he told Ars. “This is unprecedented. This has never been shown in this kind of demonstration. That’s what's so sinister about the attack that we did. There were no alarms on the bridge. The GPS receiver showed a strong signal the whole time. You just need to have approximate line of sight visibility. Let’s say you had an unmanned drone. You could do it from 20 to 30 kilometers away, or on the ocean you could do two to three kilometers.”

Read 9 remaining paragraphs | Comments


    


Moscow Metro says new tracking system is to find stolen phones; no one believes them

On Monday, a major Russian newspaper reported that Moscow’s metro system is planning what appears to be a mobile phone tracking device in its metro stations—ostensibly to search for stolen phones.

According to Izvestia (Google Translate), Andrey Mokhov, the operations chief of the Moscow Metro system’s police department, said that the system will have a range of five meters (16 feet). “If the [SIM] card is wanted, the system automatically creates a route of its movement and passes that information to the station attendant,” Mokhov said.

Many outside experts, both in and outside Russia, though, believe that what local authorities are actually deploying is a “stingray,” or “IMSI catcher”—a device that can fool a phone and SIM into reading from a fake mobile phone tower. (IMSI, or an International Mobile Subscriber Identity number, is a 15-digit unique number that sits on every SIM card.) Such devices can be used as a simple way to see what phone numbers are being used in a given area or even to intercept the audio of voice calls.

Read 9 remaining paragraphs | Comments


    


Android Master-Key Malware Already Blocked by McAfee Mobile Security

The Android Master Key vulnerability, which was first reported by BlueBox Security, has been big news this month. McAfee explained the vulnerability and defense against future malware exploiting it in a previous blog.

Last week the first malware that exploit the Master Key vulnerability were found in an Android application market in China. The app used the vulnerability to hide the malicious classes.dex from Android’s package signature verification.

 

exploit-masterkey-1

 

This vulnerability allows an attacker to inject malicious code by putting duplicate executable files–such as classes.dex–in an application package. The package verification step at installation is done against the original, legitimate file, but at runtime the second, malicious file takes over. The attacker’s malicious code in the second classes.dex collects and sends the device’s sensitive information to remote servers and also sends SMS messages to those who are in the victim’s contact list. A second AndroidManifest.xml file, corresponding to the second classes.dex, replaces the legitimate .xml so that additional permission declarations are injected along with several broadcast receivers and services registrations.

 

exploit-masterkey-2

 

The only good news might be that at installation users can see the list of requested permissions that are declared in the second AndroidManifest.xml; so they might at least notice the excessive permission requests.

McAfee provided its solution, via McAfee Mobile Security, to this threat before the first malware appeared in the wild, proactively detecting and blocking this threat as Exploit/MasterKey.A. The solution should also work against future variants of this Master Key malware.

 

exploit-masterkey-3

Tampering with a car’s brakes and speed by hacking its computers: A new how-to

Unsafe at any speed: The speedometer of a 2010 Toyota Prius that has been hacked to report an incorrect reading.
Chris Valasak

Just about everything these days ships with tiny embedded computers that are designed to make users' lives easier. High-definition TVs, for instance, can run Skype and Pandora and connect directly to the Internet, while heating systems have networked interfaces that allow people to crank up the heat on their way home from work. But these newfangled features can often introduce opportunities for malicious hackers. Witness "Smart TVs" from Samsung or a popular brand of software for controlling heating systems in businesses.

Now, security researchers are turning their attention to the computers in cars, which typically contain as many as 50 distinct ECUs—short for electronic control units—that are all networked together. Cars have relied on on-board computers for some three decades, but for most of that time, the circuits mostly managed low-level components. No more. Today, ECUs control or finely tune a wide array of critical functions, including steering, acceleration, braking, and dashboard displays. More importantly, as university researchers documented in papers published in 2010 and 2011, on-board components such as CD players, Bluetooth for hands-free calls, and "telematics" units for OnStar and similar road-side services make it possible for an attacker to remotely execute malicious code.

The research is still in its infancy, but its implications are unsettling. Trick a driver into loading the wrong CD or connecting the Bluetooth to the wrong handset, and it's theoretically possible to install malicious code on one of the ECUs. Since the ECUs communicate with one another using little or no authentication, there's no telling how far the hack could extend.

Read 8 remaining paragraphs | Comments