- Steal Telsa car by hacking into owner’s smartphone
Researchers at Norway-based security firm Promon have demonstrated how easy it is for hackers to steal Tesla cars through the company’s official Android application that many car owners use to interact with their vehicle. Chinese security researchers from Keen Lab managed to hack a Tesla Model S, which allowed them to control a car in both Parking and Driving Mode from 12 miles away. Researcher used Android malware by compromising the Tesla’s smartphone app, allowing them to locate, unlock and drive away with a Tesla Model S. There is no vulnerability in app, you need to install malware by social engineering said by research team. Tesla app generates an OAuth token when a Tesla owner log in to the Android app for the first time. The app then uses this token, without requiring the username and password every time the owner re-opens the app. Malware can alter the Tesla app and send a copy of the victim’s username and password to the attacker. With this data, the attacker can perform a series of actions, like locating the car on the road, open its doors, start the car’s motor and drive the car away unhindered, just by sending well-crafted HTTP requests to the Tesla servers with the owner’s OAuth token and password.
Cyber Security Tips: Telsa user need to aware about social engineering, Avoid to click on any link.
- European Commission Servers Offline After Massive DDoS Attack
The European Commission servers were forced to go offline for hours on Thursday after suffering a series of large-scale distributed denial of service (DDoS) attacks. The Commission confirmed there was no data breach and also claimed that there was no service interruption but one staff member revealed they couldn’t access the Internet for hours after the attack. According to the report a network gateways by sending millions of requests per second blocking Internet access for the staff. After the attack caught they disconnect from internet. Team said that there is no data loss or stolen. The server is up now. Investigation is going on.
Cyber Security Tips: Now mirai malwares are targeting IOT devices to launch DDOS, to prevent from this secure your network with good antivirus, use Intrusion detection and prevention system and use firewall to filter request.
- Flaws in Uber’s UberCENTRAL Tool Exposed User Data
Uber’s recently launched UberCENTRAL service. UberCENTRAL provides a dashboard that companies can use to pay for Uber rides on behalf of their customers. UberCENTRAL administrators can add operators (i.e. employees who request rides for customers) based on their email address. One of the flaws discovered by Roh allowed attackers to enumerate user UUIDs by sending requests with possible email addresses. If the email address is associated with an account, the response from the server will include the user’s UUID. If the email address is not valid, the response will contain an error. While the second issue identified by the expert is similar, the third security hole he found could have been exploited to obtain not only UUIDs, but also full names, phone numbers and email addresses. Company has patched flaw.
Cyber Security Tips: Uber user need to update their app with latest one.