Hckers Use Infrared
Saturday, September 03, 2011
Heat From Your Fingertips helps hackers
The secret codes typed in by banking customers can be recorded using the residual heat left behind on the keypad, says a group of researchers from the University of California at San Diego.
Hckers Use Infrared
Hckers Use Infrared
Saturday, August 27, 2011
Researchers say they've hacked car door locks
A group of computer security researchers in Israel and Belgium say they've discovered the electronic equivalent of a Slim Jim -- a way to pop the electronic door locks on most cars without ever touching them.
Drivers don't have to worry about their cars being hacked just yet – a baseball bat is still a more effective auto theft tool – but the announcement shows yet again that newfangled security devices can be more vulnerable than you think.
Most modern cars are now equipped with convenient remote keyless entry systems. Now it seems that tool could be a convenient way for criminals to break into hundreds of cars in an afternoon.
--------------------------------------------------------------------------------
By listening in on the wireless "conversation" between a car and its key, the researchers found they could crack the code that keeps the communication secret. Then they were able to emulate the electronic key and trick the car into unlocking itself.
Nearly all cars with remote keyless entry use an encryption system called KeeLoq. It was developed during the 1980s and purchased by Microchip Technology Inc. in the 1990s. Like all encryption systems, KeeLoq scrambles messages so they can't be read by anyone who intercepts them. Only someone -- or something -- with the appropriate deciphering key can unscramble the message.
Eli Biham, a computer science professor at the Technion-Israel Institute of Technology, says there are 18 billion possible keys for a KeeLoq transmission, making it practically impossible for even the fastest computer to work out the key through brute force.
"But," he said, "we found a shortcut."
By intercepting several transmissions from the electronic key and analyzing them, Biham and his colleagues say they were able to eliminate many of those 18 billion possibilities and work out a master key in about one day. All that's required is remote access to one key for about an hour -- say, while a person is sitting in his office with the key still in a shirt pocket.
Then, after working out the encryption scheme, Biham's group says it can unlock all cars using that master key within a few minutes.
"In modern ciphers, you don't expect this to happen," Biham says, noting that carmakers are still relying on 20-year-old cryptography to keep cars safe. "I don't understand how companies sell cryptography from the 1980s."
'Badly broken'
The research paper, called "How to Steal Cars, (PDF)" was presented at the Crypto 2007 conference at the University of California, Santa Barbara, last week. Exact details for exploiting the discovery won't be published for several months, Biham says, but Microchip Technology was informed weeks ago.
"KeeLoq is badly broken," the paper says, adding, tongue-in-cheek, "Soon, cryptographers will all drive expensive cars."
advertisementadvertisement
advertisement
Microchip wouldn't comment on the team's discovery.
"Microchip Technology Inc. doesn't address matters of security in the public domain," was all that spokesman Eric Lawson would say.
But other cryptography experts said the research was significant.
"This is a very practical application of cryptanalysis," said Jon Callas, chief technology officer with the encryption firm PGP Corp., who attended the presentation. "There is a larger lesson here, which is some of these devices aren't as secure as they are being sold to us."
Slim Jim a bigger threat
Still Callas isn't worried about his car locks being hacked just yet. There are several barriers to using the technology. While a key hacker would be able to pop the lock on the door and perhaps disarm and alarm, he or she probably couldn't get the car started without using old-fashioned car theft tools, he said. And even with the most sophisticated computers, hacking the locks still takes over an hour, while a baseball bat can do just as good a job in a second or two.
"There is not a whole lot of threat to the end consumer," he said. "A guy with a Slim Jim is a bigger threat."
The method could prove lucrative under the right circumstances, however. A thief armed with a master key could park a car with listening devices in the middle of a shopping mall lot and eavesdrop on every car as a driver parks, walks away, and pushes their key to lock the doors. Within seconds, the transmission could be intercepted, analyzed, paired with information about a known master key and used to pop the locks. A criminal could theoretically open hundreds of cars each day that way, stealing a treasure trove of iPods and GPS gadgets without leaving a trace
"That would be worth someone's time," Callas said. Victims "would have a hard time convincing (their) insurance companies that this had happened."
A simple fix
Modest adjustments to encryption tools would foil such a plot, Callas said. Biham's method requires tricking the car's system into answers a long series of questions. But the use of "throttling" -- inserting a delay after every three requests, as some Web sites now do – can slow or eliminate such brute force attacks. So Callas has no plans to disable his electronic locks, which could be done by disconnecting the car's battery while parked.
"I'm more concerned about losing my radio presets than having my car stolen like this," he joked.
Intense research into Keeloq by several groups began last year after proprietary information about KeeLoq's cryptography was leaked onto a Russian Web site. Biham said the information aided his group's research, but argued that properly implemented cryptography should withstand publication of such details.
Both he and Callas were critical of Microchip for not publishing its cryptographic scheme in public earlier, which would have allowed researches to probe it for holes.
advertisementadvertisement
advertisement
"Those of us who are in the field believe that algorithms should be published from the start because an analysis can strengthen them," Callas said. "We only use public algorithms because in long term they are more secure."
While the immediate threat to car owners is low, Biham says the research shows the technology used to protect remote keyless entry systems is outdated.
"There are other tools criminals can use today (to steal cars) that are easier," Biham says. "But we show that it's possible to (hack the locks) and these systems to be replaced."
Drivers don't have to worry about their cars being hacked just yet – a baseball bat is still a more effective auto theft tool – but the announcement shows yet again that newfangled security devices can be more vulnerable than you think.
Most modern cars are now equipped with convenient remote keyless entry systems. Now it seems that tool could be a convenient way for criminals to break into hundreds of cars in an afternoon.
--------------------------------------------------------------------------------
By listening in on the wireless "conversation" between a car and its key, the researchers found they could crack the code that keeps the communication secret. Then they were able to emulate the electronic key and trick the car into unlocking itself.
Nearly all cars with remote keyless entry use an encryption system called KeeLoq. It was developed during the 1980s and purchased by Microchip Technology Inc. in the 1990s. Like all encryption systems, KeeLoq scrambles messages so they can't be read by anyone who intercepts them. Only someone -- or something -- with the appropriate deciphering key can unscramble the message.
Eli Biham, a computer science professor at the Technion-Israel Institute of Technology, says there are 18 billion possible keys for a KeeLoq transmission, making it practically impossible for even the fastest computer to work out the key through brute force.
"But," he said, "we found a shortcut."
By intercepting several transmissions from the electronic key and analyzing them, Biham and his colleagues say they were able to eliminate many of those 18 billion possibilities and work out a master key in about one day. All that's required is remote access to one key for about an hour -- say, while a person is sitting in his office with the key still in a shirt pocket.
Then, after working out the encryption scheme, Biham's group says it can unlock all cars using that master key within a few minutes.
"In modern ciphers, you don't expect this to happen," Biham says, noting that carmakers are still relying on 20-year-old cryptography to keep cars safe. "I don't understand how companies sell cryptography from the 1980s."
'Badly broken'
The research paper, called "How to Steal Cars, (PDF)" was presented at the Crypto 2007 conference at the University of California, Santa Barbara, last week. Exact details for exploiting the discovery won't be published for several months, Biham says, but Microchip Technology was informed weeks ago.
"KeeLoq is badly broken," the paper says, adding, tongue-in-cheek, "Soon, cryptographers will all drive expensive cars."
advertisementadvertisement
advertisement
Microchip wouldn't comment on the team's discovery.
"Microchip Technology Inc. doesn't address matters of security in the public domain," was all that spokesman Eric Lawson would say.
But other cryptography experts said the research was significant.
"This is a very practical application of cryptanalysis," said Jon Callas, chief technology officer with the encryption firm PGP Corp., who attended the presentation. "There is a larger lesson here, which is some of these devices aren't as secure as they are being sold to us."
Slim Jim a bigger threat
Still Callas isn't worried about his car locks being hacked just yet. There are several barriers to using the technology. While a key hacker would be able to pop the lock on the door and perhaps disarm and alarm, he or she probably couldn't get the car started without using old-fashioned car theft tools, he said. And even with the most sophisticated computers, hacking the locks still takes over an hour, while a baseball bat can do just as good a job in a second or two.
"There is not a whole lot of threat to the end consumer," he said. "A guy with a Slim Jim is a bigger threat."
The method could prove lucrative under the right circumstances, however. A thief armed with a master key could park a car with listening devices in the middle of a shopping mall lot and eavesdrop on every car as a driver parks, walks away, and pushes their key to lock the doors. Within seconds, the transmission could be intercepted, analyzed, paired with information about a known master key and used to pop the locks. A criminal could theoretically open hundreds of cars each day that way, stealing a treasure trove of iPods and GPS gadgets without leaving a trace
"That would be worth someone's time," Callas said. Victims "would have a hard time convincing (their) insurance companies that this had happened."
A simple fix
Modest adjustments to encryption tools would foil such a plot, Callas said. Biham's method requires tricking the car's system into answers a long series of questions. But the use of "throttling" -- inserting a delay after every three requests, as some Web sites now do – can slow or eliminate such brute force attacks. So Callas has no plans to disable his electronic locks, which could be done by disconnecting the car's battery while parked.
"I'm more concerned about losing my radio presets than having my car stolen like this," he joked.
Intense research into Keeloq by several groups began last year after proprietary information about KeeLoq's cryptography was leaked onto a Russian Web site. Biham said the information aided his group's research, but argued that properly implemented cryptography should withstand publication of such details.
Both he and Callas were critical of Microchip for not publishing its cryptographic scheme in public earlier, which would have allowed researches to probe it for holes.
advertisementadvertisement
advertisement
"Those of us who are in the field believe that algorithms should be published from the start because an analysis can strengthen them," Callas said. "We only use public algorithms because in long term they are more secure."
While the immediate threat to car owners is low, Biham says the research shows the technology used to protect remote keyless entry systems is outdated.
"There are other tools criminals can use today (to steal cars) that are easier," Biham says. "But we show that it's possible to (hack the locks) and these systems to be replaced."
Tuesday, July 26, 2011
16 Suspected 'Anonymous' Hackers Arrested in Nationwide Sweep
Sixteen suspected members of "Anonymous" were arrested this morning in states across the country, from California to New York, in a federal raid on the notorious hacking group.
The arrests Tuesday, first reported by FoxNews.com, are part of an ongoing investigation into Anonymous, which has claimed responsibility for numerous cyberattacks against a variety of websites, including Visa and Mastercard.
July 19, 2011: FBI agents execute a search warrant at the Long Island, NY, home of a suspected member of notorious hacking group Anonymous.
Related Stories
EXCLUSIVE: FBI Raids Homes of Suspected 'Anonymous' Hackers
LulzSec Hackers Claim Attack on Sun Website
Hacker Group Says It Stole U.S. Military Email Addresses, Passwords
Hackers Hit Washington Post, Affecting 1.27 Million Users
The Department of Justice, in announcing the arrests and more than 35 search warrants in the case, said the case stemmed from an alleged cyberattack on the website PayPal over its action against controversial group WikiLeaks, one of the inspirations for the hacker group Anonymous.
Fourteen of the arrests were identified in the same indictment out of California, while two separate criminal complaints filed out of courts in Newark, N.J., and Tampa, Fla., name the two other alleged hackers. All are believed to have been involved in carrying out nationwide coordinated distributed denial of service (DDoS) attacks on multiple high-profile, billion-dollar companies.
"In retribution for PayPal’s termination of WikiLeaks’ donation account, a group calling itself Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal’s computer servers using an open source computer program the group makes available for free download on the Internet," the Justice Department said in a news release.
The department identified the suspects in the California indictment as Christopher Wayne Cooper, 23, aka “Anthrophobic;” Joshua John Covelli, 26, aka “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka “No” and “MMMM;” Donald Husband, 29, aka “Ananon;” Vincent Charles Kershaw, 27, aka “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka “Drew010;” Jeffrey Puglisi, 28, aka “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court.
They are charged with various counts of conspiracy and intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison and a fine of up to $250,000. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.
Also Tuesday, Scott Matthew Arciszewski, 21, was arrested in Florida on charges of intentional damage to a protected computer for allegedly accessing without authorization the Tampa Bay InfraGard website and uploaded three files.
And Lance Moore, 21, of Las Cruces, N.M., was arrested on the New Jersey indictment, which accuses him of stealing confidential business information stored on AT&T’s servers and posting it on a file-sharing site. He is charged with one count of accessing a protected computer without authorization.
U.S. law enforcement officials also told FoxNews.com that the arrest of a 16-year-old hacker in London, who goes by the online user name Tflow, was related to the raids in the U.S.
Some of the arrests were out of the San Francisco field office, sources said. Earlier in the day, the FBI executed search warrants at the New York homes -- two in Long Island, N.Y., and one in Brooklyn, N.Y. -- of three suspected members of Anonymous, FoxNews.com reported.
More than 10 FBI agents arrived at the Baldwin, N.Y., home of Giordani Jordan with a search warrant for computers and computer-related accessories, removing at least one laptop from the premises.
The Anonymous group is a loose collection of cybersavvy activists inspired by WikiLeaks and its flamboyant head Julian Assange to fight for "Internet freedom" -- along the way defacing websites, shutting down servers, and scrawling messages across screens web-wide.
The Anonymous vigilante group recently turned its efforts to the Arizona police department, posting personal information of law officers and hacking and defacing websites in response, the group claims, to the state's controversial SB1070 immigration law.
While Anonymous is largely a politically motivated organization, splinter group LulzSec -- which dominated headlines in the spring for a similar streak of cyberattacks -- was largely in it for the thrills.
The metropolitan police in London arrested the first alleged member of the LulzSec group on June 20, a 19-year-old teen named Ryan Cleary. Subsequent sweeps through Italy and Switzerland in early July led to the arrests of 15 more people -- all between the ages of 15 and 28 years old.
The two groups are responsible for a broad spate of digital break-ins targeting governments and large corporations, including Japanese technology giant Sony, the U.S. Senate, telecommunications giant AT&T, Fox.com, and other government and private entities
Read more: http://www.foxnews.com/scitech/2011/07/19/exclusive-fbi-search-warrants-nationwide-hunt-anonymous/#ixzz1TDsHoPxm
The arrests Tuesday, first reported by FoxNews.com, are part of an ongoing investigation into Anonymous, which has claimed responsibility for numerous cyberattacks against a variety of websites, including Visa and Mastercard.
July 19, 2011: FBI agents execute a search warrant at the Long Island, NY, home of a suspected member of notorious hacking group Anonymous.
Related Stories
EXCLUSIVE: FBI Raids Homes of Suspected 'Anonymous' Hackers
LulzSec Hackers Claim Attack on Sun Website
Hacker Group Says It Stole U.S. Military Email Addresses, Passwords
Hackers Hit Washington Post, Affecting 1.27 Million Users
The Department of Justice, in announcing the arrests and more than 35 search warrants in the case, said the case stemmed from an alleged cyberattack on the website PayPal over its action against controversial group WikiLeaks, one of the inspirations for the hacker group Anonymous.
Fourteen of the arrests were identified in the same indictment out of California, while two separate criminal complaints filed out of courts in Newark, N.J., and Tampa, Fla., name the two other alleged hackers. All are believed to have been involved in carrying out nationwide coordinated distributed denial of service (DDoS) attacks on multiple high-profile, billion-dollar companies.
"In retribution for PayPal’s termination of WikiLeaks’ donation account, a group calling itself Anonymous coordinated and executed distributed denial of service (DDoS) attacks against PayPal’s computer servers using an open source computer program the group makes available for free download on the Internet," the Justice Department said in a news release.
The department identified the suspects in the California indictment as Christopher Wayne Cooper, 23, aka “Anthrophobic;” Joshua John Covelli, 26, aka “Absolem” and “Toxic;” Keith Wilson Downey, 26; Mercedes Renee Haefer, 20, aka “No” and “MMMM;” Donald Husband, 29, aka “Ananon;” Vincent Charles Kershaw, 27, aka “Trivette,” “Triv” and “Reaper;” Ethan Miles, 33; James C. Murphy, 36; Drew Alan Phillips, 26, aka “Drew010;” Jeffrey Puglisi, 28, aka “Jeffer,” “Jefferp” and “Ji;” Daniel Sullivan, 22; Tracy Ann Valenzuela, 42; and Christopher Quang Vo, 22. One individual’s name has been withheld by the court.
They are charged with various counts of conspiracy and intentional damage to a protected computer, which carries a maximum sentence of 10 years in prison and a fine of up to $250,000. Each count of conspiracy carries a maximum penalty of five years in prison and a $250,000 fine.
Also Tuesday, Scott Matthew Arciszewski, 21, was arrested in Florida on charges of intentional damage to a protected computer for allegedly accessing without authorization the Tampa Bay InfraGard website and uploaded three files.
And Lance Moore, 21, of Las Cruces, N.M., was arrested on the New Jersey indictment, which accuses him of stealing confidential business information stored on AT&T’s servers and posting it on a file-sharing site. He is charged with one count of accessing a protected computer without authorization.
U.S. law enforcement officials also told FoxNews.com that the arrest of a 16-year-old hacker in London, who goes by the online user name Tflow, was related to the raids in the U.S.
Some of the arrests were out of the San Francisco field office, sources said. Earlier in the day, the FBI executed search warrants at the New York homes -- two in Long Island, N.Y., and one in Brooklyn, N.Y. -- of three suspected members of Anonymous, FoxNews.com reported.
More than 10 FBI agents arrived at the Baldwin, N.Y., home of Giordani Jordan with a search warrant for computers and computer-related accessories, removing at least one laptop from the premises.
The Anonymous group is a loose collection of cybersavvy activists inspired by WikiLeaks and its flamboyant head Julian Assange to fight for "Internet freedom" -- along the way defacing websites, shutting down servers, and scrawling messages across screens web-wide.
The Anonymous vigilante group recently turned its efforts to the Arizona police department, posting personal information of law officers and hacking and defacing websites in response, the group claims, to the state's controversial SB1070 immigration law.
While Anonymous is largely a politically motivated organization, splinter group LulzSec -- which dominated headlines in the spring for a similar streak of cyberattacks -- was largely in it for the thrills.
The metropolitan police in London arrested the first alleged member of the LulzSec group on June 20, a 19-year-old teen named Ryan Cleary. Subsequent sweeps through Italy and Switzerland in early July led to the arrests of 15 more people -- all between the ages of 15 and 28 years old.
The two groups are responsible for a broad spate of digital break-ins targeting governments and large corporations, including Japanese technology giant Sony, the U.S. Senate, telecommunications giant AT&T, Fox.com, and other government and private entities
Read more: http://www.foxnews.com/scitech/2011/07/19/exclusive-fbi-search-warrants-nationwide-hunt-anonymous/#ixzz1TDsHoPxm
Thursday, April 28, 2011
Sony Was Hacked
Hi Again,
Just in case you haven't heard Sony's online gaming network was hacked and been shutdown for a week now . Finally all the deatails are beginning to come out
Hackers broke into the Sony Playstation Network on April 19 and personal information – such as names, addresses and even credit card numbers — from 77 million PlayStation subscribers worldwide may be compromised.
Sony Was Hacked
Just in case you haven't heard Sony's online gaming network was hacked and been shutdown for a week now . Finally all the deatails are beginning to come out
Hackers broke into the Sony Playstation Network on April 19 and personal information – such as names, addresses and even credit card numbers — from 77 million PlayStation subscribers worldwide may be compromised.
Sony Was Hacked
Tuesday, February 22, 2011
Here's a great free resource
Hi Everyone ,
Here's another great place that will help you out greatly .Learn from how stuff works
Identity Theft
Here's another great place that will help you out greatly .Learn from how stuff works
Identity Theft
Thursday, January 27, 2011
It's Tax Time Again
Hi Everyone,
I hope all of you are keeping safe out there. When money is being exchanged the crooks are extra busy and at tax time with so much money and information floating around it pays to be safe. Here's an interesting twist i just heard about.
Extortion Virus Fools Victims Into Thinking They Must Buy Anti-Virus Software
I hope all of you are keeping safe out there. When money is being exchanged the crooks are extra busy and at tax time with so much money and information floating around it pays to be safe. Here's an interesting twist i just heard about.
Extortion Virus Fools Victims Into Thinking They Must Buy Anti-Virus Software
Friday, January 07, 2011
The Spy In Your Hand
Well I hope everyone had a fun and safe holiday but as usual the scammers never rest and there's a lurking problem that's come to my attention. With the advent of everyone using smartphones and downloading apps there is a dangerous backdoor many are not aware of
Smartphone Spyware
Subscribe to:
Posts (Atom)
