Cybersecurity Thread
 

A thread for the latest and greatest Cybersecurity threats.

Here's what is new to me. https://flipperzero.one/

What say you about theses devices and their capabilities?

ZL-1 Camaro's are being stolen with these devices all over SoCal.

Interesting gadget...never knew such a thing existed. Now I want one....

They were banned where I live, which raised the price from $200 to $500. I still see them for sale online every day.

From what I've read, Flipper's are NOT the source of the stolen car epidemic, new cars apparently use rolling codes, so capturing someone's code is useless, unless it's a fairly old car.

At work we had a briefing on the flipper and its capabilities (I'm in an IT security organization.) Really incredible device which in nefarious hands can cause quite a bit of turmoil.

You can do this with multiple devices, it’s basically a replay attack, fooling the vehicle to think your keys have unlocked it. Just keep your keys in a metal box, and it’s defeated. More modern vehicles have better rolling codes to defeat this. Another attack is the CAN bus attack, getting access to the bus via the headlight connector, you can unlock the doors and start the car in under two minutes with a device you can easily buy.

Cars are becoming easier to steal the more they rely on computers.

I’m sure someone is actively working on compromising OTA updates from major manufacturers as we speak…

They don’t need to. The mfrs are doing a great job of compromising their own ota updates…

It will be a problem for people locking their buildings with electronic keypads. And a handy tool for interfering with wifi transmissions.

Do they even care? People continue to buy cars with flawed security, then they complain when the car gets stolen. The consumer buys another car, and the manufacturer sells another car.

Where's the pressure to fix the problem coming from?

Push-button start is the source of a lot of problems, no one seems to be going back to a physical key.

I see that AT&T was hacked again. Only name address and social security numbers put on the dark web.

And so many companies are pushing me to move to "cloud" based data storage. I am 100% certain I have never been hacked. I will keep my data on my local computers, and the banks and credit union I use are hopefully batter at security than AT&T.

Correct, as they come from the manufacturer they cannot unlock and start a modern car. They are good at cloning RFID and with different modules hack wifi and what not. Great at changing the channel at a sports bar or airport!

They are no different than the little Pi kits or anything else, but they do come in a small case with lots of capability from the factory.

My daughter has one.

You can buy different modules for them and root them for different purposes, but as stated, they are not any differnt than the hobbyist Pi kits.

Professinal kits can do a whole lot more and are far more expensive!

Flipper zero is the least of your worries.

AI and voice models have been scamming Asian corporations this last year

I simply unplugged my On-Star module. Between car thefts, and GM selling everyone's driving data, it seemed prudent.

Recent $30M heist in L.A. from a state of the art secret money storage depot smells like the alarm system was compromised.

Reports are saying the Easter morning, area wide internet outage related to the facility location was a deliberate step in the robbery

Microsoft developer did some nefarious stuff.

https://finance.yahoo.com/news/1-why-near-miss-cyberattack-151035964.html

FYI, some random developer named "Tan" did nefarious stuff. A Microsoft developer named Freund discovered the issue.

Excerpts from the article...

I’m not a cybersecurity expert by any means, but I’m working on getting my PMI-PMP certification, and it’s wild to think how much project management overlaps with this kind of tech, especially with risk management and safeguarding project data. I’ve seen those Pi kits, and yeah, the modules are cool for hobbyists. My cousin’s really into this stuff and she’s built a bunch of things with them. It’s crazy how accessible the tech is these days. The pmp training I’m doing has really made me think about how important it is to stay on top of security risks, especially as things get more advanced. Anyway, great discussion!

Right now Insurance policies for companies are really driving cyber security. It’s great but most clients who’ve been slacking/cheap on this over the years are now forced to spend the money to buy a lot of software and services and change policies/processes otherwise they cannot be insured.

To me it’s a step in the right direction to smarten companies up, but I still feel the supply chain attacks (especially with software updates) are the biggest targets/threats.