In case I haven’t scared you enough about the technology innovations that make our lives easier at the cost of security, here’s another worry to add to the growing pile. Automobile security researchers (a growing subset in the security industry) in Germany have published their findings on using wireless amplification technology to trick certain makes and models of cars into thinking their owner is nearby, unlocking the doors and in some cases, starting the engine for the hacker, all while the actual proximity key fob is supposedly safe and secure in the owner’s pocket, purse or home. Though this method has been known for at least several years, this most recent publication noted that the technology is much cheaper to build, and the number of cars vulnerable to this hack has grown significantly.
What this means for you:
If you are the proud owner of one of these cars, you may want to consider keeping your key fob in the freezer:
- Audi A3, A4 and A6
- BMW’s 730d
- Citroen’s DS4 CrossBack
- Ford’s Galaxy and Eco-Sport
- Honda’s HR-V
- Hyundai’s Santa Fe CRDi
- KIA’s Optima
- Lexus’s RX 450h
- Mazda’s CX-5
- MINI’s Clubman
- Mitsubishi’s Outlander
- Nissan’s Qashqai and Leaf
- Opel’s Ampera
- Range Rover’s Evoque
- Renault’s Traffic
- Ssangyong’s Tivoli XDi
- Subaru’s Levorg
- Toyota’s RAV4
- Volkswagen’s Golf GTD and Touran 5T
At the moment, this is the list of confirmed vulnerable models. The researchers allege that many other makes and models that use similar technology could very likely be vulnerable to this exploit as well. If your car unlocks automatically based upon your proximity to the car, then it may be possible to exploit this convenient bit of technology. And there is even anecdotal evidence to support that this hack is already being used “in the wild” to burgle cars. Basically, would-be thieves work with a pair of devices – one near your car, and the other near your key fob. The devices work in tandem to amplify the signal put out by the key fob to trick the car into thinking the fob is in unlock range, and happily opens up for the thief. In the above mentioned case, the unlucky victim ended up storing his fob in the freezer to protect against this hack, but I’m sure most of you keep your keys right near the front door – easily within range of someone with this device. Perhaps it’s time to start storing the keys next to the milk? Call us if you have any concerns – we’re not car experts but we can always help you become more secure.
Image courtesy of Miles Stuart at FreeDigitalPhotos.net
Lest you think the tech giant missed having a finger in this particular pie, Google surprised no one by debuting their own wireless carrier service earlier this week. Though the service is invite-only at the moment and only offered on Google’s own Nexus 6, they’ve negotiated a deal with both Sprint and T-Mobile to piggy back on their existing, nation-wide infrastructure to create a coverage area without having to build it. According to Google, the limited launch of this service is more of an experiment as opposed to a direct challenge of reigning champs ATT and Verizon. The major differentiator to their service? A low-cost, pay as you use it, data plan with data tethering, wi-fi calling that can also be used from other mobile devices such as tablets and laptops.
What this means for you:
Unless you have an invite in hand, you can’t jump onto the Google Wireless bandwagon yet, and if Google stays true to the “we’re just testing the waters” mantra, maybe not ever. But if Google can deliver a solid service for a fraction of the price that the big 4 carriers are charging now, it’s going to have repercussions on the entire mobile landscape. As they’ve done with Google Fiber, this particular foray into the bloody wireless markets is an exercise in forcing a change in the status quo where major carriers are squabbling over how to charge consumers more for less service. However, Google surely has an agenda that includes profit (they are publicy held), and you musn’t forget that the largest revenue stream for them is advertising and data mining. The mad scramble for dominance in the mobile data market is about as close as we’ll ever get to seeing a modern gold rush, and you can bet Google has been preparing to stake a claim since before you and I even knew there was “gold in them thar hills!”
A new battle front just opened up in the corporate espionage cyberwar. Security firm TrapX has released information on a new attack that appears to be focused on shipping and logistics firms, and is being delivered via hand-held inventory scanners made by a specific manufacturer in China. The wireless devices appear to contain malware that once connected to a company’s corporate network targets enterprise resource planning (ERP) servers and attempts to compromise them through a variety of known weaknesses. If successful it then facilitates the installation of command-and-control malware that provides a backdoor on the compromised server to an unidentified location in China. The manufacturer of the scanners has denied the devices were intentionally shipped with the malware, but their close proximity to the Lanxiang Vocational School (allegedly tied to other infamous hacking incidents) has raised security eyebrows everywhere.
What this means for you:
It’s a safe bet that you probably won’t be directly affected by this particular hacking vector unless you are one of the handful of firms who bought and used the devices before the manufacturer rectified the issue. However, this is just another crack in the dangerously swollen dike that is technology security, and the white hats are rapidly running out of fingers and toes with which to plug the holes. The fact that the Chinese have targeted supply chain technologies means they are fishing for big data to steal, and the amount of money (and power) at stake is enough for the bad guys to continually search out new ways to compromise and breach businesses. They know they have the good guys over a barrel, as we have to continually try to guess where the next mole will pop up in a playing grid with an infinite number of holes. Will we get to a point that we have to run a malware scan on anything with electronics and a means to transmit data? It’s starting to look that way.
Despite the advent of wifi technology which has made staying connected a much more elegant, wire-free affair, we are still tethered by the ever-present power cord. Just about everyone who has traveled with electronics has cursed the forgotten power cord, and probably thrice cursed the tangled knot of cords they did remember to bring. Induction charging has attempted to answer this nagging first-world issue, but adoption of the technology has been slow, and it hasn’t conquered the primary complaint: your devices are tethered not with physical wires this time, but by the need for contact with the induction surface.
Enter surprise start-up Ossia and their product, Cota. Making their debut at the TechCrunch Disrupt13 conference, Ossia founder and physicist Hatem Zeine has developed a technology dubbed “Cota” that can safely power devices wirelessly, at a distance and through walls. The technology is still in the prototype phase and is slowly making its way through the FCC approval process, but Zeine was able to provide a live, on-stage demonstration of an unmodified iPhone being charged wirelessly from the prototype at a distance of several feet. The company’s initial foray into production is aimed at industrial applications where wireless power delivery is a top priority, such as powering remote sensors in a refinery, where electrical sparks are a constant worry. Ossia aims to to have a consumer product by 2015, which is envisioned to consist of a charging station approximately the size of a desktop tower PC, and will be partnered with a variety of receiving platforms such as built-in electronics, battery replacements and add-on receivers for legacy devices.
What this means for you:
We’ve a bit of a wait until the Cota arrives for consumers, but given the world’s aggressive adoption of mobile electronics and fondness for wireless aesthetics, it’s likely that even if Ossia fails, other companies will rise to the challenge. According to Zeine, the technology is as safe as current Wifi technology probably permeating your house and office right now, as it works in the same frequency spectrum. Whether or not you believe that platform to have any health implications is probably moot if you live or work in any urban first-world environment, as you are “soaking in it” as we speak. Assuming the health question is resolved to everyone’s satisfaction, Zeine is predicting a complete paradigm shift in how we look at mobile technology, envisioning a world without batteries and the concept of “charging” made obsolete by an omnipresent power source. Are you ready to ditch the power cords? It may be coming sooner than you think!