Archive

Archive for June, 2012

Cyber-attack concerns raised over Boeing 787 chip’s ‘back door’

Source: guardian.co.uk

Two Cambridge experts have discovered a “back door” in a computer chip used in military systems and aircraft such as the Boeing 787 that could allow the chip to be taken over via the internet.
The discovery will heighten concerns about the risks of cyber-attacks on sensitive installations, coming on the heels of the discovery this week of the ’Flamer’ virus which has been attacking computer systems in Iran, Syria and Saudi Arabia.
In a paper that has been published in draft form online and seen by the Guardian, researchers Sergei Skorobogatov of Cambridge University and Chris Woods of Quo Vadis Labs say that they have discovered a method that a hacker can use to connect to the internals of a chip made by Actel, a US manufacturer.
“An attacker can disable all the security on the chip, reprogram cryptographic and access keys … or permanently damage the device,” they noted.
Woods told the Guardian that they have offered all the necessary information about how the hack can be done to government agencies – but that their response is classified.
“The real issue is the level of security that can be compromised through any back door, and how easy they are to find and exploit,” Woods said.
The back door may have been inserted by Actel itself, whose ProASIC3 chip is used in medical, automotive, communications and consumer products, as well as military use.
More here: http://www.guardian.co.uk/technology/2012/may/29/cyber-attack-concerns-boeing-chip
Advertisements

Chinese Spy Device in Hong Kong Cars: Apple Daily

Source: Daily Mail

Chinese authorities may be listening in on travelers’ conversations in Hong Kong, with a device that’s been installed on thousands of vehicles, according to Hong Kong’s Apple Daily newspaper.

Authorities in Shenzhen have been installing “inspection and quarantine cards” on dual-plate Chinese and Hong Kong vehicles since 2007. They’re apparently for tracking cars crossing the border. But Apple Daily says these devices are capable of much more. In fact, experts who examined the devices—taken apart by Apple Daily—say they can be used for eavesdropping, and can send signals up to 12 miles away.

Apple Daily says smugglers were the first to suspect these devices. They thought it was strange that border agents were able to precisely track down vehicles used for smuggling goods.

Shenzhen authorities denied the allegations, when Apple Daily approached them. But the claims have made travelers uneasy, especially those who discuss private business matters during their travels between Hong Kong and Mainland China.

LinkedIn’s Leaky Mobile App Has Access to Your Meeting Notes

LinkedIn mobile app subscribers may be surprised to learn that the calendar entries on their iPhones or iPads— which may include details about meeting locations, participants, dial-in information, passwords and sensitive meeting notes — are transmitted back to LinkedIn’s servers without their knowledge.

The researchers, Yair Amit and Adi Sharabani, discovered that LinkedIn’s mobile app for iOS, Apple’s mobile operating system, included an opt-in feature that allows users to view their iOS calendar entries within the app. Once users opt in to that feature, however, LinkedIn automatically transmits their calendar entries to its servers. LinkedIn grabs details for every calendar on the iOS device, which may include both personal and corporate calendar entries.

That practice, which is not communicated to users, may violate Apple’s privacy guidelines, which expressly prohibit any app from transmitting users’ data without their permission. A similar practice came to light earlier this year when a developer noticed that Path, the popular mobile social network, was uploading entire address books to its servers without users’ knowledge. That practice came under scrutiny by members of Congress. In response, Path said it would stop the practice and destroy the data it had collected.

More here: http://bits.blogs.nytimes.com/2012/06/05/linkedins-leaky-mobile-app-has-access-to-your-meeting-notes/