Security News This Week: A German Teen Took Control of Teslas by Hacking a Third-Party App

DMCA / Correction Notice
- Advertisement -


On Friday, Russia The first was unthinkable: it actually led to the arrest of a group of ransomware operators. Not only that, but members of the infamous group Reville, which has been behind some of the biggest attacks of the past several years, include IT management firm Kasia and meat giant JBS. Russian President Vladimir Putin had earlier given free passes to ransomware hackers. It is not yet clear whether this was a well-planned political move, a sign of wider action, or both, but it is certainly a watershed moment.

- Advertisement -

As everyone scrambles to find Log4j in their systems – no easy task even for well-resourced companies – the FTC has taken a hard time patching the very bad, no good vulnerabilities in the ubiquitous logging library. limit has been set. It would be impossible, if not impossible, for everyone to find it in time, which speaks more about the fragile and opaque nature of the open source software world than the FTC’s aggressive timeline.

Telecoms around the world have pushed back against Apple’s Private Relay, a not-quite-VPN that bounces your traffic through a few servers to give you extra anonymity. T-Mobile in the US recently blocked it for customers who had parental control filters. It’s not clear why they’ve taken those measures against Apple and not the many, many VPNs that act autocratic, but it may have to do with the potential scale of Apple customers who can sign up for the service. .

advertisement

In other Apple privacy news, iOS 15 brings with it a new report that shows you what sensors your apps are accessing and which domains they’re contacting. This is a lot of information at once; It helped us figure out how to read it.

North Korean hackers had a “banner year” in 2021, stealing nearly $400 million in cryptocurrency. And while Israeli spyware vendor NSO Group insists it has controls in place to prevent misuse of its product, dozens of journalists and activists in El Salvador had devices infected with NSO’s signature product Pegasus as recently as November. .

- Advertisement -

and that’s not all! Each week we round up all the security news Nerdshala didn’t cover in depth. Click on the headlines to read the full story.

A 19-year-old security researcher named David Colombo detailed this week how he was able to remotely open doors, open windows, blast music and start keyless driving for dozens of Teslas. The vulnerabilities they exploited to do this are not in the Tesla software itself, but in a third-party app. There are some limits to what Colombo can achieve; He couldn’t do anything in the way of steering or speeding up or slowing down. But he was able to obtain a lot of sensitive data about the affected vehicles. Cars are now computers, probably none other than Tesla’s, which means they come with computer problems such as third-party software causing major problems.

As tensions rise along the border between Russia and Ukraine, someone this week defaced more than 70 official Ukrainian government websites, giving a notice that people should “prepare for the worst”. While it is tempting to assume that this was the work of the Russian government, it is not a particularly sophisticated hack, despite the widespread impact and visibility. (also not to say was not Russia; It’s impossible to know right now.) Even the White House warned this week That Russia was planning a “false flag” to justify an invasion, so there’s probably more to come on this.

Despite core functionality in every iOS and Android phone, the US has not adopted a COVID-19 contact tracing app. However, other countries have adopted much more widely. This includes Germany, where police recently used data from the Luka contact tracing app to find out who was at a specific restaurant on a specific night in November, and used that information to identify 21 potential witnesses. done to identify. Law enforcement has said they will no longer use that data following a public outcry. But the incident represents exactly the kind of worst-case scenario that privacy advocates warned, at a time when public confidence in contact tracing is more important than ever.

The developer behind two widely used open source libraries effectively sabotaged their code this week, disrupting thousands of projects in the process. The changes caused applications to print nonsense messages in an infinite loop. The developer was tempted to make a statement about big companies profiting from his work for free, but making life very miserable for users of all stripes in the process.


  • The latest on tech, science and more: Receive our newsletter!
  • The Metaverse-Accidental Life of Kai Lenny
  • Indie city-building games are in line with climate change
  • From ransomware to data breaches, the worst hacks of 2021
  • Here’s what working in VR is really like
  • How do you practice responsible astrology?
  • ️ Explore AI like never before with our new database
  • From robotic vacuums to affordable mattresses to smart speakers, customize your home life with the best picks from our Gear team

,

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories