IT Security News

IT Security News

Jul 15

Critical Linux Vulnerability Exposed

Everyone loves Linux! In fact, this operating system is so solid that it’s being used on space stations as well. And yet, there are times when news like this one send shivers down our spines: Linux is vulnerable to an off-path TCP exploit.

Researchers have recently discovered a flaw that allows the attackers to intercept TCP traffic and alter it without needing a man-in-the-middle position. Fortunately, the vulnerability can only be used with the HTTP protocol, which doesn’t encrypt the connection between the visitor and the desired website.

The attackers can inject data and even terminate connections, though. And to make the matter even worse, this vulnerability hasn’t been patched since 2012.

There is some good news as well. Computers that run the Windows or Mac OS X operating systems are not affected, because they don’t make use of the affected RFC 5961 protocol, which is vulnerable to attacks.

RFC-5961-protocol

According to researchers, a successful attack needs less than a minute, and the success rate ranges from 88 to 97%. To fix the issue, the TCP protocol implementation has to be changed, limiting its global rate with the goal of preventing side channel attacks.

 

Volkswagen’s Keyless Entry System is Vulnerable

Researchers have recently found out that keyless locks, which are installed on most modern cars, can be easily bypassed. The study focused on several vehicles that have been produced by Volkswagen, and the results weren’t very encouraging: the company has been using only a few keys to encrypt the wireless signals used by the car remotes since 1995.

Researchers have built a cheap transceiver, and then they have used it to capture the signals sent by the electronic keys. A single button press was enough for them to get the wireless key, and then open the car.

keyless-entry

Audi, Seat, Alfa Romeo, Chevrolet, Peugeot, Opel, Renault, Ford and Lancia are also affected by this problem. All of them are making use of an outdated rolling code scheme, which can be easily broken by a modern-day laptop within minutes.

This discovery explains why many high-end cars were stolen without a trace. And even though the manufacturers have been notified, a quick fix is not possible, because car software can’t be patched that easy.

And the thieves won’t stop here! Several vehicles have been stolen in Washington DC using a different method. The burglars are using an amplifier to boost the key signal. If the keys are close enough to the car, the system works. The targeted models are Audi, Volvo and Acura cars which have been produced in 2010 or later.

 

Vancouver Police Used the Stingray Surveillance Technology

The Canadian police force has admitted using cell phone dragnet equipment. The Stingray surveillance technology mimics a legitimate looking cell phone tower, with the goal of getting information, location and even content from the phones that connect to it.

gsm-cell-tower

Vancouver’s Pivot Legal Society has been fighting for years, trying to find out if the police has used stingrays before, and if they are going to use them again in the future. Both answers were affirmative.

Police has confirmed that the stingray device was used in 2007 to gather information about a potential abduction and possible murder. The device was used to determine if the cell phone owned by the abducted person was located in a certain area.