April 2, 2019

Wrecked Teslas hang onto your (unencrypted) data

By Lisa Vaas

A Tesla gets run down by a truck hauling a jet engine. Ouch.

The car winds up in a salvage lot in Maryland. The driver, hopefully, doesn’t wind up in a hospital. But the video of it all remains, safe and sound, on that wrecked car, unencrypted and available for all to see.

If you want to see the video of a Tesla and its collision with a jet engine, or videos of Teslas careening off of snowy roads and/or plowing into trees, you can check out #TeslaCrashFootage on Twitter.

You’re able to do so because crashed Teslas being sold at junkyards and auctions are retaining what CNBC says is “deeply personal” and unencrypted data, including video from the car’s cameras that show what happened moments before the accident.

The unencrypted videos – plus phonebooks, calendar items, location and navigational data – were extracted by a security researcher who calls himself GreenTheOnly. The researcher retrieved the content from Model S, Model X and Model 3 vehicles purchased for testing and research from salvage.

GreenTheOnly, who identifies himself as a white hat hacker and a Tesla fan who drives a Model X, agreed to speak with CNBC and to share data and video with the news outlet on the condition of “pseudonymity,” citing privacy concerns. CNBC identifies the researcher as a “he,” so we’ll follow suit. He’s reportedly made tens of thousands of dollars from Tesla bug bounties in recent years.

Tesla’s split personality WRT privacy

Leaving data unencrypted on a car that’s headed to the junkyard isn’t exactly consistent with how tight-fisted Tesla is with privacy under other circumstances. Tesla drivers involved in car crashes say that they’ve had to wrestle to get data upon request, particularly when they don’t see eye-to-eye with Tesla about whether the crash was due to driver error or defective technology, as Consumer Affairs reported last year.

Read more at https://nakedsecurity.sophos.com/2019/04/02/wrecked-teslas-hang-onto-your-unencrypted-data/

Russia accused of massive GPS spoofing campaign

By John E Dunn

Russia has been conducting a major campaign to experimentally hijack signals sent by Global Navigation Satellite Systems (GNSS) systems such as GPS, researchers have claimed in a detailed report.

Technically, GNSS spoofing (as opposed to simpler jamming) is an attempt to send false positional signals to a receiver using global satellite networks such as the US GPS, China’s Beidou, Russia’s GLONASS, and Europe’s Galileo.

In recent years, there have been a flurry of small-scale reports of spoofing plus one major incident in the Black Sea in 2013 when at least 20 ships reported positioning anomalies blamed on the phenomenon.

What the team at the Center for Advanced Defense (C4ADS) has uncovered is the first confirmed example of a nation using this technique on a large scale.

The evidence emerged after the team spent a year crunching satellite data gathered by the International Space Station (ISS), detecting 9,883 suspected spoofing incidents at 10 global locations connected to its military, including Crimea, Syria, and the Russian Federation.

Since February 2016, this resulted in 1,311 civilian ships being fed the wrong positional coordinates from a range of civilian satellite networks.

Even when the attacks are noticed and corrected the effect is that of a nuisance denial-of-service on targets which are forced to fall back on older, less convenient systems. Says the report:

In effect, Russian forces now have the capability to create large GNSS denial-of-service spoofing environments, all without directly targeting a single GNSS satellite.

Another apparently routine if slightly From Russia With Love application of is to block the tracking of politicians, with numerous reports of “a close correlation between movements of the Russian head of state and GNSS spoofing events.” This suggested the development of mobile jamming units.

The researchers also found previously unreported evidence of GNSS interference near Russian military activity that represented a danger to civilian airliners using the same airspace.

Read more at https://nakedsecurity.sophos.com/2019/04/01/russia-accused-of-massive-gps-spoofing-campaign/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation