Thieves try to steal a Tesla

Thieves steal Tesla carTake a look at a recent attempt of a couple of U.K. thieves to steal a Tesla Model S. They’re smart enough to actually gain entrance to the vehicle without the fob but they’re not smart enough to unplug the charger!

The owner of the vehicle does admit to not doing a couple of things that could have actually prevented the bad guys from gaining entrance including setting a PIN and using a Faraday pouch for the fob (while would block fob’s signal).

But it just goes to show that even “sophisticated” criminals who use technology aren’t always the brightest.

Source: electrek


Who’s Calling? Not Equifax!

Just in case you are living under a rock, 143 million Americans (that’s almost half of the population) just had their Social Security numbers, names, driver’s license and birth dates stolen when Equifax was hacked.

It doesn’t help that Equifax itself has made it confusing and difficult to check to see if you are one of the victims by creating a confusing web page that gives users conflicting information AND a weak PIN, AND is vulnerable to spoofing which would create even more victims.

If you want to know how to NOT handle a data breach, Equifax just wrote the definitive rulebook.

Now, hackers and the scammers are taking full advantage of the situation by calling people and pretending to be Equifax.

The Federal Trade Commission has issued a warning asking people to not interact with anyone calling and claiming to be with Equifax. They aren’t calling you, they don’t do that (neither does Microsoft or Google or any major company) they don’t have the resources and frankly don’t care enough to try.

The scam starts off with something like “This is Equifax calling to verify your account information.” It may be an automated call or a live person.

Do not press one, do not trust your caller ID, do not interact with the call in any way.

Hero Hacker Helps Stranded Family After Losing One-Of-A-Kind Car Key

For John and Maria Higgins, a simple loss of keys was about to become an adventure involving tow trucks, mechanics, locksmiths, crows (yes crows) and eventually a hero hacker.

When the Higgins family bought their used Toyota Estima minivan, they only received one set of keys instead of the usual two or even three. Unbeknownst to the family, they had purchased a vehicle with a one-of-a-kind key that could not be duplicated.

“This vehicle is a Japanese import with a sophisticated immobilizer, and the key has a chip in it that can’t be duplicated by North American Toyota dealers. I bought the vehicle a month ago from a dealer on the mainland who led me to believe they would be receiving another key for it from Japan in the few weeks following our purchase. This was not the case; as the manager just informed me, most cars sold by auction in Japan come with only one key and they haven’t gotten anything else from the auction since.” wrote Higgins in a Victoria Buzz Facebook post.

John Higgins tried everything he could think of to find the lost keys, offering a reward, looking in trash cans, even leaving shiney objects near the minivan and following the crows that picked them up in hopes of discovering the keys whereabouts.

After the Facebook post went viral, the family had several offers by the hacking community to hack the car and unlock/start it but they were advised against it because it could cause irreversible damage.

Higgins told a local newspaper, “In the hybrid system, the engine may work, but the wheels are connected to an electric motor that charges the battery. If the wheels spin, but the computer isn’t properly configured to recognize that, the batteries could charge until they explode, for example… If it was just a gas engine, this would be a different story.”

“We’re in a twilight zone of car situations.”

After the van sat in a parking lot for two weeks, it was towed to a local dealership where it remained for almost two months. The dealership reached out to a trusted mechanic who then reached out to a local hacker who asked to remain anonymous.

The hacker and the mechanic successfully entered the minivan, removed the dash and identified the immobilizer in order to reprogram it to work with new… less one-of-a-kind, keys.

The ordeal cost the family around $3,500 and the dealership that they bought the minivan from has agreed to pay half of the costs. Also, the family says they have locked up one of the three new sets of keys in a safety deposit box.

Latest Hacking Tool CherryBlossom Impacts Over 200 Home & Small Business Routers

According to WiKiLeaks, the CIA developed and implemented CherryBlossom with the help of the Stanford Research Institute (SRI International).

The article states that, “CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.”

The routers and Wi-Fi devices that are impacted include those manufactured by 3Com, Cisco, Belkin, D-Link, Linksys and other popular brands.
A full list can be found here.

Not only is this new threat an invasion of privacy and unconstitutional, it now poses an increased risk of CherryBlossom falling into the wrong hands and being used by hackers worldwide.