weird and wild cutting edge security threats

Weird and wild cutting edge Security Threats

1. New tech new bugs new headaches
When you think of security vulnerabilities, the first thing that likely comes to your mind are flaws in Windows or apps like Adobe Reader that let hackers wreak havoc on your PC. But computers are everywhere these days, and with more computers come more security headaches. Join us as we look at ten hacks and vulnerabilities that take threats to the next level. Somehow, things have gotten even crazier since our last look at shocking security exploits.
2. Hackers crack the car
In car navigation and infotainment systems can deeply improve the driving experience, but they can also open up your car to security issues that you might never have imagined. Case in point: In July, security researchers Charlie Miller and Chris Valasek managed to control a Jeep Cherokee s acceleration and braking among other things via the Internet. The pair exploited a vulnerability in the Jeep s Uconnect in dash infotainment system, and used a smartphone to remotely brake the car while it was being driven. The hack took Miller and Valasek three years of work to pull off. The fact that someone could take control of a car through a hole in the infotainment system is worrisome, though, and the hack was serious enough that Fiat Chrysler recalled 1.4 million vulnerable vehicles.
3. Hacked electric skateboard makes riders eat pavement
But the automobile isn t the only mode of transportation that is potentially vulnerable to hacking. In early August, researchers Richo Healy and Mike Ryan demonstrated how theycould remotely control an electric skateboard?by exploiting the unsecured Bluetooth connection between the board and the remote used to control it.
4. Malware gets into your BIOS
When you think of malware, you probably think of viruses, spyware, and trojans that infect your PC at the OS level. But there s a whole class of emerging malware that targets your PC s underlying firmware. A piece of malware called badBIOS doesn't just infect a PC s BIOS it's also nearly impossible to completely eradicate. According to researchers, badBIOS can persist on your system, even if you flash your BIOS. As a result, traditional detection and removal methods are useless against badBIOS. Because malware that targets firmware sidesteps the operating system, pretty much any PC may be vulnerable, even if you run an OS for which very little malware exists. Last month, for example, researchers showed how malware can attack the EFI firmware that Apple uses on Macs.
5. Malware that uses sound to jump air gaps
BadBIOS had one other sinister trick up its sleeve: Although the malware spreads via infected USB flash drives, researchers believed that it communicates with other infected computers via high frequency audio signals.Researchers say that it s only one of several possible ways malware could communicate with other infected machines without the aid of a network connection.
6. When good flash drives go bad
Malware delivered on flash drives via infected files isn t new, and it s a problem that you can mitigate by exercising caution and using a good antivirus package. But when the flash drive itself is malicious, well, all bets are off. BadUSB, a toolkit put out by a pair of security researchers last fall, shows how flash drives can be modified for nefarious purposes. Using attacks like BadUSB, a prospective malware distributor could modify the firmware on the flash drive itself to fool a PC into thinking the flash drive is a different kind of device. For example, as IDG News Service's Lucian Constantin explained, a USB thumb drive connected to a computer can automatically switch its profile to a keyboard and send keystrokes to download and install malware or emulate the profile of a network controller to hijack DNS settings.
7. USB Killer kills PCs dead
Of course, BadUSB isn t all a malicious flash drive can do one could potentially fry your PC. USB Killer is a proof of concept attack in which an attacker would modify a flash drive s hardware so that it would deliver an electrical shock to your PC instead of data. The modified USB drive would cause an electrical current feedback loop of sorts: Eventually, the electrical current would become strong enough and reach a high enough voltage to toast your PC s innards.
8. WireLurker takes aim at Macs iPhones
When it comes to mobile malware, the iPhone has been left mostly unscathed. That doesn t mean iOS isn t vulnerable to attack, though. Last fall, an attack making the rounds in China dubbed WireLurker used infected OS X apps to deliver malware that swiped personal data like call logs and contacts from both jailbroken and unmodified iPhones alike. Once WireLurker got onto your Mac, it would wait for you to connect an iPhone to your computer via USB. If it detected a jailbroken iPhone, it would look for specific apps for jailbroken phones and replace them with infected versions. On non jailbroken phones, it would deliver its payload using a feature that allows companies to install custom apps on their employees iPhones. Apple wasted no time and blocked WireLurker shortly after researchers uncovered the malware attacks.
9. Your GPU A future malware target
Back in March, a group of developers created a malware proof of concept called JellyFish that demonstrated how malware could potentially run on a PC s graphics processor. While JellyFish was but an example to show to the security world how such an attack might work, malware like it could prove especially potent, because it can be readily adapted to attack machines running WIndows, Linux, or OS X. GPU hosted malware would also be more difficult for antivirus software to detect, though a recent report from McAfee indicates that security software may may be able to detect it after all. Here s hoping.
10. Tech makes for a home security headache
An Internet connected video camera seems like a good idea in theory after all, being able to check in on your home while you re away can enhance your peace of mind. But security researchers have shown that so called connected home devices often contain issues that could allow an attacker to compromise your privacy or security. In February, security firm Synack released a study on the issue. As our Paul Lilly reported at the time, Synacks research revealed a long list of issues, including open ports, built in backdoors, and lack of encryption. Just this month, researchers managed to hack into nine different Internet connected baby monitors a terrifying prospect for any parent. If an attacker finds a way to remotely control a connected home device on your network, they could potentially use it as a way to intercept personal information (such as usernames and passwords) from computers on your home network.