Articles about research

Keen Security Lab senior researcher Sen Nie (left) with director Samuel Lv

Hackers hijack Tesla Model S from afar, while the cars are moving

Video Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion. Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks …
Darren Pauli, 20 Sep 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Security researcher Doron Naim has cooked an attack that abuses Windows 10's Safe Mode to help hackers steal logins. The Cyberark man says remote attackers need to have access to a PC before they can spring this trap, which involves rebooting a machine into Safe Mode to take advantage of the lesser security controls offered in …
Darren Pauli, 16 Sep 2016

Top infosec vendors, cops, liberate thousands from ransomware

Warriors from industry and law enforcement collective No More Ransom have cleansed more than 2500 machines of ransomware by distributing free decryption keys and other tools to eradicate infections. No More Ransom is an alliance of cops and anti-malware experts including McAfee and soon-to-be-former parent company Intel, …
Darren Pauli, 14 Sep 2016
Image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Infected Android phones could flood America's 911 with DDoS attacks

A research trio has shown how thousands of malware-infected phones could launch automated distributed denial of service attacks to cripple the US emergency phone system "for days". The attacks are a new area of research and exploit the need for emergency call services to accept all calls regardless of origin. The theoretical …
Darren Pauli, 13 Sep 2016
Sad robot helper

New science: Pathetic humans can't bring themselves to fire lovable klutz-bots

A university study has found that adding basic facial expressions to a robot can be enough to forge an emotional bond with humans. Researchers with University College London and University of Bristol in the UK found that when humans were paired with a robot that displayed facial expressions of remorse, the fleshy overlord was …
Shaun Nichols, 20 Aug 2016

If this headline was a security warning, 90% of you would ignore it

Developers, advertisers, and scammers be warned; boffins say your pop ups will be almost universally ignored if they interrupt users. The work examined how users respond to web-based messages during times of varying concentration and found users who are engaged deeply in some task will ignore pop ups. The university quintet …
Darren Pauli, 18 Aug 2016

Forensics tool nabs data from Signal, Telegram, WhatsApp

USENIX VID University researchers have developed a new method to help forensic investigators extract data information from memory. The tool, dubbed Retroscope, recovered data from up to the previous 11 screens displayed from up to 15 apps, with an average of five screens pulled from each. Apps included Signal, Skype, WeChat, Gmail, …
Darren Pauli, 15 Aug 2016
Image by Maksim Kabakouhttp://www.shutterstock.com/pic-362745248/stock-photo-privacy-concept-broken-shield-on-wall-background.html

Stealthy malware infects digitally-signed files without altering hashes

Black Hat Deep Instinct researcher Tom Nipravsky has undermined the ubiquitous security technique of digitally-signed files by baking malicious code into headers without tripping popular security tools. Nipravsky inserted malicious code into the small header attribute certification table field which contains information about digital …
Darren Pauli, 8 Aug 2016

Latest Androids have 'god mode' hack hole, thanks to Qualcomm

Four Qualcomm vulnerabilities grant malware writers total access to modern Android smartphones. Yes, yes, nine hundred meellion "potential" users, if you're counting. Attackers can write malicious apps that, when installed, exploit the software flaws to gain extra privileges on Android Marshmallow and earlier versions of …
Darren Pauli, 8 Aug 2016

Microsoft stops to smell the roses, creates the Shazam of flowers

Botanists will be positively blooming thanks to Microsoft, which has worked with a team of scientists to create a system to help flower-fanciers identify species in a snap. The Smart Flower Recognition System will help botanists stalk flowers across the world using Microsoft's blossoming library of some 2.6 million floral …
Darren Pauli, 26 Jul 2016

15-year-old security hole HTTPoxy returns to menace websites – it has a name, logo too

A dangerous easy-to-exploit vulnerability discovered 15 years ago has reared its head again, leaving server-side website software potentially open to hijackers. The Apache Software Foundation, Red Hat, Ngnix and others have rushed to warn programmers of the so-called httpoxy flaw, specifically: CVE-2016-5385 in PHP; CVE-2016- …
Darren Pauli, 18 Jul 2016
Daleks in Doctor Who – Witch's Familiar. Pic credit: BBC

Drowning Dalek commands Siri in voice-rec hack attack

University boffins have brewed one of the most complex mechanisms for loading malware onto phones by way of surreptitious Google Now and Siri voice commands hidden in YouTube videos. For the attack to work, phones need to be in a state where they can receive voice commands - a feature often left unlocked - and close enough to …
Darren Pauli, 11 Jul 2016
Cymmetria report

Copy paste slacker hackers pop corp locks in ode to stolen code

The ultimate copy paste slacker hacker group has busted security controls in some 2500 corporates and government agencies using nothing but stolen code. The targets focus on those affiliated with military and political assignments around Southeast Asia and the contentious South China Sea, and may have been compromised in a …
Darren Pauli, 8 Jul 2016

414,949 D-Link cameras, IoT devices can be hijacked over the net

Shodan has turned up half a million D-Link devices exposed to the internet, and subject to easy hijacking using zero-day vulnerabilities. The stack overflow vulnerabilities affect more than 120 D-Link products, from Wi-Fi cameras to routers and modems, and allow remote attackers to completely hijack the administer account of …
Darren Pauli, 8 Jul 2016
IMage by Vadim Ivanov http://www.shutterstock.com/gallery-771946p1.html

Loose wrists shake chips: Your wrist-job could be a PIN-snitch

Chinese scientists have brewed a way to steal -- with 80 percent accuracy -- automatic teller machine PINs by infecting wearable devices. Five university boffins demonstrated the trick in a laboratory, finding even the slight hand movements a person makes while entering PINs can be captured through infected smart watches. The …
Darren Pauli, 7 Jul 2016
Image composite Titima Ongkantong, Stephen Marques, Shutterstock

Outed China ad firm infects 10m Androids, makes $300k a month

Net scum behind the Hummingbird Android malware are raking in a mind-boggling US$300,000 (£233,125, A$404,261) a month through illegitimate advertising and app downloads from a whopping 10 million infected devices. The offending group, known as Yingmob, is an offshoot of a legitimate Chinese advertising analytics firm with …
Darren Pauli, 6 Jul 2016
Image by Iterum http://www.shutterstock.com/gallery-591613p1.html

Gigabyte BIOS blight fright: Your megabytes’ rewrite plight in the spotlight

Gigabyte has been swept into turmoil surrounding low-level security vulnerabilities that allows attackers to kill flash protection, secure boot, and tamper with firmware on PCs by Lenovo and other vendors. Unconfirmed reports suggest the hardware vendor has used the "ThinkPwn" vulnerable code, thought to be born of Intel …
Darren Pauli, 6 Jul 2016

'Irongate' attack looks like Stuxnet, quacks like Stuxnet ...

FireEye threat researchers have found a complex malware instance that borrows tricks from Stuxnet and is specifically designed to work on Siemens industrial control systems. Josh Homan, Sean McBride, and Rob Caldwell named the malware "Irongate" and say it is probably a proof-of-concept that is likely not used in wild. …
Darren Pauli, 3 Jun 2016

Create a news alert about research, or find more stories about research.

Biting the hand that feeds IT © 1998–2018