Rowhammer rides again as FPGA attack, RSA again reportedly up for sale, anti-theft kit to nuke laptops, etc

Including: Tesla and a town hit hard by spear-phish bridge scammers

Tesla powerwall2

Roundup Welcome to the New Year: here are some security headlines that may have slipped past you during the gorging season.

Tesla Wi-Fi taken for a ride by hackers

The team at Tencent Keen Security Lab has done it again: hacking Tesla's Model S, in which the security shop's parent company has a significant stake.

This time the Tesla hacking crew has demonstrated how it would be possible to compromise the Wi-Fi firmware and driver software in the car, then use that as a springboard to get into the host Linux system of the MuskMobile.

"We presented the details of the vulnerability in the firmware and the vulnerability in the Marvell kernel driver and explained how to utilize these two vulnerabilities to compromise the Parrot Linux system by just sending malicious packets from a normal Wi-Fi dongle," the team reports.

Fortunately, Tesla owners have nothing to fear. Aside from being rather difficult to actually perform – the process requires close proximity and only has a 25 per cent success rate – both bugs have already been patched after Tencent privately reported the flaws.

One Dell of a start to 2020 for RSA

It seems security company RSA's days as a part of the Dell family of brands may be numbered.

The Register's storage sister site Blocks and Files reports that Dell has brought in Morgan Stanley to find a buyer for the security and conference specialist. It was reported in November that Dell was mulling offloading RSA.

"The business has more than 30,000 customers across the globe, generates $170m – $200m EBITDA and could fetch as much as $3bn, according to some estimates," notes fellow vulture Chris Mellor.

The deal could be a big part of the chatter at next month's RSA Conference in San Francisco, USA.

Roll your own Capital One pwnage

A rather cool educational project allows you to experience firsthand how the Capital One hack likely went down.

Avishay Bar and Maros Hluska have created a virtual environment that lets anyone with an AWS account more or less recreate the essential parts of the cyber-break-in, and see exactly what went wrong and where. The site is a neat way for IT admins and infosec pros alike to learn something new and avoid similar mistakes by shoring up their cloud-based defenses.

What a BusKill! USB key provides nuclear option against thieves

For those who really, really want to keep their data out of the hands of thieves, there's a nifty gadget you might want to try. Invented by Michael Altfield, a sysadmin at the Open Source Ecology project, the BusKill cord acts as a sort of kill switch against thieves that works via USB.

The idea is that, when working at a cafe or other public place, the user would plug one end of the pull-away cord into their laptop, and the other to an anchor such as a belt loop or keyring.

If a miscreant tries to snatch your machine and run off with it, the cord would pull out and a USB key remaining in the socket would trigger a udev command that would, at its worst, completely wipe the machine. It's also remarkably affordable, the whole DIY project only costs around $20 to create.

Just make sure it doesn't accidentally fall out.

Speaking of wires... The O.MG Cable, which looks remarkably like a normal USB or Lightning cable but can be used to compromised connected targets, is back on sale. This is designed for red teams working in the field who need to rapidly and stealthily physically pwn computers at locations.

Rowhammer returns as FPGA hack

Memory-bit-forcing attacks are back. The familiar Rowhammer technique has now been extended to servers and other systems that link together FPGAs and CPU cores.

Dubbed JackHammer [PDF], the technique is said to make Rowhammer-style attacks more efficient on some FPGA-CPU hybrid systems. It is possible, for example, to use a maliciously configured gate array to flip bits in memory being used by a CPU core to perform sensitive stuff, like crypto-key generation. This could be a particular problem on multi-tenant cloud systems with FPGA attachments, where different customers are sharing various cores and programmable arrays in a server.

That said, this is an academic paper investigating the Intel Arria 10 GX, and the chance of an actual practical attack rearing its head any time soon remains, in our view, low... for now.

Colorado town rolled, smoked for $1m by BEC scam

The town of Erie, high in Colorado, USA, found itself deep in the weeds after an email-based scam resulted in it getting lit up to the tune of $1m.

The decidedly not-chill hackers posed as accountants from a construction company that built a bridge for the town. Using the lookalike email addresses, the hackers contacted city workers and requested the method of payment for the building work be changed.

Thinking they were paying a legitimate bill, town administrators blazed over payments to the new account, controlled by miscreants. Erie Police are now working with the FBI in a joint effort.

In brief... Starbucks developers left a JumpCloud API key in a public-facing GitHub repo, netting the finder a $4,000 bug-bounty award. A small US government website for the Federal Depository Library Program was hacked and defaced over the weekend by trolls in Iran or miscreants pretending to be patriotic Iranians.

Ransomware forces marketeer to close up shop

A marketing company in Arkansas, USA, is no longer a going concern, thanks to a particularly nasty ransomware infection.

Local news station KATV reported that, after sending home all of its employees in December, the Heritage Company will not be re-opening. It seems the cost of recouping the data and getting everything back up and running was too much for the small telemarketing firm. ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2020