Security News
Radio relay attacks are technically complicated to execute, but conceptually easy to understand: attackers simply extend the range of your existing key using what is essentially a high-tech walkie-talkie. One thief stands near you while you're in the grocery store, intercepting your key's transmitted signal with a radio transceiver.
Palo Alto Networks Unit 42 has detailed the inner workings of a malware called OriginLogger, which has been touted as a successor to the widely used information stealer and remote access trojan known as Agent Tesla. A.NET based keylogger and remote access, Agent Tesla has had a long-standing presence in the threat landscape, allowing malicious actors to gain remote access to targeted systems and beacon sensitive information to an actor-controlled domain.
Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keyswith no authentication required and zero indication given by the in-car display. "The authorization given in the 130-second interval is too general [it's] not only for drive," Herfurt said in an online interview.
Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack. Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC's to relay the Bluetooth Low Energy signal from a smartphone that has been paired with a Tesla back to the vehicle.
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y. Pushing out fixes for this security problem is complicated, and even if the response is immediate and coordinated, it would still take a long time for the updates to trickle to impacted products.
Cybellum had the pleasure of interviewing David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. So how did David Colombo, at the tender age of 19, hack into ultra-high tech Tesla cars?
Delta Electronics, a Taiwanese electronics company and a provider for Apple, Tesla, HP, and Dell, disclosed that it was the victim of a cyberattack discovered on Friday morning. While Delta's statement did not say who was behind the attack, an undisclosed information security company found a Conti ransomware sample deployed on the company's network, as CTWANT first reported.
A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. Agent Tesla is a.Net-based info-stealer that has been circulating the internet for many years but remains a threat in the hands of phishing actors.
Some Tesla owners worldwide are unable to unlock or communicate with their cars using the app due to an outage of the company's servers. Starting around 4 PM EST, Tesla owners have taken to social media reporting that the Tesla app is returning a "500 server error" when attempting to communicate with the car.
"Attached herewith is the revised circular," the malicious email reads. "Since 50 percent of the malicious emails targeted South Korea, we can speculate that threat actors were closely monitoring local news about the vaccination campaign in the country and anticipated shipment of 14 million doses of coronavirus vaccine," the spokesperson said.