Hasta La Gadget!

Reports that medical devices implanted in patients or used for their treatment may have dangerous vulnerabilities are not new, but a new “safety communication” is focusing more attention on the issue. Ars Technica points out that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) group that works along with private industry to protect the nation’s infrastructure issued its own alert alongside the FDA’s, focusing on the many embedded devices that are protected only by hard-coded passwords.

The ICS-CERT message recommends restricting physical access to sensitive hardware, improved designs that are more resistant to potential attacks and increased network security. The FDA lists various vulnerabilities it’s become aware of like network connected devices being infected by malware, mobile devices being targeted to access patient data, the previously mentioned hard-coded passwords issue and more. Going forward, the FDA is collecting reports of “adverse events” to determine if security has been compromised, and will issue new guidelines on mobile health technology later this year. We’ve seen examples of potential security solutions for pacemakers in the past, and the more connected healthcare devices become we’re sure patients expect any potential vulnerabilities to be addressed as well.

Filed under: Wearables, Internet

Comments

Source: Ars Technica, FDA, ICS-CERT

It turns out Microsoft was serious when it declared war on botnets: the company just announced that its Digital Crimes Unit has successfully disrupted more than 1,400 criminal networks. The company says the action was a coordinated effort between Microsoft and the financial services industry, noting that the FBI chipped in to help out with legal hurdles — giving Redmond the leverage it needed to shut down malicious servers in both New Jersey and Pennsylvania. These machines had been infecting computers with Citadel malware, a keylogger that allowed cyber criminals to skim account information from victims. According to Reuters, authorities don’t yet know the identities of the criminals involved, but Microsoft thinks the ringleader lives in eastern Europe, and may be working with 80 or more accomplices. The company has already filed a civil lawsuit, listing the lead hacker as “John Doe No. 1” in the complaint.

Microsoft says it will use the data it collected from the operation to help ISPs find more efficient ways to detect and notify users if their computer is infected. The company also pledges to make the information available through its own cyber threat intelligence program. Check out the firm’s full press announcement for yourself after the break.

Filed under: Internet, Microsoft

Comments

Source: Reuters

You might think the only way malware could ever get onto your phone is if you installed an app or some piece of software that was infested with malicious code, but it turns out that modified wall chargers can be used to hack phones as well. Researchers say they’ve built a custom iPhone wall charger that can install malware when connected to a device.

During the annual Black Hat security conference later in July, researchers from the Georgia Institute of Technology will be showing off a prototype wall charger that they say is capable of installing malware onto iOS devices when plugged into the wall and connected to a device at the same time, which they found the results to be quite “alarming.”

The researchers aren’t saying much about the charger yet, as they reveal most of their findings next month, but they say that the charger is built around an open-source single-board computer known as a Texas Instruments BeagleBoard that costs around $45. Essentially, the researchers wanted to show just how easy and cheap it can be to cause a lot of virtual destruction in an innocent package.

However, it’s noted that a BeagleBoard is too big to fit inside an Apple 5W charger, so it’s unclear how exactly the research team has disguised the board. Perhaps they hid it in a docking station or an external battery pack. However, the team says that other hackers will most likely take their findings and advance the work to fit the necessary components into the tiny iPhone charger.

The Georgia Tech researchers say that this kind of hack could break into an iPhone running the latest firmware in less than a minute. However, this isn’t the first hack to utilize the iPhone’s Lighting/3-pin port. Most commonly, jailbreak software uses the connector to remove many of Apple’s restrictions from iOS, allowing users to install custom apps and themes that Apple would otherwise ban.

VIA: Forbes

iPhone vulnerable to hacking with malware-infested charger is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Many of the Pentagon’s most advanced weapon systems — including the F-35 Joint Strike Fighter and PAC-3 Patriot missile system — were compromised by Chinese hackers, according to a classified document obtained by the Washington Post. The list of weapons was part of an earlier DoD report condemning Chinese cyber-espionage activities, but had been confidential until now. Other systems hacked are said to include the Terminal High Altitude Area Defense (THAAD), the Navy’s Aegis ballistic-missile defense system, the F/A-18 fighter, V-22 Osprey and the Littoral Combat Ship used for shore patrol. Many of these form the foundation of defense systems from Europe to the Persian Gulf — and their breach goes a long way toward explaining Washington’s unprecedented dressing-down of China.

Filed under: Misc

Comments

Via: The Verge

Source: Washington Post

Unnamed United Stated officials, both current and former, spoke with the folks at the Wall Street Journal, revealing that hackers backed by the Iranian government have ramped up cyberattacks against the US, specifically zeroing in on the control systems that manage the energy industry. Unlike the Chinese hackers who have infiltrated various US companies, the intent behind the Iranian hackers appears to be sabotage.

The United States is no stranger to cyberattacks from Iran, which has been carrying on DDoS attacks against various bank websites for some time now. The difference with the latest attack from the nation is the potential for damage it provided, as well as showing a different area of intent behind the hackers’ motives, one that points toward wrecking havoc and causing disruption.

Reportedly, this newest attack by the hackers, according to a former US official, provided them with access to the control system for various gas and oil pipelines. Such a breach went “far enough to worry people.” That’s not all, however, with it also being reported that the hackers are using surveillance to access data, having accessed information on how to destroy or otherwise harm the systems controlling company operations.

It was suggested by one official that Iran could end up provoking a response from the United States if it does not back off its cyberattacking efforts: “This is representative of stepped-up cyber activity by the Iranian regime. The more they do this, the more our concerns grow. What they have done so far has certainly been noticed, and they should be cautious.”

Which oil, gas, and electric companies are being targeted was not specified, with the officials only saying that some of them lie along the US and Canadian border. Likewise, the proof that Iran is behind the attacks wasn’t specified either, with the officials merely saying that there is “technical evidence.” Not surprisingly, Iran denies having engaged in any such activities, but did point out that it has suffered these kind of attacks from the US.

SOURCE: Wall Street Journal

Image via Energy.gov

US energy industry under cyberattack by Iranian hackers is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.