Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bluetooth Hackers. Show all posts

Thieves Use JBL Speakers to Hack Cars with Keyless Entry

Car theft has been an ongoing problem for decades, but now, thieves have found a new way to bypass modern car security systems using hacking tools disguised as JBL portable speakers. This emerging trend highlights the importance of cybersecurity in the automotive industry and the need for manufacturers to improve the security of their products.

According to a recent report by TechSpot, car thieves are using these hacking tools to gain access to vehicles equipped with keyless entry systems. They target the key fob's wireless communication system and use a device disguised as a JBL portable speaker to inject code into the car's system, allowing them to start the engine and drive away.

Kentindell, a cybersecurity researcher, revealed that this technique is possible due to a vulnerability in the communication protocol used by the key fob and the car. The vulnerability allows attackers to inject code into the system and bypass the security measures designed to prevent unauthorized access. Thieves have been using this technique to steal luxury cars such as BMWs and Mercedes, which are often targeted due to their high resale value. The devices used to execute these hacks can be purchased easily online for as little as $30, making it a low-cost and accessible method for criminals.

The use of hacking tools disguised as JBL portable speakers is just one example of the increasing threat of cyber attacks in the automotive industry. As cars become more connected and reliant on technology, the risk of cyber-attacks increases. This is particularly concerning in the case of autonomous vehicles, where a cyber attack could have severe consequences.

To address this issue, car manufacturers need to improve the security of their products and work with cybersecurity experts to identify vulnerabilities in their systems. Additionally, car owners should take steps to protect their vehicles, such as storing key fobs in a secure location and keeping their software and firmware up to date.




Google Play Protect Shields Users From Cyberattacks


The leading Android devices all use Google Play Services as a key component. It serves as a link between the Android OS and programs, mostly Google programs and programs from other developers that make use of Google authentication, cloud services, and Game Dashboard.

You could use an Android app that protects users from severe cyberattacks and operates through the official Google Play store called Google Play Protect.

According to a security notice from Google, "Google Play Protect removes apps that have been marked as potentially hazardous because the app actually contains malicious behavior, not only because we are unsure if the app is harmful or not."

Before allowing you to download an app, the feature verifies its security. To deceive users into manually installing the infected files, some of these malicious sites invite victims to download phoney security tools or upgrades.

Four malicious apps were detected by research:
  • Bluetooth App Sender
  • Bluetooth Auto Connect
  • Driver: Bluetooth, USB, Wi-Fi
  • Mobile Transfer: smart switch
More than a million people have downloaded all of the applications together, and they invite a significant danger of identity theft and scams.

"These apps offer capabilities that consumers desire, such as device rooting and other developer features. Users knowingly install these potentially hazardous apps," as per Google.

Essentially Google Play Protect will initially issue a warning about the app's possible dangers when a user starts to install an app that Google has categorized as 'user-wanted.'  Google will not send any more warnings if the user decides to install the program anyhow.

Main functions of Google Play Protect:
  • Verifies the security of downloaded programs from the Google Play store.
  • Detects potentially hazardous programs outside the Google Play store.
  • Warns you about hazardous applications.
  • Removes or disables unwanted applications.
  • Alerts you to apps that break the rules by hiding or making false representations of themselves.
  • Sends you privacy alerts about applications that may request access to your personal information.
  • To protect your privacy, reset your app's permissions.
Google stated in its security note that "after installation, the user-wanted classifications restrict Google Play Protect from delivering additional warnings, so there is no disturbance to the user experience."

The Google Play Services platform also enables Google to push Project Mainline modules, allowing your device to receive security upgrades without having to wait for the producer to release them.

Researchers: Tesla Cars, Bluetooth Locks, Vulnerable to Hackers

 

Hackers can remotely unlock millions of digital locks around the world, including those on Tesla cars, due to a flaw in Bluetooth technology, according to a cybersecurity firm. 

NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device tied to a laptop, which spanned a wide gap between the Tesla and the Tesla owner's phone, according to a video shared with Reuters.

"This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world," the UK-based firm said in a statement, referring to the Bluetooth Low Energy (BLE) protocol - technology used in millions of cars and smart locks which automatically open when in close proximity to an authorised device. 

Although Khan demonstrated the hack on a Tesla Model Y from 2021, NCC NSE 0.23 percent Group claims that any smart lock that uses BLE technology, including residential smart locks, may be unlocked in the same way. A request for comment from Tesla was not immediately returned. 

"In effect, systems that people rely on to guard their cars, homes, and private data are using Bluetooth proximity authentication mechanisms that can be easily broken with cheap off-the-shelf hardware," the firm stated. "This research illustrates the danger of using technologies for reasons other than their intended purpose, especially when security issues are involved". 

According to the NCC Group, such a vulnerability is not the same as a traditional bug that can be repaired with a software patch, and BLE-based authentication was not intended for usage in locking mechanisms.