Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label Ethical Hacker. Show all posts

Ethical Hacker Finds Security Flaw in Subaru Starlink, Gains Remote Access to Vehicles

 



A cybersecurity researcher recently discovered a serious vulnerability in Subaru’s Starlink system, allowing him to remotely control vehicles across the U.S., Canada, and Japan. The ethical hacker, Sam Curry, was able to unlock doors, start and stop engines, and track vehicle locations after bypassing a security loophole in an employee-facing platform. The issue was quickly reported to Subaru, which fixed the vulnerability within 24 hours.  

What is Subaru Starlink?  

Subaru Starlink is the company’s connected vehicle system, offering a range of infotainment, security, and remote access features. It allows Subaru owners to lock or unlock their vehicles, start the engine remotely, and track their car’s location using the MySubaru mobile app. The system also provides emergency roadside assistance, automatic crash notifications, and stolen vehicle tracking.  

Because Starlink controls key vehicle functions remotely, any security vulnerability in the system could pose a major risk, allowing unauthorized access to vehicles.  

How the Hacker Gained Access  

Sam Curry, a well-known ethical hacker, decided to test Subaru’s security after purchasing a 2023 Subaru Impreza for his mother. When he failed to bypass the security of the MySubaru app, he and fellow researcher Shubham Shah looked for other ways to access Subaru’s systems.  

They eventually found a publicly accessible employee portal linked to the Subaru Starlink Admin Panel. A flaw in this portal allowed them to reset employee passwords without needing confirmation, as long as they had a valid company email address.  

To find an active employee email, Curry searched LinkedIn profiles of Subaru staff and used a common corporate email format. After a few attempts, he successfully reset a valid employee’s password and gained full access to the Subaru Starlink Admin Panel.  

Once inside, he could:  

1. Locate any Subaru vehicle with a Starlink account  

2. Unlock and lock doors remotely  

3. Start and stop the engine  

4. Access tracking history for up to 12 months  

5. View partial billing details of vehicle owners  

To verify the extent of their access, Curry and Shah tested it on another Subaru owned by a friend. With just her license plate number, they remotely unlocked her car, confirming the system-wide vulnerability.  

Curry quickly reported the flaw to Subaru, which patched the vulnerability in less than a day. The automaker did not publicly comment on the issue, but the fix prevented any further unauthorized access.  

Why This Matters  

This discovery underlines the importance of strong cybersecurity measures in connected vehicles. As cars become more reliant on internet-based systems, ensuring their security is critical to preventing hacking attempts that could compromise user safety. The incident also underscores the role of ethical hackers in identifying and fixing security gaps before malicious actors exploit them.  



The Vital Role of Ethical Hacking in Cyber Security

 

The possibility of cyber attacks is a major issue, with the global average cost of a data breach expected to reach $4.45 million in 2023, a 15% increase over the previous three years, according to an IBM analysis. This stark figure highlights the growing financial and reputational threats companies face, emphasising the importance of ethical hacking in an increasingly interconnected world. 

Ethical hackers are the first line of defence, utilising their knowledge to replicate cyber attacks under controlled conditions. These individuals play an important role in averting potentially disastrous data breaches, financial loss, and reputational harm caused by cyber attacks by proactively fixing security vulnerabilities before they are exploited. 

This article explores the importance of ethical hacking, the tactics used by ethical hackers, and how to pursue a career in this vital sector of cyber security. 

What is ethical hacking? 

Ethical hacking, commonly referred to as penetration testing or white-hat hacking, is a technique for testing computer systems, networks, or online applications for security flaws. Unlike criminal hackers, who attempt to make money from vulnerabilities, ethical hackers utilise their expertise to uncover and patch them before they are exploited. 

They utilise their expertise with authorization, hoping to improve security posture before a real hacker exploits vulnerabilities. This preemptive strike against possible breaches is an important part of modern cyber security tactics and a technique of protecting against the most dangerous cyber security threats. Ethical hacking adheres to a fixed code of ethics and legal restrictions. 

Ethical hackers must have clear permission to explore systems and ensure that their actions do not stray into illegal territory. Respect for privacy, data integrity, and the lawful exploitation of uncovered vulnerabilities is critical. 

Methodologies of Ethical Hacking 

Ethical hackers employ a variety of methodologies to assess the security of information systems. These include: 

Risk assessment: Scanning systems and networks to identify known vulnerabilities. 

Penetration testing: Simulating cyber attacks to evaluate the effectiveness of security measures. 

Social engineering: Testing the human element of security through phishing simulations and other tactics. 

Security auditing: Examining the adherence of systems and policies to security standards and best practices. 

Process of ethical hacking

Step 1: Reconnaissance - The ethical hacker collects as much information about the target system or network as possible utilising techniques such as WHOIS databases, search engines, and social media to obtain publically available information. 
 
Step 2: Scanning – They look for live hosts, open ports, services running on those hosts, and vulnerabilities connected with them. Nmap may be used to scan ports, while Nessus or OpenVAS can be used to check for vulnerabilities that can be exploited. 

Step 3: Gaining Access – They use the identified vulnerabilities to gain unauthorised access to the system or network. Metasploit is commonly used to exploit vulnerabilities. Other tools include SQL injection tools for database attacks, as well as password cracking programmes such as John the Ripper or Hydra. 

Step 4: Maintaining Access – Ensure continued access to the target for further exploration and analysis without being detected. Tools like backdoors and trojans are used to maintain access, while ensuring to operate stealthily to avoid detection by security systems.

Step 5: Covering Tracks – Delete evidence of the hacking process to avoid detection by system administrators or security software. Log tampering and the use of tools to clear or modify entries in system logs. Tools such as CCleaner can also be used to erase footprints.

Hackers made $82 Million through Bug Bounties in 2019


Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone.


On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. These countries are the top 6 highest earning ones on the list.

According to Luke Tucker, who is the Senior Director of Global Hacker Community, Hackers are a global power working for a good cause to ensure the safety the connected society on the internet. The motivations for hacking may differ, but it is good to see that global organizations are embracing this new change and providing hackers a new platform to compete and grow as a community, making the internet a safe place for everyone, all together. Hackers from various countries earned a lot more than compared to what they did last year.

Hackers from Switzerland and Austria made more than 950% earnings than last year. Similarly, hackers belonging to Singapore, China, and other Asian countries made more than 250% compared to their earnings of 2018. Competitions like these Bug Bounty programs have helped Hackers land into respectful expert knowledge, as 80% of the hackers use this experience to explore a better career or jobs. According to the reports, these hackers spent over 20 hours every week to find vulnerabilities.

Demand for teen hackers rises


Shivam Subudhi is 15 and lives in London. Three years ago, he was so inspired by the movies he was watching that featured hackers, he coded a simple port scanner revealing network doors that might let a hacker enter uninvited. "I decided to put my skills into practice for the first time," Subudhi says, "by pentesting my school network and website." Penetration testing is also known as ethical hacking and involves probing networks, systems, and sites looking for security vulnerabilities that could be exploited by an attacker. It was this activity that, unsurprisingly, brought Subudhi to the attention of the deputy headteacher. That teacher was also an IT enthusiast and introduced the budding hacker to the Cyber Discovery program; a £20 million ($24 million) U.K. government-backed scheme to teach kids how to be cybersecurity superheroes. Could your kid be next?

Teenage hackers sought by government Cyber Discovery program

Back in 2017, the U.K. government issued a tender to run a £20m Cyber Schools Programme as part of the National Cyber Security Strategy 2016-2021 created to reduce the cyber skills gap by encouraging young people to pursue a career in the profession. The SANS Institute bid for this contract was successful, having run similar programs in the U.S. and able to demonstrate the success of using a "gamified" learning model.

"SANS is by far the largest and most trusted provider of cybersecurity training in the world," James Lyne, CTO at the SANS Institute says, "so we have a wealth of experience, training content and expert instructors." In the first year the Cyber Discovery program saw some 23,000 youngsters from the U.K. aged between 14 and 18 taking part in the initial assessment phase, and around 12,000 qualifying to participate in the primary learning phases, "CyberStart Game" and "CyberStart Essentials." The following year, 29,000 took part and 14,000 qualified. Registration for the third year of Cyber Discovery is now open and Lyne anticipates a significant increase in participation, not least as the entry age has now dropped to 13.

Hack an iPhone, win $ 1 million


Apple has massively increased the amount it’s offering hackers for finding vulnerabilities in iPhones and Macs, up to $1 million. It’s by far the highest bug bounty on offer from any major tech company.

That’s up from $200,000, and in the fall the program will be open to all researchers. Previously only those on the company’s invite-only bug bounty program were eligible to receive rewards.

As Forbes reported on Monday, Apple is also launching a Mac bug bounty, which was confirmed Thursday, but it's also extending it to watchOS and its Apple TV operating system. The announcements came in Las Vegas at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security.

Forbes also revealed on Monday that Apple was to give bug bounty participants “developer devices”—iPhones that let hackers dive further into iOS. They can, for instance, pause the processor to look at what’s happening with data in memory. Krstić confirmed the iOS Security Research Device program would be by application only. It will arrive next year.

$1 million for an iPhone hack

The full $1 million will go to researchers who can find a hack of the kernel—the core of iOS—with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a “network attack requiring no user interaction.” There’s also a 50% bonus for hackers who can find weaknesses in software before it's released.

Apple is increasing those rewards in the face of an increasingly profitable private market where hackers sell the same information to governments for vast sums.

As Maor Shwartz told Forbes, the cost of a single exploit (a program that uses vulnerabilities typically to take control of a computer or phone) can fetch as much as $1.5 millon. An exploit targeting WhatsApp where no clicks are required from the user, for instance, can be sold to a government agency for that much, though such tools are rare. Only one or two a year will be sold, from a pool of around 400 researchers who focus on such high-end hacking. “It’s really hard to research them and produce a working exploit,” he said.

XSS in Photobucket fixed

Recently a 15 year old tech blogger and security researcher named Indrajeet bhuyan found and helped fix a XSS vulnerability in Photobucket.







He had previously found vulnerabilities in Samsung, Disqus, NDTV, Jabong, IIT Bombay and many others. 

Editor's Note: It is good to see that such young hackers are acting responsibly and reporting vulnerabilities instead of simply defacing the site or using the vulnerabilities for malicious motives.I hope that Mr.Indrajeet bhuyan continues this.

Self Proclaimed Ethical Hacker Trishneet Arora website hacked by Team Cyber-Rog


Last night, Self Proclaimed Ethical Hacker Trishneet Arora official website(trishneetarora.in) has breached and defaced by the hacker group called "Team Cyber-Rog ".

Trishneet is the author of a book "The Hacking Era". And claims himself to be awarded as India's best ethical hacker, Punjab's No.1 Cyber Crime Consultant and World's 2nd Youngest Author of Ethical Hacking Books.Trishneet has been known on the internet as founder of TAC Security Solutions, a cyber security company.

As far as Wikipedia is concerned they deleted his own made page (http://en.wikipedia.org/wiki/Trishneet_Arora) 3 times in the past for the following reasons:

"12:29, 20 October 2012 Bwilkins (talk | contribs) deleted page Trishneet Arora (G4: Recreation of a page that was deleted per a deletion discussion (CSDH))
18:01, 18 October 2012 MBisanz (talk | contribs) deleted page Trishneet Arora (Wikipedia:Articles for deletion/Trishneet Arora)
13:13, 2 September 2012 Boing! said Zebedee (talk | contribs) deleted page Trishneet Arora (G11: Unambiguous advertising or promotion)"

After Numerous restore tries by him , the deface page is still up ,Exposing his true face.  Trishneet as claimed by hackers conducts so called ethical hacking workshops around the country.  A lot of people have informed us that this guy has absolute 0 knowledge in this field and yet goes around acting as a "professional it security expert". All his websites are under free hosting and last night another one of his domain was hacked .

http://pastebin.com/2L3VVyrf

"You have dissapointed us, we will continue to own and expose people like Trishneet . Learn to secure yourself before you teach others . Trishneet ,stop making fake account of girls and and conducting fake workshops for money/profit. We are watching you ,Expect Us!" the message from the Cyber-Rog team. "oh and good luck with your book sales now :P"

The defaced page: http://trishneetarora.in/index.html


We come to know about this hack when a security researcher Vedachala reported a XSS security flaw in the Trishneet website.

The POC code provided by Vedachala for the Reflected XSS:
http://trishneetarora.in/assets/';alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//";alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,40,86,51,68,64,67,72,52,76,65,32,72,51,114,101,41,46,32,83,51,99,117,114,101,32,121,111,117,114,32,97,36,36,32,102,105,114,115,116,46,46))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(80,79,79,82,32,78,48,111,98,44,86,51,68,64,67,72,52,76,65,32,72,51,114,101,46,32,83,51,99,117,114,101,32,121,111,117,32,97,36,36,32,102,105,114,115,116,46,46))</SCRIPT>

*Note: This is guest post submitted by one of the Reader.

List of Bug Bounty program for PenTesters and Ethical Hackers


"The Best way to improve Network security is hiring hackers" Unfortunately, companies can't hire all best hackers.  So the companies has chosen another best way to improve their system security, "Bug Bounty Programs".

Bug Bounty program is the place where Security researchers and Ethical hackers love to find vulnerabilities in target website or app and get rewarded for their findings.

Here is the list of Bug bounty programs that offers reward for security researchers who find vulnerabilities.

Google:
If you find vulnerability in google , you will get reward as well as your name will be listed in the Google Hall of fame page.

Details about Vulnerability Reward Program: http://www.google.com/about/appsecurity/reward-program/

Hall of fame: http://www.google.com/about/appsecurity/hall-of-fame/

The following table outlines the usual rewards for the anticipated classes of bugs:
Vulnerability type accounts.google.com Other highly sensitive services [1] Normal Google applications Non-integrated acquisitions and other lower priority sites [2]
Remote code execution $20,000 $20,000 $20,000 $5,000
SQL injection or equivalent $10,000 $10,000 $10,000 $5,000
Significant authentication bypass or information leak $10,000 $5,000 $1,337 $500
Typical XSS $3,133.7 $1,337 $500 $100
XSRF, XSSI and other common web flaws $500 - $3,133.7
(depending on impact)
$500 - $1,337
(depending on impact)
$500 $100


Security Bug Bounty from facebook:
Minimum reward is $500 USD.
The reward will be increased for severe or creative bugs
Only 1 bounty per security bug will be awarded

https://www.facebook.com/whitehat/bounty

Mozilla Bug Bounty program:


The Mozilla Security Bug Bounty Program is designed to encourage security research in Mozilla software and to reward those who help us create the safest Internet clients in existence.

The bounty for valid web applications or services related security bugs, the are giving a range starting at $500 (US) for high severity and, in some cases, may pay up to $3000 (US) for extraordinary or critical vulnerabilities. they will also include a Mozilla T-shirt.

http://www.mozilla.org/security/bug-bounty.html

Paypal Bug Bounty Program For Professional Researchers

https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

Secunia Vulnerability Coordination Reward Program (SVCRP)
SVCRP – a reward program incentive offered by Secunia to researchers who have discovered a vulnerability and would like a third party to confirm their findings and handle the coordination process with the vendor on their behalf: http://secunia.com/community/research/svcrp/

Etsy :
Will pay a minimum of $500 for qualifying vulnerabilities, subject to a few conditions and with qualification determined by the Etsy Security Team.

http://codeascraft.etsy.com/2012/09/11/announcing-the-etsy-security-bug-bounty-program/

Barracuda Networks
www.barracudalabs.com/bugbounty

Companies that mentions researcher name in the site but won't give bounties.

Adobe Systems Incorporated:
Details :http://www.adobe.com/support/security/alertus.html
Security Acknowledgments : http://www.adobe.com/support/security/bulletins/securityacknowledgments.html

Twitter:

https://twitter.com/about/security

EBay:
http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

Microsoft
http://technet.microsoft.com/en-us/security/ff852094.aspx
http://technet.microsoft.com/en-us/security/cc308589
http://technet.microsoft.com/en-us/security/cc308575
http://technet.microsoft.com/en-us/security/cc261624
http://www.microsoft.com/security/msrc/default.aspx

Apple
http://support.apple.com/kb/HT1318
https://ssl.apple.com/support/security/

Dropbox
https://www.dropbox.com/security
https://www.dropbox.com/special_thanks

Reddit
http://code.reddit.com/wiki/help/whitehat

Github
https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities

Ifixit
http://www.ifixit.com/Info/responsible_disclosure

37 Signals
http://37signals.com/security-response

Twilio
http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html

Constant Contact
http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

Engine Yard
http://www.engineyard.com/legal/responsible-disclosure-policy

Lastpass
https://lastpass.com/support_security.php

RedHat
https://access.redhat.com/knowledge/articles/66234

Acquia
https://www.acquia.com/how-report-security-issue

Zynga
http://company.zynga.com/security/whitehats

Owncloud
http://owncloud.org/security/policy
http://owncloud.org/security/hall-of-fame

Tuenti
http://corporate.tuenti.com/en/dev/hall-of-fame

soundcloud:
http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

Nokia Siemens Networks
http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure


Yandex Bug Bounty:

http://company.yandex.com/security/hall-of-fame.xml