Related Research Articles
In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.
Drive by wire or DbW technology in the automotive industry is the use of electronic or electro-mechanical systems in place of mechanical linkages that control driving functions. The concept is similar to fly-by-wire in the aviation industry. Drive-by-wire may refer to just the propulsion of the vehicle through electronic throttle control, or it may refer to electronic control over propulsion as well as steering and braking, which separately are known as steer by wire and brake by wire, along with electronic control over other vehicle driving functions.
In-car entertainment (ICE), or in-vehicle infotainment (IVI), is a collection of hardware and software in automobiles that provides audio or video entertainment. In car entertainment originated with car audio systems that consisted of radios and cassette or CD players, and now includes automotive navigation systems, video players, USB and Bluetooth connectivity, carputers, in-car internet, and WiFi. Once controlled by simple dashboards knobs and dials, ICE systems can include steering wheel audio controls, handsfree voice control, touch-sensitive preset buttons, and even touch screens on higher-end units. Latest models of In-car entertainment systems are coming equipped with rear-view cameras along with side cameras for better safety.
Charles Alfred Miller is an American computer security researcher with Cruise Automation. Prior to his current employment, he spent five years working for the National Security Agency and has worked for Uber.
Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.
Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google on January 12, 2010, by a weblog post, the attacks began in mid-2009 and continued through December 2009.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.
The Jester is a self-identified grey hat hacktivist. He claims to be responsible for attacks on WikiLeaks and Islamist websites. He claims to be acting out of American patriotism.
BadUSB is a computer security attack using USB devices that are programmed with malicious software. For example, USB flash drives can contain a programmable Intel 8051 microcontroller, which can be reprogrammed, turning a USB flash drive into a malicious device. This attack works by programming the fake USB flash drive to emulate a keyboard, which once plugged into a computer, is automatically recognized and allowed to interact with the computer, and can then initiate a series of keystrokes which open a command window and issue commands to download malware.
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014.
Tavis Ormandy is an English computer security white hat hacker. He is currently employed by Google and was formerly part of Google's Project Zero team.
Andy Greenberg is a technology journalist serving as a senior writer at Wired magazine. He previously worked as a staff writer at Forbes magazine and as a contributor for Forbes.com. He has published the books This Machine Kills Secrets concerning whistleblowing, Sandworm, concerning the eponymous hacking group, and Tracers in the Dark, concerning cryptocurrency tracing as a law enforcement investigative technique.
Automotive hacking is the exploitation of vulnerabilities within the software, hardware, and communication systems of automobiles.
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end-of-life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.
EternalBlue is computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a vulnerability in Microsoft Windows that, at the time, allowed users to gain access to any number of computers connected to a network. The NSA had known about this vulnerability for several years but had not disclosed it to Microsoft yet, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.
A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.
Ang Cui is an American cybersecurity researcher and entrepreneur. He is the founder and CEO of Red Balloon Security in New York City, a cybersecurity firm that develops new technologies to defend embedded systems against exploitation.
BlueKeep is a security vulnerability that was discovered in Microsoft's Remote Desktop Protocol (RDP) implementation, which allows for the possibility of remote code execution.
Automotive security refers to the branch of computer security focused on the cyber risks related to the automotive context. The increasingly high number of ECUs in vehicles and, alongside, the implementation of multiple different means of communication from and towards the vehicle in a remote and wireless manner led to the necessity of a branch of cybersecurity dedicated to the threats associated with vehicles. Not to be confused with automotive safety.
Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.
References
- ↑ "Uber hires two security researchers to improve car technology". [Reuters]. August 28, 2015.
- ↑ McDonald, John; Valasek, Chris (2009-07-25). "Practical Windows XP/2003 Heap Exploitation" (PDF): 84. Retrieved 2017-03-01.
{{cite journal}}: Cite journal requires|journal=(help) - ↑ Valasek, Chris (2010-07-25). "Understanding the Low Fragmentation Heap" (PDF): 86. Retrieved 2017-03-01.
{{cite journal}}: Cite journal requires|journal=(help) - ↑ Andy Greenberg (2013-07-24). "Hackers Reveal Nasty New Car Attacks--With Me Behind The Wheel (Video)". Forbes .
- ↑ Miller, Charlie; Valasek, Chris. "A Survey of Remote Automotive Attack Surfaces" (PDF): 92. Retrieved 2017-03-01.
{{cite journal}}: Cite journal requires|journal=(help) - ↑ Andy Greenberg (2014-08-06). "How Hackable Is Your Car? Consult This Handy Chart". Wired.