FBI Warns That Cars Are Increasingly Vulnerable to Hacks

It’s no surprise that hackers have taken an interest in connected vehicles, but not everyone is actually aware of their cars’ vulnerabilities. That’s why the FBI has decided to make a public service announcement alongside the U.S. National Highway Traffic Safety Administration, in which it warns people of the dangers of hacking and tells them what they can do to protect themselves from these attacks. Interestingly enough, the announcement doesn’t come in the wake of some new discovery, which means that the agency probably should have issued it quite some time ago. In any case, it includes some pointers that can diminish the risk of being hacked, such as keeping the car’s software updated and making sure to verify the authenticity of various notifications.

Since a team of researchers managed to successfully demonstrate how to control a car’s critical functions using an insurance dongle last year, the FBI also informs about the dangers of connecting various third-party devices to your vehicles. The bulletin included these exact words:

“The FBI and NHTSA are warning the general public and manufacturers – of vehicles, vehicle components, and aftermarket devices – to maintain awareness of potential issues and cybersecurity threats related to connected vehicle technologies in modern vehicles. Modern motor vehicles often include new connected vehicle technologies that aim to provide benefits such as added safety features, improved fuel economy, and greater overall convenience. Aftermarket devices are also providing consumers with new features to monitor the status of their vehicles. However, with this increased connectivity, it is important that consumers and manufacturers maintain awareness of potential cyber security threats.”

Are you worried about potential hacking attempts on your vehicle?

Which Companies Had The Most Security Vulnerabilities In 2015?

Cyber security is a hot topic and the rise of attacks which looks to exploit security flaws within a company’s software is becoming increasingly commonplace within the tech world. CVE Details have thus released its rundown of the most security vulnerabilities in a variety of software products for 2015 and it contains a top five that includes Mac OS X, iOS, Flash, Adobe Air and Air SDK.

Below is an image which details the number of vulnerabilities per software product, as you can see, the reports suggest that Mac OSX had a reported total of 384 vulnerabilities with IOS just slightly behind on 375, Adobe Flash player makes up the top 3 with 314 that have been officially disclosed. There is, however, one or two caveats behind these stats, for example, CVE Details Lists every version of Mac OSX as one entry, while the many multiple editions of Windows are listed separately, this means that while OSX is at the top, if you look down you will see Windows has a higher count of vulnerabilities when you take into account versions from Windows 8.1 all the way back to Vista etc.

The second image of the bar graph also conveys the vulnerabilities of the top 50 products by vendor, as you can see, Microsoft edges out Adobe while Apple is third.

In 2014 the list of the top five were IE browser, Mac OS X, Linux Kernel, Chrome and iOS, it is also worth noting that not every software company has the same policy when it comes to disclosing security vulnerabilities within their software. 

Image courtesy of businesscomputingworld

How Bad Are Adobe Flash Bug Repair Stats?

It’s safe to say Adobe flash did not have the best of years, from crashes, hacks, crashes, vulnerabilities and, yes more crashes, many in the industry doubt whether this will be the year Adobe finally pulls the plug. It seems the ill-fated Flash player is constantly being fixed, but, how often does it need to be patched from the many bugs?

Well, it turns out it’s quite a lot if you take into account official data on the subject, according to the information, “Adobe have repaired Flash Player 2015 a total of 316 Bugs”. This works out at almost 1 bug a day, or to be more precise; Adobe has fixed 1 bug every 1.15 days. Prominent industry figures have been somewhat sarcastic to the point whereby they have suggested Adobe is able to only rest on a “Sunday” before continuing to fix Flash again and again.

To place this into perspective, Adobe fixed 12 bugs in Flash on average per month in 2014, worse still, “the fourth quarter of 2015 saw the repair scale reach up to 113 bugs” Oh, there is more, recently Microsoft found that Flash crashed almost any browser on Windows 10 after conflicting security patches were pushed to users.

The implementation of Flash on many websites is also declining, once it used to be the standard, but stats have shown that in 2010, 28.5% of websites used Flash, today it is less than 10%.

Will Flash make it through 2016?  Not on this evidence.

Add to Anti-Banner

Mac OS X and iOS More Vunerable than Windows and Linux, Surprised?

With the recent increase in sales of all things Apple, its once strong perception of being very secure is losing steam, especially thanks to the sale over notebooks and iPhones. In a recent report from GFI, both OS X and iOS are the leaders for vulnerabilities. Surprisingly all Windows distributions come in with less than Linux. OS X leads the board with whooping 147 vulnerabilities, of which 64 are labeled as “High Risk”. iOS comes in second, with 127 total, and 32 “High Risk”. Unexpectedly Linux comes in third with 119 total, and 24 “High Risk”. We can see the final results in the table below.

In 2014 alone, GFI reported a total of 7,038 new security vulnerabilities, up greatly from 4,794 in 2013. 294, or 24 percent, of the 7,038 new vulnerabilities came in as “High Risk”

GFI’s Christian Florian had the following to say in regards to Linux’s surprising place:

“2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems.”

Specific examples as reported he listed were:

“Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.”

To clarify, all versions of OS X (Lion, Mountain Lion, Mavericks, Yosemite, etc.) were tested together, yet all major Windows versions got their own testing. THis could be due to duplication among all the versions of Windows, which leads to the very close results for each version. Had this been done with OS X, we could have a better reference between competing versions of OS X and Windows.

Despite the individual results for iOS, we do not have any individual test for Android, which has become a very popular target recently. This could be due to Android being included with the Linux OS’ and could be a leading source for the Linux OS.

Digging deeper into the world of the vulnerabilities we see individual testing for various applications, such as web browsers, plugins, and other run-times. Not so surprisingly here we see Internet Explorer leading the board with a generous 242 vulnerabilities, which almost doubles the next closest entry, Google Chrome. Only making matters worse for Internet Explorer is that 220, 91 percent, are “High Risk”. Usually  leader, Adobe Flash Player came in “only” fourth place with 76 vulnerabilities, but had a very high percentage of “High Risk”. Oddly we do not sure Safari by Apple included in these tests.

Your safest bet to avoid falling prey to any of these vulnerabilities, as suggested by GFI, is keeping browsers, Java, your OS, and any other run-times used up to date. With Adobe products being often used, they suggest ditching these products all together.

Source: HotHardware