Tag: Data

1
Nissan shakes like a LEAF and disables app after car hacking potential exposed
2
It’s official and, it’s personal – Gemalto’s 2015 results reveal scary cybercrime stats
3
Apple sends passionate message to customers following court order to hack iPhone

Nissan shakes like a LEAF and disables app after car hacking potential exposed

By Cameron Abbott and Meg Aitken

Lock you doors…oh wait, that won’t protect you. Australian security researchers, Troy Hunt and Scott Helme have exposed a security flaw in Nissan’s Connect app which allows certain features of the manufacturer’s best-selling electric car, the ‘LEAF’, to literally be controlled by someone else on the other side of the world.

Hunt and Helme recently discovered that the app did not require any owner identification information in order to link with and control LEAF cars. All that was required was the Vehicle Identification Number (VIN), which is conveniently displayed on the chassis of the vehicle.

OK, so hackers couldn’t actually steer the car, but they could command the climate control and telematics to access driving data about trip durations, raising privacy concerns. Further, given that the LEAF is an electric powered vehicle, being able to access the climate controls could potentially allow a hacker to drain the battery and leave a driver stranded.

Car companies are racing to embrace the internet of things, and privacy and security seems to be taking a back seat. While there is no doubt that connected car technology boasts exciting functionality for drivers, it is not without road bumps, and we are once again reminded of the dangerous potential presented by interconnected devices. With a bit of luck, Nissan’s scare will see the automotive industry get in the driver’s seat towards developing a better appreciation of the risks associated with these devices and how they can be mitigated.

Nissan has now reportedly disabled the NissanConnect app and plans to release a new version once these security concerns are rectified. According to Hunt’s blog post, it took Nissan more than a month to take the app offline after he reported the security vulnerabilities.

Read Troy Hunt’s blog post on the discovery here.

It’s official and, it’s personal – Gemalto’s 2015 results reveal scary cybercrime stats

By Cameron Abbott and Meg Aitken

Never mind your credit card details, let’s worry about cybercriminals stealing your identity.

The latest Breach Level Index released by Gemalto has revealed that identity theft was the primary target of hackers in 2015, with stolen personal information accounting for 53% of all data breaches.

It’s a worry, you see, because while your credit card has inbuilt security defences and merchant protection mechanisms, your valuable personal information is probably stored in multiple locations, across a number of interfaces, in a variety of forms, exposing it to substantial risk of theft.

Not only is the massive volume of personal information that is available to be stolen a cause for alarm, but what cybercriminals can potentially do with that information is the major concern.

So who is to blame? Well, malicious outsiders were the leading source of data breaches in 2015, accounting for 58%, accidental loss of data was next and then came malicious insiders, who accounted for 14% of all data breaches.

Clearly, companies need to recognise that today’s cyber environment demands robust security strategies that not only protect networks from external attacks and accidental data loss, but also keep an eye on insiders too.

To secure against a data breach, Gemalto recommends that organisations commit to the encryption of all sensitive information, secure storage and management of data and encryption keys, and controlled access and authentication of users.

Access the Gemalto 2015 Breach Level Index Report here.

Apple sends passionate message to customers following court order to hack iPhone

By Cameron Abbott and Meg Aitken

A US District Court has ordered Apple to assist US law enforcement agents to bypass the security features, disable the auto-erase function and ultimately access the data contained within an iPhone 5C that was used by one of the San Bernardino shooters, Syed Rizwan Farook.

Apple’s CEO Tim Cook responded to the order with an open letter to customers discussing the privacy and security implications of the order and calling for public discussion on the issue.

Read Apple’s Customer Letter here.

Access the Court Order here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.