Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Honda. Show all posts
Vulnerabilities and Exploits
Automobile BlackBerry CVE vulnerability GitHub Honda PoC Exploit Code Secure Authentication Vulnerabilities and Exploits

Hackers Can Use a Replay Attack Due to a Honda Vulnerability

 

A 'replay attack' vulnerability has been discovered in specific Honda and Acura automobile models, allowing a nearby hacker to open the car and even start it from a short distance. The threat actor captures the RF signals transferred from the key fob to the automobile and resends them to gain control of the victim's car's remote keyless entry unit. 

A hostile hacker can employ a replay attack to mislead a website or service into giving them access to the user by recycling the information used to identify the user. If a hacker can find and repeat a specific string of information, someone can use it to deceive a website into believing it was there, allowing anyone to get access to the online account.

Attackers might utilize CVE-2022-27254 to perform a Man-in-the-Middle (MitM) attack, or more particularly a replay attack, in which someone intercepted and manipulated the RF signals sent from a remote key fob to the automobile, and then re-transmitted these signals at a later time to unlock the car at his leisure. 

According to analysts, Blake Berry, Hong Liu, and Ruolin Zhou of the University of Massachusetts, as well as Cybereason Chief Security Officer Sam Curry, who discovered the vulnerability, the vulnerability in earlier models is mostly unaddressed. Honda owners, on the other hand, maybe able to defend themselves against such an attack. The remote engine start portion of the problem is also demonstrated in a video supplied by the researchers, however, no technical details or proof-of-concept (PoC) exploit code were published at the time. 

The Honda Civic (LX, EX, EX-L, Touring, Si, and Type R) models from 2016 through 2020 are the most afflicted by this issue. In a GitHub repository, Blake Berry explained it was also possible to change the intercepted commands and re-send them to get a completely different result. 

According to the experts' recommendations, automotive manufacturers should include "rolling codes," also known as "hopping codes." This security method responds to each authentication request with a unique code, ensuring the codes cannot be "replayed" by an offender at a later time. However, "At this moment, Honda has no plans to update older vehicles," the company stated. "It's crucial to remember this, while Honda is always improving security features as new models are released, motivated and technologically sophisticated thieves are striving to circumvent those safeguards." 

When not in use, users should store the key fobs in signal-blocking 'Faraday pouches', however, this strategy won't prevent a determined attacker from eavesdropping on signals when the fob is utilized. Consumers should choose Passive Keyless Entry (PKE) over Remote Keyless Entry (RKE), which makes it much tougher for an intruder to clone/read the signal due to the closeness they would need to be at to do so.
Read more »
SNAKE ransomware
Enel Group Honda malware SNAKE ransomware

Enel Group attacked by SNAKE ransomware same as Honda


The Enel Group, a power, and sustainability company were hit by EKANS (SNAKE) ransomware on June 7th affecting its internal network.


The company confirmed that their internal network was disrupted consequently had to isolate their corporate network segment but their security system caught the malware before it could infect and encrypt.
The EKANS (SNAKE) group was also responsible for a similar attack on Honda, a few days back.

The company recovered from the attack quite swiftly and all communication and network were restored the next day.

Though Enel didn't disclose which ransomware attacked them, security researchers are placing their bets on SNAKE. David Emm, a principal security researcher at Kaspersky, said: “While the company hasn’t confirmed which ransomware, there have been reports that it is SNAKE, which has been used in the past in targeted ransomware attacks. Nor is it clear how the attackers were able to gain a foothold in the company’s network.

 The spokesperson from Enel said, “The Enel Group informs that on Sunday evening there was a disruption on its internal IT network, following the detection, by the antivirus system, of ransomware."

 "As a precaution, the company temporarily isolated its corporate network in order to carry out all interventions aimed at eliminating any residual risk. The connections were restored safely on Monday early morning."

 “Enel informs that no critical issues have occurred concerning the remote control systems of its distribution assets and power plants, and that customer data have not been exposed to third parties. Temporary disruptions to customer care activities could have occurred for a limited time caused by the temporary blockage of the internal IT network.”

When SNAKE attacks and infects a system, it runs checks on domains and IP addresses to determine if it's working on the correct network, if not then the ransomware withdraws and doesn't perform encryption.

Oleg Kolesnikov, a threat researcher at Securonix Research Lab, Securonix says that SNAKE is different from its family of the virus in the way it uses "relatively high amount of manual effort/targeting typically involved in the operator placement activity, which can sometimes enable them to have a bigger impact on the victims."
Read more »
Honda
Data Breach Honda

Automotive Giant Honda Exposes 26,000 Vehicle Owner Records Containing Personally Identifiable Information of North American Customers


Subsequent to misconfiguring an 'Elasticsearch cluster' on October 21, the multinational conglomerate Honda exposed around 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers.

Security Discovery researcher Bob Diachenko reached out to Honda's security team in Japan following which the team immediately verified the publicly accessible server within only a couple of hours.

The database records incorporated the customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles, the company later included that none of its North American customers' financial information, credit card information, or credentials were uncovered in the episode.

While the company responded instantly in the wake of being informed that the misconfigured Elasticsearch cluster was publicly accessible on the Internet, Diachenko says that their week-long public exposure "would have allowed malicious parties ample time to copy the data for their own purposes if they found it."

The Honda customers' information may be utilized in highly targeted phishing attacks later on if the information was spilled during the week the database was exposed.

Anyway this isn't the first episode for Honda for being involved with such occurrences, for in the past there were comparable circumstances experienced by the 'automotive giant', with the most recent one from July 2019 additionally including a publicly accessible ElasticSearch database that exposed about 134 million documents containing 40 GB worth of information on roughly 300,000 Honda employees from around the world.

Despite the fact that Elastic Stack's 'core security features' are free since May per an announcement made by Elastic NV, publicly accessible and "unsecured" ElasticSearch clusters are continually being spotted by security researchers while scouring the web for unprotected databases. "

This means that users can now encrypt network traffic, create and manage users, define roles that protect index and cluster level access, and fully secure Kibana with Spaces, “ElasticSearch’s designer’s state.

Nonetheless Elastic NV recommends database administrators to verify their ElasticSearch stack by "encrypting communications, role-based access control, IP filtering, and auditing," by appropriately configuring the cluster before conveying it, and by setting up passwords for the servers' built-in clients.

Read more »
Subscribe to: Posts (Atom)