Experts carried out a floating code attack and an attack using a hidden remote function of the control panel.
Cybersecurity Specialists from Trend Micro spent Threat analysis for automatic garage door systems using software-defined radio and RF technology to test two attack scenarios. During the experiment, the researchers demonstrated a so-called floating code attack and an attack that involves a hidden remote function.
To carry out the first scenario, the researchers used the hidden function of the remote control to connect directly to the receiver. Using signal suppression and reproduction, the experts were able to write the second remote to the receiver and maintain constant access. They also intercepted the command of the hidden function and blocked the first button press. This made it possible to reproduce a hidden function button on an authenticated remote control, reproduce one of its command commands, and record a second remote by sending its signals.
The method requires an attacker to capture valid keystrokes, including pressing a hidden button, which is unlikely to occur in a real-world scenario. An attacker would need to access the actual remote device or carry out an attack while maintaining the garage mechanism.
In the second scenario, the experts needed to decode the floating code and turned to the KeeLoq algorithm, which is used to protect the packet from playback and decoding. KeeLoq does not use a timestamp to help prevent replay attacks. The technicians used Kaiju to analyze rolling code, which allowed them to send the team over the air.
To prevent such attacks, vendors should take steps to add additional security measures on top of the floating code mechanism, including:
Using keys from different manufacturers for each remote control and introducing diversification so that an attacker would have to figure out the algorithm for generating each key even after resetting the master key.
Debugging interfaces that are physically disabled on remotes and receivers.
Implementation of memory protection on remote controls and receivers to avoid possible leaks.
Using a seed when added to the sync counter to complicate the brute-force attack process.
Cryptocurrency exchange Binance was robbed of $570 million. Hacker withdrew BNB tokens
Cryptocurrency exchange Binance has undergone another hacker attack. The attackers managed to withdraw BNB tokens worth about $570 million.
Somewhat earlier it was reported that the attack allowed the hackers to steal about $110 million, but now it turned out that everything is much worse. At the same time, the specialists of the exchange managed to freeze part of the funds, but we are talking about only 7 million dollars, which is clearly insignificant against the background of 570 million.
The exchange revealed that a cross-chain bridge connected to its BNB chain was attacked, allowing hackers to move BNB tokens off the network. Now the network has been restored, and the clients’ funds, according to Binance, are safe.
The fact of the theft of funds contributed to a sharp drop in the BNB rate by almost 5%, but after a few hours, almost half of the fall was redeemed.
Hacker who earned $27 million in cyberattacks will spend 20 years in prison and pay $21 million in fines
A Florida district court has sentenced 34-year-old IT engineer Sebastien Vashon-Desjardins to 20 years in prison for carrying out at least 90 cyberattacks.
It is noted that for several years of his activity, the hacker, using the NetWalker encryption virus, earned about $ 27 million. A search of Vashon-Desjardins revealed a crypto wallet containing 719 bitcoins, which was about $22 million at the time of the cybercriminal’s arrest in January 2022.
According to investigators, the 34-year-old cybercriminal acted in collusion with other hackers. Vashon-Desjardins himself played the role of an attacker: he infected the corporate networks of various companies with a virus and then demanded a ransom from them. Organizations from the USA, Canada and a number of European countries suffered from the activities of the criminal.
It is noted that, in addition to the prison term, the court also imposed a fine on Vashon-Desjardins in the amount of $ 21 million. Also, the criminal will have to pay compensation to the companies affected by his actions. The amount of damages has not yet been established.
Unique behavior of Ryzen 7000 processors. The notorious patches from the Specter vulnerability improve the performance of new CPUs
Recently, various vulnerabilities in processors have been talked about much less often, and users no longer worry about performance degradation due to patches. As it turns out, Ryzen 7000 processors generally benefit from such patches!
At least this is true for Linux, since it was in this OS that the author tested the Ryzen 9 7950X and Ryzen 5 7600X. It turned out that when working out of the box, the CPUs show better performance than when loading a special version of Linux with a deactivated patch from the Specter V2 vulnerability.
Of course, such results do not appear everywhere, and during normal work they are unlikely to be critical. In particular, in total, according to the results of 190 tests, the difference was only 3%.
Friday: Pfizer Partners with Marvel to Further Promote Vaccination in the Population
Pfizer-BioNTech has agreed with Marvel to release a comic book where Ultron turns into COVID-19, and the Avengers into vaccines...
Clone Robotics unveils robotic arm with muscles and skin
Clone Robotics demonstrated its latest development – a robotic arm, which is designed to resemble a human as much as...
Fans of top Samsung tablets will have to wait. The company will not release the Galaxy Tab S9 line in early 2023
Samsung has postponed the launch and even the start of the development process of the new flagship Galaxy Tab S9...
The iPhone 14 Pro Max performed great, but still fell short of the iPhone 13 Pro Max. The autonomy of the novelty is slightly lower
DxOMark specialists tested the power subsystem of the iPhone 14 Pro Max. The device earned 133 points, taking 15th place...
Phones7 days ago
“iPhone 13 Pro Max battery is draining like crazy. Apple needs to do something about this.” A common problem in iOS 16 has not gone away
Electric Cars7 days ago
“I have expensive cars, I play golf and caress women with large breasts.” One of the leaders of Apple was fired after a bad joke
News6 days ago
There may be alien life. The Juno spacecraft flew just 417 km from the surface of Europa
Electric Cars5 days ago
Tesla Model 3 loses control, crashes and catches fire. This was caught on video