SecurityWeek

All SecurityWeek articles by Robert Vamosi

High-End Gaming Devices Can Leak Personal Information


Researchers show how personal information could be inadvertently leaked through the use of brain-computer interface (BCI) devices used in high-end gaming consoles.

Securing Medical Devices From Attacks


Researchers have found that many implantable medical devices face risks, especially if the user interfaces are designed with convenience in mind rather than

The Myth Of That $1 Trillion Cybercrime Figure


There’s an article on ProPublica dissecting two commonly quoted figures about cybersecurity: $1 Trillion in losses due to cybercrime itself and $388 billion in IP losses for American companies. Both figures, according to the article are hyperbole to say the least.

The Fast And The Furious Or Just Gone In Three Minutes?


Just because a car has an antitheft system doesn’t mean it won’t be stolen. Which begs a question: what good are the anti theft systems if don’t always work?

Researchers Using the Doppler Effect to Sense Gestures for Input Commands


Building on its success with the XBox Kinect, which uses motion to influence the actions of a software program, Microsoft is looking at sound as its next frontier for data entry.

Sex, Lies andCybercrime Surveys – Exaggerations Cloud Reality


Cybercrime is either getting worse or getting better. According to a new report from Microsoft’s research team, we simply do not have enough verified data to support either claim. Similar to sex surveys where exaggeration can skew results.

Australian Police Go Wardriving


In Australia, local police will be informing businesses and residents that their wireless signal is unprotected and therefore open for criminal activity.

Ford Test Drives New Consumer Firmware Updates


With a fleet of new cars using the sophisticated infotainment system they developed with Microsoft, Ford has the need to update those vehicles—for both features and security reasons. But how do you update the software in several thousand cars?

Trojan Attacks Possible in Quantum Cryptography


The security of device-independent quantum key distribution (QKD) has been deemed ineffective by a team of Canadian researchers, and at least one commercial product already in use for telecommunications is directly affected.

Corporate Video Conferencing Systems Fail Secure Implementation


State of the art teleconferencing equipment is a must for most organizations today but few have installed it correctly, according to researchers at Rapid 7.

Fun and Games Hacking German Smart Meters


At a recent security conference, researchers demonstrated how they could spoof the energy usage reported from the meter to the utility. All of this is because the utility in question misconfigured its SSL.

Unencrypted Data Weakens Google Wallet (For Now)


Next year you’ll be able to do all your holiday shopping without ever opening a physical wallet—or so Google hopes. The previously announced Google Wallet is comfortably into beta. Google is betting that by 2014 half of all smart phones will ship with compatible NFC chips installed.

Skimmers are Getting Lucky – The Need to Improve Security of POS Systems


Unfortunately, there is nothing new or novel against Point of Sale (POS) skimming attacks, only that they continue to happen in the age of smart embedded systems and PCI.

Smart Meters Interfering With Home Electronics


Customers recently noticed something odd after their power company installed installed smart meters in their homes: in some cases other wireless devices stopped working, or behaved erratically.

I Know What You Watched Last Summer…

Researchers have come forward with a way to discern the personal TV viewing habits of the home owner simply by measuring the fluctuation in the power or what’s known as electromagnetic interference (EMI).

Pinpointing Duqu’s Origin and Intended Targets: The Debate Continues…


Setting aside questions of its pedigree, what might be Duqu’s intended target? Researchers at Symantec coyly suggested it is targeting different industries than Stuxnet, but didn’t name any. Duqu’s pedigree and the intended target remains the subject of much debate.

Man-in-the-Middle Attacks on Voting Machines: Vote Early, Often, and Why Not Vote Remotely?


Using parts that cost $10, researchers inserted custom hardware into the Diebold AccuVote TS that could read the touchscreen vote as well as alter the stored information.

New Prototyping Boards Make DIY Hardware Hacks Easy


Many security researchers are using open source Arduino boards for rapid prototyping of tools used in hardware analysis. Vendors who do not test their products before selling them into the field are doomed to be targets of future research and, perhaps, attacks.

Mobile Industry Slow to Push Android Updates to Users


With more and more mobile malware being directed at Android-based phones, you’d think the carriers and manufacturers would respond quickly to security and software updates to the underlying operating systems. According to a new survey that doesn’t appear to be the case.

Guerilla Cyber Warfare: Are We Thinking Defensively?


Protecting Internet connected devices from the start and protecting them at the chip level needs to be a priority. But do we really need a full-scale cyber attack to make that so?

Making Use of Sensitive Data in the Cloud Without Ever Decrypting It


Microsoft Researchers have proposed a method for Cloud services to operate on sensitive data without exposing it. The idea is to produce encrypted data that can be analyzed. The actual data remains in the control of the owner.

Hacking the Human Body SCADA System


Drawing parallels with the SCADA industry, researcher Jay Radcliffe gave a personal account of his experience of having Type 1 diabetes and how various devices he uses control his diabetes could be manipulated by “evil doers” at this week’s Black Hat Conference.

Hacking Laptop Batteries


Laptop batteries use microcontrollers to tell the lithium battery when it’s full and when it needs to be recharged. What’s intriguing is that cybercriminals could install malware that would remain on the device no matter how many times you reinstalled the operating system.

Of Mice and Compromised Keyboards


Add mice and keyboards to the list of UBS-based peripherals now suspect in any corporate environment. This is hardware hacking that should be of interest to corporate IT staff, especially if your company or industry is targeted for an attack.

0wning Office Printers


One problem with computer security is that some security professionals only see the word “computer.” What about peripherals? While commercial printers have been networked for more than 15 years, yet they are constantly out of computer security’s watchful eye.