The Rolling PWN

INTRODUCTION

Modern vehicles are often equipped with a remote keyless entry system. These RKE systems allow unlocking or starting the vehicle remotely. The goal of our research was to evaluate the resistance of a modern-day RKE system. Our research disclosed a Rolling-PWN attack vulnerability affecting all Honda vehicles currently existing on the market (From the Year 2012 up to the Year 2022). This weakness allows anyone to permanently open the car door or even start the car engine from a long distance.

The Rolling-PWN bug is a serious vulnerability. We found it in a vulnerable version of the rolling codes mechanism, which is implemented in huge amounts of Honda vehicles. A rolling code system in keyless entry systems is to prevent replay attack. After each keyfob button pressed the rolling codes synchronizing counter is increased. However, the vehicle receiver will accept a sliding window of codes, to avoid accidental key pressed by design. By sending the commands in a consecutive sequence to the Honda vehicles, it will be resynchronizing the counter. Once counter resynced, commands from the previous cycle of the counter worked again. Therefore, those commands can be used later to unlock the car at will.

rollingpwn.github.io/rolling-pwn/

github.com/nonamecoder/CVE-2022-27254

hacked law enforcement email systems gives hackers access to personal User Data From Apple, Meta and many more

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

https://www.bloomberg.com/news/articles/2022-03-30/apple-meta-gave-user-data-to-hackers-who-forged-legal-requests

There is a terrifying and highly effective “method” that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.

https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

Banned TED Talk: The Science Delusion

Rupert Sheldrake at TEDx Whitechapel

On January 12th, 2013, Rupert gave a talk entitled The Science Delusion at TEDxWhitechapel. The theme for the night was Visions for Transition: Challenging existing paradigms and redefining values (for a more beautiful world). In response to protests from two militant materialist bloggers in the US, the talk was later taken down by TED and placed in a special corner of their website. Before being removed it had 35,000 views. Since then, all copies together have more than 5 million views.

Rupert Sheldrake, PhD, is a biologist and author best known for his hypothesis of morphic resonance. At Cambridge University he worked in developmental biology as a Fellow of Clare College. He was Principal Plant Physiologist at the International Crops Research Institute for the Semi-Arid Tropics in Hyderabad, India. From 2005 to 2010 he was Director of the Perrott-Warrick project for research on unexplained human and animal abilities, funded by Trinity College, Cambridge.

https://www.sheldrake.org/

SimJacker

https://simjacker.com

AdaptiveMobile Security provides the industry’s most comprehensive mobile threat defence and intelligence capabilities

SIMjacker

A SIM card flaw, discovered being actively exploited in the wild, which allows attackers to hijack any phone just by sending it an SMS message..

Overview

AdaptiveMobile Security have uncovered a new and previously undetected vulnerability andassociated exploits, called Simjacker. This vulnerability is currently being actively exploited bya specific private company that works with governments to monitor individuals.“Simjacker” and its associated exploits is a huge jump in complexity and sophisticationcompared to attacks previously seen over mobile core networks. The main Simjacker attackinvolves an SMS containing a specific type of spyware-like code being sent to a mobile phone,which then instructs the SIM Card within the phone to ‘take over’ the mobile phone to retrieveand perform sensitive commands. The location information of thousands of devices wasobtained over time without the knowledge or consent of the targeted mobile phone users.During the attack, the user is completely unaware that they received the attack, thatinformation was retrieved, and that it was successfully exfiltrated. However the Simjackerattack can, and has been extended further to perform additional types of attacks.Simjacker has been further exploited to perform many other types of attacks againstindividuals and mobile operators such as fraud, scam calls, information leakage, denial ofservice and espionage. AdaptiveMobile Security Threat Intelligence analysts observed thehackers vary their attacks, testing many of these further exploits. In theory, all makes andmodels of mobile phone are open to attack as the vulnerability is linked to a technologyembedded on SIM cards. The Simjacker vulnerability could extend to over 1 billion mobilephone users globally, potentially impacting countries in the Americas, West Africa, Europe,Middle East and indeed any region of the world where this SIM card technology is in use.We are quite confident that this exploit has been developed by a specific private company thatworks with governments to monitor individuals. AdaptiveMobile Security has been workingclosely with their customers and the wider industry; including both mobile network operatorsand SIM card manufacturers to protect mobile phone subscribers. We have blocked attacksand are committed to using our global threat intelligence to build defences against these newsophisticated attacks that are circumventing current security measures.

How it Works

https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile

https://www.adaptivemobile.com/blog/simjacker-frequently-asked-questions


https://0x1.gitlab.io/phone/SimJacker/

A Spy in Our Pocket

Mobile Handset Privacy: Measuring The Data iOSand Android Send to Apple And Google

Douglas J. Leith

School of Computer Science & Statistics,

Trinity College Dublin, Ireland

25thMarch, 2021

Abstract—We investigate what data iOS on an iPhone shareswith Apple and what data Google Android on a Pixel phoneshares with Google. We find that even when minimally configuredand the handset is idle both iOS and Google Android sharedata with Apple/Google on average every 4.5 mins. The phoneIMEI, hardware serial number, SIM serial number and IMSI,handset phone number etc are shared with Apple and Google.Both iOS and Google Android transmit telemetry, despite theuser explicitly opting out of this. When a SIM is inserted bothiOS and Google Android send details to Apple/Google. iOS sendsthe MAC addresses of nearby devices, e.g. other handsets andthe home gateway, to Apple together with their GPS location.Users have no opt out from this and currently there are few, ifany, realistic options for preventing this data sharing.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf