The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

High-tech Sniper Rifles can be remotely hacked to shoot the wrong target – Something really scary and unpredictable. Yes, Hackers can remotely gain access to the $13,000 TrackingPoint sniper rifles that run Linux and Android operating system and have Wi-Fi connections. So then they can either disable the gun or choose a wrong target. A married pair of security researchers have proved that anything connected to the Internet can ultimately be hacked, whether computer systems, cars or… GUNS . According to the duo, the Tracking Point's self-aiming rifle sights, better known as the ShotView targeting system, is vulnerable to WiFi-based attacks that could allow your enemy to redirect bullets to new targets of their choice. Hacking $13,000 Self-aiming Rifles to Shoot wrong target Runa Sandvik and her husband Michael Auger are planning to present their findings on exploiting two of the $13,000 self-aiming rifles at the Black Hat hacking conference . In the hack, the duo demonstrates...

Bad week for Android. Just days after a critical Stagefright vulnerability was revealed in the widely popular mobile platform, another new vulnerability threatens to make most Android devices unresponsive and practically unusable to essential tasks. Security researchers at Trend Micro have developed an attack technique that could ultimately crash more than 55 percent of Android phones , almost making them completely unresponsive and useless to perform very basic functions, including to make or receive calls. The dangerous security flaw affects any device running Android 4.3 Jelly Bean and later, including the latest Android 5.1.1 Lollipop , potentially putting hundreds of millions of Android users vulnerable to hackers. The flaw surfaced two days after Zimperium researchers warned that nearly 950 Million Android phones can be hijacked by sending a simple text message. Dubbed Stagefright , the vulnerability is more serious because it required no end-user interaction at...

A group of China-backed hackers believed to be responsible for high-profile data breaches, including the U.S. Office of Personnel Management and the insurance giant Anthem , has now hit another high-profile target –  United Airlines . United detected a cyber attack into its computer systems in May or early June; Bloomberg reported , citing some unnamed sources familiar with the matter. The same sources say that the hackers responsible for the data breach in United's systems are the same group of China-backed hackers that successfully carried out several other large heists, including the United States' Office of Personnel Management and the health insurer Anthem Inc. Dangerous Intentions: United Airlines Data Breach The stolen data includes manifests, which contain information on flights' passengers and their origins and destinations, meaning that the hackers have " data on the movements of Millions of Americans ." Since United Airlines ...

Are you the one who simply punch your wallet against a reader to get into your office? Then surely your office is using Radio-Frequency Identification (RFID) cards to manage building access and security. However, these most common access control systems are incredibly easy to hack — and now more than ever before. Thanks to a $10 tiny device developed by two security researchers that can easily circumvent these RFID cards. Dubbed BLEkey or Bluetooth Low Energy device is a tiny little device designed to be embedded in an RFID card reader, a small box you swipe or touch your card to open doors. BLEkey exploits a vulnerability in the Wiegand communication protocol used by the majority of RFID card readers today in order to clone and skim your RFID-equipped cards. Grab your BLEkey for Just $10 Mark Baseggio from security firm Accuvant and Eric Evenchick from Faraday Future who developed BLEkey are going to present their findings at next week's Black Hat se...

The National Security Agency will restrict access to, and ultimately destroy, millions of US phone records previously collected by the spy agency, the Office of the Director of National Intelligence (ODNI) announced Monday. The federal law was passed in June ending the NSA's bulk collection of U.S. Citizen's Telephone records and destroying the data it collected under a controversial global spying program disclosed by former NSA contractor Edward Snowden. So far, the ODNI didn't specify when the agency would destroy these metadata records , but noted that the metadata must be retained until the lawsuits around the metadata collection program are ongoing. NSA's Bulk Metadata Collection is illegal Section 215 of the Patriot Act legally authorizes the law enforcement agencies to collect "any tangible things" that the government proves are connected or linked to an investigation into any suspected terrorist. However, the verdict in May ruled that the mas...

A critical vulnerability has been discovered in the official Apple's App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the Apple App Store invoice module and is remotely exploitable by both sender as well as the receiver. The vulnerability, estimated as high in severity, has been reported to Apple Security team on June 9, 2015 and the company patched the issue within a month. How the vulnerability works? By exploiting the flaw, a remote hacker can manipulate the name value ( device cell name ) by replacing it with a malicious script code. Now, if the attacker buys any product in the App Store or iTunes Store, the internal app store service takes the device value ( which is actually the malicious code ) and generates the invoice which is then sends to the seller account. This results in...

Wanna Hack an extremely secure Computer? You do not need sophisticated techniques or equipment to do so. To hack an Air-Gapped computer – All you need is a cell phone; even old-fashioned, dumb phones from the past decade will work. Yes, Hacking Air-Gapped Computers is possible using a basic low-end mobile phone. Israeli security researchers have devised a new attack to steal data from a computer that is isolated from the internet and other computers that are connected to external networks, also known as an air-gapped computer. This new hack attack that could steal data from a highly secured computer uses: The GSM network Electromagnetic waves A basic low-end mobile phone The research was conducted by lead security researcher Mordechai Guri, along with Yuval Elovici, Assaf Kachlon, Ofer Hasson, Yisroel Mirsky, and Gabi Kedma – the same researchers who developed a previous attack that used a smartphone to wirelessly extract data from Air-Gapped computers . ...

Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets. Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. The vulnerability actually resides in a core Android component called " Stagefright ," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs. A Text Message Received...Your Game is Over The sad news for most of the Android users is that the fix will not help Millions of Android users that owned o...

Next time you find yourself hooked up behind the wheel, make sure that your car is actually in your control. Hackers are now able to break into hundreds of thousands of vehicles on the road. Car hacking is a hot topic today and until now it was performed only while researchers were hard-wired into a car's electrical system. However, the most recent hack performed by two computer hackers, who have spent years developing ways to crack the digital safeguards of Internet-connected vehicles, is rather more Disturbing. Researchers Charlie Miller and Chris Valasek recently demonstrated their abilities to control a Jeep Cherokee remotely from miles away by exploiting the car's entertainment system that was connected to the mobile data network. The duo was able to move laterally into other electronic parts of the vehicle, like the air conditioning, transmission, and even the car's steering controls. 1.4 Million Car Models Vulnerable Not just Jeep Cherokee, but the rest of ...