[Điểm báo công nghệ tiếng Anh 28/07/2013]

Viber's Apple App Store account hacked; Description changed by hackers

Last week, we exclusively reported that the popular messenger Viber was hacked by the Syrian Electronic Army, and Support page was defaced with the message, “The Israeli-based - Viber is spying and tracking you.”

Today we found that Viber’s Apple App Store description has been defaced as well. The new modified description read "We created this app to spy on you, PLEASE DOWNLOAD IT!",

It's not clear at this point if this new hack is also performed by Syrian Electronic Army or not, but it is possible that the hackers have gained access to the other various developer-facing functions.

Viber later responded after a previous attack that one of its employee's fell victim to a phishing attach and attackers could gain access to a customer support panel and support administration system, insisting that no sensitive user data was exposed.

Stay tuned to +The Hacker News for more updates about this story.

Hackers Demonstrate Car Hacking using a laptop

Computer geeks already knew it was possible to hack into a car's computerized systems and finally, two U.S. hackers - Charlie Miller and Chris Valasek, sponsored by the Pentagon's research facility DARPA recently demonstrated just how easy it is for malicious hackers to physically hijack a modern car using a laptop.

Feeling exiting ... ? You should worry too..It's all very concerning. Because you may never drive your car again after you see how a couple of government funded tech guys were able to hack into, and take control of car’s steering, dashboard, and even its brakes.

Forget hacking accounts, computers or mobile devices, this new threat to our vehicles is thanks to the evolution of electronic control units being installed in most new cars.

Charlie Miller, a security engineer at Twitter, and Chris Valasek, the Director of Security Intelligence at IOActive received an $80,000 grant from the US government in order to research these new vulnerabilities.

By connecting an Apple MacBook to the car's OBD-II (On-Board Diagnostic System) port below the dashboard, they were able to trigger a series of minor and major events that could annoy drivers at best and cause a serious accident at worst. Minor hacks included manipulation of the car's fuel gauge and speedometer, triggering the seatbelt pre-tensioners and sounding the horn.

A video of their demonstration from Forbes, shows them using their electronic access to disconnect brakes, scramble a speedometer, wobble a steering wheel and blast a horn, inside a 2010 model Ford Escape and Toyota Prius.

That study showed that the engine control devices initially designed for pollution reduction had been integrated into other aspects of a car's functioning and diagnostics. 

But security research is notoriously difficult; the fact that Toyota’s engineers haven't found any security vulnerabilities doesn’t mean there aren't any.

Exploiting GPS vulnerability to Hijack Ships, Airplanes with $3000 Equipment

The GPS expert Todd Humphreys, professors at the University of Texas, demonstrated that just using a cheap apparatus composed by a small antenna, an electronic GPS “spoofer” built in $3,000 and with a laptop, it is possible to exploit GPS vulnerability to obtain control of sophisticated navigation system aboard a 210-foot super-yacht in the Mediterranean Sea. 

Humphreys demonstrated the exploit of a GPS vulnerability aboard the yacht “White Rose of Drachs” commanded by Capt. Andrew Schofield, the official and his crew were stunned by the effect of the attack.

Humphreys is a famous GPS experts, we met him last year when we discussed about drones hacking. The Assistant Professor of the University of Texas with his team has created the world’s most powerful GPS spoofer that was tested on GPS-based timing devices used in mobile phone transmitters.

Humphreys reported the results of his experiment to the Foxnews explaining how his team exploited the GPS system of the vessel: “We injected our spoofing signals into its GPS antennas and we're basically able to control its navigation system with our spoofing signals,” 'Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we're worried about." “For maritime traffic, there are big implications,” “You've got 90 percent of the world’s cargo going across the seas. Imagine shutting down a port. Imagine running a ship aground. These are the kinds of implications we're worried about.”

The concept is simple, the researchers provided counterfeit GPS signals to the yacht providing inaccurate information on its position to hijack it, potentially the attack could be used to disorient any vessel with serious consequences without victims notification. 

Captain Andrew Schofield was shocked by the results of the attack: “Professor Humphreys and his team did a number of attacks and basically we on the bridge were absolutely unaware of any difference,” “I was gobsmacked -- but my entire deck team was similarly gobsmacked,” Schofield he told Fox News.

The scope of these attacks is hijack GPS systems of victims causing collisions or other damage. A collision of a cruise ship or an oil tanker would lead to devastating consequences in terms of loss of human lives and environmental impact, we have observed it the cases of the Costa Concordia and the Exxon Valdez.

The impact of GPS hacking is not limited to the maritime environment, same kind of attack could be conducted against aircrafts or any other system that use GPS technology: “You're actually moving about a kilometer off of your intended track in a parallel line and you could be running aground instead of going through the proper channel,” “Going after an expensive vessel on the seas and going after a commercial airliner has a lot of parallels,” Humphreys said.

The latest experiment conducted by Humphreys demonstrated the possibility to control victim’s GPS system exploiting the GPS vulnerability, not only to interfere with it.

“Before we couldn’t control the UAV. We could only push it off course. This time my students have designed a closed loop controller such that they can dictate the heading of this vessel even when the vessel wants to go a different direction,” Humphreys said.

The government is concerned by the possible exploitation of critical GPS vulnerabilities, Humphreys was called before Congress to speak with officials from the FAA, CIA and Pentagon, but according the researcher the Department of Homeland Security still been “fumbling around in the dark” on GPS security, doing little to address the threat.

Texas Congressman Mike McCaul, chairman of the Homeland Security Committee expressed its concerns on the GPS security issues and remarked with Senators Coburn and Collins the necessity to address these critical threats.

“It's a very serious homeland security issue that we've asked the secretary to review and look at and she's never responded to my requests,” “The department seems to be thumbing its nose at it, saying it has no jurisdiction over this issue and not really showing any interest in this issue at all.”

It’s important to share information on possible effect of attacks against GPS systems, it could be too easy for the hackers to acquire a low cost appliance to cause serious damage, Schofield commented the results of the experiment with the following eloquent statements: “People need to know this kind of thing is possible with a relatively small budget and they can with a very simple system steer the ship off-course -- without the Captain knowing".