Hack your car with PASTA
For $28,300, consumers can now purchase PASTA (Portable Automotive Security Testbed). Created by Toyota, PASTA is an open-source testing platform that checks a car’s vulnerability to hacking. Dark Reading reported researchers can use the testbed to study how a car’s ECUs (engine control units) operate, as well as how elements of the vehicle communicate with each other. In addition to offering the sophisticated tool to consumers, Toyota believes there is an industry application to PASTA where other carmakers can use it in their own research and development. The tool is designed to simulate attacks and to test for other vulnerabilities and exploits, but not for hacking the vehicle while it is moving. PASTA is housed in a stainless steel briefcase, included in the price tag.
“Having tools that facilitate the work of security researchers to find vulnerabilities in car systems is more than welcome,” commented Avast Security Evangelist Luis Corrons. “The fact that PASTA is open-source and other car makers can adopt it is even better.”
This week’s fact
In 2017 alone, U.S. federal agencies reported 35,277 cyber incidents.
Trump’s comments on Huawei alarm security watchdogs
President Trump announced that U.S. companies can sell their equipment to Huawei if “there’s no great security problem with it,” reported Security Week. The president made the statement to reporters at the conclusion of the G20 Summit in Osaka, sparking concern among both Republicans and Democrats in Congress. Trump had imposed tariffs on $200 billion of Chinese imports, and his proposed softer stance on Huawei worries lawmakers that he may be giving away the most powerful bargaining chip in the U.S.-China trade disputes.
The U.S. government currently has Huawei on an “entity list,” which bars it from receiving U.S.-made components without special permission from Washington. The company is the world’s second-largest supplier of smartphones, and cybersecurity experts suspect that the telecommunications giant might be exploited by Beijing for espionage and therefore a national security risk. Details of what the president’s comments mean for U.S. business relations with Huawei remain to be seen.
This week’s quote
“There’s something changing on the overall internet landscape: The majority of devices that are being connected to the internet are not computers and not mobile phones.” – New Avast CEO Ondrej Vlcek in a Q&A
Scary Granny terrorizes Android users
The Google Play Store took down a horror game app that was found to infect the user’s device with malware, according to Bleeping Computer. Scary Granny ZOMBYE Mod: The Horror Game 2019, capitalizing on the success of legitimate horror game Granny, listed over 50,000 installs before security experts alerted Google to the game’s malicious behavior. The app reportedly functioned like a regular game, even earning many 4-star reviews.
The malware would lay dormant for its first 48 hours on the device, a tactic to avoid calling attention to itself. If the infected device was up to date, the malware would not impact it. But if it was an older Android, the malware launched phishing overlays that baited the user into entering Google log-in credentials. Along with burrowing into user accounts to siphon data, the malware also launched persistent malicious ads. The app cost users around $23 to download, but it has been unavailable since June 27.
U.S. cities continue to grapple with ransomware
Ransomware continues to plague U.S. cities, which are often torn between wanting to take a hard line against hackers and to regain control of their systems and data. Soon after Lake City, Fla. paid $460,000 for a decryptor key that could help the community recover from a ransomware attack that locked up city servers, telephones, and email, the city’s director of information technology Brian Hawkins was fired, reported ABC-affiliate WCJB. Cybersecurity experts typically urge ransomware victims not to pay the attackers, but in this situation Lake City officials felt they had no choice. Mayor Stephen Witt commented that the decryption key is working and that all systems should be fully running again in the coming days.
Lake City was the second Florida municipality to recently suffer a ransomware attack – a week earlier, the city of Riviera Beach paid attackers $600,000 to retrieve files and restore city services. In Baltimore, which has been paralyzed by ransomware for two months, NBC affiliate WBAL-TV reported city officials have approved $10 million in emergency funding to cover ongoing costs. And a year after a ransomware attack stalled city operations in Atlanta, CBS News reported that ransomware has now infected the Georgia Administrative Offices of the Court, knocking the state court system offline.
This week’s can’t-miss read on The Avast Blog
This week Ondrej Vlcek, former President of the company’s Consumer Business, officially took on the role of CEO at Avast. He sat down with the Avast Blog to discuss his nearly 25 years in cybersecurity and view of the future.
Learn more about products that protect your digital life at avast.com. And get all the latest news on today’s cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/toyota-releases-car-hacking-tool-pasta