Category Archives: TechNews

GlobalHackNews Is The Popular Blog of IT Security, Cybersecurity, and Latest Hacking News Update. Read Regular News to Improve Your Security.

TechNews

WhatsApp DOWN – Chat app NOT WORKING for Milion’s of user

1 Comment

UPDATE ONE

Users are experiencing problems with the app across the world with reports coming in from Italy, Saudi Arabia, Philippines, Germany, India USA an Sri Lanka. 
ORIGINAL STORY
WhatsApp is down for over a thousand of users in Britain right now, with reports increasingly by the second that the app is broken. 
Confident website Under Detector, which traces social judgments about a certain topic to monitor outages across the globe, shows over a thousand of WhatsApp customers reporting issues using the app. 
According to the site, problems with the chat app occurred around 8am this morning, with hundreds of people reporting issues with the app. 
DownDetector says that 60 percent of customers are having an issue connecting to it.
A further 25 percent report issues receiving messages and 14 percent are struggling to loginWhatsApp users have taken to rival social networking site Twitter to report issues with the service today.
One user tweeted: “I’m such a cliche. Checking twitter to see if #whatsapp is down. It is.”
Another writes: “Whatsapp is down, WhatsApp is down. This is not a drill. How can I demand constant attention from my friends now?

If u face the same problem don’t forget to share and comment —Stay tune
TechNews

Facebook’s Zuckerberg announces ‘dead serious’ of Russia, warns defense spending mind tried profits

2 Comments

Facebook CEO Mark Zuckerberg promised he’s “dead serious” regarding crashing down on evil activity on the monstrous social network after the Russia campaign to sow political discord and manipulate the 2016 presidential campaign.

He also warned investors that efforts to secure Facebook will significantly cut into profits.

“We’re bringing the same intensity to these security issues that we’ve brought to any adversary or challenge we’ve faced,” Zuckerberg said. “I’m dead serious about this, and the reason I’m talking about this on our earnings call is that I’ve directed our teams to invest so much in security — proceeding the leader of that additional advances we’re making — that it will significantly impact our profitability going forward, and I wanted our investors to hear that directly from me.”

Zuckerberg made the remarks as Facebook reported its best quarter yet. Extending its profits baking streak, Facebook decapitated Wall Street ratings with third-quarter earnings per share of $1.59 on revenue of $10.3 billion. It was expected to report earnings per share of $1.28 on revenue of $9.8 billion.

Facebook’s chief economic manager David Wehner warned that 2018 is growing up to be a “significant investment year” with operating expenses rising 45% to 50% as the Menlo Park, Calif., company increases security spending, as well as spending on the company’s push to add more video and to grow its augmented and virtual reality business. Subsequent Wehner’s example, pieces dropped more than 1% in after-hours dealing.
Wednesday’s results came right after Facebook wrapped up its third congressional hearing on Capitol Hill where its top lawyer, Colin Stretch, answered questions about the Kremlin-linked Russian influence campaign.


Facebook has 10,000 people working on safety and security issues and plans to add 10,000 more. Negative every one of the people decrees is employees but Facebook did not say how many contractors it would hire.

“We are going to invest in both people and technology,” Zuckerberg said.

Facebook on Wednesday also significantly raised estimates of how many duplicate accounts and fake accounts.

Duplicate accounts — an account that a user maintains in addition to his or her main account — accounts for 10% of Facebook’s nearly 2.1 billion monthly active users, up from 6%. Fake accounts also account that is run by bots, not individuals, realize 2%-3% of accounts, up from 1%, Facebook said.That means more than 200 million accounts are duplicates and as many as 60 million are fake.
Facebook said it raised the estimates based on a new methodology for measuring duplicate accounts and on improvements “to the data signals we rely on.”

That revelation suggests extra questions for Facebook about how secure its data

TechNews

India had highest number of first-time internet users between 2012-15: UNCTAD

Leave a comment


India saw the largest number of people operating online for the first time throughout 2012-15 season between all nations, according to a recent report of the UN Conference on Trade and Development (UNCTAD). About 17.8 crore people went online during this three-year period, which is much more than that of China, Brazil, Japan and neighboring countries of Pakistan and Bangladesh. 

The report titled “Measuring the Evolving Digital Economy” that was released last week indicates that this trend of more people going online will spur the purchase of goods and services resulting in greater inclusion and involvement of citizens with the government and economic growth. 

“Nearly 90% of the 750 million people that went online for the first time between 2012 and 2015 were from developing economies, with the largest numbers from India (178 million) followed by China (122 million),” the report said. The findings will come as a big boost to the government at a time when it’s pushing for digital literacy and promoting doing things digitally. Government specialists said the number of people going online must have gone up in the past two years 
The report says in India, Mexico, and Nigeria, the annual growth rates of internet use were between 4-6% from 2012 to 2015, whereas the growth rates have been much slower in developed economies, except for Japan, as the markets have already reached near saturation. 

According to the report, in many developing countries, nearly half or more of the internet users went online for the first time in the last three years, as in Bangladesh, India, Iran and Pakistan. In Brazil and China, more than 50% people used the internet whereas in India only slightly more than a quarter use it. 

“The next billion internet users will also be primarily from developing economies,” the global report said. 

Projecting trends of the future, the report said people doing online transactions will shift from traditional debit and credit cards to new methods of payment. “Their share is expected to drop to 46% by 2019, as e-wallets and other alternative payment methods (such as mobile money) gain importance In developed regions, digital payments are dominated by credit and debit cards, followed by e-wallets. In developing countries, by contrast, credit cards are rarely the most important payment method for e-commerce, and the uptake of digital payments is often low,” the report said. 

UNCTAD report has also raised the concern of how companies, organizations, governments, and individuals will need to pay more attention to protect their online data and devices as more economic activities go digital.

(This article was originally published in The Times of India)
TechNews, technology gadgets

google security ‘advanced protection’ is most at-risk hacking targets.

Leave a comment
google previously implements several high-level features such as login alerts and two-factor authentication to keep your Google account secure.




Still, if you stay extra paranoid, Google has just launched its biggest ever security feature, called “Advanced Protection,” which performs it easier for users, who are normally at high risk of targeted online attacks, to lock fluff their Google accounts like never before.

“We took this unusual step because there is an overlooked minority of our users that are at particularly high risk of targeted online attacks,” the company said in a blog post announcing the program on Tuesday. 

“For example, these might be campaign staffers preparing for an upcoming election, journalists who need to protect the confidentiality of their sources, or people in abusive relationships seeking safety.”

Also if a hacker anyhow knows your key—using superior phishing attacks, zero-day achievements or spyware—and tries to enter your Google report, they will not be able to get in.To allow Google’s Advanced Protection point, yourself will require two corporeal security passkeys that work with FIDO Universal 2nd Factor (U2F)—which suggests a hardware-based two-factor authentication that does not need deep systems via SMS or emails.

 To log into your Google description from a computer or laptop will require a special USB staff while obtaining from a smartphone or folder will similarly require a Bluetooth-enabled dongle, paired with your phone.

“They [security devices] use public-key cryptography and digital signatures to prove to Google that it’s really you,” the post reads. “An attacker who does not have your Security Key is automatically blocked, even if they have your password.”

Google’s Advanced Protection offer three highlights to keep your account secure:

  1. Physical Security Key: Signing into your account requires a U2F security key, checking other people (even with access to your password) from logging into your account.
  2. Limit data access and sharing: Enabling this feature allows only Google apps to get access to your account for now, though other trusted apps will be added over time.
  3. Blocking fraudulent account access: If you lose your U2F security key, the report improvement method will require further steps, “including additional studies and applications for more details about why you’ve lost entrance to your account” to prevent fraudulent account access.


Advanced Protection piece is not produced for everyone, but simply for characters, like announcers, government leaders, and activists, who are at a bigger risk of being targeted by difficulty or complicated hackers and ready to reduce some relief for considerably increased e-mail protection.


 Recently, if you require enrolling in the Advanced Protection Program, you will demand Google Chrome, because only Chrome supports the U2F measure for Security Keys. Nevertheless, that technology requires different browsers to incorporate this feature soon.

Hack News, TechNews

FBI Arrests A Cyberstalker After Shady “No-Logs” VPN Provider Shared User Logs

Leave a comment
FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company’s lies about the “no logs” policy.

Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whose first line of the privacy policy is

 “We Do Not monitor user activity nor do we keep any logs”—has literally betrayed its customer’s trust.



Is your VPN also lying to you? Well, it’s the right time to think about this twice.

It’s no secret that most VPN services—which claim to shield your Internet traffic from prying eyes, assuring you to surf the web anonymously—are not as secure as they claim.

In this post-Snowden era, a majority of VPN providers promise that their service is anonymous, with no log policy, but honestly, there is no way you can verify this.

PureVPN Helped the FBI with Logs


A 24-year-old Massachusetts man, Ryan Lin, has been arrested in a Cyberstalking case after one of the largest VPN providers, PureVPN, helped the FBI with information that linked Lin to his alleged cyber crimes.

In an FBI affidavit published last week by the US Department of Justice (DoJ), Lin is accused of stalking and harassing his housemates and former-roommates online while evading local police by using various services like Tor, VPNs, and Textfree.

Lin tormented his former-roommate, Jennifer Smith, for one and a half year after stealing credentials for some of her online profiles from her unlocked MacBook, and other personal files, including photographs, from her iCloud and Google Drive accounts.

According to the affidavit, Lin released Smith’s personal details online (known as ‘doxing’), posted intimate photographs without her face suggesting they were of Smith, and emailed her private information to her contacts, including her family, relatives, and colleagues.

Additionally, Lin allegedly posted fake profiles of her to websites “dedicated to prostitution, sexual fetishes, and other sexual encounters,” shared information about her medical background that she never shared with anyone, and sent “images that likely constitute child pornography” to her family and friends.

Suspect Also Made Bomb, Death and Rape Threats


What’s more? Lin often spoofed Smith’s identity to send bomb, death and rape threats to schools and lone individuals, which even tricked one of her friends into calling the police to her house.

To conduct all these illegal actions and hide his tracks, Lin used various privacy services like ProtonMail, VPN clients, and Tor, anonymised international text messaging services and offshore private e-mail providers.

However, the suspect made a mistake by using a work computer for some of his illegal campaigns. The feds were able to recover some forensic artifacts from his work computer, even though he had been terminated and the OS had been reinstalled on the computer.
In the unallocated space of the system’s hard drive, the FBI found artifacts referencing:

  • Bomb threats against local schools.
  • Username for TextNow, the anonymous texting service being Lin’s most-visited Website.
  • Lin’s name on Protonmail.
  • Lin had visited Rover.com (pet sitting site) and FetLife.com which were used in the cyberstalking campaigns.
  • Lin repeatedly accessed his personal Gmail account.
  • He used PureVPN in the cyberstalking campaign.


Learn more:- Network Programmability Fundamentals – Learn the basics of network programming.

How FBI Investigated the Cyberstalking Case


PureVPN Helped the FBI with LogsThe FBI then managed to obtain logs from PureVPN, which linked himself to the illegal campaigns against Smith and his other former roommates.

“Further, records from PureVPN show that the same email accounts—Lin’s Gmail account and the teleportfx Gmail account—were accessed from the same WANSecurity IP address,” the complaint reads.

And then the complaint goes on to say what would be quite worrying for those who believe VPNs are their best way to protect their activities online:

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time.”

Being one of the largest and well-known VPN providers, Hong Kong-based PureVPN is used by hundreds of thousands of users across the world, which eventually handed over details which a VPN is supposed to protect against.

Lin was arrested by the authorities on October 5, and if found guilty, he faces up to 5 years in prison and up to 3 years of “supervised release,” according to the DoJ.

Hack News, TechNews, technology gadgets

Russian hackers allegedly used popular antivirus software to steal NSA secrets

Leave a comment

Russian hackers supposedly used popular antivirus software to steal NSA secrets



United States Government has been banned federal agencies from using Kaspersky antivirus software over spying fear?



Though there’s no solid evidence still available, an article published by WSJ requires that the Russian state-sponsored hackers stole highly classified NSA documents from a builder in 2015 with the help of a defense plan created through Russia-based security firm Kaspersky Lab.



Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky.

“As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight,” Kaspersky said in a statement.

NSA contractor managing with the American intelligence agency, whose identification has not yet been uncovered, reportedly downloaded a reserve of highly classified information from government systems and moved it to a special computer at home, which is a clear violation of known protection procedures.
Ordering few anonymous sources, the Journal says that the targeted computer was running Kaspersky antivirus—the same app the U.S. Department of Homeland Security (DHS) recently banned from all government computer systems over spying fear.

The classified documents taken to home by the contractor contained details about how the NSA breaks into foreign computer networks for cyber espionage operations as well as defends its systems against cyber attacks.

Although what role Kaspersky played in the breach is not entirely clear, US officials believe antivirus scan performed by Kaspersky Lab’s security software on the contractor’s computer helped Russian hackers in identifying the files containing sensitive information.

In response to the WSJ story, Kaspersky CEO Eugene Kaspersky said his company “has not been provided with any evidence substantiating the company’s involvement in the alleged incident. The only conclusion sees to be that Kaspersky Lab is caught in the middle of a geopolitical fight.”
Also, it is not clear exactly how the files were stolen, but it has been speculated that the antivirus’ practice of uploading suspicious files (malware executables) on the company’s server, located in Russia, may have granted the Russian government access to the data.
Another possibility is that Russian hackers stole the confidential data by exploiting vulnerabilities in Kaspersky Lab software installed on the targeted system, according to the person, who asked not to be identified.

“Now, if we assume that what is reported is true: that Russian hackers exploited a weakness in our products installed on the PC of one of our users, and the government agencies charged with protecting national security knew about that, why didn’t they report it to us?” Kaspersky said.


“We patch the most severe bugs in a matter of hours; so why not make the world a bit more secure by reporting the vulnerability to us? I cannot imagine an ethical justification for not doing so.”


This breach of NSA classified files, which is being called “one of the most significant security breaches in recent years,” was occurred in 2015, but detected in 2016.

OK, here is our official statement re the recent article in WSJ. pic.twitter.com/rdH6YcsZBZ

— Eugene Kaspersky (@e_kaspersky) October 5, 2017



However, it is not clear whether this security incident has any ties to the Shadow Brokers campaign, an ongoing public leak of NSA hacking tools that many officials and experts have linked to the Russian government.
It is another embarrassing breach for the NSA, which has long struggled with contractor security—starting from Edward Snowden to Harold Thomas Martin and Reality Winner. 

internet, TechNews

Facebook will use facial recognition to unlock your account

Leave a comment

Facebook is appreciated for tracking users even when they log off from the site; the social media titan also faces criticism over its tactics to collect user data. Now it is being announced that Facebook is experimenting facial identifying technology to assist users in unlocking their Facebook accounts.Means Facebook will use your face to verify that the locked account belongs to you and not some script kiddie or third-party trying to access someone else’s account. According to TechCrunch, “that could be especially useful if you’re somewhere that you can’t receive two-factor authentication SMS, like on a plane or while traveling abroad, or if you lose access to your email account”.
“We are testing a new feature for people who want to quickly and easily verify account ownership during the account recovery process. This optional feature is available only on devices you’ve already used to log in. It is another step, alongside two-factor authentication via SMS, which was taking to make sure account owners can confirm their identity,” Facebook told TechCrunch.
It is most likely that Facebook is impressed with iPhone X’s facial recognition that lets users unlock their phone instantly. A screenshot shared by Matt Navara of TNW, one can see how Facebook’s facial recognition feature will be working in future.
The facial recognition itself has become one of the fastest growing tech used by companies, for instance, China is using facial recognition system in public toilets and the United States airports are using the same technology to keep track of those leaving or visiting the country.
The FBI (Federal Bureau of Investigation) also owns a database of more than 411 million images out of which 140 million belongs to foreigners who applied for US visa and 30 million mugshots of criminals without any oversight.
However, according to a recent survey of 129 hackers conducted by security firm Bitglass found facial recognition was considered the second less efficient security tool behind standard passwords. Facial recognition was also rated as the worst tool six times more often than fingerprint authentication, indicating that there are many doubts in the air about the security of facial recognition tech.
According to Thomas Fischer, global security advocate at Digital Guardian, “Facebook’s Face ID seems to be focused on providing users with the second factor of authentication were they to lose access to their account, or forget their password. It is interesting to note that Facebook’s technology will only work on a device that has already been associated with a user account. This effectively provides a three-layer authentication mechanism: account, device and biometrics, you will need all three factors to gain access. This can significantly increase the security of a user’s account.”
While Facebook has experienced some backlash to facial recognition for photo tag suggestions in the past, this feature would only use the technology to privately help you out. Therefore it shouldn’t engender as big of privacy concerns, though obviously anything related to biometric data can give people pause. But if it means you can get back to your messages and News Feed, or repair damage done by a hacker, many people are likely to be comfortable to use their face to Facebook
Hacking Tools, Learn Hack, TechNews

Best Method to Crack a Facebook Password & How to Protect Yourself from Them

Leave a comment

Reset the Password

The easiest way to “hack” into someone’s Facebook is through resetting the password. This could be easier done by people who are friends with the person they’re trying to hack.

  • The first step would be to get your friend’s Facebook email login. If you don’t already know it, try looking on their Facebook page in the Contact Info section. Still stuck? Hackers use scraping tools like TheHarvester to mine for email addresses, so check out our guide here to find a user’s email that you don’t already know.
  • Next, click on Forgotten your password? and type in the victim’s email. Their account should come up. Click This is my account.
  • It will ask if you would like to reset the password via the victim’s emails. This doesn’t help, so press No longer have access to these?
  • It will now ask How can we reach you? Type in an email that you have that also isn’t linked to any other Facebook account.
  • It will now ask you a question. If you’re close friends with the victim, that’s great. If you don’t know too much about them, make an educated guess. If you figure it out, you can change the password. Now you have to wait 24 hours to login to their account.
  • If you don’t figure out the question, you can click on Recover your account with help from friends. This allows you to choose between three and five friends.
  • It will send them passwords, which you may ask them for, and then type into the next page. You can either create three to five fake Facebook accounts and add your friend (especially if they just add anyone), or you can choose three to five close friends of yours that would be willing to give you the password.

How to Protect Yourself

  • Use an email address specifically for your Facebook and don’t put that email address on your profile.
  • When choosing a security question and answer, make it difficult. Make it so that no one can figure it out by simply going through your Facebook. No pet names, no anniversaries — not even third grade teacher’s names. It’s as easy as looking through a yearbook.
  • Learn about recovering your account from friends. You can select the three friends you want the password sent to. That way you can protect yourself from a friend and other mutual friends ganging up on you to get into your account.

Method 2Use a Keylogger

Software Keylogger
A software keylogger is a program that can record each stroke on the keyboard that the user makes, most often without their knowledge. The software has to be downloaded manually on the victim’s computer. It will automatically start capturing keystrokes as soon as the computer is turned on and remain undetected in the background. The software can be programmed to send you a summary of all the keystrokes via email.
Null Byte features an excellent guide on how to get a keylogger on a target computerto get you started. If this isn’t what you’re looking for, you can search for free keyloggers or try coding a basic keylogger yourself in C++.

Hardware Keylogger
These work the same way as the software keylogger, except that a USB drive with the software needs to be connected to the victim’s computer. The USB drive will save a summary of the keystrokes, so it’s as simple as plugging it to your own computer and extracting the data.
There are several options available for hardware keyloggers. Wired keyloggers like the Keyllama can be attached to the victim’s computer to save keystrokes and works on any operating system — provided you have physical access to retrieve the device later. If you’re looking to swipe the passwords remotely, you can invest in a premium Wi-Fi enabled keylogger which can email captured keystrokes or be accessed remotely over Wi-Fi.

How to Protect Yourself

  • Use a firewall. Keyloggers usually send information through the internet, so a firewall will monitor your computer’s online activity and sniff out anything suspicious.
  • Install a password manager. Keyloggers can’t steal what you don’t type. Password mangers automatically fill out important forms without you having to type anything in.
  • Update your software. Once a company knows of any exploits in their software, they work on an update. Stay behind and you could be susceptible.
  • Change passwords. If you still don’t feel protected, you can change your password bi-weekly. It may seem drastic, but it renders any information a hacker stole useless.

Method 3Phishing

This option is much more difficult than the rest, but it is also the most common method to hack someone’s account. The most popular type of phishing involves creating a fake login page. The page can be sent via email to your victim and will look exactly like the Facebook login page. If the victim logs in, the information will be sent to you instead of to Facebook. This process is difficult because you will need to create a web hosting account and a fake login page.

The easiest way to do this would be to follow our guide on how to clone a websiteto make an exact copy of the facebook login page. Then you’ll just need to tweak the submit form to copy / store / email the login details a victim enters. If you need help with the exact steps, there are detailed instructions available by Alex Long here on Null Byte. Users are very careful now with logging into Facebook through other links, though, and email phishing filters are getting better every day, so that only adds to this already difficult process. But, it’s still possible, especially if you clone the entire Facebook website.

How to Protect Yourself

  • Don’t click on links through email. If an email tells you to login to Facebook through a link, be wary. First check the URL (Here’s a great guide on what to look out for). If you’re still doubtful, go directly to the main website and login the way you usually do.
  • Phishing isn’t only done through email. It can be any link on any website / chat room / text message / etc. Even ads that pop up can be malicious. Don’t click on any sketchy looking links that ask for your information.
  • Use anti-virus & web security software, like Norton or McAfee.

Method 4Man in the Middle Attack

If you can get close to your target, you can trick them into connecting to a fake Wi-Fi network to steal credentials via a Man In The Middle (MITM) attack. Tools like the Wi-Fi Pumpkin make creating a fake Wi-Fi network is as easy as sticking a $16 Wireless Network Adapter on the $35 Raspberry Pi and getting close to your target. Once the victim connects to your fake network, you can inspect the traffic or route them to fake login pages. You can even set it to only replace certain pages and leave other pages alone.
Hack News, Malware, TechNews

Apple macOS High Sierra Abuse! Lets Hackers Steal Keychain Passwords in Plaintex.

Leave a comment
After a Long Time yesterday  Apple rolled out the latest version of its macOS operating system, dubbed (High Sierra 10.13)—a few hours before an ex-NSA hacker openly exposed the details of a critical vulnerability that assumes High Sierra as well as all newer versions of macOS.


Ex-NSA hacker and now head of the investigation at security firm Synack found a critical zero-day vulnerability in macOS that could allow any fixed application to steal usernames and plaintext passwords of online accounts stored in the Mac Keychain.

The macOS Keychain is a created-in password control system that helps Apple users securely cache passwords for applications, servers, websites, cryptographic keys and credit card numbers—which can be located using only a user-defined master password Typically no statement can access the contents of Keychain unless the user enters the master password.



I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords. This is not something that is supposed to happen! :(patrick wardle.)

The safety flaw actually resides in macOS’s kernel extension SKEL (Secure Kernel Extension Loading) security feature, which was disclosed earlier this month, allowing an attacker to run any third-party at kernel level extension without requiring user approval.

patrick wardle recently posted a proof-of-concept video of the achievement, demonstrating how the hack can be used to exfiltrate every single plaintext password from Keychain without requiring the user to enter the master password.

           Steal y0 (macOS) Keychain from patrick wardle on Vimeo..

This video shows whereby a malicious installed application, signed or unsigned, enabled an attacker to remotely steal all the passwords stored in the keychain and does not notify the user of the attack either.


“macOS is intended to be secure by default, and Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app outdoors explicit approval,” said Apple in a statement released today.

“We assist users to download software only from trusted sources like the Mac App Store and to pay careful attention to security dialogs that macOS presents.”

patrick wardle maintained that he announced the issue to Apple last month, and made the public disclosure when the company planned to release High Sierra without fixing the vulnerability, which not only affects the newest version but also older versions of macOS.

Hack News, internet, Malware, Reviews, TechNews

Passwords For 540,000 Car Tracking Devices Leaked Online.

Leave a comment

Over 500,000 car tracking devices’ passwords accidentally leaked due to misconfigured cloud server

In another time case of an accidental data leak, login credentials of over 500,000 car tracking devices were freely exposed due to a misconfigured cloud server. The data came from SVR Tracking, which is a firm that claims to specialize in “vehicle recovery.”

 allows SVR its clients to pursue their vehicles around the timer so they can control and recover them in case their vehicle has been stolen. The firm attaches a tracking device to a vehicle in a discreet place, so if the vehicle is stolen, an untold driver would have no knowledge of it denoting monitored.
researchers at Kromtech Security, who saw the violation, the data exposed included SVR users’ account credentials, such as emails and passwords. Users’ vehicle data, including VIN numbers and license plates, were also easily imperiled. The data was imperiled via an insecure Amazon S3 bucket.
Each repository restrained over a half of a million records with logins/passwords, emails, VIN (vehicle identification number), IMEI numbers of GPS devices and additional data that is settled on their plans, clients and auto dealerships. Interestingly, the exposed database also comprised notice wherever correctly in the car the tracking unit was ducked,” Kromtech researcher Bob Diachenko said in a blog.

Download Hacking book free

SVR’s car tracking method monitors control a vehicle has been for the past 120 days, which can be openly obtained by anyone who has entree to users’ login credentials.
The unstable Amazon S3 pot has been secured after Kromtech reached out to SVR and informed them around the violation. It still continues unclear as to how long the data rested freely displayed. It is also debatable whether the data was mayhap accessed by hackers.
“In the age where corruption and technology go hand in hand, assume the possible threat if cybercriminals could find out where a car is by logging in with the credentials that were publically possible online and keep that car? The overall number of devices could be much bigger given the fact that many of the resellers or customers had large numbers of devices for tracking,” Diachenko said.

Loading…