Tag Archives: hackers

Tesla Model 3 Hacked in Canada

Two hackers in Vancouver had won a Tesla after they have found loophole in Telsa’s web browser that let them bypass security.

This happened at a Pwn2Own hacking contest in Vancouver where so called white hackers and security experts gather to try to exploit various computer systems . Pwn2Own has been going on for over 10 years.

This year was a special year as this is the first time a big company like Tesla agreed to lend them a car to be exploited and hacked .

Two security experts, Richard Zhu and Amat Cam, were able to penetrate Tesla’s web browser and show a custom message.

Tesla gave the duo the same car they hacked as a gift. They also mentioned that they will be fixing the bug asap.

“In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Tesla’s been involved with hacking community for many years and have been giving away bounties of up to $15,000 US. Nice way to keep the car safe.

iPhone Facetime’s Hack

Update: Apple released iOS 12.1.4 that fixes FaceTime security flaw that let people eavesdrop in on you or even see your camera without your authorization. Feel free to go to Settings > General > Software update to do the update now.

You would never expect a large firm like Apple would let you eavesdrops on another person’s iPhone. But yesterday social media went crazy discussing how easy it is to do just that.

Basically you can call another person’s iPhone and eavesdrop or even see a video without the other person’s accepting it.

Apple acknowledge that it’s a bug in their Facetime software system and even without answering the call the other person can hear and see what you are doing.

We’re aware of this issue and we have identified a fix that will be released in a software update later this week

Apple

Apple has also said that it has disabled group Facetime chat, the software that was causing an issue.

This is a big setback for Apple as it is trying to a be a leader when it comes to its users’ privacy.

At Planetweb, we have replicated an issue. It is very simple to do. Just call someone using Facetime and while calling, swipe up and add yourself to the convesation. Even if the other person does not answer – you will stay connected and can hear the other person’s microphone.

What’s even worse, if that person mutes the incoming call with up or down volume button, that will switch on his or her camera, and you will be able to see video.

How to fix it? Just wait for an update from Apple. You have been warned.

Air Canada Hacked

Air Canada said that over 20,000 profiles saved into their mobile app have been compromised and info such as customer’s Aeroplan number, passport number, Nexus number, known traveller number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence could have been accessed.

After discovering the breach Air Canada has shut down the app, and is forcing all 1.7 million app users to change their passwords immediately.

Free-Photos / Pixabay

Chester Wisniewski, cyber security specialist, said in an interview with CBC:

“You never want someone to know your name, your birthday and your passport.

I suspect hackers stumbled across a bug in the API.

I don’t think they were targeting Air Canada or they were intent on stealing specific info, there’s a lot of hackers who are just scrolling the internet looking for doors that are ajar. If they find a door that’s open they start monkeying around.”

Some users complained not being able to login, but some others, like this Canadian satire site cracked jokes.

Air Canada said that they have not detected improper use of stolen passwords. Yet.

Gabor Lukacs, Canadian air passenger rights advocate, mentioned that he would recommend people affected to complain to the Office of the Privacy Commissioner, Canada’s watchdog that  provides advice and information for individuals about protecting personal information.

Lukacs said:

“When a corporation collects your data, they have a responsibility to keep it safe. When they fail, it is a matter for the Office of the Privacy Commissioner to investigate.

People may also wish to start a class action against Air Canada in this situation.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals.

West Vancouver Servers Hacked

District of West Vancouver, westvancouver.ca, recently discovered that they have malware installed on their servers potentially accessing thousands of users data over the last few years. It is possible that over 4,870 people data have been compromised.

While noone knows for sure if data compromised was used or will be used for illegal purposes, West Vancouver issues press release saying that “the possibility of compromise cannot be definitively ruled out.”

Basically if you have used website to send personal information to the city between 2013 and 2018 your data was potentially compromised. To stop the breach from spreading even more, the officials have shut down the website, and wiped all the personal data from the website, and promised to increase their web security.

West Vancouver promised in the press release:

“Examples of the personal information contained in these forms may include addresses, phone numbers, email addresses, and IP addresses.

Once we are assured that additional security measures put in place are effective, the forms will be enabled again on a limited basis. In the future, data will be removed from the web server on a regular basis.”

Robfoto / Pixabay

City advises you to “exercise caution if approached by an unknown individuals” in regards to your data as hackers might target residents for scams or identity theft.

Cyber security expert George Pajari, in interview to North Shore news, said:

“It was obvious the district was completely unprepared. It was a disaster waiting to happen. They hadn’t taken what I would consider the absolute basic steps to protect the information they were holding.

Not only had they not subscribed to receive notification of the patches from the vendor, they hadn’t updated their software for months and months so they got knocked off.”

Cyber security is becoming a big issue in Canada, where a recent report from Deloitte mentioned that many cyber security jobs in Canada go unfilled due to lack of experienced professionals. If you are looking for a new career, maybe consider going into cyber security – a huge boom in this profession is expected over the next 5-10 years in Canada and across the world.

Not enough cyber security talent in Canada, Deloitte reports

A new report by Deloitte said that Canada is severely lacking cyber security talent , and shortage of talent is not being addressed enough by universities and colleges.

Deloitte says that demand for cyber security professionals is climbing up by a rate of 7% annually with 5,000 of roles expected to be filled by 2021.

Deloitte said that total cyber security employment around the world by 2022 will be around 1.8 million.

This shortage needs to be fixed as soon as possible report states, due to pace of global technological innovation by more than $3 US trillion are expected in lost economic value in 2020 if not addressed.

Report states that universities and colleges in Canada are trying to address the shortage but find themselves in a tough spot as there are not enough qualified professors and instructors.

Deloitte recommends hiring consultants to address the demand, keep up with rising pay, and increase recruitment efforts by using recruitment agencies or consultants to help with hiring.

Report concludes

“For the foreseeable future, Canadian businesses, educational institutions, and governments that look at the cyber talent shortage through a human-centric lens, and take bold and deliberate steps to overcome the challenges will push ahead of their peers.”

Hackers Might Be Listening to Your Phone

This might not come as a surprise to many people but your phone (well more accurately your office VoiP phone) might have been hacked and hackers on the other side of the world are listening in.

Many VoIP office phones (sold by such online stores as www.VoIPGizmos.ca in Canada) and produced by such companies such as Cisco, Yealink, Grandstream and Snom might be vulnerable to hackers due to lack of software updates.

The video below features  Ang Cui, cybersecurity expert and founder of Red Balloon Security, who goes over how you can protect yourself and your company from hackers and espionage.

Basically to summarize the video , Ang says that hackers can hack pretty much any VoIP phone due to vulnerable software.

Once hackers take ahold of your phone they can “… certainly listen to you when you’re making phone calls. They can probably figure out who you’re calling and when.”

Due to the way phone works , the microphone never turns off, so you do not even have to be talking on a phone for hackers to hear what you are saying.

The hackers do not even have to be in the same room as the phone, most VOIP phones are on the internet and hackers sitting in China for example, can hack into your phone via your router or firewall or even printer.

stevepb / Pixabay

Another problem Ang says exists that even if companies such as Cisco patch up the security issues, some of the VoIP phones on the market has been around for 5-10 years and only have the firmware update from say 2010 (8 years ago) and therefore last 8 years of patches were not applied.

So basically if you want to make sure your phones are safe – better run those firmware updates right now. What are you waiting for?

Loblaw’s Loyalty PC Points Stolen After a Hack

Go check your PC points account, loyalty program operated by Canadian retail conglomerate Loblaw Companies,  you might have been the latest victim of a hack conducted by hackers over the last few months.

According to CBC, many stolen points ended up being redeemed for products at Loblaws stores in Quebec even though PC points users saying they have never set foot in that province.

The hack has happened after Loblaw have combined PC Points from Loblaw stores to include Shoppers Drug Mart also known as Pharmaprix in Quebec.

PhotoMIX-Company / Pixabay

Loblaws spokeswoman Catherine Thomas said

“We have strong security measures in place across our digital platforms and take any sign of unusual activity very seriously. “

Noone is quite sure how hackers are able to login into hundreds of accounts and then just spend the points at the stores. Loblaws stated that if the account gets hacked then hackers will get access to your name, address, phone number and points balance.

So you have to ask yourself – is your stolen identity really worth the extra few bucks you will get with points? We are just happy that all those stolen points in Quebec can not be applied against booze or cigarettes in that province due to regulations – take that PC Points Thief!