10Fold – Security Never Sleeps – 51

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerResearchers have found vulnerabilities in wireless keyboards and mice that could allow attackers to take control of them from up to 100 meters away. The IRS has reported a 400% increase in phishing and malware sent out in seemingly secure emails that trick taxpayers. Volvo has announced that they will switch to smartphone enabled keys instead of traditional metal keys and fobs. The ‘world’s first Parental Intelligence System’ has been leaking a database of 6.8 million private text messages and pictures for 48 days before the leak was stopped.

‘MouseJack’ Attacks Hack Wireless Keyboards And Mice From 100 Meters Publication: Forbes Reporter name: Thomas Fox-Brewster

Researchers have exploited a range of vulnerabilities in wireless keyboards and mice, taking control of them from up to 100 meters away. The researchers, from Internet of Things security start-up Bastille, focused on a range of dongle-linked devices from Logitech, Dell , Gigabyte, HP, Lenovo , Microsoft and Amazon Basics. Some patches have been made available for users, including Logitech devices, but where fixes aren’t available, Bastille CTO and founder Chris Rouland recommended customers ditch their mouse or keyboard for a wired or Bluetooth alternative. The problems lie in the way the dongles handle communications. In some cases, the dongles accepted unencrypted packets where they should only have allowed normal encrypted packets.


IRS reports 400% increase in phishing & malware in the past 12 months Publication: Naked Security Reporter name: Lisa Vaas

The IRS warned on Thursday that it’s already seen a “dramatic” increase in official-looking text and email messages stuffed into inboxes. The phishing messages are asking taxpayers about a wide range of sensitive information, including data related to refunds, filing status, confirmation of personal information, transcript orders and PIN verifications. The messages are rigged to look official, as if they came from the IRS itself or from others in the tax industry, such as tax software companies.


Volvo wants to replace car keys with smartphones Publication: USA Today Reporter name: Chris Woodyard

Volvo plans to start selling cars without keys beginning in 2017, using smartphones as replacements. In effect, Volvo says the Bluetooth-enabled smartphone would become the “digital keys” and there would no longer be a need for physical key. If Volvo’s plan works, it would become only the latest in a series of moves in recent years that have struck a blow against the traditional metal key. Even the cheapest subcompacts these days often come with electronic key fobs instead of metal keys. Though they can be expensive to replace, the fobs — in combination with start buttons– eliminate the danger that a key can become stuck or break off in the ignition lock.


Child Tracker App ‘Leaks 6.8 Million Texts, 1.8 Million Photos’ From Kids’ Phones Publication: Forbes Reporter name: Thomas Fox-Brewster

That’s because uKnow, the Arlington, V.A., provider of the “world’s first Parental Intelligence System”, was leaking a huge database containing as many as 6.8 million private text messages, 1.8 million images (many depicting children) and 1,700 in-depth child profiles made up of data from Android and iPhone devices, according to Chris Vickery, researcher at MacKeeper, a security provider that’s had some security issues of its own in recent months (hence the employment of Vickery). All that data, coming direct from mobiles as well as Instagram, Facebook, Twitter and myriad other social networks, was leaked because uKnow had failed to lock down a database containing the information. According to Vickery, the company failed to use any username or password. Vickery believes the information was accessible for at least 48 days, but has now been locked down.