If you are having trouble viewing this email, click here to view this online



   ISSUE 89

19 December 2018

Article of the Month Around the World


How Cyber attacks effects on Modern Automobiles


Any nation with the ability to launch a cyber-strike could kill millions of civilians by hacking cars'

If you play the watchdogs game series you can see that a guy can hack the vehicle and gain control of that vehicle. It's like a movie scenario. You think that is impossible but now it can be done in real life.

In this article we are going to discuss about how can cyber attack can affect on a vehicle. How can possibly gain access to the vehicle system and take control of vehicle.

According to the Justin Cappos, a computer scientist at New York university, It is possible to breach into the any car built since 2005. Furthermore He said that �Once in, hackers can send messages to the brakes and shut off the power steering and lock people in the car and do other things that you wouldn�t want to happen.�

Is It Possible to hack a Vehicle?
Yes It is. Today lot of automobiles are manufactured using modern software base electronic systems. So vehicle is actually work like a computer. For Example When you hit the brakes the signal from brake pedal to the main system and then the signal is directed to the wheels and then stops the vehicle. Not like in the old school vehicles, All parts in the vehicle are bind to the main system in the vehicle.


In July of this year, cyber security researchers Charlie Miller and Chris Valasek used the latest hacking techniques to hack in to the electrical systems of a Jeep Cherokee. They were able to do this without direct physical access to the vehicle.
Using the Internet they were able to gain wireless control of the Jeep Cherokee giving them access to the Jeep�s entertainment system, enabling them to relay commands to its dashboard functions, steering, brakes and transmission, and they were able to do all of this remotely 10 miles away from the vehicle's location.
You can see the video below.


Miller and Valasek have been hacking motor vehicles for years, but they had always required direct access to the vehicle to do so, with auto industry representatives playing down their accomplishments but this time they have been able to do this wirelessly from any location in the world.
So how they do it?
Well, because vehicle manufacturers like Chrysler are now building cars in such a way that makes their electrical systems and computer networks act like smartphones that are connected to the Internet, this opens up a whole host of possibilities for hackers, allowing them to gain access to critical systems remotely using wireless connections.
It�s not just Chrysler vehicles that are vulnerable either. While the Jeep Cherokee was highlighted as the most vulnerable by Miller and Valasek�s research, other models from various other manufacturers also ranked highly as possible targets.
The duo rated 24 cars, SUVs, and trucks based on three factors that they thought may determine their vulnerability to hackers.
● Number and type of radios that connected the vehicle's systems to the Internet
● Whether onboard computers were properly isolated from the vehicle's critical driving systems
● Whether digital commands could trigger physical (cyber physical components) actions
Miller and Valasek developed software that was able to exploit these vulnerabilities. Their software was able to silently rewrite the firmware for the Uconnect entertainment system (or head unit) allowing them to plant their code and send commands through the vehicle's internal computer network.
The pair believes that these hacks will work on any Chrysler vehicle that uses Uconnect versions from late 2013 onwards but they have only tested these exploits on a Jeep Cherokee so far.
These are the ways what hackers can do to a automobile

1. Find Location
2.Controlling the Airwaves
3.Controlling the air condition system
4.Controlling the speed of vehicle
5. Kill The Engine
6.abruptly engage the brakes of your vehicle
7.Disable the brakes
8.Send Images Remotely to the car digital display
9.Control the vehicle steering

What is the Impact of these attacks
From My point of view a hacker can kill civilians from causing an accident via taking control of vehicle remotely. It is really dangerous. Because other cyber attacks causes a impact on system but from this kind of attack it can be threat to human life.




Ravindu Yasas Amarakoon

is an undergraduate of University of Colombo School of Computing who is currently following Bachelor of Science in Computer Science, currently, he is working as an Intern - Information Security Engineer at Sri Lanka CERT|CC

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  How to protect yourself as the threat of scam apps grows


"...The policies and review procedures of major app stores do keep out a large number of fraudulent apps. While there are always more things they might and probably should be doing to continue to address this problem, it is an ongoing learning process for all of us...."


Hackers Could 3D Print Your Head to Unlock Your Phone


"...Forbes conducted a test of five different smartphone models that have a facial recognition unlock option. They used an iPhone X and four different Android devices: an LG G7 ThinQ, Samsung S9, Samsung Note 8 and OnePlus 6. Of those devices, only the iPhone X passed the test and wasn't fooled by the false head....."


Target targeted: Five years on from a breach that shook the cybersecurity industry



'..As Aryeh Goretsky stated: �With Target and Home Depot, consumers began (I think) to see that these weren�t intangible things that did not affect them, but rather concrete examples of �this happened to a place I do business with� vs. something nebulous/opaque/invisible to consumers like a payment processor. If Target is what legitimized data breaches in consumers� minds, maybe Home Depot was the one that galvanized them into thinking that this was going to be a repeating event.....'

Android Trojan steals money from PayPal accounts even with 2FA on



'...First detected by ESET in November 2018, the malware combines the capabilities of a remotely controlled banking Trojan with a novel misuse of Android Accessibility services, to target users of the official PayPal app.

At the time of writing, the malware is masquerading as a battery optimization tool, and is distributed via third-party app stores.......'

Aliens? NASA servers with employee PII potentially compromised


'....A Dec. 18 advisory posted to the SpaceRef website warns that one of the servers contained Social Security numbers and other sensitive information belonging to current and former NASA employees. More specifically, the breach affects NASA Civil Service employees who were added to or removed from the agency, or transferred between Centers, from July 2006 through October 2018, when the investigation began........'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in November 2018


  Statistics - Sri Lanka CERT|CC

New Malware Takes Commands From Memes Posted On Twitter

'...In the recently spotted malicious scheme, which according to the researchers is in its early stage, the hackers uses Steganography�a technique of hiding contents within a digital graphic image in such a way that's invisible to an observer�to hide the malicious commands embedded in a meme posted on Twitter, which the malware then parses and executes....'

Pentagon to Connect Experimental Background Check App To Other Systems By Year�s End

"...The system, called the National Background Investigations Service, or NBIS, is a multiphase process that includes building the secure infrastructure to house background investigations work�including a slowly shrinking 600,000-case backlog�and the front-facing apps like eApp to enable that work....."
​'Agencies Faced More Than 35,000 Cyber Incidents in 2017, Watchdog Says

�...Roughly one in five incidents last year involved violations of agencies� online use policies, while email and phishing attacks made up another 21 percent, the Government Accountability Office said in a report published Tuesday. Web-based attacks and misplaced equipment accounted for about 23 percent of incidents, and nearly one-third of attacks didn�t fall neatly within any major category.....�
2018 � The year that was: Top Cyberthreats

."...It was clear it was going to be an intense year the cybersecurity industry when, just days after ringing in 2018, researchers announced a vulnerability found in essentially all CPU processors made over the previous two decades. From there, things only got busier, with news of Russian exploits, new ransomware families and much, much more.�....."

Notice Board

Training and Awareness Programmes - November  2018


Brought to you by: