BMW is 1st Automaker to Admit a Security Flaw

Hat tip to BMW – they may be one of the first automakers to publicly admit to a security flaw in their vehicles.

What Happened

The potential breach was found in BMW’s ConnectedDrive infotainment system.

In Germany, the ADAC (their CAA) discovered a potential security gap during data transmission.

It would have allowed an attacker to use ConnectedDrive to remotely unlock the car’s doors, then potentially access the SIM card to control some of the vehicle’s functions (not critical ones though, like steering or braking.)

What BMW did

They promptly sent out a mass software patch to over 2.2 million vehicles, switched to using HTTPS (like a bank) to encrypt traffic between their servers and the vehicles, and then even posted a press release about it, here.

Why this is meaningful

It’s not the first time an automaker has experienced some sort of potential security breach.

What’s different is how they handled it – swiftly, and openly talked about it, something which often only happens when the manufacturer is publicly shamed.

 

 

Google & ‘Safer Internet Day’

When you Google’d today you saw it’s ‘Safer Internet Day, but then probably not much more about it, because it’s more of a European thing.

Still a good reminder to change a few passwords,
because when was the last time you did?

At least change email / Facebook / bank passwords. Or don’t, it’s not my identity and money.

 

 

Flashlight Defeats Camera

Overload a lens with light, and it freaks out and basically goes blind.

Flashlight beats camera keriblog

That’s why you see celebrity’s bodyguards pointing flashlights into cameras, they’re preventing photos from being taken.

 

 

The Math Behind Having a Long Password

Longer passwords are better, but why? 2 reasons.

1st – this mathematical formula:

XY= Z

2nd – that a password guessing script can make 25 billion guesses, per second.

So! 

The password – kerio – uses only lower case alphabetical characters, of which there are 26.

So our formula is: 265 = 11 billion = cracked in 0.5 seconds

The bigger both numbers =
the better off you are

Here’s a proper, 25-digit password:  “)pCdjAL’x*^KgV3XE!x*w!1P

It uses lower case letters (26), upper case (26), numbers (10), and symbols (32) = 9425 = 2.1291014e+49 = cracked in weeks = attacker likely moves onto an easier target

***

This post has been brought to you by Nuix and KeriBlog.

Meet Nuix here.