Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/28/2016
12:00 PM
Connect Directly
Twitter
RSS
E-Mail

10 Newsmakers Who Shaped Security In the Past Decade

In celebration of Dark Reading's 10th anniversary, we profile ten people whose actions influenced and shaped the trajectory of the industry - for better or for worse -- in the past ten years.
11 of 12

Charlie Miller and Chris Valasek 
Hack My Ride

When security researchers Charlie Miller and Chris Valasek showed off their first car hacks in 2012, they landed a segment on the 'Today' show, but got little if any attention from the carmakers themselves. They were able to wrest control of automated features in a 2010 Toyota Prius and the 2010 Ford Escape to force the vehicles to steer wildly, brake, and accelerate. Ford, for example, dismissed the hacks as low-risk physical manipulations of the vehicle, because the hackers had to physically get inside the vehicle to hack it. Even so, they got some nervous laughter from their audiences at DEF CON and on TV. 

Their next step was studying the networked automation features in late-model vehicles, and they wrote a report in 2013 on the most (remotely) hackable cars. At the top of that list was the 2014 Jeep Cherokee. They then used that vehicle as the lab rat for their ultimate goal of hacking a moving vehicle from afar. The research culminated in a video demonstration of their taking control over a Jeep from their laptops from Miller's couch 10 miles away  while the driver was traveling at 70Mph on the highway.

The in-your-face hack not only got the attention of most major cable television outlets, but it also finally moved the cybersecurity needle in the auto industry: Fiat Chrysler recalled 1.4 million vehicles that contained the painfully simple zero-day flaw the researchers used to hack it, an unnecessarily open communications port in the car's infotainment system.

The auto industry has made some significant moves to address security of their networked vehicles: in July, it launched its own Intelligence Sharing and Analysis Center (ISAC) for disseminating and exchanging cyber threat information.Famed car hackers Miller and Valasek now work for Uber's research arm, helping makes its upcoming fleet of self-driving cars secure from hacking.

Image Source: Black Hat Events (Pictured above: Valasek on the left, Miller on the right

Charlie Miller and Chris Valasek

Hack My Ride

When security researchers Charlie Miller and Chris Valasek showed off their first car hacks in 2012, they landed a segment on the Today show, but got little if any attention from the carmakers themselves. They were able to wrest control of automated features in a 2010 Toyota Prius and the 2010 Ford Escape to force the vehicles to steer wildly, brake, and accelerate. Ford, for example, dismissed the hacks as low-risk physical manipulations of the vehicle, because the hackers had to physically get inside the vehicle to hack it. Even so, they got some nervous laughter from their audiences at DEF CON and on TV.

Their next step was studying the networked automation features in late-model vehicles, and they wrote a report in 2013 on the most (remotely) hackable cars. At the top of that list was the 2014 Jeep Cherokee. They then used that vehicle as the lab rat for their ultimate goal of hacking a moving vehicle from afar. The research culminated in a video demonstration of their taking control over a Jeep from their laptops from Millers couch 10 miles away while the driver was traveling at 70Mph on the highway.

The in-your-face hack not only got the attention of most major cable television outlets, but it also finally moved the cybersecurity needle in the auto industry: Fiat Chrysler recalled 1.4 million vehicles that contained the painfully simple zero-day flaw the researchers used to hack it, an unnecessarily open communications port in the cars infotainment system.

The auto industry has made some significant moves to address security of their networked vehicles: in July, it launched its own Intelligence Sharing and Analysis Center (ISAC) for disseminating and exchanging cyber threat information.Famed car hackers Miller and Valasek now work for Ubers research arm, helping makes its upcoming fleet of self-driving cars secure from hacking.

Image Source: Black Hat Events (Pictured above: Valasek on the left, Miller on the right

11 of 12
Comment  | 
Print  | 
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29763
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.
CVE-2021-29825
PUBLISHED: 2021-09-16
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
CVE-2021-29842
PUBLISHED: 2021-09-16
IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 205202.
CVE-2021-29752
PUBLISHED: 2021-09-16
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.
CVE-2021-34798
PUBLISHED: 2021-09-16
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.