Hacking Your Honda

The “rolling code” technology used to remotely open and lock your car is supposed to prevent hacking. Unfortunately, Honda has a pretty serious vulnerability in their cars that apparently allows anyone with a little talent and cheap hacking tools to get into your car – and maybe even start it (though not actually drive it away). If correct, this vulnerability affects probably all Hondas made over the last 10 years. So far, Honda has denied that this is a problem, but many researchers have reproduced the hack. In other news: cheap, Chinese-made GPS vehicle trackers are vulnerable to remote hacking; Chrome, Edge and Safari browsers fix serious 0-day bugs; Twitter data breach info on 5.4M users is up for sale on the dark web; Windows getting a crucial security update to make important security feature on by default; the Conti ransomware gang is attacking the entire country of Costa Rica; Facebook quickly bypasses Firefox’s URL tracking removal feature; Tor Browser adds a useful feature that will help people in repressive countries; Google appears ready to stop blocking political spam emails; Amazon admits to giving Ring video to law enforcement without consent or a warrant; a complicated, targeted web browser trick can be used to identify website visitors. Article Links [U.S. News & World Report] Researchers: Chinese-Made GPS Tracker Highly Vulnerable https://www.usnews.com/news/business/articles/2022-07-19/researchers-chinese-made-gps-tracker-highly-vulnerable [Ars Technica] 0-day used to infect Chrome users could pose threat to Edge and Safari users, too https://arstechnica.com/information-technology/2022/07/exploit-seller-used-chrome-exploit-and-2-other-0-days-to-infect-journalists/ [9to5mac.com] Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k https://9to5mac.com/2022/07/22/twitter-data-breach/ [ZDNet] Windows 11 is getting a new security setting to block ransomware attacks https://www.zdnet.com/article/windows-11-is-getting-a-new-security-setting-to-block-ransomware-attacks/ [ThreatPost] Conti’s Reign of Chaos: Costa Rica in the Crosshairs https://threatpost.com/contis-costa-rica/180258/ [Schneier Blog] Facebook Is Now Encrypting Links to Prevent URL Stripping https://www.schneier.com/blog/archives/2022/07/facebook-is-now-encrypting-links-to-prevent-url-stripping.html [None] Tor Browser Adds Automatic Censorship Circumvention https://www.infosecurity-magazine.com/news/tor-browser-automatic-censorship/ [Inc. Magazine] Google Revealed Plans for a Big Change to Gmail That Almost Nobody Wants. You Have 19 Days to Object https://www.inc.com/bill-murphy-jr/google-revealed-plans-for-a-big-change-to-gmail-that-almost-nobody-wants-you-have-19-days-to-object.html [The Intercept] Amazon Admits Giving Ring Camera Footage to Police Without a Warrant or Consent https://theintercept.com/2022/07/13/amazon-ring-camera-footage-police-ed-markey/ [The Drive] I Tried the Honda Keyfob Hack on My Own Car. It Totally Worked https://www.thedrive.com/news/i-tried-the-honda-keyfob-hack-on-my-own-car-it-totally-worked [WIRED] A New Attack Can Unmask Anonymous Users on Any Major Browser https://www.wired.com/story/web-deanonymization-side-channel-attack-njit/ Tip of the Week: More Uses for Password Vaults: https://firewallsdontstopdragons.com/more-uses-for-password-vaults/ Further Info Amulet of Entropy!!: https://amuletofentropy.com/  Peppering your passwords: https://firewallsdontstopdragons.com/password-manager-paranoia/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:02: Bad Bugs in GPS Vehicle Trackers 0:07:16: Zero-Day Bugs in Chrome, Edge, Safari 0:12:47: Twitter data breach affect 5.4M users 0:15:20: Windows new default RDP security setting 0:19:11: Conti gang attacks Costa Rica 0:23:40: Facebook defeats URL tracker removal technique 0:26:31: new Tor Browser feature 0:28:51: Google wants to allow political spam 0:34:08: Ring video given to police without warrant or consent 0:39:17: How to hack just about any modern Honda 0:50:43: Targeted, sophisticated web tracking hack 0:57:59: Tip of the Week 1:08:01: Wrap-up, DEF CON