Garage doors may be vulnerable to being opened remotely by hackers using little more than a childrens’ toy, a security researcher has proven this week.The repurposed tool has been branded OpenSesame by its creator Samy Kamkar, who built it out of a discontinued Mattel toy called IN-ME, adding an antennae and an open-source hardware add-on. Although no longer available, Softpedia notes that the toy is a pocket computer that allows kids to chat to eachother, and can still be found on eBay for as little as $12.The proof-of-concept attack affects basic, fixed code garage door security, for which the most advanced would leave 4,096 possible combinations. Kamkar claims that it would take around 29 minutes to breach the lock by brute-force if the details of the system were known to the hacker.
Around 19% of IT security leaders said that budgets will significantly increase over the next two years, with an additional 31% saying budgets will increase, according to a new report by Dell SecureWorks.The study by Dell surveyed 1,825 IT security leaders and their staff, based in 42 countries including North America, Europe, Africa, Asia and the Middle East. The aim of the report was to identify the key influencers on decisions which affect security budgets and technology purchases.Of the remaining survey respondents, nearly all said that budgets will remain flat (46%), while a few (4%) said their organizations could actually decrease security spending. This is largely the same growth picture as the last two years, with the same group of experts witnessing the same increase (31%) and a similar significant increase (15%) during the period.
Distributed Denial of Service (DDoS) attacks are on the rise, according to cloud service provider Akamai, with more than double the number reported from this time a year ago.Not only that, but the methods are changing to ensure DDoS attacks are longer-lasting, and inflict more damage, reports ZDNet. While last year DDoS attacks were characterized by high bandwidth but short duration, so far in 2015 attacks have used less bandwidth, but been of a far longer duration. An Akamai spokesperson told SC Magazine, “An HTTP flood will not consume a lot of bandwidth, but it will generate a lot of HTTP requests.” This still overwhelms the site, but makes it harder to see a malicious attack coming.
Mobile applications increasingly want access to various functions on your smartphones and tablets, such as your location and contacts book. But some of these app permissions should not be granted.App Store, Google Play and Windows Phone store users will know by now that, when installing an app or using a particular feature for the first time, the app will ask their permission to access certain features of the device. For example, a map application will ask for access to the GPS, while VoIP and other voice-calling applications may require access to the phone and device ID.