As I type this, GM Canada President & Managing Director Steve Carlisle is announcing that GM Canada is expanding their Engineering Center in Oshawa Ontario. They will be hiring more than 100 software and controls engineers with the goal to make this location a hub for “connected car” and green technologies. Connected with this announcement comes the news that GM Canada will also be using social media to engage students, teachers, and other Canadians with the team in this Engineering Center. This is good news for the auto industry in Southern Ontario as that is a key industry for this area’s economy. Plus it underlines the fact that Ontario has the workforce to support a technology and engineering facility such as the one being referenced in this announcement.
On Saturday when I broke this story on electric carmaker Tesla getting their Twitter account and website hacked, I said this:
Here’s more ammo to back up the fact that the responsible party should be fired. Apparently it was a social engineering hack:
SecurityWeek, which spoke with a Tesla spokesperson, explained that the two accounts were hijacked via a simple tactic dubbed “social engineering.” It went something like this:
- A hacker called AT&T customer support and posed as an employee of Tesla. This person then demanded all phone calls to the company be forwarded to a new fake phone number.
- Next, this malicious hacker got in touch with Tesla’s domain registrar Network Solutions. Since all the phone calls were being forwarded to the hacker, this person was able to easily add a new email address to Tesla’s domain administrator account.
- With this new email on the account, the hacker then reset passwords for the website and wreaked hours of havoc.
The Tesla spokesperson emphasized to SecurityWeek that no data was breached. “Our cooperate network, cars and customer databased remained secure throughout the incident,” Tesla said.
The fact that the public face of Tesla was hacked in such an easy manner should really make the folks at Tesla rethink their IT security. I say that because social engineering hacks are less about technical skill and more about being able to convince people to do what you want them to do. That’s why companies have to train employees to spot these sort of hack attempts whether it’s focused on them or their customers.
You have to wonder what could have happened if hackers with a lot more skill who were also willing to put in a lot more effort could have gotten away with.
We began auditing the AFNetworking SSL code after the previous vulnerability was announced. Version 2.5.1 would accept self-signed certificates (pretty much game over for your users’ data). It was released for only 6 weeks, and yet 1,500 apps+ were affected.
A few weeks ago, we found that version 2.5.2 did fix this issue, but there was another flaw nearby in the same code. Domain name validation could be enabled by the
validatesDomainName flag, but it was off by default. It was only enabled when certificate pinning was turned on, something too few developers are using.
This meant that a coffee shop attacker could still eavesdrop on private data or grab control of any SSL session between the app and the Internet. Because the domain name wasn’t checked, all they needed was a valid SSL certificate for any web server, something you can buy for $50.
This flaw affects up to 25,000 apps which is downright scary. If you’re worried about this, and you should be, SourceDNA set up an online service called Searchlight that can be used to check if the iOS apps installed on your iDevices are vulnerable.
One thing that you should know is that this service shows that apps from large developers like Microsoft, Yahoo and Google are potentially affected by the AFNetworking flaws. It really sounds like Apple and a lot of other people have a lot of work to do to fix this before some evil doer exploits this.
It must be nice to be Apple these days. They came out with their quarterly results and here are the highlights:
- Apple reported a profit of $13.6 billion with revenue up 27% to $58 billion.
- Apple sold 61.1 million iPhones in the first three months of 2015.
- Apple sold 12.6 million iPads, down 23% from a year earlier.
- Apple is increasing its share-buying program which will return $200 billion to investors, up from $130 billion.
- Apple has an outrageous $195 trillion in cash on its books. There are countries that don’t have that amount of cash.
Clearly, it’s good to be Apple.
Today BlackBerry announced a white version of the BlackBerry Classic smartphone. The white colored BlackBerry Classic is available this week in Indonesia through authorized distributors, and in Hong Kong through carrier partners csl, 3 Hong Kong and SmarTone, and authorized distributors Broadway Photo Supply Ltd, Fortress, Hong Kong Suning, Chung Yuen Electrical Co., Ltd and Nuance-Watson (HK) Ltd. This new color option will continue to roll out over the next few weeks online and in carrier retail stores across select countries in Asia, Europe and the Middle East.
OpenTable has released its app experience for Apple Watch in Canada.
At a glance, the OpenTable app for Apple Watch reminds diners of their upcoming reservation, shows them how to get there and keeps them on time with an elegant countdown interface.
Diners can download OpenTable for Apple Watch from the App Store or in the Apple Watch App on iPhone.
It appears that electric carmaker Tesla has had its Twitter account hacked. Here’s the proof:
This started happening about 25 minutes ago. It’s surprising that a company run by Elon Musk would get pwned like this. So you can pretty much expect that whomever runs Tesla’s social media efforts is about to get fired.
UPDATE: The hack of the Tesla Twitter account follows the Tesla website being hacked as well. Right now it looks normal. But it may not stay that way.
UPDATE #2: It appears Tesla has control of their Twitter account as the Tweets that tipped the world off to the hack have been deleted.
UPDATE 3: Here’s a look of the Tesla Twitter account when it was hacked: