BMW cars could be attacked, a British university fined for a hack and two-factor authentication comes to Firefox.
We’re bringing you the latest cyber security news Welcome to Cyber Security Today. It’s Friday, March 25. To hear the podcast, press play here:
 |
 |
 |
The vehicles you buy increasingly come with wireless Internet connectivity, not only for accident assistance and the entertainment system but also for diagnostics on electronic control units that link to almost every component. Are they hackable if not designed right? You bet. The latest discovery was made by Chinese security researchers, who found more than a dozen vulnerabilities in the onboard compute units of BMW cars. According to The Hacker News, some of the bugs might allow someone to remotely take control of the car. Before you panic, though, two things: Some bugs would need an attacker to first hack into the cellar network. Others would need an attacker to get into the car and plug a compromised USB stick into a maintenance port.
BMW has already started rolling out patches for the vulnerabilities to car owners. But it’s a reminder to car makers that cyber security has to be as important as mechanical and electronic reliability.
I hope listeners know about the importance of activating two-step, or two-factor, authentication on important applications that need logins. Those who use the Firefox browser now can activate two-step authentication to protect their Firefox accounts. If someone tries to log into your account from an unfamiliar device, you’ll be sent a message asking you to enter a verification code from an app that’s on your phone to prove that it’s really you. If you haven’t tried logging in, that’s how you’ll know you’re being attacked. Authentication apps for this are called Google Authenticator, Authy 2-Factor Authentication and Duo Mobile.
A British university has been fined the equivalent of $206,000 after an old Web site built for a conference in 2004 that held sensitive papers of presenters was hacked. Why? Because it wasn’t updated with security patches. Nine years later attackers got in and got away with names, addresses, phone numbers, and email addresses of approximately 20,000 students, staff and others, as well as personal health information of some. The stolen data was then publicly posted. Lesson for managers: You’ve got to keep on top of every Web site people under your control create.
And finally, today many businesses around the world are facing tougher privacy laws now that the European Union’s General Data Protection Regulation, more commonly called GDPR, has come into effect. The philosophy of GDPR is you own your personal data, not a business. If you’re an EU resident you can demand a company correct your data, delete it or let you take it to a competitor. It’s a good idea. Ask if companies you deal with let you do that. Think about it if they say no.
For more GDPR news stories at IT World Canada, click here
Happy Memorial Day weekend to our listeners in the U.S.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.