Connect with us

Technology

Toyota Cyber Attacks: Three Incidents In The Last 5 Weeks

Published

on

Toyota customers were affected in three separate cyber attacks suspected to be carried out by a group of hackers.

Toyota is facing a huge problem, and it’s has been going for quite some time. If you’re going to think of the kinds of company that are most likely to be affected by a cyber attack, you will least think of automotive companies like Toyota. They’re huge, with a strong cyber security protocol, has budget too secure data and they have top-notch IT systems. However, it seems like no company is exempted and hackers are everywhere trying to scavenge for data from whatever database they can get into.

Millions of car owners have had their data compromised in a series of cyber attacks that have targeted the global car manufacturer Toyota in the last five weeks. The company has reported three confirmed attacks in three separate global branch locations across two continents.

Reports reveal that data of millions of owners of Toyota cars have been compromised following a cyber attack undertaken by a group of hackers at Toyota Motors in Japan. A few months ago, the company announced that a similar incident happened in the Australia branch of the car company. Another similar incident was also reported by Toyota Vietnam on the same day that the Japan breach was announced, making it the third one.

About 3 million customer data were breached including some Toyota sales subsidiaries and unauthorized access to some other firms.

“It turned out that up to 3.1 million items of customer information may have been leaked outside the company,” Toyota said in a press briefing following the Japan attack.

Specifically, the attack targeted the servers of Toyota Tokyo Sales Holdings Co., Ltd. Tokyo Toyopet Co., Ltd., Nets Toyota Tokyo Co., and Tokyo Tokyo Corolla Co., Ltd. Other servers that were affected by the attack are those of Jamil Shoji CO., Ltd (Lexus Nerima), Lexus Koishikawa Sales Co., Ltd., and Toyota West Tokyo Corolla Co., Ltd. In general, the breached data belongs to customers of both Toyota and Lexus.

The data breach has exposed a plethora of customer information, but fortunately, the hackers were not able to get access to customers’ financial details of customers as they are not stored in the same hacked servers. Nonetheless, the car company has not confirmed what type of data was stolen by the hackers either.

“We apologize to everyone who has been using Toyota and Lexus vehicles for the great concern,” a Toyota spokesperson said in a message to reporters.

“We take this situation seriously, and will thoroughly implement information security measures at dealers and the entire Toyota Group.”

A SERIES OF GLOBAL ATTACK?

The company has announced a similar incident in late February affecting their Australian branch. The first attack was known to be more disruptive than the Japan attack because it was able to bring down Toyota Australia’s ability to handle sales and deliver new cars, freezing their operations. The Australia cyber attack was attributed to a group of hackers known as the APT32 (OceanLotus), a cyber espionage organization based in Vietnam and is known to have targeted other companies in the automotive industry in the past.

“Toyota Australia can confirm it has been the victim of an attempted cyber attack. At this stage, we believe no private employee or customer data has been accessed,” Toyota Australia said in a press release regarding the cyber attack.

Tech and cybersecurity experts suggest that APT32 hackers might have hacked Toyota’s Australian branch in order to infiltrate Toyota’s more secure central network in Japan. Nonetheless, the world leader in automotive production has never confirmed any of the theories surrounding the attacks nor have they attributed them to APT32 hackers.

Nonetheless, the car company did say that it would start an internal audit of its IT systems following the attack on its Australian branch, and the infiltration of Toyota Japan only makes the APT32 theories stronger.

Furthermore, a few hours after the announcement of the data breach and cyber attack that happened in Toyota Japan, Toyota Vietnam has also announced a similar cyber security attack without any details about the incident.

No official confirmation has since been made by the car manufacturer if the cyber attacks that happened in three of its global branches were connected or if they were isolated incidents in terrible coincidence.

A consumer tech and cybersecurity journalist who does content marketing while daydreaming about having unlimited coffee for life and getting a pet llama.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

This Apple Patent Secures 360-Degree Rotatable Camera For Its Watch Series

Published

on

Photo by Luke Chesser on Unsplash

The U.S. Patent and Trademark Office granted a patent for Apple that allows it to include a rotatable camera on its Apple Watch products—a revolutionary innovation to the smartwatch market.

Other brands have teased about introducing a built-in camera on their smartwatches before. However, that entails maneuvering the user’s wrist in a challenging position — proving that the technology is far from ready for launch.

Apple secured a patent that would solve the problem. The Apple Watch patent comes along with 63 newly granted patents for Apple Inc.

Apple Watch Rotatable Camera
Source: 9to5mac

The new patent opens the possibility of future Apple Watches with the ability to capture images and video via a rotatable, pull-out camera.

The patent describes the invention as similar to an extension of the Apple Watch band, where the built-in camera can be pulled out to expose and use it. Primarily, this will enable the Apple Watch user to avoid the tricky wrist-maneuvering.

“Such functionality can replace or at least meaningfully augment a user’s existing camera-enabled iPhone.”

Notably, cameras on smartwatches were initially introduced with similarities to the conventional smartphones where it is stationary on the screen. The patent describes it to have a pull-out functionality where a user can point towards the desired direction.

Furthermore, the built-in camera can even be rotated at a 360-degree angle. Meaning, a single camera can function both as a front and back camera, allowing Apple to save more space, as it is compacted on a very small device.

As described, the camera is placed on the tip of an extendable band where “an optical sensor [is] attached to or integrated within the distal end portion of the camera watch band […] and a data connection between the optical sensor and the watch body.”

The band, where the camera will be placed, is told to be flexible enough that users can manipulate it into any form via twisting and bending. A combination of a “malleable metal core” with “magnetorheological fluid,” and “mechanical links” will comprise the band to help maintain its form. This combination may also help prop the camera end to a fixed position such as bending towards the user to make FaceTime calls.

Users can take photos or record videos by pinching the camera watch band, asking Siri to do it, or by clicking on the Apple Watch screen.

2 Apple Watch with camera in band
Apple Watch Rotatable Camera
Source: Patently Apple

The latest report comes along with Apple’s plans of marketing the Apple Watch Series, as a more independent device from the rest of the company’s products such as an iPhone.

“A smartwatch with the capability of capturing images or videos may enable a user to forego carrying a smartphone when doing some activities, especially activities or environments where it would be difficult to take a smartphone (e.g., hiking, running, swimming, surfing, snowboarding, and any number of other situations),” says in its patent report.

Furthermore, Apple recently announced in its Worldwide Developer Conference that the Apple Watch is getting its own App Store with its own set of dedicated applications mainly focused on its Health functionalities.

Notably, the recent release remains to be a patent. There is no guarantee when we’re exactly going to see the built-in camera function in the Apple Watch or if we are ever going to witness it (at all).

It could yield similar results to Apple’s infamous AirPower—a wireless charging pad that can simultaneously power three devices without the need to place it in specific areas to work. The product never went into production as it proved to be challenging after all.

The future still holds the answer whether or not Apple will be able to make the camera feature with up-to-par quality. Questions regarding the camera’s quality, its strength, and durability of the camera band remain as a mystery.

On the other hand, if Apple does decide to push through with the invention and follow Apple’s standard with product quality, it could easily win over the current market, which is already dominating.

As of 2018, Apple’s Apple Watch Series still takes first place on the market for smartwatches with a total of 51% global market share. It is selling like hot pancakes as Apple’s shipments increased by 1.4 million units compared to the same quarter in the previous year, for a total of 9.2 million units shipped in Q4 2018.

Continue Reading

Politics

‘Youtube’ Removes ‘Project Veritas’ Leak Exposing The Bias Of ‘Google’ Against Trump

Is Google the only one who can prevent a “next Trump situation?” A Google exec thinks so.

Published

on

Jen Gennai said that Google is the only one that can stop Trump victory. Photo: Carlos Luna | Flickr | CC BY 2.0

As the election season approaches, Google’s video-streaming service, Youtube, took down a video that exposed the California-based technological superpower of being politically biased against the President and his bid for the next election.

The video, which has since been removed from the platform by Youtube, shows a senior employee at the company appearing to admit that the company plans to interfere in the next presidential election to stop Donald Trump.

The video is part of the Project Veritas, that has exposed numerous scandals corruption, dishonesty, self-dealing, waste, fraud, and other misconduct by private individuals, corporations, politicians and government agencies. It was founded by James O’Keefe and claimed that it aims to “further the common good and general welfare of the citizens of the United States by conducting investigations into waste, fraud, abuse, corruption, dishonesty, self-dealing and other misconduct for the purpose of educating the public, stakeholders, policymakers, and communities in order to create a more ethical and transparent society.”

Only Google can prevent “next Trump situation”

The said video is still available in the Project Veritas website and featured undercover footage of a top Google employee, Jen Gennai, who preaches that the company, Google, should not be broken up because they still need to stop the reelection of the President and only they can prevent “next Trump situation.”

“Elizabeth Warren is saying we should break up Google. And like, I love her but she’s very misguided, like that will not make it better it will make it worse, because all these smaller companies who don’t have the same resources that we do will be charged with preventing the next Trump situation, it’s like a small company cannot do that,” the video revealed appearing to be said by Gennai.

In the same video, Gennai appears also to declare that Trump’s victory in the 2016 elections “screwed us (Google).”

“We all got screwed over in 2016; again it wasn’t just us, it was, the people got screwed over, the news media got screwed over, like, everybody got screwed over, so we’re rapidly like, happened there and how do we prevent it from happening again,” she added.

“We’re also training our algorithms, like, if 2016 happened again, would we have, would the outcome be different?”

They need to change the law to force Google to change

Gennai is also strong in its stance that government pressure and intervention could not force Google to change its ways. She said that if the lawmakers want to change how Google behaves, they have to change the law.

“We got called in front of Congress multiple times, so we’ve not shown up because we know that they’re just going to attack us. We’re not going to change our; we’re not going to change our mind. There’s no use sitting there being attacked over something we know we’re not going to change. They can pressure us, but we’re not changing. But we also have to be aware of what they’re doing and what they’re accusing us of,” she said in the video.

Gennai works on “responsible innovation” in the Global Affairs division of Google — the same division run by Kent Walker, the Google VP who has declared his intention to make the populist-nationalist movement represented by Donald Trump a “blip” or “hiccup” in history, which he said, “bends towards progress.”

This rhetoric coincides and corroborated earlier leaks that exposed other top managers and officials from Google to have made similar statements involving the same sentiments.

Similar sentiments from other Google execs

Earlier this year, a Google engineer, Mike Wacker, published an email showing an official from the tech superpower telling his subordinates that the Trump election victory motivated the company’s stand on fake news.

“Also, I posted a comment on a meme regarding fake news on Search, and someone reported it to [Human Resources]. I didn’t say I was in favor or against, just cautioned that we need to be car[e]ful. My manager brought it up in our 1:1 last week. Made me feel very uncomfortable for having an opposing view. He said we need to stop hate [speech] and fake news because that’s how Trump won the election,” Wacker wrote in his post.

“I obviously didn’t say anything and just wanted it to end. I [redacted] would like to see all managers be required to take political bias training.”

Continue Reading

Technology

‘Operation Soft Cell’ Linked To State-Sponsored Chinese Hacking Group

Operation Soft Cell has been operating since 2012.

Published

on

The operation is called Operation Soft Cell. Photo: The Preiser Project | Flickr | CC BY 2.0

A Chinese-linked operation has been found to be stealing sensitive call data, including identifiable information by breaching into telecommunication network in order to gain espionage intelligence on high-value targets, a report reveals.

The operation, called Operation Soft Cell, was discovered by the cybersecurity research firm Cybereason and was said to have been operating since 2012 – which makes a total of seven years of hacking into telecom systems and networks from different countries around the world. Furthermore, researchers have also found evidence that the operations have been attacking cell networks a few years before 2012.

A state-sponsored operation

Researchers have linked the operation to a China-based hacking group APT10 as the tools, and TTPs used in the attacks are commonly associated with the Chinese threat actor. They also believed that the said attacks are state-sponsored and highly coordinated.

“We’ve concluded with a high level of certainty that the threat actor is affiliated with China and is likely state-sponsored. The tools and techniques used throughout these attacks are consistent with several Chinese threat actors, specifically with APT10, a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS),” the researchers said in the report.

The attacks, as per the tech experts, were aimed to obtain CDR records of a large telecommunications provider. The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.

Modifying attacks wave after wave to prevent being linked

And the attackers have been evolving, changing their techniques now and then to prevent the attacks from being linked to each other.

“During the persistent attack, the attackers worked in waves- abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.”

The attack began with a web shell running on a vulnerable, publicly-facing server, from which the attackers gathered information about the network and propagated across the network. The hackers attempted to compromise critical assets, such as database servers, billing servers, and the active directory. As the malicious activity was detected and remediated against, the threat actor stopped the attack.

The threat actor changed activity every quarter. Photo: Cybereason

The second wave of the attack hit several months later with similar infiltration attempts, along with a modified version of the web shell and surveillance activities. This cycle is said to continue, with the attackers and white hats play a game of cat and mouse. Every time white hats corner the attackers, they stop and return with a modified attack a few more times in the next four months.

Espionage is the primary motivation

According to the researchers, they can pinpoint several motives behind this massive cyberspace intrusion. They said that as hacking operations become one of the newest frontiers of global power struggle, institutions that store a vast amount of data started to become the target. And telecommunication corporations became one of the most vulnerable sectors.

“Due to their wide availability and the fundamental service they bring, telecommunications providers have become critical infrastructure for the majority of world powers,” they wrote in the report.

“Threat actors, especially those at the level of nation state, are seeking opportunities to attack these organizations, conducting elaborate, advanced operations to gain leverage, seize strategic assets, and collect information. When successful, these attacks often have huge implications.”

Furthermore, the researchers said that when an attack as big as this and with state support, the motive is usually not financial but instead, they aim to collect data like intellectual property and sensitive information about their clients.

One of the most valuable pieces of data that telecommunications providers hold is Call Detail Records (CDRs). CDRs are a large subset of metadata that contains all details about calls, including Source, Destination, and Duration of a Call, Device Details, Physical Location, Device Vendor, and Version.

This information is invaluable for threat actors as they give them intimate knowledge of any individuals they wish to target on that network. Having this information becomes particularly valuable when nation-state threat actors are targeting foreign intelligence agents, politicians, opposition candidates in an election, or even law enforcement.

“Beyond targeting individual users, this attack is also alarming because of the threat posed by the control of a telecommunications provider. Telecommunications has become critical infrastructure for the majority of world powers. A threat actor with total access to a telecommunications provider, as is the case here, can attack however they want passively and also actively work to sabotage the network,” they added.

Continue Reading

Trending