Skip to Content

Threat Sheet—Saturday, August 8, 2015

Welcome to the Cyber Saturday edition of Data Sheet! Fortune reporter Robert Hackett here, filling in for your regular host Heather Clancy.

This week I’m out in Las Vegas attending the Black Hat and Def Con security conferences, so I hope you’ll bear with the lighter newsletter today. Below: vehicular vandalism, insight into Facebook’s security ambitions, and gigantic, hack-proof flip phones.

Have feedback? Reach me on Twitter (@rhhackett) or via email robert.hackett@fortune.com. Or if you have a real juicy tip, let’s chat off-the-record through a messaging service like Cryptocat or Jabber. You can find me at rhhackett@jabber.ccc.de, fingerprint: F225E829 13846232 0709A43A 1ECB83D3 BDDFF6A7. (We can always use good old-fashioned PGP encryption, too.)

TOP INTELLIGENCE

Hackers, start your engines. One inescapable theme at this year’s Black Hat and Def Con hacker conferences was car hacking. At the former conference, two veteran security researchers revealed how they wirelessly took control of a Jeep Cherokee. At the latter, another set of researchers detailed how they hacked into a Tesla Model S. (Anecdotally, these seemed to be two of the most popular talks.)

Vehicular vandalism wasn’t just for the presenters though. Attendees were able to get in on the action, too. An interactive “car hacking village” offered a chance to bust open a handful of vehicles. I sat in the passenger seat of one such car while a man—who would only identify himself as “King Chrysler”—broke into its digital spinal chord, located behind the car’s central console. It was surprisingly easy.

Guess I’m glad I’ll be flying back home.

THREATS

How to stay safe at a hacker conference. Do not, I repeat, do not connect to public Wi-Fi.

EU proposes cybersecurity legislation. Many countries—not least among them Europe, China, Russia, and the U.S.—are working on bills that may affect tech companies.

ACCESS GRANTED

In a private briefing, Facebook’s recently appointed security chief Alex Stamos offered a select group a peek at how he plans to secure the social network—and the Internet beyond.

“Facebook’s corporate goal is to build a more open and connected world. My team’s job is to build a more open and connect world—comma—securely, which is implied by that but is not necessarily a part of it. You can connect people and do so in a way that makes them less safe, and we have to be very careful that we don’t do that.” Read more on Fortune.com.

ELEVATED PRIVILEGES

Cybersecurity firm Zscaler raised $100 million in a round led by TPG Growth.

Tesla poached Google’s head zero-day hunter Chris Evans, naming him the car company’s new security chief.

RECON

Microsoft boosts bug bounty payouts. Incentivizing hackers to cash in.

Google issues more Stagefright bug fixes. The company says the vulnerability isn’t as bad as it sounds.

FireEye outs bad iOS apps. Disguised malware will still your data.

Is there an Israeli cyber startup bubble? Maybe…

JPMorgan will speed up its security spending plan. The investment will double to $500 million this year.

Yahoo ads recently delivered malware to site visitors. The attack forced a site shutdown.

Russia may have hacked the Pentagon computers. More whispered cyberattack attributions.

TREATS

Bad music playlists. And the science behind them.

Crystal hunters. And the birth of mountaineering.

AI problems. Trap you in a neural net.

EXFIL

“I challenge you all to make my phone ring during my remarks.”

A provocation proffered by Department of Homeland Security deputy secretary Alejandro Mayorkas during his keynote speech at the Def Con conference on Friday. He brandished an ancient flip phone as a gag prop. (No one succeeded in making it ring.)