Hackers Steal Your Car and Vulnerabilities – Rob Allen – PSW #889

Paul Asadoorian

1. Start hacking Bluetooth Low Energy today! (part 2)
2. Release 1.1.0 · evilsocket/legba
3. GitHub – chompie1337/PhrackCTF: Binary Exploitation Phrack CTF Challenge
4. Intel and Trump Administration Reach Historic Agreement to Accelerate American Technology and Manufacturing Leadership
5. Nearly 2,000 Malicious IPs Probe Microsoft Remote Desktop in Single-Day Surge
6. First known AI-powered ransomware uncovered by ESET Research

   "The PromptLock malware uses the gpt-oss-20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes. PromptLock leverages Lua scripts generated from hard-coded prompts to enumerate the local filesystem, inspect target files, exfiltrate selected data, and perform encryption,"

7. Hacking the TP-LINK Tapo C100 Camera
8. Tracking malicious code execution in Python
9. Countering EDRs With The Backing Of Protected Process Light (PPL)
10. Silent Harvest: Extracting Windows Secrets Under the Radar
11. Ghost-Tapping and the Chinese Cybercriminal Retail Fraud Ecosystem
12. Start hacking Bluetooth Low Energy today! (part 1)
13. Technical Advisory: Espressif Systems – ESP32 BluFi Reference Application Vulnerabilities

    Due to bugs in the patch Espressif issues a CVE afterall. Not entirely certain why this wasn't done in the first place. If there is a security vulnerability in software, it must geta CVE! And other such lies and dreams

14. Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars

    There are so many questions and answers. The answers change. Then we have more questions. Some further thoughts:

    • I believe the first myth is that attackers can start the car, which is not true.
    • The attacks allow attackers to unlock a car (however, vehicles without immobilizers, e.g., Kia, can be started using previously documented techniques).
    • In search of more information, I read the recent post from the Flipper folks: https://blog.flipper.net/can-flipper-zero-steal-your-car/
    • Even more interesting is the comment at the end, which references this 2022 academic paper: "RollBack: A New Time-Agnostic Replay Attack Against the Automotive Remote Keyless Entry Systems" (https://arxiv.org/pdf/2210.11923)
    • It's a great read and explains much of the background.

    Here's a summary for some talking points (this was generated with AI, ONLY for talking points, it may not be entirely accurate, you should read the blogs and papers linked above!):

    • Historical Evolution The paper traces automotive security from no keys at all (1886-1949) through physical keys, RFID immobilizers, static-code RKE systems, rolling codes, to modern passive keyless entry systems.

    Major Attack Categories

    • RollJam (2015) - The game-changer that defeated rolling codes through clever jamming and timing, but required continuous monitoring and precise execution.
    • RollBack (2022) - The new attack that overcomes RollJam's limitations by being "time-agnostic" - capture signals once, use them forever. It exploits a resynchronization mechanism in RKE systems.

    Key Differences Between Attacks

    • Persistence: RollBack captured signals work indefinitely vs. RollJam's temporary validity
    • Complexity: RollBack requires only initial capture vs. RollJam's continuous monitoring
    • Detection: RollBack can work passively vs. RollJam's detectable jamming
    • Variants: RollBack has 4 variants requiring different numbers of signals (2-5) and timing constraints

    And the Flipper? Is it a new attack?

    • The Key Difference: Unlike RollJam/RollBack attacks that require multiple signal captures and complex timing, Flipper Zero attacks need only "capturing a single unlock signal" to "repeatedly lock, unlock and open the trunk of the target car" Millions of cars at risk from Flipper Zero key fob hack, experts warn. The attack works by reverse-engineering rolling code algorithms. This approach "uses the real keyfob's information to reverse-engineer the algorithm with which the unique data is calculated" Hackers Can Use The Flipper Zero To Unlock Cars, But The Device Itself Isn't The Problem - Jalopnik rather than simply replaying captured signals.
15. BitUnlocker: Leveraging Windows Recovery to Extract BitLocker Secrets

    Great to see Alon is at Microsoft! Lots of technical detail here, but here's the defender take away:

    • Patch Yo' Stuff: July 2025 Patch Tuesday: All vulnerabilities listed above were patched (CVE-2025-48800, CVE-2025-48003, CVE-2025-48804, CVE-2025-48818).1
    • Recommendations: To enhance BitLocker security, enable TPM+PIN for pre-boot authentication and deploy the REVISE mitigation to prevent downgrade attacks via enforced secure versioning on boot components.

    Alon presented Downgrade at BH USA last year, amazing research, we will likely see it in the wild at some point when attackers need it (unless Alon and Microsoft have fixed it since then).

16. When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)

    Repeat after me: Containers are not a security boundary. Hence the research in this article:

    • Connect to hxxp://192.168.65.7:2375/ without authentication
    • Create and start a privileged container
    • Mount the host C: drive into that container
    • Gain full access on the Windows host
17. Anubis.

    "I’ve started running into more sites recently that deploy Anubis, a sort of hybrid art project slash network countermeasure. The project “weighs the souls” of HTTP requests to help protect the web from AI crawlers." - So if you are like Travis, you don't have a soul if you get content from a website without using a web browser. The Anubis bug has been fixed, but the battle for and against AI bots continues.

18. Weaponizing image scaling against production AI systems

    Image scaling attacks exploit downscaling algorithms in AI systems, allowing attackers to craft images that hide malicious prompt injections visible only after image resizing, enabling data exfiltration and unauthorized actions in multi-modal environments like Google Gemini CLI, Vertex AI, and more.

19. Data Is a Dish Best Served Fresh: “In the Wild” Versus Active Exploitation

    Corey makes interesting points in this article: "Just because something was once observed “In the Wild” doesn’t mean that it’s happening right at this moment. A hard-to-exploit race condition that requires a lot of time and effort might be “In the Wild,” but that doesn’t require the same urgency to fix as something an actor is actively exploiting today. However, if attackers are currently up to no good using software with bugs that you know you possess, then you have a big problem – one that is urgent enough to risk a temporary lack of business continuity to solve." - I'd argue that attackers only have to figure out how to exploit something complex once, then it becomes a commodity. Sure there may be some tuning along the way, but attackers thrive on what works, and it doesn't matter where it comes from. They are not developing everything on their own; different groups are buying/selling/trading exploits and tools. I'm still a big fan of patching, patching often, and patching again.

20. ReVault Flaw Exposed Millions of Dell Laptops

    Why this is significant, from Phillepe, the researcher who discovered it: "If it's a malicious user, you can send malicious commands, or exploit bugs that are running in the firmware that will corrupt memory inside and allow code execution on the chip. You can run your own code. From there, you can retrieve the secret keys that are stored in the chip that are unique to each device. That board could then be compromised, and from there, attackers could permanently change the firmware running on the chip. You could reinstall Windows but it would still be modified. Then, you can send malicious command back to Windows, which would compromise things running with the highest privileges on Windows. I have a cute little demo, where you can make it think that any finger that touches the fingerprint reader is totally the right user, and it logs you in."

21. GitHub – geo-tp/ESP32-Bus-Pirate: A Hardware Hacking Tool with Web-Based CLI That Speaks Every Protocol

    Need to try this. Some of the required cables required a little research for me to find. I believe, for example, you need this one: https://www.digikey.com/en/products/detail/adafruit-industries-llc/3955/9745250?gclsrc=aw.ds&gadsource=1&gadcampaignid=20243136172&gbraid=0AAAAADrbLlgbm6Wlk77qxy4BhMhHjjQ-3&gclid=CjwKCAjw2brFBhBOEiwAVJX5GCExpjTdnJQEE0wzsXUlQKG1U3DbuYVuweWM64GOzHdqzNjs8ZvfnRoC9iQQAvD_BwE - to enable the UART via the JST connector on a T-Embed CC1101.

22. Speedrunning the New York Subway

    Math is fun, and we have a new record! I swear I read in one of the hacker books that early computers were used in the 1960s to do this, in either NYC or Boston, but could not find the reference. In any case, this is super neat.

23. Can AI weaponize new CVEs in under 15 minutes?

    Vulnerabilities and exploits are not all created equal. This research found a bunch of web bugs. While interesting, I think it shows that we are heading in a direction where certain types of vulnerabilities can be discovered and exploited using the AI tech we have today. Others will come later. Some will have to solved the old fashioned way. Though AI should be writing patches for them, as we've seen before. Then its just a race between AIs!

24. The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309)

    This may be the best post of 2025:

    • The commentary is accurate and entertaining
    • The memes are on point
    • The research is solid
    • The result is a public PoC (attackers were already exploiting this)

    Also, I need this in my life: "STAB is a universal in-memory kernel backdoor that we can inject into virtualized appliances, allowing us to universally jailbreak appliances and deploy EDR-tier capabilities onto the device itself to capture network, disk, and memory artefacts when exploitation occurs (the type of telemetry that vendors still haven’t given their customers ;-))."

25. How to Rob a Hotel

    I miss posts like this. I feel like I was transported back to the 90s hacking scene. As the author states: "No redacted payloads or blurred out scripts. Just me, the terminal, and the bare reality of what’s possible. Because if I’m teaching you how to think like a hacker, I won’t be hiding the good knives." - Love it!

Bill Swearingen

1. AI in your browser? Get prompt injected and your bank account drained by doomscrolling on reddit

   AI agents that can browse the Web and perform tasks on your behalf have incredible potential but also introduce new security risks.

   We recently found, and disclosed, a concerning flaw in Perplexity's Comet browser that put users' accounts and other sensitive info in danger.

2. Microsoft can’t guarantee data sovereignty – OVHcloud says ‘We told you so’

   European cloud provider OVHcloud has long warned about the risks of relying on foreign tech giants for critical infrastructure – especially when it comes to data sovereignty.

   Those warnings seemed to gain fresh credibility in June, when Microsoft admitted it could not guarantee that customer data would remain protected from US government access requests.

3. Reverse Engineering ALL the Raspberry Pis

   I'm releasing all the Lumafield scans of the modern Raspberry Pi lineup (excluding the larger keyboard form factor Pis, like the Pi 400 and Pi 500... maybe I can get to those too, someday).

4. omg Eyecam is gross

   Someone buy this for paul

5. Make your own ASCII Art

   It is like pixlr, but for ASCII. Does that even make sense?

6. The “Wow!” Signal Was Likely From An Extraterrestrial Source, And More Powerful Than We Thought

   A new study has re-examined the famous "Wow!" signal, finding that it likely has an extraterrestrial origin after all, and may have been even more intense than previously believed.

7. Building the Mouse Logitech Won’t Make

   My absolute favorite mouse is the MX Ergo from Logitech. There are 3 main areas where the sheen of perfection wears off:

   • It uses a micro-USB port to charge.
   • The switches are a little loud and clicky.
   • The software is bloated.

Jeff Man

1. Verizon 2025 Data Breach Investigations Report

   The latest and greatest information on how we're succeeding and failing at securing all the things.

2. Cost of a Data Breach Report 2025: The AI Oversight Gap

   Not to be outdone, IBM teamed up with the Ponemon Institute to produce their own breach report.

3. Ten Key Insights from IBM’s Cost of a Data Breach Report 2025

   tl;dr - here's a summary of the IBM report.

4. Farmers Insurance reports data breach affecting over 1 million customers

   "Insurer says a third-party vendor's database was accessed". Of course it was. They also claim it was not a cyberattack but merely unauthorized access to a customer database. Huh?

5. 74% of companies admit insecure code caused a security breach

   Data based on "analysis from SecureFlag" and apparently is supposed to spark a discussion over the merits of AI being used to take over some coding duties.

6. Secure Coding Training in UK Enterprises: C-Suite Survey Key Findings

   Here's the actual "analysis"... apparently it is about the merits of secure code training and why you should invest in developer training rather than (or before) you make the investment in AI to replace your coders.

7. Hackers steal data from Salesforce instances in widespread campaign

   Google researchers say the hackers abused a third-party tool in an attack spree designed to harvest credentials. Weren't we just talking about this last week???

Larry Pesce

1. Ryobi Battery Repair Guide
2. asset-group/Sni5Gect-5GNR-sniffing-and-exploitation: A 5G Sniffer and Downlink Injector Framework on steroids… And yes, Wireshark supported!!!
3. SignalsEverywhere Android Project Updates: Satellite Tracker, HackTV NTSC Transmitter, OBS To HackTV, PacketShare and More
4. BadCam attack: malicious firmware in “clean” webcams
5. Google previews cyber ‘disruption unit’ as U.S. government, industry weigh going heavier on offense
6. Sni5Gect: A Practical Approach to Inject aNRchy into 5G NR

Sam Bowne

1. We Put Agentic AI Browsers to the Test – They Clicked, They Paid, They Failed

   Agentic AI fully automates your online tasks, from shopping to handling emails. But security guardrails are missing or inconsistent, leaving the AI free to interact with phishing pages, fake shops, and even hidden malicious prompts, all without the human’s awareness or ability to intervene.

2. Phishing Emails Are Now Aimed at Users and AI Defenses

   The visible part of a phishing email tries to trick the human reader, and invisible text in a MIME section contains commands for the AI.

3. Nancy Mace Champions Cybersecurity Reform, Puts Skills Ahead Of Degrees

   The Cybersecurity Hiring Modernization Act is a bipartisan bill to eliminate unnecessary degree barriers and ensure federal agencies can hire the skilled cybersecurity professionals our country needs.

4. Weaponizing image scaling against production AI systems

   LLMs resize images before processing them. In this attack, a malicious large image contains commands that only appear after downscaling the image, which the LLM then executes.

5. When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)

   There was an unprotected docker API endpoint that allows code execution on the host. This has been fixed. This flaw also impacts Docker Desktop for MacOS.

6. DOM-based Extension Clickjacking: Your Password Manager Data at Risk

   A single click anywhere on a attacker controlled website could allow attackers to steal users' data (credit card details, personal data, login credentials including TOTP). The products are being fixed.

7. The Silent, Fileless Threat of VShell

   This Linux attack embeds code in a filename. The code is executed when automated backup or logging routines list filenames.

8. Evaluation: DOE-OIG-25-30

   The Department of Energy was audited for cybersecurity, finding that only 19 of 63 (30 percent) of recommendations from last year were implemented, and 79 new recommendations were made.

9. Humans intervened every 9 minutes in AAA test of driver assists

   AAA found that "notable events" were recorded by the data capture systems every 3.2 miles, or 9.1 minutes, on average. And 85 percent of those notable events required the driver to intervene. The most common event that required intervention was a car ahead cutting into the driver's lane. These occurred about once every 8.6 miles, or 24.4 minutes, with 90 percent requiring intervention by the driver. AAA found that the less-advanced systems that required a driver to keep their hands on the steering wheel experienced notable events at three times the frequency of hands-free systems.

10. Inside the Underground Trade of ‘Flipper Zero’ Tech to Break into Cars

    “Kia Boys will be Flipper Boys by 2026,” one person in the reverse engineering community said.

11. Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit

    The extension’s developer claimed to Koi Security that the background screenshot functionality is part of a “security scan” intended to detect threats. Yet, Koi Security found the tool indiscriminately captured data from safe and commonly used sites such as Google Sheets, banking portals, and photo galleries. The developer also claimed screenshots are not stored but merely analyzed by AI tools, yet offered no verifiable way to confirm this.

12. Malware-ridden apps made it into Google’s Play Store, scored 19 million downloads

    Many contained an updated version of the Anatsa banking trojan, with a keylogger for password collection, SMS interception capabilities, and anti-detection tools.

    The APK uses a corrupted archive to hide a file, which is deployed during runtime. This archive has invalid compression and encryption flags, making it hard for static analysis tools to detect. Since these tools depend on standard ZIP header checks in Java libraries, they fail to process the application. Despite this, the application will run on standard Android devices.

13. Google will block sideloading of unverified Android apps starting next year

    The company describes it like an "ID check at the airport." Since requiring all Google Play app developers to verify their identities in 2023, it has seen a precipitous drop in malware and fraud.

    Google plans to create a streamlined Android Developer Console, which devs will use if they plan to distribute apps outside of the Play Store. After verifying their identities, developers will have to register the package name and signing keys of their apps. Google won't check the content or functionality of the apps, though.

14. “ChatGPT killed my son”: Parents’ lawsuit describes suicide notes in chat logs

    OpenAI has admitted that its safeguards are less effective the longer a user is engaged with a chatbot. ChatGPT told Adam how to jailbreak the model. Adam asked ChatGPT for information on suicide--at first the chatbot provided crisis resources, but the chatbot explained those could be avoided if Adam claimed prompts were for "writing or world-building." From that point forward, Adam relied on the jailbreak as needed, telling ChatGPT he was just "building a character" to get help planning his own death.

15. DOGE Put Critical Social Security Data at Risk, Whistle-Blower Says

    DOGE team members uploaded a database with the personal information of hundreds of millions of Americans to a vulnerable cloud server. The database contains records of all Social Security numbers issued by the federal government. It includes individuals’ full names, addresses and birth dates, among other details that could be used to steal their identities, making it one of the nation’s most sensitive repositories of personal information.

16. The One Where We Just Steal The Vulnerabilities (CrushFTP CVE-2025-54309)

    Using a honeypot, they found a race-condition vulnerability, requiring specific POST requests to be sent 1000 or more times each rapidly. This results in the creation of a new administrative user.