Apple iPhone a danger to China national security: state media

Chinese state media on Friday branded Apple Inc's (AAPL.O) iPhone a threat to national security because of the smartphone's ability to track and time-stamp user locations.
A report by broadcaster CCTV criticized the iPhone's "Frequent Locations" function for allowing users to be tracked and information about them revealed.
"This is extremely sensitive data," said a researcher interviewed by the broadcaster. If the data were accessed, it could reveal an entire country's economic situation and "even state secrets," the researcher said.
Apple was not available for immediate comment.
Apple has frequently come under fire from Chinese state media, which accused the company of providing user data to U.S. intelligence agencies and have called for 'severe punishment'. It has also been criticized for poor customer service.
The California-based company is not the only U.S. firm to suffer from Chinese media ire.
Google Inc (GOOGL.O) services have been disrupted in China for over a month, while the central government procurement office has banned new government computers from using Microsoft Corp's (MSFT.O) Windows 8 operating system.
Other U.S. hardware firms such as Cisco Systems Inc (CSCO.O) and IBM Corp (IBM.N) have experienced a backlash in China from what analysts and companies have termed the 'Snowden Effect', after U.S. spying revelations released last year by former U.S. National Security Agency contractor Edward Snowden.

Calling All Hackers: Help Us Build an Open Wireless Router

EFF is releasing an experimental hacker alpha release of wireless router software specifically designed to support secure, shareable Open Wireless networks. We will be officially launching the Open Wireless Router today at the HOPE X (Hackers on Planet Earth) conference in New York City, aiming to bring aboard members of the hacker community. This release is a work in progress and is intended only for developers and people willing to deal with the bleeding edge.
The software aims to do several things that existing routers don't do well—or don't do at all. We are beginning a journey that we hope will attract supporters and fellow travelers to help reach the following goals:1

• Allow small business and home users to easily enable an open network, so guests and passersby can get an Internet connection if they need one, while keeping a password-locked WPA2 network for themselves and their friends or coworkers.
• Let you share a bounded portion of your bandwidth on the open network, so guest users cannot slow down your Internet connection or use a large portion of your monthly quota.2
• Provide state-of-the-art network queuing, so most users can expect an improved Internet experience—especially with latency-sensitive applications—compared to what commonly available consumer grade routers are delivering today.
• Offer a minimalist, secure, and elegant Web user interface to set up and configure the router. Advanced, non-minimalist administrative options are accessible by SSH.
• Advance the state of the art in consumer Wi-Fi router security and begin turning back the growing tide of attacks against them. Most or all existing router software is full of XSS and CSRF vulnerabilities, and we want to change that.
• Include a secure software auto-update mechanism. In addition to using HTTPS, firmware signatures and metadata are fetched via Tor to make targeted update attacks very difficult.

We are offering this hacker alpha release to engage enthusiastic technical users who would like to help us test, develop, improve, and harden the Open Wireless Router. Currently the software runs on one specific model of hardware (the Netgear WNDR3800) and is based on the CeroWRT project. If you have a WNDR3800 router, you can get the developer preview image here and learn how to flash it here. If you'd like to hack on the code base, you can find code and instructions on building it at Github.
This Open Wireless Router prototype is made possible by the generous contribution of project resources and developers from ThoughtWorks, which came about through their exemplary social impact program. We are also very grateful for assistance from Dave Täht of CeroWRT and the Wi-Fi router hackers at Independent Security Evaluators (ISE).

Japan Struggles to Improve Cybersecurity for 2020 Olympics

The World Cup wrapped up last week, drawing to a close both global attention and cybercrime activity associated with the international soccer tournament. Though protests via DDoS attacks and data breaches certainly plagued the event, it was carried off without major hitches. As the World Cup winds down and Brazil prepares for its Olympics, the eyes of sports fans and cybersecurity experts alike turn to another upcoming international sporting event, the 2020 Olympic Games to be held in Tokyo.
Japan, known for being ahead of the technological curve, is already in the throes of preparation for the prestigious event. Despite its technological expertise, Japan is not necessarily on the cutting edge of cybersecurity. A recent flurry of incidents in Japan have shown this -- from the circulation of banking malware to open statements by the Government. Will Japan be prepared for the cybersecurity risks that come along with large international events like the Olympics?
Japan Hit Hard in 2014
So far this year, Japan has seen quite a few cyber-attacks. The banking sector in particular has suffered at the hands of a financial malware that circulated the country. The malware family VAWTRAK, which took advantage of a Microsoft vulnerability to block anti-virus software, spread across Japan earlier this year.
Between that malware, ZeuS, and others, huge financial losses were reported in Japan. The Japanese National Police Agency reported 1.417 billion yen were stolen via financial malware between January and May this year. That is more than was lost in the whole of 2013.
Similarly, The Japanese Bankers Association reported 21 individual cases of banking malware in the first quarter of 2014. There were a total of 14 in 2013. Trend Micro Labs reported that Japan was the second most affected by financial malware in the first quarter of 2014, surpassed only by the US.
Another malware was recently discovered in some of Japan’s most popular pornographic websites. The malware exploits a Java vulnerability in order to steal personal and banking information. A variety of this malware has also been adapted for form-grabbing, which allows hackers access to all data entered into forms on infected computers. This malware has been discovered on 87 websites thus far.
Mt. Gox Fiasco
Amid the banking malware came the collapse of Mt. Gox, one of the most important Bitcoin trading platforms, which was based in Japan. Mt. Gox announced its bankruptcy after it had lost over half a billion dollars worth of Bitcoins due to hacking.
This has led the Japanese government to consider regulation of the crypto-currency, considering the huge financial loss caused by the bankruptcy of Mt. Gox. In an attempt to save Bitcoin in Japan, a sino-american partnership is hoping to buy up what is left of Mt. Gox. Regardless, the damage is done, and the money lost.
Preparation for 2020
Cognisant of the impending cybercrime influx, Tokyo is already preparing cybersecurity for the Olympic Games. It has been reported that the London Olympics website was attacked over 200 million times. The Japanese government has already made moves to improve its cybersecurity. A cybersecurity policy council is to be set up next year in the lead-up to the games.
Japanese government officials have admitted that Japan lacks in the domain of cybersecurity. However, concrete preparations have already begun. In March of this year, the Japanese government held a cybersecurity drill in many of its agencies. White-hat hackers were hired to attempt to penetrate the government’s networks.
The responsibility of cybersecurity is held by four agencies, including the National Police Agency. Tokyo has also stated it will increase cooperation and coordination between these agencies in order to improve security over-all.
In May, Japanese Prime Minister Shinzo Abe met with EU leaders to discuss a potential cybersecurity partnership, among other things. Dialogue between the two would certainly aid Japan in preparation for the Olympics. An agreement was reached, aiming to facilitate exchange of expertise and knowledge of cybersecurity practices.
Private Efforts
As previously noted by HackSurfer, DDoS (Distributed Denial of Service) attacks are the primary problems with which international sporting events must struggle. HackSurfer had the opportunity to speak with one of the largest Japanese ISPs, Sakura Internet, which has developed a way of dealing with such attacks quickly and effectively.
They are using big data in order to filter out malicious traffic in real time. Their servers send sample traffic to their databases, which profiles the traffic and is able to distinguish the malicious from the legitimate. They are essentially able to stop many DDoS attacks in their tracks. In April of this year, they were able to mitigate 40 of 60 attacks, quickly restoring service to the victims.
DDoS attacks are frequently able to overwhelm servers before they are recognized as attacks. According to Tamihiro Yuzawa, network engineer at Sakura Internet, “In most cases, it takes less than 10 seconds for the attack traffic to grow over gigabits per second.” This solution is often able to neutralize a DDoS attack before it reaches such volumes. Some attacks have been stopped within 20 seconds.
Looking to 2020
Solutions like those developed by Sakura as well as other private sector efforts are certain to be in high demand when the Olympics finally make their way to Tokyo. It is clear Japan has a long way to go before it is ready to face the cybersecurity challenges of The Olympic Games. Its financial sector has been a major victim this year, and cybercrime is on the rise.
However, with six years to prepare, Japan has time to beef up security. With preparations already in full swing and a blossoming cybersecurity partnership with the EU, hopefully Japan will be up to the challenge.

Students hack Tesla Model S, make all its doors pop open IN MOTION

Zhejiang University students have hacked the Tesla Model S with an attack that enabled them to open its doors and sun roof, switch on the headlights and sound the horn - all while the car was driving along.
The hack was part of a competition at the annual Syscan conference in Beijing, where a prize of $US10,000 was offered to anyone who could pop the smartcar's doors and engine.

Tesla welcomed but did not officially support the competition and said it would investigate any exploits developed against the Model S.
An entrant named team 'yo' exploited an unspecified flaw in the flow design of the car gaining access to the Model S allowing them to alter the car functions while it was in motion.

Tesla hacking at Syscan

Security company Qihoo 360, which sponsored the competition, said on a Weibo social media post it would publish more details of the hack in due course.
Tesla said in a statement it supported "the idea of providing an environment in which responsible security researchers can help identify potential vulnerabilities" and hoped "security researchers will act responsibly and in good faith".
Billionaire Tesla head Elon Musk announced last month its patents would be 'open source' to promote the adoption of electric cars.