#replayattack

Sergei Vasilevskyidmcissp@infosec.exchange
2024-06-11

Is it just me, or is the definition of “replay resistant” MFA a little too loose in the PCI 4.0.1 docs-prv.pcisecuritystandards. publication?
#mfa #pci #pcidss #replayattack

Todd A. Jacobs | Pragmatic Cybersecuritytodd_a_jacobs@infosec.exchange
2024-01-04

I'm a huge fan of #biometrics as part of secure #authentication and #authorization, but the dirty little secret no one is talking about (yet) is that the source of compromised #biometricdata can't be changed or replaced. If your system's #secureenclave or #HSM gives up the goods, you can't change your face, fingerprint, or retinal pattern. Such systems need additional safeguards to avoid the biometric version of a #replayattack, ensuring that re-enrollment results in new set of #quantumresistant cryptographic values.

venturebeat.com/security/the-p

Stephan Altmannsalty@chaos.social
2022-12-29
2021-08-30

Hacker Claims Honda and Acura Vehicles Vulnerable to Simple Replay Attack

Keyless entry has become a standard feature on virtually all cars, where once it was a luxury option. However, it's also changed the way that thieves approach the process of breaking into a car. After recent research, [HackingIntoYourHeart] claims that many modern Honda and Acura vehicles can be accessed with a simple replay attack using cheap hardware.

It's a bold claim, and one that we'd love to see confirmed by a third party. The crux of the allegations are that simply recording signals from a Honda or Acura keyfob is enough to compromise the vehicle. Reportedly, no rolling code system is implemented and commands can easily be replayed.

Given these commands control features like unlocking the doors, opening the trunk, and even remote starting the vehicle, it's a concerning situation. However, it's also somewhat surprising. Rolling code technology has been around for decades, and makes basic replay attacks more difficult. Range extender attacks that target keyfobs sitting inside homes or gas stations are more common these days.

Whether Honda has made a security faux pas, or if there's something more at play here, remains to be seen. If you've got more information, or have been able to recreate the same hack on your own Honda, be sure to let us know.

#carhacks #acura #honda #keyfob #replayattack #rollingcode

image
2020-03-09

99% of compromised Microsoft enterprise accounts lack MFA - Cybercriminals compromise over a million Microsoft enterprise accounts each month as too few custo... more: nakedsecurity.sophos.com/2020/ #multi-factorauthentication #two-factorauthentication #2-factorauthentication #securitythreats #passwordreuse #replayattack #microsoft #office365 #privacy #windows #2fa #mfa

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst