Showing only posts tagged Internet of Things. Show all posts.

IoT Devices in Password-Spraying Botnet

Source

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: “Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns …

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

Source

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here ). The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was …

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Source

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user …

Israel’s Pager Attacks and Supply Chain Vulnerabilities

Source

Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts have been warning about for years: Our international supply chains for computerized equipment leave us vulnerable. And we have …

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

Source

Enlarge (credit: Getty Images ) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices. The attacks target …

Hacking Wireless Bicycle Shifters

Source

This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack. Research paper. Another news story. Slashdot thread. [...]

Robot Dog Internet Jammer

Source

Supposedly the DHS has these : The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS’s Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border …

Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications

Source

This blog post introduces how manufacturers and smart appliance consumers can use Amazon Verified Permissions to centrally manage permissions and fine-grained authorizations. Developers can offer more intuitive, user-friendly experiences by designing interfaces that align with user personas and multi-tenancy authorization strategies, which can lead to higher user satisfaction and …

Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one

Source

Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security update patching four critical vulnerabilities discovered late last year. The vulnerabilities are found in four LG TV models that collectively comprise slightly more than 88,000 …

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

Source

It’s pretty devastating : Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard …

The Insecurity of Video Doorbells

Source

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible. First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. [...] Anyone who can physically access one of the doorbells …

On IoT Devices and Software Liability

Source

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway …

Linux devices are under attack by a never-before-seen worm

Source

Enlarge (credit: Getty Images) For the past year, previously unknown self-replicating malware has been compromising Linux devices around the world and installing cryptomining malware that takes unusual steps to conceal its inner workings, researchers said. The worm is a customized version of Mirai, the botnet malware that infects Linux-based …

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Source

Enlarge (credit: Aurich Lawson / Ars Technica ) Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday. Both of the vulnerabilities, which were previously unknown to their manufacturers and to …

Highlights from the New U.S. Cybersecurity Strategy

Source

The Biden administration today issued its vision for beefing up the nation’s collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House’s new national cybersecurity strategy also envisions a more active role …

New Report on IoT Security

Source

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and …

We can make our phones harder to hack but complete security is a pipe dream | John Naughton

Source

Even the latest iPhone scare won’t persuade us to choose safety over convenience Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented …

Using Radar to Read Body Language

Source

Yet another method of surveillance : Radar can detect you moving closer to a computer and entering its personal space. This might mean the computer can then choose to perform certain actions, like booting up the screen without requiring you to press a button. This kind of interaction already exists …

Using EM Waves to Detect Malware

Source

I don’t even know what I think about this. Researchers have developed a malware detection system that uses EM waves: “ Obfuscation Revealed: Leveraging Electromagnetic Signals for Obfuscated Malware Classification.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity …

page 1 | older articles »