During the past five years, electric cars have made an incredible journey, from seeming a bit futuristic and impractical to being something that you want to own. With prices having decreased significantly, the number of electric cars sold hit 2 million by the beginning of 2017, and it is still growing.
The infrastructure for electric cars is developing rapidly, so charging stations in your neighborhood don’t look so odd anymore, either. But, as usually happens with a rapidly developing economic opportunity, manufacturers are jumping into the competition, trying to get as big a piece of the market as they can, and not thinking too hard about what happens next.Read more
Tens of thousands of MikroTik and Ubiquiti routers are currently available online, featuring alarmistic hostnames such as "HACKED FTP server," "HACKED-ROUTER-HELP-SOS-WAS-MFWORM-INFECTED," or "HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD."
In reality, these devices have not been hacked, just defaced, and appear to be the subject of some prank of vigilante's actions. Attackers aren't taking over devices, but merely changing the devices' names, as a warning for device owners, hoping that users will take action and secure their routers. Spotted by Ankit Anubhav, these benign hacks have been going on since last summer.Read more
Allow us to draw your attention to a new document, published by the European Networks and Information Security Agency, called “Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures.”
It’s worth noting not only because our experts contributed to it, but also because it addresses one of the key issues repeatedly raised during the annual cybersecurity conference: the lack of universal cybersecurity standards for industrial automation, including information security standards for industrial Internet-of-Things devices. ENISA put forth recommendations, not requirements.Read more
We've seen many vulnerabilities in internet-of-things devices over the past several years, but the problems can also extend to their companion mobile applications and cloud services. If you're using Wink or Insteon hubs to control sensors, door locks, and other sensitive devices in your home, make sure you update to the latest versions of their Android applications and encrypt your phone.
Researchers from security firm Rapid7 analyzed the Android applications that people use to control their Wink Hub 2 and Insteon Hub devices and found that both of them store sensitive access credentials in plain text in their configuration files.Read more
Security researchers have unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 "Internet of things" devices and make them part of a destructive botnet.
The list of telnet-accessible devices, currently posted at this Pastebin address, was first posted in June, but it has been updated several times since then. It contains user names and passwords for 8,233 unique IP addresses, 2,174 of which were still running open telnet servers as of Friday morning, said Victor Gevers, chairman of the GDI Foundation, a Netherlands-based nonprofit that works to improve Internet security.Read more
A botched wireless update for a remotely accessible smart lock system has bricked hundreds of them. The locks suffered a “fatal error,” according to device’s manufacturer LockState, rendering them unable to locked. Customers are asked to either return impacted locks for repair, or request a replacement.
“We realize the impact that this issue may have on you and your business and we are deeply sorry. Every employee and resource at LockState is focused on resolving this for you as quickly as possible,” wrote Nolan Mondrow, CEO of LockState in an email sent to customers last week. More than 500 customers using model 6000i RemoteLocks are impacted.Read more
A bipartisan group of U.S. senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects - known in the tech industry as the "internet of things" - which experts have long warned poses a threat to global cyber security.
The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.Read more
Lucas Lundgren sat at his desk as he watched prison cell doors hundreds of miles away from him opening and closing. He could see the various commands floating across his screen in unencrypted plain text.
"I could even issue commands like, 'all cell blocks open'," he said in a phone call last week. Without being there, he couldn't know for sure if his actions would've had real-world consequences. "I'd probably only know by reading about it in the newspaper the next day," said Lundgren, a senior security consultant at IOActive. It's because those cell doors are controlled by a little-known but popular open-source messaging protocol known as MQTT.Read more
Your Roomba may be vacuuming up more than you think. High-end models of Roomba, iRobot’s robotic vacuum, collect data as they clean, identifying the locations of your walls and furniture.
This helps them avoid crashing into your couch, but it also creates a map of your home that iRobot is considering selling to Amazon, Apple or Google. Colin Angle, chief executive of iRobot, told that a deal could come in the next two years, though iRobot said in a statement on Tuesday: “We have not formed any plans to sell data.” In the hands of a company like Amazon, Apple or Google, that data could fuel new “smart” home products.Read more
The security woes of the internet of things stem from more than just connecting a bunch of cheap gadgets to a cruel and hacker-infested internet. Often dozens of different vendors run the same third-party code across an array of products.
That means a single bug can impact a startling number of disparate devices. Or, as one security company's researchers recently found, a vulnerability in a single internet-connected security camera can expose a flaw that leaves thousands of different models of device at risk. On Tuesday, the internet-of-things-focused security firm Senrio revealed a hackable flaw it's calling "Devil's Ivy."Read more