Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable. PDoS attack bots scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access.
Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked.Read more
More bad news for toymaker Spiral Toys, which left customer data from its "CloudPets" brand exposed online. An internet-connected teddy bear that allows parents and kids to exchange heartfelt audio messages sounds like a great idea — until the parents' emails and passwords, as well as the message recordings themselves, are left exposed online to hackers.
That's what happened to an IoT teddy bear made by Spiral Toys. The company left a database containing customer data completely insecure. And as it turns out, the teddy bears themselves, part of the company's CloudPets brand, were insecure too, and could have been easily hacked.Read more
An analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic weaknesses that are common in IoT devices, raising questions about security implications for human safety.
The robotics industry has already seen significant growth in recent years and will only further accelerate. Robots are expected to serve in many roles, from assisting people in homes, stores and medical facilities, to manufacturing things in factories and even handling security and law enforcement tasks. The research involved analyzing the mobile applications, operating systems, firmware images and other software.Read more
As if you needed another reason not to put an internet-connected microphone in your child's bedroom. A California-based toy company selling "a message you can hug" reportedly exposed over 2 million voice messages recorded between parents and children to online hackers.
What's worse, the company was allegedly notified multiple times that additional customer data was online and available for anyone to grab — yet the data remained up for at least a week with evidence suggesting that it was stolen more than once. Products with names like "Talking Puppy" connect a child and relatives via the internet and allow them to send recorded voicemails back and forth.Read more
Usenix Enigma 2017 Hacking sensors isn’t as big an area of research as hacking operating systems and firmware, but the results of simple physical hacks can be far-reaching.
In a talk at Enigma 2017 researcher showed how active and passive sensors can be hacked by simple laser pointer or speakers set on just the right frequency. Passive sensors, like gyroscopes and magnetometers, simply measure their environment and report back. Active sensors, like radar and sonar, send out a signal and then take measurements on the return signal. Both are hackable relatively simply.Read more
A House bill was introduced Tuesday that could accelerate the federal government’s involvement in regulating automobile cybersecurity.
The Security and Privacy in Your Car Study Act of 2017 calls on the National Highway Traffic Safety Administration to lead a study of necessary security standards that could be included in a law governing cars built in the US or imported for sale. A similar SPY Car Act of 2015 introduced by Sen. Edward Markey was much more prescriptive of the NHTSA in securing electronic controls and driving data collected by vehicle systems. This week’s bill calls for the NHTSA to study the issue alongside the Federal Trade Commission.Read more
New research published this week could provide plenty of fresh fodder for Mirai, a malware strain that enslaves poorly-secured Internet of Things devices for use in powerful online attacks. Researchers in Austria have unearthed a pair of backdoor accounts in more than 80 different IP camera models made by Sony Corp.
Separately, Israeli security experts have discovered trivially exploitable weaknesses in nearly a half-million white-labeled IP camera models that are not currently sought out by Mirai. Austrian security firm SEC Consult said it found two apparent backdoor accounts in Sony IPELA Engine IP Cameras — devices mainly used by enterprises and authorities.Read more
Hundreds of thousands of Deutsche Telekom customers in Germany were hit on Sunday by network outages and a company executive blamed the disruptions on a failed hacking attempt to hijack consumer router devices for a wider internet attack.
Deutsche Telekom said as many as 900,000, or about 4.5 percent of its 20 million fixed-line customers, suffered internet outages starting on Sunday and continuing into Monday, when the number of affected users began to decline sharply. Deutsche Telekom's head of IT Security told that the outages appeared to be tied to a botched attempt to turn a sizeable number of customers' routers into a part of the Mirai botnet.Read more
Here’s an object lesson on the poor state of the so-called Internet of Things: Robert Stephens plugged a Wi-Fi-connected security camera into his network and it was compromised in… 98 seconds. Stephens, a tech industry veteran, wasn’t so naive as to do this without protecting himself.
It was walled off from the rest of the network and rate-limited so it couldn’t participate in any DDoS attacks. He monitored its traffic carefully, expecting to see — as others have — attempts to take over the device. But even the most jaded among us probably wouldn’t have guessed it would take less than two minutes.Read more
Just Imaging — What if, you enter into your home from a chilling weather outside, and the heating system fails to work because of a cyber attack, leaving you in the sense of panic? The same happened late last month when an attack knocks heating system offline in Finland.
Last week, a Distributed Denial of Service attack led to the disruption of the heating systems for at least two housing blocks in the city of Lappeenranta, literally leaving their residents in subzero weather. Both the apartments are managed by a company called Valtia, a facilities services company headquartered in Lappeenranta. Valtia CEO Simo Rounela confirmed that the central heating system and hot water system in both buildings had become a target of DDoS attacks.Read more