Another day, another Internet of Things security problem. This time Belkin, a company that’s been called out before for vulnerable home automation kit, has issued a firmware update that will prevent old school attacks on its WeMo kit that could have let malicious hackers haunt not just customers’ homes, but their Android smartphones too.
Whilst Belkin’s update addresses the issues, the hackers told it was possible to completely kill the update process on already-compromised devices, preventing any fix from ever being delivered. The first vulnerability uncovered by Tenaglia and Tanen was classed as a SQL injection bug, where they found they could inject data into databases used by WeMo devices.Read more
Apple has drastically scaled back its automotive ambitions, leading to hundreds of job cuts and a new direction that, for now, no longer includes building its own car.
Hundreds of members of the car team, which comprises about 1,000 people, have been reassigned, let go, or have left of their own volition in recent months, asking not to be identified because the moves aren’t public. New leadership of the initiative, known internally as Project Titan, has re-focused on developing an autonomous driving system that gives Apple flexibility to either partner with existing carmakers, or return to designing its own vehicle in the future.Read more
The Department of Homeland Security today formally announced its plan to develop a set of strategic principles for the Internet of Things, saying such a framework is necessary to protect the nation’s critical infrastructure from cyber threats.
In a brief talk at the Internet of Things Forum, Robert Silvers, the Assistant Secretary for Cyber Policy at the U.S. Department of Homeland Security, confirmed that the agency is developing a set of unifying principles to identify challenges and highlight practices for managing risk when it comes to IoT. Problems around IoT security have evolved into a public safety issue.Read more
In the years to come, 3D printing is going to be used for everything from helping create rocket engines to printing new heart valves. With those kind of high-stakes — and often highly-valuable–applications, it’s no wonder experts are concerned about the security risk posed by hackers.
One possible threat is explored in a new study by researchers at the University at Buffalo in New York entitled “My Smartphone Knows What You Print: Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers.” A team of computer scientists was able to use a regular smartphone’s built-in sensors to measure the electromagnetic energy and acoustic waves that emanate from a 3D printer.Read more
The Internet of Things is exactly as bad a security nightmare as pessimists think it is, according to Bitdefender's Bogdan Botezatu.
The senior threat analyst at the Romanian security software company called by to chat to Vulture South while in Australia (we were, I suspect, meant to discuss the company's 2017 launches, but conversation digressed from the start, and there's plenty of time between now and the end of the year). Experts have long been following the persistent awfulness of “SOHOpeless” broadband routers, but Botezatu says they've already been overtaken by the awfulness of other things.Read more
The very word automobile means self-moving. Through their history of more than a century, automobiles have evolved, increasingly taking over the driving process from humans. Many years ago, the car had to be started with a crank; such features as automatic transmission, cruise control, and automatic braking would come many years later.
And now we are witnessing the emergence of fully driverless, automated cars. From the hardware point of view, there is nothing particularly complex about such vehicles. The wheels, engine, steering wheel, brakes, and various servos are just about the same as those in ordinary cars.Read more
A new trojan named Mirai has surfaced, and it's targeting Linux servers and IoT devices, mainly DVRs, running Linux-based firmware, for the purpose of enslaving these systems as part of a large botnet used to launch DDoS attacks. Mirai is an evolution of an older trojan, also used for DDoS attacks.
Mirai's mode of operation is largely the same as Gafgyt, targeting IoT devices running Busybox, a slimmed-down version of select GNU tools and libraries, usually deployed on small embedded hardware. The trojan also targets only a specific set of platforms, on which IoT devices are usually built.Read more
Experts have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network. Researchers said that one particular device uses no encryption and weak default passwords, with no alerts issued to users to change them in the interests of security.
Internet of Things devices are products with network capabilities. While these now range from smartphones to fridges, the use of smart plugs is also on the rise. Smart outlets can be used to monitor energy usage, schedule devices to turn on and off at the user's convenience, and can be used to control gadgets including cameras, smart TVs and coffee makers.Read more
One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars.
This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case a thermostat.Read more
The national security agency is researching opportunities to collect foreign intelligence — including the possibility of exploiting internet-connected biomedical devices like pacemakers, according to a senior official.
“We’re looking at it sort of theoretically from a research point of view right now,” Richard Ledgett, the NSA’s deputy director, said at a conference on military technology at Washington’s Newseum. Biomedical devices could be a new source of information for the NSA’s data hoards — “maybe a niche kind of thing … a tool in the toolbox,” he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents.Read more