The national security agency is researching opportunities to collect foreign intelligence — including the possibility of exploiting internet-connected biomedical devices like pacemakers, according to a senior official.
“We’re looking at it sort of theoretically from a research point of view right now,” Richard Ledgett, the NSA’s deputy director, said at a conference on military technology at Washington’s Newseum. Biomedical devices could be a new source of information for the NSA’s data hoards — “maybe a niche kind of thing … a tool in the toolbox,” he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents.Read more
Owners of Fitbit's Aria internet-connected smart scales are being advised to install a firmware patch following the discovery of critical security flaws. Tavis Ormandy of Google's Project Zero was credited with finding the vulnerabilities in the Wi-Fi cyber-scales.
While Fitbit isn't providing specific details on the nature of the flaws, it says that, in general, "critical" issues are those which "if exploited could allow attacker-supplied code to gain unrestricted access and potentially go undetected by the customer." Fitbit is right now pushing out the critical patch, and folks are advised to update their Aria scale firmware as soon as possible to prevent attacks.Read more
Nest is coming under fire following an announcement that Revolv, a smart home startup it acquired two years ago, would be permanently shutting off its product starting May 15th.
The decision, announced in a quiet note on Revolv's website in February, has gone largely unnoticed and is expected to impact a very small number of consumers. However, it does raise serious questions about the longevity of smart home gadgets. The devices are often costly pieces of hardware made by small startups that may drop support at any point after being scooped up by a larger technology company.Read more
During a two-month hackathon, security researchers from Bitdefender found vulnerabilities in four new IoT devices, of which only one has been partially fixed after the developer was notified.
Researchers found the first issue in the WeMo Switch, an Internet-accessible switch that lets users turn electronic devices in their home on and off. This device was using an insecure communications channel between the switch and the smartphone app that features no authentication. Everything is transmitted in cleartext, except for the device's password, which is encrypted with an easily breakable algorithm, using an encryption key derived from the device's ID and its MAC address.Read more
Look around — we are living in the Internet of Things. In our day-to-day life, we encounter things connected to the Internet, starting with our home Wi-Fi routers and leading up to traffic light management systems and street security cameras.
Since they are connected, all of them can be found in two worlds — both in the real world and in the Web. And like there is Google to help you find the data you are looking for on the Internet, there are also special search engines that help you find these connected devices. Say hello to Shodan and Censys!Read more
One of the most popular children's toys for Christmas contained vulnerabilities that, if exploited, would have given out personal details about a child. The security flaw in Fisher-Price's Smart Toy Bear meant access to a child's name, date of birth and gender could have been easily accessed.
The researchers said the toy could also be hijacked to give a malicious actor control over account data and in-built functions. The bear, designed for three to eight-year-old children, was on Toys R Us' 2015 "Hot toy list." It is a teddy bear that can connect to the internet and offer personalised learning activities.Read more
Security researchers have discovered a glaring security hole that exposes the home network password of users of a Wi-Fi-enabled video doorbell. The issue underlines how default configurations of IoT components can introduce easy to exploit security holes.
The Ring allows punters to answer people knocking on your door from your mobile phone, even when you’re not at home. The kit acts as a CCTV camera, automatically activating if people approach your door, letting homeowners talk to visitors, delivery couriers and so on. There’s an optional feature that allows the kit to hook up to some smart door locks, so users can let guests into their home even when they aren’t in.Read more
Millions of embedded devices, including home routers, modems, IP cameras, VoIP phones, are shareing the same hard-coded SSH cryptographic keys or HTTPS server certificates that expose them to various types of malicious attacks.
A new analysis by IT security consultancy SEC Consult shows that the lazy manufacturers of the Internet of Things (IoTs) and Home Routers are reusing the same set of hard-coded cryptographic keys, leaving devices open to Hijacking. In simple words, this means that if you are able to access one device remotely, you can possibly log into hundreds of thousands of other devices – including the devices from different manufacturers.Read more
As a driver of technical innovation for a software company, a huge part of my job depends on forecasting how current tech trends will play out, merge, dissipate or expand.
Here are some of my predictions of what the world will look like in 2020. The notions of ownership will be revised. We’ve recently seen a huge rise in the sharing economy; not only can you stay in someone else’s house via Airbnb, but you can sail in someone else’s boat through Sailo, fly in someone else’s private plane via OpenAirplane and go snowboarding with someone’s else’s board via Spinlister. This is only the first wave.Read more
A year ago our colleague David Jacoby, a researcher at GReAT, successfully attempted to hack his own home and discovered a lot of curious things. David’s experiment inspired many employees around the world. Many employees decided to carry out the same research on their own homes.
To probe smart things for bugs, we chose several popular Internet of Things devices, such as Google Chromecast, an IP camera and a smart coffee machine and a home security system – all of which could be controlled by a smartphone or mobile app. The models and devices were chosen at random and was quite vendor agnostic.Read more