Items tagged with IoT
Earlier this week, we reported on a rising trend of cybersecurity incidents worldwide, leading to the end of many businesses. Now, Microsoft is reporting that firmware attacks are also on the rise. Thus, Microsoft is working to help quell the problem in the future with new comprehensive investments into security. As Microsoft explains, “cybersecurity threats are always evolving,” in response to cybersecurity professionals evolving, which proves to be a vicious cycle. However, it appears that firmware attacks are “outpacing investments targeted at stopping them.” This is partly due to misdirected investments and is “exacerbated by a lack of awareness and a lack of...
Read more...
Internet of Things (IoT) devices are prevalent in our daily lives, from voice-control hubs to smart cooking devices. Millions of these types of devices exist in people's homes, and many could have been vulnerable to significant security flaws. Though the issues have been found and largely fixed, it is an important cybersecurity lesson that "history repeats itself." Today, Forescout published a research article detailing what they have called "NUMBER:JACK," a collection of nine vulnerabilities affecting TCP/IP stacks. In short, to make sure every TCP connection is unique and cannot be interfered with, a random number is generated, called an Initial Sequence Number (ISN). If a TCP connection...
Read more...
If people trust their information with businesses tasked with keeping them safe, those companies should at least try to take security seriously. It seems that is not necessarily the case, as a flaw in an app created by Ring was exposing precise location data of customers who posted to the app, when it should have been hiding it. Ring is a smart doorbell and IoT company that created the Neighbors app in 2018, around the same time Amazon completed its acquisition of the company. The Neighbors app was something of a social app where Ring doorbell owners could anonymously share videos that show crime. Think along the lines of a digital neighborhood watch with video footage. Vulnerable Data On Neighbors...
Read more...
It seems getting hacked has become a near-daily occurrence that people should expect will happen at some point. Yesterday, people reported that Ubiquiti, a major vendor of internet of things (IoT) devices such as routers, security cameras, access points, and more, suffered a breach through a third-party cloud provider. The New York City-based company has now urged customers to change their passwords and enable multi-factor authentication as account information and credentials could be at risk. Both in an email and a forum post, Ubiquiti reported that they had “recently became aware of unauthorized access to certain of our information technology systems hosted by a third-party cloud provider.”...
Read more...
Smart home appliances and internet of things (IoT) devices are becoming part of daily life for many. You may even have one of these devices near you right now and it's likely connected to the internet in some way. While the product category may offer some innovative solutions, some products on the market currently fail horribly when it comes to security. UK publication Which? bought 11 different smart doorbells from Amazon and eBay and found that they all failed simple security tests. This means if you have one of these devices, you could be at risk for attacks from nefarious intruders. You would think (and would want) the thing securing your home to be secure over the network, but that just...
Read more...
Some people may say, “Don't talk to me until I have had my coffee,” but what if they could not have coffee because of a ransomware attack? According to a researcher at Avast, IoT devices, such as smart coffee makers, can be vulnerable to attacks. Security researcher Martin Hron remarks “firmware is a new software,” and that software can be exploited. Typically, smart IoT devices have firmware onboard that is used with an API, while users expect that not too much harm can come from the API and firmware. This is not the case, as Hron states “We used to trust that hardware, such as a common kitchen appliance, could be trusted and could not be easily altered without...
Read more...
Black Friday and Cyber Monday have come and gone, but the holiday season is still in full effect. There are lots of new Internet of Things (IoT) devices out there, and even more that will be given out as gifts. IoT devices cover a wide gamut of connected items that include just about anything that is internet-connected today, like thermostats, wearables, smart speakers, and even refrigerators. All of these IoT devices send and receive data and have the potential to open the door to hackers. The FBI is asking people who are bringing the devices into their homes if they know how the data the devices utilize is being collected and where the data is going. The FBI is urging everyone to protect themselves...
Read more...
When it comes to home Wi-Fi routers, the newest trend is the prevalence of mesh routers, which allows you to more evenly spread coverage thanks to the use of a base station and one or more satellites. In the recent weeks, we've seen new low-cost mesh routers like the Netgear Orbi Dual-Band and the Nest Wifi. The folks over at Brigham Young University, however, have developed a new software protocol that modifies Wi-Fi signals in order to greatly extend range. The protocol, which is called On-Off Noise Power Communication (ONPC), abandons that usual convention that speeds of at least 1Mbps are needed to maintain a Wi-Fi signal. With ONPC, speeds of just 1 bit per second are sufficient...
Read more...
Internet of Things (IoT) devices have become more prevalent over the last few years, but they are often susceptible to hackers. Researchers recently discovered 125 security vulnerabilities on 13 NAS and routers. It is believed that these vulnerabilities are far-reaching and likely affect many similar devices. Independent Security Evaluators (ISE) researchers started their investigation in 2013. Their first round of research focused on NAS and routers that were intended for home office use. Their second round titled “SOHOpelessly Broken 2.0” assess security vulnerabilities in a wide range of device. They chose 13 devices that “ranged from devices designed for general consumers...
Read more...
If you're running a version of Windows IoT Core, you'll want to pay attention to the latest vulnerability discovered by Dor Azouri, a researcher for SafeBreach. The risk of leaving the bug unpatched is great, but fortunately, most of the Windows ecosystem is safe. Even the IoT Enterprise version is safe from this bug; only those using the free IoT Core on their DIY devices (eg: Raspberry Pi) will need to take action. The issue lays with IoT Core's Sirep Test service, which allows users to perform tests on given hardware. The researcher discovered that this service could be used to reveal a remote command line interface which could be used to exploit the system. Once compromised, an attacker would...
Read more...
NVIDIA launched its first Jetson family products back in 2015 when its Jetson TX1 system aimed to be the brains behind autonomous devices, from drones to robotics and autonomous vehicles. The Silicon Valley GPU giant then added to the Jetson line in 2017 with the Jetson TX2 for commercial drones and smart robots. Today, NVIDIA has now announced the latest addition to the Jetson family called the Jetson AGX Xavier Module, and the company says this new processing engine is targeted at bringing up to 32 TOPS of performance to next-generation autonomous machines. Despite its big processing power, the AGX Xavier Module is small enough to fit in the palm of your hand (or robotic arm), and...
Read more...
A group of hackers claims to have a service that will allow anyone willing to spend $250 to send out a "marketing" campaign that can reach "every single printer in the world." The people are offering to sell advertisers a spot in "the most viral ad campaign in history" according to the advertisement for the service. Security experts the world over have had concerns about the security of Internet of Things (IoT) devices and the security of web-connected printers specifically. HP has in the past offered $10,000 in bug bounty money to get white hat hackers to find bugs in its printers. We also talked in depth about some of the security hazards that the IoT posed last year. Hackers have taken advantage...
Read more...
It does not seem all that farfetched that one day even your toaster will connect to the web and download crusty designs to sear into your bread. We have entered the Internet of Things (IoT) era. The focus on IoT devices can lead to some fun and interesting things (and of course useful), but also comes with added risk. To that end, security researchers warn of newly discovered vulnerabilities affecting one of the most popular IoT platforms out there. That platform is FreeRTOS, which is widely used in a range of IoT and embedded devices. FreeRTOS is a real-time operating system kernel with a small memory footprint and low overhead. It's also pretty fast and supported on a whole bunch of architectures,...
Read more...
In recent years, we've seen a number of garden variety consumer electronics devices -- including routers and webcams among others -- that have been sucked into zombie botnets to wreak havoc around the globe. Many of those devices were accessible due to extremely weak passwords that were enacted by default by their manufacturers. California, however, is looking to change this and has passed a law that would require all internet-connected device sold in the state to have a unique "strong" password. This unique password would be obtained in one of two ways as outlined by the "Information Privacy: Connected Devices" bill. Manufacturers can choose to give each individual device...
Read more...
Google is rolling out a couple of new products aimed at helping customers build and deploy intelligent Internet of Things (IoT) devices at scale. One of those products is the Edge TPU (tensor processing unit), a tiny hardware chip designed to muscle through machine learning tasks in IoT gadgets, and the other is Cloud IoT Edge, a software stack that extends Google's Cloud AI to gateways and connected devices. Used together, Google's two new products enable customers to build and train machine learning models in the cloud, then run those models on the Cloud IoT Edge device through the power of the Edge TPU hardware accelerator. "By running on-device machine learning models, Cloud IoT Edge with...
Read more...
TP-Link has been making mesh routers in the Deco range for a while now that are designed to give you WiFi access all around a home or office. Last year, the company launched the Deco M5 mesh router and now the company has announced the new Deco M9 Plus. This mesh router is notable because in addition to offering WiFi coverage, it also has an integrated smart home hub for IoT devices. The M9 Plus supports AC2200 speeds and tri-band WiFi with dedicated 5GHz backhaul for faster speeds and dependable connectivity for over 100 devices across the entire home. The router uses TP-Link Mesh technology to eliminate dead spots in the home or office with a single Deco M9 Plus kit with a pair of the access...
Read more...
Intel is looking to become a big player in the 5G wireless revolution that it set to sweep the globe in the coming years. As a result, the company is giving an update on its wireless modem roadmap, which includes extensions of its existing 4G LTE products and upcoming 5G-based SKUs that will ship within the next two years. On the 4G LTE front, Intel's current top-shelf modem is the XMM 7480, which supports 4x carrier aggregation and download/upload speeds of 600Mbps and 150Mbps respectively (it’s prominently used in AT&T/T-Mobile versions of Apple’s iPhone 8, iPhone 8 Plus and iPhone X). The successor to the XMM 7480 is the previously announced XMM 7560, which Intel says is already...
Read more...
We first got a glimpse at the BlueBorne vulnerability back in September, when it was revealed that that Bluetooth-based attack vector was exploitable on phones, computers, and IoT devices -- basically, anything with a Bluetooth radio. BlueBorne was especially nasty since it is capable of man-in-the-middle attacks and remote code execution. It was initially revealed that both Windows- and iOS-based devices had been updated to defend against BlueBorne, while Android device manufacturers should have already delivered updates to address the exploit. However, we're now learning about another category of devices that are susceptible to BlueBorne's nefarious deeds: digital AI assistants. According to...
Read more...
A security firm is warning of a new botnet targeting IoT (Internet of Things) devices that is on the move. Dubbed IoT_reaper, the new botnet borrows some of the source code from Mirai, which took down the popular security blog KrebsOnSecurity with a massive DDoS attack, ultimately forcing Brian Krebs, the security expert in charge of the blog, to find a new hosting company and seek shelter behind Google Shield for DDoS protection. Unfortunately, it is believed that this new strain called Reaper could be even more virulent than Mirai. Whereas Mirai was able to spread by cracking weak passwords on IoT devices that oftentimes were never changed from their defaults, Reaper looks for multiple vulnerabilities...
Read more...
There are lots of obvious examples of how IoT (Internet of Things) connected and smart devices can enrich our lives. However, as we've noted numerous times over the past year, there are a number of caveats that can also come with them. The glaring issue of course has to do with security, or the lack of it really. And perhaps the absolute lack of ownership certain manufacturers take with it and their products. Research firm Radware once helps underscore the glaring need for better IoT security with some hard proof about what we're dealing with. Employing a "honeypot" approach - a system specifically designed to lure exploits - the firm found that IoT attacks are not just on...
Read more...
While college basketball teams around the country are gearing up for conference tournaments, which then lead into March Madness, the folks at Nike are working on technology that would make it easier for teams to keep track of athletes’ performance metrics in real-time, record stats and make informed decisions about player substitutions. As beneficial as this tech could be for teams monitors their multi-million dollar franchise players, it could be also be an [entertainment value] boon for fans to get an even more nuanced look at their favorite players. This information is provided to us courtesy of two Nike patent filings that describe a wireless vitals tracking system that would incorporated...
Read more...
Take a look at your printer. Give it a good stare. Do you trust it? Probably not, considering it jammed the last time you had to print an important paper right up against a deadline. However, what if we told you that your printer just has to sit there on your network to be a very serious security problem? HP Inc. recently hosted a tech field day for us, and several other security-focused journalists, at their headquarters in Palo Alto. We will speak to some of the panels we listened in on as we go, but the goal for HP at this event was to raise awareness around security - particularly where printers are concerned - and it's an important topic regardless of the brand of printing device you're...
Read more...
