IoT-enabled vacuum cleaner is spying on me

Vulnerabilities in a range of robot vacuum cleaners allow miscreants to access the gadgets’ camera, and remote-control the gizmos.

https://www.theregister.co.uk/2018/07/20/iot_insecurity_robo_vacuum_cleaners/

Security researchers at Positive Technologies (PT) this week disclosed that Dongguan Diqee 360 smart vacuum cleaners contain security flaws that hackers can exploit to snoop on people through the night-vision camera and mic, and take control of the Roomba rip-off.

The first vulnerability (CVE-2018-10987) involves remote code execution. A hacker can discover the vacuum on the same wireless network by obtaining its MAC address, and then send a UDP request, which, if crafted in a specific way, results in execution of a command with superuser rights on the vacuum. A miscreant must first log onto the device, but this process is trivial because many still have the default username and password combination (admin and 888888).

Attackers need physical access to exploit the second vulnerability (CVE-2018-10988). A microSD card could be used to exploit weaknesses in the vacuum’s update mechanism

Russian hackers penetrate US power stations

https://www.bbc.co.uk/news/technology-44937787

Russian hackers have won remote access to the control rooms of many US power suppliers, the Wall Street Journal reports.

The access could have let them shut down networks and cause blackouts, US officials told the newspaper.

The state-backed hackers won access even though command centre computers were not directly linked to the web.

The attacks succeeded by targeting smaller firms which supply utilities with other services.

Security in medical devices: Finding your starting point

The first of a 3 part blog by Andrew Longhurst, Wittenstein, looking at improving security in medical devices:

http://www.embedded-computing.com/iot/security-in-medical-devices-finding-your-starting-point

Part 1 is a focus on industry standards. Parts two and three will cover the attack surface analysis and wider security mechanisms that can be used to improve security in a medical device

Safety developers are getting used to working to safety standards, but for security, finding a relevant standard can be much more challenging, and is only the start of a long and comprehensive route to creating a secure device. Note that more information is available on this topic in a whitepaper titled Increasing Security in Medical Devices.

 

And that’s now all three LTE protocol layers with annoying security flaws

Infosec wizards show how spies can snoop on website traffic, redirect browsers over 4G

https://www.theregister.co.uk/2018/06/29/4g_security/

Boffins have demonstrated how intelligence agencies and well-resourced hackers can potentially spy on people – by studying and meddling with mobile data flying over the airwaves.

The computer scientists have described in detail novel surveillance techniques that allowed them to identify people within a phone tower’s radio cell, determine which websites they visited from their handsets, and redirect them to malicious webpages by tampering with DNS lookups.

However, the team cautioned that their work so far is experimental, and difficult to perform in real-world scenarios.

The three attacks – explained on a dedicated website– all target the data link layer of LTE, aka Long-Term Evolution, aka 4G, networks.

The identification and website snooping techniques are passive, in that a spy just listens to what’s going out over the airwaves from phones, whereas the webpage redirection attack is an active operation – an agent needs to set up a malicious cell tower to tamper with transmissions. As such, the academics dubbed their DNS spoofing attack “aLTEr.” The website spying works by identifying, to a particular level of certainty, sites by their patterns of traffic over the air.

Only 14% of businesses have implemented even the most basic cybersecurity practices

#IoT #cybersecurity must be a vital and integral part of every organization’s strategic plan.

https://www.techrepublic.com/article/only-14-of-businesses-have-implemented-even-the-most-basic-cybersecurity-practices/

According to a 2018 report from security company Symantec, the number of Internet of Things (IoT) attacks increased from about 6,000 in 2016 to more than 50,000 in 2017, which translates into a 600% rise in just one year. IoT devices are increasingly the attack vector of choice for cybercriminals around the world. IoT is particularly popular for ransomware attacks and illegal cryptocurrency miners.

According to Verizon’s Mobile Security Index 2018, only 14% of the responding organizations said they had implemented even the most basic cybersecurity practices, with an astonishing 32% of these IT professionals admitting that their organization sacrifices mobile security to improve business performance on a regular basis. That general lax attitude toward cybersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.

Arrow offers provisioning using NXP secure element

Arrow Electronics has expanded its programming facilities in the Netherlands to offer a secure provisioning service that will enable the rapid deployment of IoT edge nodes and gateways using the NXP A71CH secure element trust anchor.
For more information see:

http://www.iotm2mcouncil.org/arrnxop:

The ability to authenticate IoT devices and establish trusted connections to the cloud is becoming increasingly important, particularly with the GDPR legislation and the responsibility it places on organisations to protect data and

Researcher Successfully Hacked In-Flight Airplanes – From the Ground

DarkReading Article

IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be ‘weaponized’

It’s been four years since researcher Ruben Santamarta rocked the security world with his chilling discovery of major vulnerabilitiesin satellite equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities.

Santamarta has now proven out those findings and taken his research to the level of terrifying, by successfully hacking into in-flight airplane WiFi networks and satcom equipment from the ground. “As far as I know I will be the first researcher that will demonstrate that it’s possible to hack into communications devices on an in-flight aircraft … from the ground,” he says.

He accessed on-board WiFi networks including passengers’ Internet activity, and also was able to reach the planes’ satcom equipment, he says, all of which in his previous research he had concluded – but not proven – was possible. And there’s more: “In this new research, we also managed to get access to important communications devices in the aircraft,” Santamarta, principal security consultant with IO/Active, says.

Google Home’s data leak proves the IoT is still deeply flawed

From Wired Article: Tripwire security researchers found the Google Home and Google Chromecast could leak location data through unauthorised network connections. The IoT’s security issues run much deeper.

The Internet of Things (IoT)security problem isn’t going away. The connected network of billions of devices – from smart doorbells to office printers – is regularly found to have privacy problems and be open to attack by potential hackers.

The latest of these incidents? Google’s artificial intelligence Home speaker and the Chromecast, the firm’s streaming device, have been found to reveal a user’s precise physical location. Revealed by Tripwire security researcher Craig Young, the bug can make a person’s location known to an accuracy of around 10 metres.

Researchers warn SCADA systems are still hopelessly insecure

A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines.

The talk – Hacking SCADA: How We Attacked a Company and Lost them £1.6M with Only 4 Lines of Code– reviewed 25 years of industrial control kit, going back to the days of proprietary equipment and X21 connections before discussing proof-of-concept attacks.

See The Register Article:

Pwned with ‘4 lines of code’: Researchers warn SCADA systems are still hopelessly insecure