Articles about iot security

businessman shrugging - illustration via shutterstock

FTC urged to probe easily penetrated telly-enabled teledildonic toy

The US Federal Trade Commission has been urged to launch a probe into a hackable sex toy, which is potentially exposing couples' teledildonic frolics to cyberpervs. Earlier this month, the Siime Eye vibrator was discovered to utilise hard-coded credentials making it "trivial" for attackers to gain unauthorised access to the …
Hyundai Android Auto

Hyundai app security blunder allowed crooks to 'steal victims' cars'

Hyundai has patched its Blue Link smartphone app to stop it blabbing private info that could, it is claimed, be used to break into and steal people's cars. The now-updated software, available for iOS and Android, leaked sensitive personal information about registered users and their vehicles, including usernames, passwords, …
John Leyden, 25 Apr 2017
botnet

Flaws found in Linksys routers that could be used to create a botnet

Multiple models of Linksys Smart Wi-Fi Routers have vulnerabilities that might be exploited to create a botnet, security researchers at IOActive warn. The flaws could be abused to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted …
John Leyden, 20 Apr 2017

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …
John Leyden, 13 Apr 2017
malware

Forget Mirai – Brickerbot malware will kill your crap IoT devices

A new form of attack code has come to town and it uses techniques similar to Mirai to permanently scramble Internet of Things devices. On March 20 researchers at security shop Radware spotted the malware, dubbed Brickerbot, cropping up in honeypots it sets up across the web to lure interesting samples. In the space of four …
Iain Thomson, 8 Apr 2017
Vulture

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

Hackers have brewed up a new variant of the IoT/Linux botnet "Tsunami" that exploits a year-old but as yet unresolved vulnerability. The Amnesia botnet targets an unpatched remote code execution vulnerability publicly disclosed more than a year ago in DVR (digital video recorder) devices made by TVT Digital and branded by over …
John Leyden, 7 Apr 2017
Dog and fence, mage via Shutterstock

Metasploit upgraded to sniff out IoT weakspots in corporate networks

Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments. Metasploit's hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. "The importance of RF …
John Leyden, 22 Mar 2017
Zombies photo via Shutterstock

Zombie webcams? Pah! It's the really BIG 'Things' that scare me

I have a new name for the abundance of widgets springing up around the world: the Internet of Little Things. I’m playing with an IoLT starter kit in my office right now, and it lets me do things like sense when doors open or close, turn sockets on and off and fiddle with the mood lighting. I can spend a couple of hundred quid …
Dave Cartwright, 15 Mar 2017

Dahua video kit left user credentials in plain sight

Chinese security camera/DVR company Dahua is pushing firmware patches after accusations by a security researcher that a swathe of its products carried a back door. First notified to video surveillance publication IPVM and the Full Disclosure list, the vulnerability is described as a “damn Hollywood hack, click on one button …
Sad Android

Beeps, roots and leaves: Car-controlling Android apps create theft risk

Insecure car-controlling Android apps create a heightened car theft risk, security researchers at Kaspersky Lab warn. Boffins at the security software maker made the warning after putting Android apps from seven (unnamed) car makers through their paces, uncovering a raft of basic security flaws in the process. During recent …
John Leyden, 20 Feb 2017

You know IoT security is bad when libertarians call for strict regulation

RSA USA We all know the vast majority of Internet-of-Things devices haven’t anything more than a fig leaf for protection. Now the unlikeliest of folks are calling for rules to improve IoT security: libertarians. In a session today at the RSA infosec conference in San Francisco, Olaf Kolkman, the Internet Society’s chief internet …
Iain Thomson, 15 Feb 2017
The Jetsons Food Machine

University DDoS'd by its own seafood-curious malware-infected vending machines

A US university saw its network traffic slow to a crawl thanks to an IoT malware infection that hit, among other things, its vending machines. The unnamed university had its story told by Verizon Enterprise in a sneak preview [PDF] of its 2017 Data Breach Digest report. The story, as told by an also unnamed senior IT staffer …
Shaun Nichols, 13 Feb 2017
Drone shooting

Biz claims it's reverse-engineered encrypted drone commands

US company Department 13 claims it has been able to reverse-engineer several popular drones' commands, even when they are encrypted before transmission. The company yesterday launched a product called MESMER that it says offers users the ability to take control of drones flown by third parties. The suggested use case is to …
Simon Sharwood, 24 Jan 2017
zombie_648

Linux is part of the IoT security problem, dev tells Linux conference

The Mirai botnet? Just the “tip of the iceberg” is how security bods at this week's linux.conf.au see the Internet of Things. Presenting to the Security and Privacy miniconf at linux.conf.au, embedded systems developer and consultant Christopher Biggs pointed out that Mirai's focus on building a big DDoS cannon drew attention …

US healthcare under siege: Got good insurance?

US healthcare organisations, including hospitals, are increasingly vulnerable to medical device hijacks as well as the growing ransomware threat, according to a new study by security vendor TrapX. A total of 93 major attacks occurred during 2016. Hackers were responsible for almost a third (31.42 per cent) of all major HIPAA ( …
John Leyden, 23 Dec 2016
My Friend Cayla and i-Que robot

Playtime's over: Internet-connected kids toys 'fail miserably' at privacy

The Electronic Privacy Information Center (EPIC) and the European Consumer Organization (BEUC) are calling for US and EU data protection authorities to take action against insecure networked toys. Declaring that "My Friend Cayla," a Bluetooth-enabled doll released in 2014, and "i-Que," a connected robot released last year, " …
Crop of doctor with pen and clipboard

EU puts out prescription for smart hospitals

An EU agency has grappled with thorny issues surrounding the adoption of IoT technology in hospitals to draft a series of best practice guidelines. The European Union Agency for Network and Information Security (ENISA) study engaged information security officers from more than 10 hospitals across the EU, painting a picture of …
John Leyden, 25 Nov 2016
Bulls_eye_target

Tech giants warn IoT vendors to get real about security

The heavyweights behind the Broadband Internet Technical Advisory Group (BITAG) are sick of Internet of Things (IoT) startups foisting insecure rubbish on consumers, and have fired a report that looks like a stern warning that IoT bandwagon-hoppers need to get their houses in order. The group – which counts vendors like Cisco …

Create a news alert about iot security, or find more stories about iot security.

Biting the hand that feeds IT © 1998–2017