Articles about iot security

Screengrab from the Thick of IT - Brit govt satirical comedy show. Cast text furiously while in crisis mode. cooks up code of conduct to enforce a smidge of security on Internet of S**t kit

The makers of connected devices will be expected to build in security measures to prevent cyber threats, under a draft "code of conduct" issued by the UK government today. The Security by Design review intends to bake security into devices to protect "individuals' online security, privacy, safety" as well as preventing large- …
Kat Hall, 7 Mar 2018
businessman shrugging - illustration via shutterstock

FTC urged to probe easily penetrated telly-enabled teledildonic toy

The US Federal Trade Commission has been urged to launch a probe into a hackable sex toy, which is potentially exposing couples' teledildonic frolics to cyberpervs. Earlier this month, the Siime Eye vibrator was discovered to utilise hard-coded credentials making it "trivial" for attackers to gain unauthorised access to the …
Hyundai Android Auto

Hyundai app security blunder allowed crooks to 'steal victims' cars'

Hyundai has patched its Blue Link smartphone app to stop it blabbing private info that could, it is claimed, be used to break into and steal people's cars. The now-updated software, available for iOS and Android, leaked sensitive personal information about registered users and their vehicles, including usernames, passwords, …
John Leyden, 25 Apr 2017

Flaws found in Linksys routers that could be used to create a botnet

Multiple models of Linksys Smart Wi-Fi Routers have vulnerabilities that might be exploited to create a botnet, security researchers at IOActive warn. The flaws could be abused to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, or change restricted …
John Leyden, 20 Apr 2017

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …
John Leyden, 13 Apr 2017

Forget Mirai – Brickerbot malware will kill your crap IoT devices

A new form of attack code has come to town and it uses techniques similar to Mirai to permanently scramble Internet of Things devices. On March 20 researchers at security shop Radware spotted the malware, dubbed Brickerbot, cropping up in honeypots it sets up across the web to lure interesting samples. In the space of four …
Iain Thomson, 8 Apr 2017

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

Hackers have brewed up a new variant of the IoT/Linux botnet "Tsunami" that exploits a year-old but as yet unresolved vulnerability. The Amnesia botnet targets an unpatched remote code execution vulnerability publicly disclosed more than a year ago in DVR (digital video recorder) devices made by TVT Digital and branded by over …
John Leyden, 7 Apr 2017
Dog and fence, mage via Shutterstock

Metasploit upgraded to sniff out IoT weakspots in corporate networks

Rapid7 has upgraded its popular Metasploit pen-testing tool to help IT security teams and consultants probe for IoT-related weaknesses in corporate environments. Metasploit's hardware bridge for radio frequency testing – the RFTransceiver – will grant teams greater visibility of foreign IoT devices. "The importance of RF …
John Leyden, 22 Mar 2017
Zombies photo via Shutterstock

Zombie webcams? Pah! It's the really BIG 'Things' that scare me

I have a new name for the abundance of widgets springing up around the world: the Internet of Little Things. I’m playing with an IoLT starter kit in my office right now, and it lets me do things like sense when doors open or close, turn sockets on and off and fiddle with the mood lighting. I can spend a couple of hundred quid …
Dave Cartwright, 15 Mar 2017

Dahua video kit left user credentials in plain sight

Chinese security camera/DVR company Dahua is pushing firmware patches after accusations by a security researcher that a swathe of its products carried a back door. First notified to video surveillance publication IPVM and the Full Disclosure list, the vulnerability is described as a “damn Hollywood hack, click on one button …
Sad Android

Beeps, roots and leaves: Car-controlling Android apps create theft risk

Insecure car-controlling Android apps create a heightened car theft risk, security researchers at Kaspersky Lab warn. Boffins at the security software maker made the warning after putting Android apps from seven (unnamed) car makers through their paces, uncovering a raft of basic security flaws in the process. During recent …
John Leyden, 20 Feb 2017

You know IoT security is bad when libertarians call for strict regulation

RSA USA We all know the vast majority of Internet-of-Things devices haven’t anything more than a fig leaf for protection. Now the unlikeliest of folks are calling for rules to improve IoT security: libertarians. In a session today at the RSA infosec conference in San Francisco, Olaf Kolkman, the Internet Society’s chief internet …
Iain Thomson, 15 Feb 2017
The Jetsons Food Machine

University DDoS'd by its own seafood-curious malware-infected vending machines

A US university saw its network traffic slow to a crawl thanks to an IoT malware infection that hit, among other things, its vending machines. The unnamed university had its story told by Verizon Enterprise in a sneak preview [PDF] of its 2017 Data Breach Digest report. The story, as told by an also unnamed senior IT staffer …
Shaun Nichols, 13 Feb 2017
Drone shooting

Biz claims it's reverse-engineered encrypted drone commands

US company Department 13 claims it has been able to reverse-engineer several popular drones' commands, even when they are encrypted before transmission. The company yesterday launched a product called MESMER that it says offers users the ability to take control of drones flown by third parties. The suggested use case is to …
Simon Sharwood, 24 Jan 2017

Linux is part of the IoT security problem, dev tells Linux conference

The Mirai botnet? Just the “tip of the iceberg” is how security bods at this week's see the Internet of Things. Presenting to the Security and Privacy miniconf at, embedded systems developer and consultant Christopher Biggs pointed out that Mirai's focus on building a big DDoS cannon drew attention …

D-Link sucks so much at Internet of Suckage security – US watchdog

America's trade watchdog is suing D-Link, alleging the router and security camera vendor failed to implement basic security protections in its gear. The FTC said that its complaint was based on D-Link's failure to take "reasonable steps" to secure its products, putting the privacy of citizens everywhere at risk as a result. " …
Shaun Nichols, 6 Jan 2017

US healthcare under siege: Got good insurance?

US healthcare organisations, including hospitals, are increasingly vulnerable to medical device hijacks as well as the growing ransomware threat, according to a new study by security vendor TrapX. A total of 93 major attacks occurred during 2016. Hackers were responsible for almost a third (31.42 per cent) of all major HIPAA ( …
John Leyden, 23 Dec 2016
My Friend Cayla and i-Que robot

Playtime's over: Internet-connected kids toys 'fail miserably' at privacy

The Electronic Privacy Information Center (EPIC) and the European Consumer Organization (BEUC) are calling for US and EU data protection authorities to take action against insecure networked toys. Declaring that "My Friend Cayla," a Bluetooth-enabled doll released in 2014, and "i-Que," a connected robot released last year, " …

Create a news alert about iot security, or find more stories about iot security.

Biting the hand that feeds IT © 1998–2018