IoT, internet of things news & analysis | SC Media

IoT News and analysis

Malicious voice apps can turn Alexa and Google Home devices into spies, say researchers

Cybercriminals could potentially develop malicious voice apps that turn Amazon Alexa devices and Google Home smart speakers into spy equipment that eavesdrops on users and even phishes for passwords, according to a new report. The report, from Germany-based Security Research Labs (SRLabs), warns that security lapses in the way Google Home and Alexa devices (such…

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

Flaws in Imperial, Dabman web radios could lead to full compromise

Researchers have disclosed a pair of vulnerabilities in multiple Imperial and Dabman-branded web radios that could allow malicious actors to remotely compromise the IoT devices. Telestar Digital GmbH, the company that manufacturers the web radios, has patched both problems, according to a security advisory yesterday from Vulnerability Lab, whose researchers made the discovery. Several reports…

Lucky break: Cracked windshield helps hacker find bug in Tesla

Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…

Dire straights: Glamoriser smart hair straighteners susceptible to hacking, warn researchers

Here’s some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile…

D-Link agrees to overhaul security in FTC settlement

D-Link agreed to make several security enhancements that overhaul the firm’s security platform to settle a Federal Trade Commission (FTC) litigation case concerning allegations that the company misrepresented the security of its products.  The case stems from a 2017 complaint against D-Link for the company’s routers and IoT cameras leaving sensitive consumer information, including live…

Unlucky 13: Mirai variant uses baker’s dozen of exploits to compromise IoT devices

Researchers at Trend Micro have discovered another new variant of Mirai botnet malware that uses a unique combination of 13 exploits designed to hijack IoT devices. With these 13 exploits, this “Backdoor.Linux.MIRAI.VWIPT” variant is capable of targeting Vacron network video recorders, Dasan GPON routers, D-Link devices, various CCTV-DVR vendors, devices using Realtek SDK with the…

Next post in IoT