IoT, internet of things news & analysis | SC Media IoT

IoT News and analysis

Finland agency launches smart device infosec certification program

The National Cyber Security Centre Finland (NCSC-FI) within Finnish regulatory agency Traficom today kicked off a smart device certification program designed to inform consumers if certain products meet basic information security standards. Devices that meet certification criteria, which are based on consumer Internet of Things standards from the European Telecommunications Standards Institute (ETSI), will receive…

Gafgyt variant exploits 3 devices to target game servers with DDoS attacks

Researchers have uncovered a new variant of Gafgyt malware (aka BASHLITE) that infects home and small-office routers and networking equipment in order to recruit them into a botnet that bombards gaming servers with distributed denial of service attacks. One of its attacks involves a payload is specifically designed to attack servers running Valve Corporation’s Source…

Report: Hotel chain modifies bed-facing robots to prevent unwanted spying

A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit. In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the…

Malicious voice apps can turn Alexa and Google Home devices into spies, say researchers

Cybercriminals could potentially develop malicious voice apps that turn Amazon Alexa devices and Google Home smart speakers into spy equipment that eavesdrops on users and even phishes for passwords, according to a new report. The report, from Germany-based Security Research Labs (SRLabs), warns that security lapses in the way Google Home and Alexa devices (such…

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

Flaws in Imperial, Dabman web radios could lead to full compromise

Researchers have disclosed a pair of vulnerabilities in multiple Imperial and Dabman-branded web radios that could allow malicious actors to remotely compromise the IoT devices. Telestar Digital GmbH, the company that manufacturers the web radios, has patched both problems, according to a security advisory yesterday from Vulnerability Lab, whose researchers made the discovery. Several reports…

Lucky break: Cracked windshield helps hacker find bug in Tesla

Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…

Dire straights: Glamoriser smart hair straighteners susceptible to hacking, warn researchers

Here’s some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile…

D-Link agrees to overhaul security in FTC settlement

D-Link agreed to make several security enhancements that overhaul the firm’s security platform to settle a Federal Trade Commission (FTC) litigation case concerning allegations that the company misrepresented the security of its products.  The case stems from a 2017 complaint against D-Link for the company’s routers and IoT cameras leaving sensitive consumer information, including live…

Next post in IoT