The National Cyber Security Centre Finland (NCSC-FI) within Finnish regulatory agency Traficom today kicked off a smart device certification program designed to inform consumers if certain products meet basic information security standards. Devices that meet certification criteria, which are based on consumer Internet of Things standards from the European Telecommunications Standards Institute (ETSI), will receive…
Researchers have uncovered a new variant of Gafgyt malware (aka BASHLITE) that infects home and small-office routers and networking equipment in order to recruit them into a botnet that bombards gaming servers with distributed denial of service attacks. One of its attacks involves a payload is specifically designed to attack servers running Valve Corporation’s Source…
A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit. In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the…
Cybercriminals could potentially develop malicious voice apps that turn Amazon Alexa devices and Google Home smart speakers into spy equipment that eavesdrops on users and even phishes for passwords, according to a new report. The report, from Germany-based Security Research Labs (SRLabs), warns that security lapses in the way Google Home and Alexa devices (such…
Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…
Researchers have disclosed a pair of vulnerabilities in multiple Imperial and Dabman-branded web radios that could allow malicious actors to remotely compromise the IoT devices. Telestar Digital GmbH, the company that manufacturers the web radios, has patched both problems, according to a security advisory yesterday from Vulnerability Lab, whose researchers made the discovery. Several reports…
A lack of investment in cybersecurity protections could imperil the future of smart cities and the Internet of Things devices on which they run, a new report from ABI Research warns. ABI anticipates there will be 1.3 billion wide-area network smart city connections by the year 2024. Of the $135 billion projected to be invested…
Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…
Here’s some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile…
D-Link agreed to make several security enhancements that overhaul the firm’s security platform to settle a Federal Trade Commission (FTC) litigation case concerning allegations that the company misrepresented the security of its products. The case stems from a 2017 complaint against D-Link for the company’s routers and IoT cameras leaving sensitive consumer information, including live…
