IoT News, Articles and Updates

APIs in Samsung, Roku devices unsecure: Consumer Reports

Several Smart TVs from Samsung and others using the Roku TV platform, as well as media players from that company, are susceptible cyberattacks, according to Consumer Reports, a claim denied vehemently by Roku.

Consumers worry about their data, but don't bother much with security

A recent worldwide consumer survey found a major disconnect between general fears about cybersecurity and the actions taken to protect not only their personal information, but their families from cyberattacks.

Privacy of location tracking device owners threatened by 'Trackmageddon' flaws

A slew of online services used to manage GPS- and GSM-based location tracking devices have been found vulnerable to flaws that could allow attackers to hijack these devices and reveal their owners' past and current locations.

Malware behind Satori botnet posted to Pastebin

The code that exploits a flaw in Huawei a router that enables these devices to be turned into botnets to push Satori and Brickerbot has been publicly posted on Pastebin.

Report: Internet-Connected Speakers Can Lead to a Broken Record

Music lovers connected to wireless, Internet-connected Sonos speakers beware that their audio systems could have been unwittingly usurped for nefarious purposes, according to a new report from Trend Micro.

BrickerBot creators announce retirement from active operations

The individual, or people, behind the BrickerBot malware attacks have decided to hang up their mouse and keyboard after claiming to have locked more than 10 million supposedly unsecure Internet of Things devices.

New Mirai variant back on radar after new exploit code published

A new strain of the Mirai IoT malware has been discovered following the publication of exploit code targeting networking equipment.

Lieu, Markey introduce Cyber Shield Act of 2017 for IoT devices

A new bill designed to identify, verify, and label compliant Internet-of-Things (IoT) devices with strong cybersecurity standards has been introduced by two federal lawmakers.

LG patches app bug that can turn IoT vacuums into robotic spies

LG Electronics has patched a bug in its smart appliance app that can be exploited to gain remote access to devices under its control, including a camera-equipped vacuum that can be abused to spy on its owners.

Researchers advise against Amazon Key, call for more transparency

Malwarebytes researchers are warning users not to buy into the hype, or the actual products, offered with Amazon's Key service.

#WatchOut for your kids! Smartwatches plagued with flaws

The Norwegian Consumer Council and Mnemonic researchers are warning consumers about the dangers of poorly secured smartwatches marketed to children.

Google patches 7 flaws in Dnsmasq

Google reported it has discovered and issued patches fo seven vulnerabilities in the DNS software package Dnsmasq, several of which could lead to remote code execution or leave the device open to a denial of service attack if exploited.

4G vulnerabilities put mobile users and even Smart Cities at risk, study

Despite keeping us connected and even providing a bump in security over its predecessor, 4G networks are still plagued with weaknesses.

Linux IoT botnet retooled to send spam email

An IoT botnet has set its hooks in about 4,500 - 5,000 proxy devices to send spam emails which each device capable of sending 400 messages or a total of 1.8 million messages per day.

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.

Medfusion 4000 Wireless Syringe Infusion Pump can be exploited to compromise operations

Until a new version of Smiths Medical's Medfusion 4000 Wireless Syringe Infusion Pump is issued in January 2018, its operators should be wary of eight vulnerabilities that can be remotely exploited to gain access to the device and compromise its functionality.

Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure

The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.

Abbott Laboratories securing vulnerable pacemakers with firmware and software updates

Healthcare product manufacturer Abbott Laboratories is updating the firmware and software in its line of implantable pacemakers to shore up a security vulnerability that could lead to unauthorized access.

SMEs ahead of larger orgs in IoT security, study

SMEs may not have the resources of their larger peers but they're training them on identifying threats and determining the potential dangers connected devices pose, according to a study from Pwnie Express.

Svpeng mobile banking trojan now a keylogger

Cybercriminals have updated the functionality of the popular Svpeng mobile banking trojan giving it keylogger capabilities and the ability to access the text input from almost all of a devices apps.

IoT improvement act would set security standards for cos. selling to government

Under the act device makers couldn't hardcore passwords, which have been exploited in the past to spread malware like in the recent Mirai attacks, into products sold to the government.

Researcher: In two decades, adversaries at war could cause mass destruction via IoT attacks

Two decades from now, warring adversaries could conceivably attack each other by sabotaging a population's IoT consumer devices en masse, respected cybersecurity expert Mikko Hypponen predicted at Black Hat on Thursday.

Hacking Nemo: Adversary compromises smart fish tank at casino

An unknown actor recently succeeded in hacking into a casino's smart fish tank and exfiltrating its data to a device in Finland.

Cisco predicts a major increase in cyberattacks designed to destroy systems

Cisco researchers are predicting more and larger cyberattacks that have the goal of destroying their targets systems, instead of financial gain or stealing information.