Internet of Things | Breaking Cybersecurity News | The Hacker News

By this time, almost every one of you owns at least one internet-connected device—better known as the " Internet of things "—at your home, but how secure is your device? We have recently seen Car hacking that could risk anyone's life, Hoverboard hacking, even hacking of a so-called smart Gun and also the widespread hacks of insecure CCTV cameras, routers and other internet-connected home appliances. But this did not stop vendors from selling unsecured Internet-connected smart devices, and customers are buying them without giving a sh*t about the security of their smart devices. However, the massive cyber attack on a popular DNS service provider that shut down a large portion of the Internet last year made us all fear about the innocent-looking IoT devices, which surround us every day, but actually, poses a threat to global cyber security. Not anymore! A bipartisan group of senators have now introduced a new bill aimed at securing internet-connected devices b

I think we should stop going crazy over the smart things unless it's secure enough to be called SMART—from a toaster, security cameras, and routers to the computers and cars—everything is hackable. But the worst part comes in when these techs just require some cheap and easily available kinds of stuff to get compromised. Want example? It took just cheap magnets purchased from Amazon online store for a security researcher to unlock a "smart" gun that only its owner can fire. The German manufacturer of the Armatix IP1 "smart" gun which claimed the weapon would 'usher in a new era of gun safety' as the gun would only fire by its owners who are wearing an accompanying smartwatch. However, for the first time, a skilled hacker and security researcher who goes by the pseudonym "Plore" found multiple ways to defeat the security of Armatix GmbH Smart System and its $1,400 smart gun. According to a detailed report by Wired , the smart idea

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

An unnamed 29-year-old man, named by authorities as "Daniel K.," pleaded guilty in a German court on Friday to charges related to the hijacking of more than one Million Deutsche Telekom routers . According to reports in the German press , the British man, who was using online monikers "Peter Parker" and "Spiderman," linked to domains used to launch cyber attacks powered by the notorious Mirai malware has been pleaded guilty to " attempted computer sabotage ." The suspect was arrested on 22nd February this year at Luton airport in London by Britain's National Crime Agency (NCA) at the request of the Federal Criminal Police Office of Germany, aka the Bundeskriminalamt (BKA). The hacker, also known as 'BestBuy,' admitted to the court on Friday that he was behind the cyber attack that knocked more than 1.25 Million customers of German telecommunications provider Deutsche Telekom offline last November. According to the German aut

If you are hoverboard rider, you should be concerned about yourself. Thomas Kilbride, a security researcher from security firm IOActive, have discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take "full control" over the hoverboard within range and leave riders out-of-control. Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter, also known as SUV of hoverboards, which also allows it riders to control the hoverboard by a Ninebot smartphone app remotely. Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move. But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it. In a blog post published today, Thomas has disclosed a series of critical security vul

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application. Dubbed " Devil's Ivy ," the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices. The Devil's Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications. "When exploited, it allows an attacker to remotely access a video

The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen IoT botnets like Mirai – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them. Researcher Shows Live Hacking Demonstration   The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost tra

Internet-of-Things devices are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. There are, of course, some really good reasons to connect certain devices to the Internet. For example, remotely switching on your A/C a few minutes before you enter your home, instead of leaving it blasting all day. But does everything need to be connected? Of course, not. One such example is the latest bug report at Full Disclosure, affecting an Internet-connected washer-disinfector appliance by Germany-based manufacturer Miele . The Miele Professional PG 8528 appliance, which is used in medical establishments to clean and properly disinfect laboratory and surgical instruments, is suffering from a Web Server Directory Traversal vulnerability. Jens Regel of German consultancy Schneider & Wulf has discovered the flaw ( CVE-2017-7240 ) that allows an unauthenticated, remote attacker to access directories oth

Every parent should think twice before handing out Internet-connected toys or smart toys to their children, as these creepy toys pose a different sort of danger: privacy and data security risks for kids who play with them. This same incident was happened over a year ago when Hong Kong toymaker VTech was hacked , which exposed personal details, including snaps of parents and children and chat logs, of about 6.4 million children around the world. Now, in the latest security failing of the internet-connected smart toys, more than 2 Million voice recordings of children and their parents have been exposed, along with email addresses and passwords for over 820,000 user accounts. And What's even Worse? The hackers locked this data and held it for Ransom. California-based Spiral Toys' line of internet-connected stuffed animal toys, CloudPets , which allow children and relatives to send recorded voicemails back and forth, reportedly left the voice messages recorded between pare

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS , a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and embedded devices from cyber attacks by preventing any third-party or malicious code from executing. Kaspersky Lab CEO Eugene Kaspersky confirmed the rumors of a new operating system on his official blog published on Monday, saying this project under the codename 11-11 has been in the works for 14 years and has been designed from scratch. The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure. It's quite easy for most companies to get rid of the virus-infected computer,

MIRAI – possibly the biggest IoT-based malware threat that emerged last year, which caused vast internet outage in October last year by launching massive distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn . Now, the infamous malware has updated itself to boost its distribution efforts. Researchers from Russian cyber-security firm Dr.Web have now uncovered a Windows Trojan designed to built with the sole purpose of helping hackers spread Mirai to even more devices. Mirai is a malicious software program for Linux-based internet-of-things (IoT) devices which scan for insecure IoT devices, enslaves them into a botnet network, and then used them to launch DDoS attacks, and spreads over Telnet by using factory device credentials. It all started early October last year when a hacker publicly released the source code of Mirai . Dubbed Trojan.Mirai.1, the new Trojan targets Windows computers and scans the user's network for compromisable Linux-

Two suspected hackers have reportedly been arrested in London on suspicion of hacking 70 percent of the CCTV cameras in Washington with ransomware ahead of President Donald Trump's inauguration last month. The arrest took place on 20th January by the officers from the National Crime Agency (NCA) of UK after it received a request from United States authorities, but it has not been disclosed until now. The NCA raided a house in the south of London last month and detained a British man and a Swedish woman, both 50-years-old, reported The Sun. Some 123 of the 187 police CCTV cameras used to monitor public areas in Washington DC stopped working on 12 January, just 8 days before the inauguration of Donald Trump, after a cyber attack hit the storage devices. The cyber attack lasted for about three days, eventually leaving the CCTV cameras out of recording anything between 12 and 15 January. It was reported that the surveillance cameras were left useless after a ransomware made

What's the worst that could happen when a Ransomware hits a Hotel? Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel's IT system, and the hotel had no choice left except paying the attackers. Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with cyber attacks and data breaches on the rise. Ransomware is one of them. The threat has been around for a few years, but during 2016, it has turned into a noxious game of Hackers to get paid effortlessly by targeting hospitals, Universities, private businesses and even police departments and making hundreds of millions of dollars. Now, the Romantik Seehotel Jäegerwirt 4-Star Superior Hotel has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests f

The IT threat landscape has changed dramatically over the last three-four years. With no shortage of threat actors, from hacktivists to nation-states, criminals to terrorists, all of them are now after something new. It's no more just about stealing your money, credit cards and defacing websites, as now they are after the intellectual property, mass attacks and most importantly, our critical infrastructures. We have long-discussed nightmare scenarios of cyber attacks against nation's critical infrastructure, but now these scenarios have come to the real world, and we have seen many such incidents in the past years. The latest example is cyber attacks against Ukrainian power grid . Just two weeks back, Ukraine's national power company Ukrenergo confirmed that electricity outage on 17-18th December last year was caused by a cyber attack. Such sophisticated cyber attacks have revealed the extent of vulnerabilities in the systems that are operating the most critic

It might be the easiest bug bounty program ever. Netgear launched on Thursday a bug bounty program to offer up to $15,000 in rewards to hackers who will find security flaws in its products. Since criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of things (IoT) devices, it has become crucial to protect routers that contain the keys to the kingdom that connects the outside world to the IP networks that run these connected devices. To combat this issue, Netgear, one of the biggest networking equipment providers in the world, has launched a bug bounty program focusing on its products, particularly routers, wireless security cameras and mesh Wi-Fi systems. Bug bounty programs are cash rewards given by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose for the patch release. Also Read:   How Hackers Hack Bank Acco

The U.S. Federal Trade Commission has announced a "prize competition" for creating a software or hardware-based solution with the ability to auto-patch vulnerable Internet of Things (IoT) devices. Today we are surrounded by a number of Internet-connected devices. Our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks. While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially, giving attackers a large number of entry points to affect you in some or the other way. Remember Mirai Botnet ? A botnet of just 100,000 hijacked IoT devices was used to flood the Dyn DNS service with unwanted requests and close down the Internet for Millions of Users a few months ago. At that time, Chinese firm Hangzhou Xiongmai Technology admitted its smart products – DVRs and

Hey, Alexa! Who did this murder? Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things. Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home automation hubs. It can do tasks like play music, make to-do lists, set alarms, and also provide real-time information such as weather and traffic. As first reported by The Information, authorities in Bentonville have issued a warrant for Amazon to hand over audio or records from an Echo device belonging to James Andrew Bates in the hope that they'll aid in uncovering additional details about the murder of Victor Collins. Just like Apple refused the FBI to help them unlock iPhone belonging to one of the San Bernardino terrorists, Amazon also declined to give police any of the info

Google announced a Developers Preview of " Android Things " — an Android-based operating system platform for smart devices and Internet of Things (IoT) products. The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they're already familiar with. As the Developers page of Android Things says: " If you can build an app, you can build a device ." The Android-based Internet of Things operating system is supposed to run on products like security cameras, connected speakers, and routers. Android Things is a rebranded version Google Brillo , an Android-based IoT OS that Google announced in 2015, with added tools like Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform. Unlike Brillo, development on Android Things can be achieved with " the same developer tools as stan

How many Internet-connected devices do you have in your home? I am surrounded by around 25 such devices. It's not just your PC, smartphone, and tablet that are connected to the Internet. Today our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks. However, when it comes to security, people generally ignore to protect all these connected devices and focus on securing their PCs and smartphones with a good antivirus software or a firewall application. What if any of these connected devices, that are poorly configured or insecure by design, get hacked? It would give hackers unauthorized access to your whole network allowing them to compromise other devices connected to the same network, spy on your activities and steal sensitive information by using various sophisticated hacks. There have already been numerous cases of attackers hacking home appliances, industrial control, automotive, medic

Distributed Denial of Service (DDoS) attacks have risen enormously in past few months and, mostly, they are coming from hacked and insecure internet-connected devices, most commonly known as Internet of Things (IoT). Recent DDoS attack against DNS provider Dyn that brought down a large chunk of the Internet came from hacked and vulnerable IoT devices such as DVRs, security cameras, and smart home appliances. This DDoS was the biggest cyber attack the world has ever seen. Now, in the latest incident, at least five Russian banks have been subject to a swathe of DDoS attacks for two days, said the Russian banking regulator. The state-owned Sberbank was one of the five targets of the attacks that began on last Tuesday afternoon and lasted over the next two days. According to Kaspersky Lab, the longest attack last for 12 hours and peaked at 660,000 requests per second came from a botnet of at least 24,000 hacked devices located in 30 countries. Although the culprit appears

Just Imaging — What if, you enter into your home from a chilling weather outside, and the heating system fails to work because of a cyber attack, leaving you in the sense of panic? The same happened late last month when an attack knocks heating system offline in Finland. Last week, a Distributed Denial of Service (DDoS) attack led to the disruption of the heating systems for at least two housing blocks in the city of Lappeenranta, literally leaving their residents in subzero weather. Both the apartments are managed by a company called Valtia, a facilities services company headquartered in Lappeenranta. Valtia CEO Simo Rounela confirmed to English language news outlet Metropolitan.fi that the central heating system and hot water system in both buildings had become a target of DDoS attacks. In an attempt to fight back the cyber attacks, which lived for a short time, the automated systems rebooted — and unfortunately got stuck in an endless loop, which restarted repeatedly a