Internet of Things | Breaking Cybersecurity News | The Hacker News

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car's functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled. No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked. Car Hacking is a hot topic, though it is not new for security researchers who hack cars. A few of them have already demonstrated how to hijack a car remotely , how to disable car's crucial functions like airbags, and even how to remotely steal cars . Now, security researchers have discovered a new hacking trick that can allow attackers to disable airbags and other safety systems of the connected cars, affecting a large number of vendors and vehicle models. A team of researchers from Trend Micro's Forward-looking Threat Research (FTR) team, in collaboration with Politecnico di Milano and

More features, more problems! Today, we are living in a digital age that is creating a digital headache for people by connecting every other unnecessary home appliance to the Internet. Last week, nearly hundreds of Internet-connected locks became inoperable after a faulty software update hit some models. Users of remotely accessible smart locks made by Colorado-based company LockState have taken to social media platforms including Twitter to complain that their $469 Lockstate 6000i locks started to fail from last Monday, leaving the keypad entirely useless. LockState's RemoteLock 6i (6000i) is an Internet-connected smart lock that connects to your home Wi-Fi network for remote control and monitoring as well as firmware updates. LockState is even a partner with Airbnb, allowing Airbnb hosts' to give their guests entry code in order to get into hotel properties without having to share physical keys. However, last week many Airbnb customers were unable to use the bu

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Car Hacking is a hot topic, though it's not new for researchers to hack cars. Previously they had demonstrated how to hijack a car remotely , how to disable car's crucial functions like airbags, and even how to steal cars . But the latest car hacking trick doesn't require any extra ordinary skills to accomplished. All it takes is a simple sticker onto a sign board to confuse any self-driving car and cause accident. Isn't this so dangerous? A team of researchers from the University of Washington demonstrated how anyone could print stickers off at home and put them on a few road signs to convince "most" autonomous cars into misidentifying road signs and cause accidents. According to the researchers, image recognition system used by most autonomous cars fails to read road sign boards if they are altered by placing stickers or posters over part or the whole road sign board. In a research paper , titled " Robust Physical-World Attacks on Machine

By this time, almost every one of you owns at least one internet-connected device—better known as the " Internet of things "—at your home, but how secure is your device? We have recently seen Car hacking that could risk anyone's life, Hoverboard hacking, even hacking of a so-called smart Gun and also the widespread hacks of insecure CCTV cameras, routers and other internet-connected home appliances. But this did not stop vendors from selling unsecured Internet-connected smart devices, and customers are buying them without giving a sh*t about the security of their smart devices. However, the massive cyber attack on a popular DNS service provider that shut down a large portion of the Internet last year made us all fear about the innocent-looking IoT devices, which surround us every day, but actually, poses a threat to global cyber security. Not anymore! A bipartisan group of senators have now introduced a new bill aimed at securing internet-connected devices b

I think we should stop going crazy over the smart things unless it's secure enough to be called SMART—from a toaster, security cameras, and routers to the computers and cars—everything is hackable. But the worst part comes in when these techs just require some cheap and easily available kinds of stuff to get compromised. Want example? It took just cheap magnets purchased from Amazon online store for a security researcher to unlock a "smart" gun that only its owner can fire. The German manufacturer of the Armatix IP1 "smart" gun which claimed the weapon would 'usher in a new era of gun safety' as the gun would only fire by its owners who are wearing an accompanying smartwatch. However, for the first time, a skilled hacker and security researcher who goes by the pseudonym "Plore" found multiple ways to defeat the security of Armatix GmbH Smart System and its $1,400 smart gun. According to a detailed report by Wired , the smart idea

An unnamed 29-year-old man, named by authorities as "Daniel K.," pleaded guilty in a German court on Friday to charges related to the hijacking of more than one Million Deutsche Telekom routers . According to reports in the German press , the British man, who was using online monikers "Peter Parker" and "Spiderman," linked to domains used to launch cyber attacks powered by the notorious Mirai malware has been pleaded guilty to " attempted computer sabotage ." The suspect was arrested on 22nd February this year at Luton airport in London by Britain's National Crime Agency (NCA) at the request of the Federal Criminal Police Office of Germany, aka the Bundeskriminalamt (BKA). The hacker, also known as 'BestBuy,' admitted to the court on Friday that he was behind the cyber attack that knocked more than 1.25 Million customers of German telecommunications provider Deutsche Telekom offline last November. According to the German aut

If you are hoverboard rider, you should be concerned about yourself. Thomas Kilbride, a security researcher from security firm IOActive, have discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take "full control" over the hoverboard within range and leave riders out-of-control. Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter, also known as SUV of hoverboards, which also allows it riders to control the hoverboard by a Ninebot smartphone app remotely. Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move. But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it. In a blog post published today, Thomas has disclosed a series of critical security vul

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application. Dubbed " Devil's Ivy ," the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices. The Devil's Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications. "When exploited, it allows an attacker to remotely access a video

The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen IoT botnets like Mirai – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. Now, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them. Researcher Shows Live Hacking Demonstration   The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber security firm Oneconsult, uses a low-cost tra

Internet-of-Things devices are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. There are, of course, some really good reasons to connect certain devices to the Internet. For example, remotely switching on your A/C a few minutes before you enter your home, instead of leaving it blasting all day. But does everything need to be connected? Of course, not. One such example is the latest bug report at Full Disclosure, affecting an Internet-connected washer-disinfector appliance by Germany-based manufacturer Miele . The Miele Professional PG 8528 appliance, which is used in medical establishments to clean and properly disinfect laboratory and surgical instruments, is suffering from a Web Server Directory Traversal vulnerability. Jens Regel of German consultancy Schneider & Wulf has discovered the flaw ( CVE-2017-7240 ) that allows an unauthenticated, remote attacker to access directories oth

Every parent should think twice before handing out Internet-connected toys or smart toys to their children, as these creepy toys pose a different sort of danger: privacy and data security risks for kids who play with them. This same incident was happened over a year ago when Hong Kong toymaker VTech was hacked , which exposed personal details, including snaps of parents and children and chat logs, of about 6.4 million children around the world. Now, in the latest security failing of the internet-connected smart toys, more than 2 Million voice recordings of children and their parents have been exposed, along with email addresses and passwords for over 820,000 user accounts. And What's even Worse? The hackers locked this data and held it for Ransom. California-based Spiral Toys' line of internet-connected stuffed animal toys, CloudPets , which allow children and relatives to send recorded voicemails back and forth, reportedly left the voice messages recorded between pare

Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS , a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating system is not made for your average home PC; instead, it is meant to protect industrial systems and embedded devices from cyber attacks by preventing any third-party or malicious code from executing. Kaspersky Lab CEO Eugene Kaspersky confirmed the rumors of a new operating system on his official blog published on Monday, saying this project under the codename 11-11 has been in the works for 14 years and has been designed from scratch. The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure. It's quite easy for most companies to get rid of the virus-infected computer,

MIRAI – possibly the biggest IoT-based malware threat that emerged last year, which caused vast internet outage in October last year by launching massive distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn . Now, the infamous malware has updated itself to boost its distribution efforts. Researchers from Russian cyber-security firm Dr.Web have now uncovered a Windows Trojan designed to built with the sole purpose of helping hackers spread Mirai to even more devices. Mirai is a malicious software program for Linux-based internet-of-things (IoT) devices which scan for insecure IoT devices, enslaves them into a botnet network, and then used them to launch DDoS attacks, and spreads over Telnet by using factory device credentials. It all started early October last year when a hacker publicly released the source code of Mirai . Dubbed Trojan.Mirai.1, the new Trojan targets Windows computers and scans the user's network for compromisable Linux-

Two suspected hackers have reportedly been arrested in London on suspicion of hacking 70 percent of the CCTV cameras in Washington with ransomware ahead of President Donald Trump's inauguration last month. The arrest took place on 20th January by the officers from the National Crime Agency (NCA) of UK after it received a request from United States authorities, but it has not been disclosed until now. The NCA raided a house in the south of London last month and detained a British man and a Swedish woman, both 50-years-old, reported The Sun. Some 123 of the 187 police CCTV cameras used to monitor public areas in Washington DC stopped working on 12 January, just 8 days before the inauguration of Donald Trump, after a cyber attack hit the storage devices. The cyber attack lasted for about three days, eventually leaving the CCTV cameras out of recording anything between 12 and 15 January. It was reported that the surveillance cameras were left useless after a ransomware made

What's the worst that could happen when a Ransomware hits a Hotel? Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel's IT system, and the hotel had no choice left except paying the attackers. Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with cyber attacks and data breaches on the rise. Ransomware is one of them. The threat has been around for a few years, but during 2016, it has turned into a noxious game of Hackers to get paid effortlessly by targeting hospitals, Universities, private businesses and even police departments and making hundreds of millions of dollars. Now, the Romantik Seehotel Jäegerwirt 4-Star Superior Hotel has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests f

The IT threat landscape has changed dramatically over the last three-four years. With no shortage of threat actors, from hacktivists to nation-states, criminals to terrorists, all of them are now after something new. It's no more just about stealing your money, credit cards and defacing websites, as now they are after the intellectual property, mass attacks and most importantly, our critical infrastructures. We have long-discussed nightmare scenarios of cyber attacks against nation's critical infrastructure, but now these scenarios have come to the real world, and we have seen many such incidents in the past years. The latest example is cyber attacks against Ukrainian power grid . Just two weeks back, Ukraine's national power company Ukrenergo confirmed that electricity outage on 17-18th December last year was caused by a cyber attack. Such sophisticated cyber attacks have revealed the extent of vulnerabilities in the systems that are operating the most critic

It might be the easiest bug bounty program ever. Netgear launched on Thursday a bug bounty program to offer up to $15,000 in rewards to hackers who will find security flaws in its products. Since criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of things (IoT) devices, it has become crucial to protect routers that contain the keys to the kingdom that connects the outside world to the IP networks that run these connected devices. To combat this issue, Netgear, one of the biggest networking equipment providers in the world, has launched a bug bounty program focusing on its products, particularly routers, wireless security cameras and mesh Wi-Fi systems. Bug bounty programs are cash rewards given by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose for the patch release. Also Read:   How Hackers Hack Bank Acco

The U.S. Federal Trade Commission has announced a "prize competition" for creating a software or hardware-based solution with the ability to auto-patch vulnerable Internet of Things (IoT) devices. Today we are surrounded by a number of Internet-connected devices. Our homes are filled with tiny computers embedded in everything from security cameras, TVs and refrigerators to thermostat and door locks. While IoT is going to improve life for many, the number of security risks due to lack of stringent security measures and encryption mechanisms in the devices have increased exponentially, giving attackers a large number of entry points to affect you in some or the other way. Remember Mirai Botnet ? A botnet of just 100,000 hijacked IoT devices was used to flood the Dyn DNS service with unwanted requests and close down the Internet for Millions of Users a few months ago. At that time, Chinese firm Hangzhou Xiongmai Technology admitted its smart products – DVRs and

Hey, Alexa! Who did this murder? Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things. Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with a variety of home automation hubs. It can do tasks like play music, make to-do lists, set alarms, and also provide real-time information such as weather and traffic. As first reported by The Information, authorities in Bentonville have issued a warrant for Amazon to hand over audio or records from an Echo device belonging to James Andrew Bates in the hope that they'll aid in uncovering additional details about the murder of Victor Collins. Just like Apple refused the FBI to help them unlock iPhone belonging to one of the San Bernardino terrorists, Amazon also declined to give police any of the info

Google announced a Developers Preview of " Android Things " — an Android-based operating system platform for smart devices and Internet of Things (IoT) products. The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they're already familiar with. As the Developers page of Android Things says: " If you can build an app, you can build a device ." The Android-based Internet of Things operating system is supposed to run on products like security cameras, connected speakers, and routers. Android Things is a rebranded version Google Brillo , an Android-based IoT OS that Google announced in 2015, with added tools like Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform. Unlike Brillo, development on Android Things can be achieved with " the same developer tools as stan