“On default, Alexa ends the sessions after each duration… we were able to build in a feature that kept the session going [so Alexa would continue listening]. We also wanted to make sure that the user is not prompted and that Alexa is still listening without re-prompts,” Erez Yalon, manager of Application Security Research at Checkmarx, told Threatpost.
But in urban areas all around the world where Microsoft wants to do business, the white spaces will be very useful for “smart city” devices and applications—remember, that’s Microsoft’s big idea. And if the US is already widely using those white spaces, the rest of the world will follow along—both in terms of policy and in terms of providing additional marketplaces for the white spaces ecosystem of manufacturers to sell into.
According to Scheel, the problem is that the HbbTV standard, carried by DVB-T signals and supported by all smart TVS, allows the sending of commands that tell smart TVs to access and load a website in the background.
Knowing this, Scheel developed two exploits he hosted on his own website, which when loaded in the TV’s built-in browser would execute malicious code, gain root access, and effectively take over the device.
While this incident represents one of the first of its kind, the bad news is this form of attack is only going to become more common as more and more everyday items get connected to the internet, providing hackers with greater numbers of potential zombie devices.”
The reason behind it is the issue of default credentials for wireless devices. This is going to bring billions of devices into the fold by 2020, which is only three years away. Whenever it is, there’s going to be so many of these things used by people with very limited understanding of what they are,” says Dine.
The network that IoT devices must use should be isolated and secured by a firewall. This isn’t that difficult to do.
The full story is admittedly lengthy, clocking in at over 8000 words, but worth the time to understand how botnet wranglers make money siccing their zombie device armies on unsuspecting targets. The sources that pointed Krebs to Anna Senpai’s identity were involved in using botnets on behalf of shadowy clients, unleashing them on security companies protecting lucrative Minecraft servers that host thousands of players. When their online gaming is obstructed — say, by repeated and annoying DDoS attacks — players leave, giving servers an incentive to jump ship to whichever security provider can ensure protection…in this case, providers that arranged for the botnet attacks in the first place.
With the SmartDevice capability, future Liebherr refrigerators will help in shopping and planning meals with intelligent food management. Stored groceries can be monitored using internal cameras and object recognition technology. This process not only captures images for viewing but also recognizes individual food items inside the refrigerator. This information flows automatically into an inventory list, which lets the customer see quickly and clearly what is in the refrigerator from anywhere. Using the SmartDeviceBox voice module, additional groceries can be added to a shopping list that customers can access when on the move using an app for iOS, Android or Windows devices.
During setup the app instructs the user to either plug in an Ethernet cable or press the ‘pair’ button on the camera which causes the camera to switch to host mode and offer up an open (aka insecure) wireless network. The app then scans for this network which is typically called CameraHD-(MAC address) and prompts the user to connect to it. This is an alarming feature for a camera designed for outdoor use particularly as the camera also offers a host of unfiltered network services, including the network video feed (RTSP), a bespoke internal messaging service for initiating alerts and two distinct web servers (nuvoton and busybox), one of which has an undocumented firmware upgrade page. Readers of our other blogs will know how much we like upgrading firmware…
Wi-Fi HaLow extends Wi-Fi into the 900 MHz band, enabling the low power connectivity necessary for applications including sensor and wearables. Wi-Fi HaLow’s range is nearly twice that of today’s Wi-Fi, and will not only be capable of transmitting signals further, but also providing a more robust connection in challenging environments where the ability to more easily penetrate walls or other barriers is an important consideration.
But, with more cities joining the Smart City revolution and investing in sensors and other IoT devices, the risk of a new tech bubble is rising. The same technology giants that helped Barcelona become a smart city are now pushing more pilots of newer technologies with little regard for solutions that already work and can be shared without incurring additional expenses.
Let’s consider a few of the most worrisome issues related to IoT today:
In the long run, we are being faced with a bunch of independent devices that can’t be managed by a single platform or protocol. Manufacturers are now being required to develop different versions for different standards, effectively increasing manufacturing and engineering costs, and reducing their market potential.
Many of the most serious flaws revealed a kind of sloppiness in the design and production of the devices, Brandon Creighton, Veracode’s research architect, told The Security Ledger. For example: both the Ubi and Wink Relay devices left debugging interfaces exposed and unsecured in their shipped product. That could provide an avenue for attackers who had access to the same network as the device to steal information or bypass other security controls.
Exposed debugging interfaces are useful during product testing, but have little or no utility to consumers. That suggests that the companies merely forgot to restrict access to them before shipping, Creighton said.