Archive for the ‘IoT’ Category

Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

March 18th, 2019
Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

Enlarge (credit: LG)

Mirai, the virulent Internet of Things malware that delivered record-setting denial-of-service attacks in 2016, has been updated to target a new crop of devices, including two found inside enterprise networks, where bandwidth is often plentiful, researchers said on Monday.

The malware infects webcams, routers, DVRs, and other Internet-connected devices, which typically ship with default credentials and run woefully outdated versions of Linux that are rarely, if ever, updated. The rapidly spreading Mirai first made a name for itself in 2016, when it helped achieve record-setting DDoS attacks against KrebsOnSecurity and French Web host OVH.

A newly discovered variant contains a total of 27 exploits, 11 of which are new to Mirai, researchers with security firm Palo Alto Networks reported in a blog post Monday. Besides demonstrating an attempt to reinvigorate Mirai’s place among powerful botnets, the new exploits signal an attempt to penetrate an arena that's largely new to Mirai. One of the 11 new exploits targets the WePresent WiPG-1000 Wireless Presentation systems, and another exploit targets LG Supersign TVs. Both of these devices are intended for use by businesses, which typically have networks that offer larger amounts of bandwidth than Mirai’s more traditional target of home consumers.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, botnets, Distributed Denial of Service attacks, Internet of things, IoT, mirai | Comments (0)

Google boasts 1 billion Assistant devices—10x Amazon Alexa’s install base

January 7th, 2019
Some of the many things that can run the Google Assistant.

Enlarge / Some of the many things that can run the Google Assistant.

The Consumer Electronics Show (CES) kicks off this week, and the show promises to be a voice command battleground. Before Google Assistant and Amazon Alexa start duking it out on the show floor, Google wants to let the world know just how many devices have access to the Google Assistant: a cool billion. Google says it expects to hit one billion Google Assistant devices by the end of the month—that's the total install base of devices that allow the user to issue voice commands to the Google Assistant.

Thanks to a report from The Verge, we also have really recent numbers for Alexa. Amazon just announced there are 100 million Alexa devices out there, so if we're treating all devices as equal, Google has ten times as many voice command devices in the wild than Amazon.

The Google Assistant launched in 2016 on the Google Pixel phone and since then has spread to a ton of devices. There's a range of smart speakers like the Google Home line and third-party devices from JBL, Sony, Panasonic, LG, and more. There are smart displays like the Google Home Hub and third-party offerings from Lenovo, JBL, and LG. With a phone running Android Auto, you can have access to the Assistant from your car's infotainment screen. For TVs, there's both Sony and LG displays with Android TV and the Assistant built in, set-top boxes from Nvidia and Xiaomi, and even a plan for smart soundbars. For laptops, Google-built Chrome OS devices all have access to the Google Assistant, and it sounds like it's going to be a standard feature on all Chrome OS devices soon. If you make the mistake of buying a Wear OS device, you can get the Assistant on your watch, and it's even available on some Nest cameras.

Read 3 remaining paragraphs | Comments

Posted in alexa, amazon, Android, ces2019, google, Google Assistant, IoT, Tech | Comments (0)

Even KitchenAid is making a Google Smart Display—and it’s water resistant

January 7th, 2019
Even KitchenAid is making a Google Smart Display—and it’s water resistant

Enlarge (credit: KitchenAid)

It's CES week, and we have a new Google-powered smart display to talk about. A big feature of these smart displays is a visual and audio walkthrough of cooking recipes, and with Google's platform open to third parties, it only makes sense that traditional kitchen appliance manufacturers would want to get in on the action, right? Enter the KitchenAid Smart Display, which takes all the features and functionality of Google's smart display platform (reference the Google Home Hub and Lenovo Smart Display) and wraps it up with an appliance name that will feel right at home next to your mixer or refrigerator.

The KitchenAid Smart Display sounds a lot like the other third-party Google Smart Displays, with a 10-inch touchscreen and the usual Google Assistant software with smart home controls. KitchenAid is bringing two big hardware features to the table, though. First, compared to other third-party Google Smart Displays from JBL, LG, and Lenovo, this is a very compact design for something with a 10-inch display. Second, the KitchenAid has an IPX-5 water resistance rating. KitchenAid says the device is "rated for resistance to faucet water," so you can actually wash the smart display in the sink after a messy cooking session (though you should probably unplug it first).

Besides running the same interface you'd find on the Google Home Hub or the Lenovo Smart Display, KitchenAid is throwing in extra voice commands for its Yummly cooking app. The press release says you'll get "Yummly voice and visual meal planning and guided cooking functionality," but keep in mind this is in addition to the usual cooking guidance that is already built into the Google smart display software.

Read 1 remaining paragraphs | Comments

Posted in CES 2019, IoT, kitchenaid, smart things, Tech | Comments (0)

June postscript: 5 unusual things you can make in an Internet-connected oven

December 31st, 2018
Baked churros

Enlarge / The air-fried "churros" were delicious, but they tasted nothing at all like churros. (credit: Megan Geuss)

Earlier this month, Ars reviewed the June Oven, an Internet-connected, seven-in-one device that pushes the boundaries of the traditional toaster oven. Overall, I felt pretty positive about the June, especially the internal camera that allows you to watch your food cook (and share that view with others if you so desire).

But I mostly tested more traditional foods in the oven. After all, the best way to tell if a new toaster oven is any good is to see if it makes your best recipes more deliciously/reliably than your old toaster oven. I tried out some new things, of course: I hardboiled eggs (good!), baked bacon (bad!), and dehydrated kale chips (yummy but energy intensive!).

Before I send the June Oven back to its maker (in a box, with postage, not in a violent way of course) I wanted to test out five of the more unusual recipes that I found in June's app cookbook. The cookbook that's included in the June app is surprisingly well-populated with recipes specifically tailored to this IoT toaster oven, including a number of recipes that you'd never think to use a toaster oven for.

Read 14 remaining paragraphs | Comments

Posted in Biz & IT, Cooking, IoT, June, kitchen tech, Tech | Comments (0)

Logitech disables local access on Harmony Hubs, breaks automation systems [Update]

December 19th, 2018
Logitech disables local access on Harmony Hubs, breaks automation systems [Update]

Enlarge (credit: Logitech)

Update, Dec 21, 2:47pm: In response to customers' frustration, Logitech issued another statement today with instructions on how to enable private local API controls. The company created a new XMPP beta program that will give users access to the local controls that were removed in the most recent Harmony Hub firmware update. Logitech plans to release an official firmware update with XMPP controls in January.

Original story

Many users of Logitech's Harmony Hub smart home hub and remote were recently met with a nasty surprise. The device's latest firmware update, version 4.15.206, reportedly cuts off local access for Harmony Hubs. As a result, many users who created home automation and smart home systems using third-party APIs haven't been able to control many, and in some cases, all of their connected IoT devices.

Read 9 remaining paragraphs | Comments

Posted in API, harmony hub, home automation, IoT, local access, Logitech, smart home, Tech | Comments (0)

A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

November 12th, 2018
A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

Enlarge (credit: D-Link)

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.

Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means.

Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, botnets, exploits, Internet of things, IoT, routers, universal plug and play, upnp, vulnerabilities | Comments (0)

Industrial Cobots Might Be The Next Big IoT Security Mess

August 22nd, 2017

Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.

Posted in cesar cerrudo, cobot security, cobot vulnerabilities, cobots, collaborative robots, commercial robots, Hack in the Box Singapore, industrial robots, IOActive, IoT, Luis Apa, robotics vulnerabilities, robots, vulnerabilities | Comments (0)

How to Navigate this Connected World

August 18th, 2017

This blog was written in collaboration with Kishore Jotwani, Sr. Director of Marketing & Business Development for Intel’s Wireless Consumer Infrastructure Platforms and Bill Zhou, VP of product management, ARRIS. 

Doors locked, windows shut, and alarm set. I should be safe… right?

The Internet of Things (IoT) is an ever-growing force that makes my everyday life easier. With real-world applications aplenty, I can’t imagine my life without IoT devices. Fitness wearables allow me to stay on track with my health goals, smart home security cameras keep my family and home safe, and even my smart oven helps me step up my cooking skills.

Unfortunately, as with anything else, there are two sides to this coin. Highlighted events over the past year have shown us that IoT devices, if not properly secured, can be vulnerable to attacks. In October of 2016,  the Dyn DDoS attack leveraged, and infected, countless connected devices to shut down several popular sites, like Spotify and Twitter. Similarly, the Mirai malware used vulnerable IoT devices, forming them into a botnet army, to stake its claim.

Now more than ever, it’s clear we live in an interconnected world, in which our homes present new opportunities for entry—and I don’t mean breaking a window. Instead of only having to worry about a physical break-in, we’re faced with the threat of a cyber break-in—one that aims to compromise connected home gadgets, and personal data to boot.

I use connected devices to help make my life easier and streamline everyday processes, but without proper security, I’m left as a sitting duck. Also, with the growing number of IoT devices in my home, they’re all competing for network bandwidth and slow down my network speed.

So, what can you do to keep your home, and your family’s data and devices secure without sacrificing network speed?

The most important thing to note is that cybercriminals rely on the assumption that we, as consumers, won’t be proactive when it comes to properly locking down our smart home devices, and the accounts connected to them.

By following these tips, you can stay proactive and beat cybercriminals at their own game:

  • Stay updated: Do your research on smart home devices, and choose the most secure one you can get your hands on. Also, always keep your devices’ software up to date to practice optimal security.
  • Change it up: If you purchase a new, connected device for your home, change the default password right away. Need some help creating a secure login for it? We’ve got you covered.
  • Safety first: Implement a solution that keeps all your smart home devices secure. For an extra layer of security, you can onboard two different routers for your home, dedicating one specifically to your IoT devices. Having one network for your connected devices and another for your other personal devices (laptop and mobile) is considered a best practice. That way, if a hacker gains access of one network, your devices on the other network are safe.
  • Have a one-stop shop: Look for a solution that offers protection at the home network level, like ARRIS Secure Home Internet by McAfee®, now available in the ARRIS SURFboard SBG7580-AC gateway. Because this solution is directly embedded in the gateway, it automatically protects your connected gadgets, without slowing down your network speed.

Remember, cybercriminals are expecting us to slip up with security, so it’s important to stay on top of it. Stay informed on smart home protection best practices, and show those hackers who’s boss!

Interested in learning more about mobile security tips and trends? Follow @McAfee_Home on Twitter, and like us on Facebook.

The post How to Navigate this Connected World appeared first on McAfee Blogs.

Posted in consumer, IoT, Mobile Security | Comments (0)

Scanners to be patched after government warns of vulnerabilities

August 9th, 2017

Siemens says that there’s no evidence its scanners have been compromised – but the patches will be ready by the end of the month

Posted in healthcare, IoT, medical devices, Security threats, Siemens, Vulnerability | Comments (0)

Legislation Proposed to Secure Connected IoT Devices

August 1st, 2017

Internet of Things Cybersecurity Improvement Act would mandate stringent security for connected devices sold to the federal government.

Posted in Bruce Schneier, DDoS Attacks, Dyn, Government, IoT, IoT botnet, Mark Warner, OVH, Ron Wyden, vulnerabilities | Comments (0)