Archive for the ‘Internet of things’ Category

Microsoft buys Express Logic, adds a third operating system to its IoT range

April 18th, 2019
Different-colored rolls of thread are lined next to each other.

Enlarge / Multi-threading. (credit: Jamie Golden / Flickr)

Not content with having a Windows-based Internet of Things platform (Windows 10 IoT) and a Linux-based Internet of Things platform (Azure Sphere), Microsoft has added a third option. The company has announced that it has bought Express Logic and its ThreadX real-time operating system for an undisclosed sum.

Real-time operating systems (RTOSes) differ from more conventional platforms in their predictability. With an RTOS, a developer can guarantee that, for example, interrupt handling or switching from one process to another takes a known, bounded amount of time. This gives applications strong guarantees that they'll be able to respond in time to hardware events, timers, or other things that might make an application want to use the CPU. This predictability is essential for control applications; for example, ThreadX was used in NASA's Deep Impact mission that hurled a large object at a comet. ThreadX was also used in the iPhone 4's cellular radio controller, and ThreadX is embedded in the firmware of many Wi-Fi devices. These tasks need the determinism of an RTOS because there are timing constraints on how quickly they need to respond.

Linux can be built with various options to offer more predictable behavior and so can address some similar scenarios. But ThreadX has another big advantage up its sleeve: it's tiny. A minimal ThreadX installation takes 2,000 bytes of storage and needs 1KB of RAM, far less than Linux can use. By way of comparison, Microsoft's Sphere hardware (which uses a custom-designed ARM processor with various security features embedded) has 4MB of RAM for applications and 16MB of storage. There are an estimated 6.2 billion deployments of ThreadX running on several dozen different kinds of processor or microcontroller.

Read 3 remaining paragraphs | Comments

Posted in azure, azure sphere, express logic, Internet of things, microsoft, RTOS, Tech | Comments (0)

New variants of Mirai botnet detected, targeting more IoT devices

April 9th, 2019
New variants of Mirai botnet detected, targeting more IoT devices

Enlarge (credit: BeeBright/Getty Images)

Mirai, the “botnet” malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016—including one against the website of security reporter Brian Krebs—has gotten a number of recent updates. Now, developers using the widely distributed "open" source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems.

Researchers at Palo Alto Networks’ Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors.

The new variants also include a modified encryption algorithm for botnet communications and a new version of the original Mirai TCP SYN denial-of-service attack. Based on the signature of the new attack option, Unit 42 researchers were able to trace activity of the variants back as far as November 2018.

Read 3 remaining paragraphs | Comments

Posted in altera, Biz & IT, botnets, Internet of things, IoT, mirai, OpenRisc, Xilinx, Xtensa | Comments (0)

Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

March 18th, 2019
Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

Enlarge (credit: LG)

Mirai, the virulent Internet of Things malware that delivered record-setting denial-of-service attacks in 2016, has been updated to target a new crop of devices, including two found inside enterprise networks, where bandwidth is often plentiful, researchers said on Monday.

The malware infects webcams, routers, DVRs, and other Internet-connected devices, which typically ship with default credentials and run woefully outdated versions of Linux that are rarely, if ever, updated. The rapidly spreading Mirai first made a name for itself in 2016, when it helped achieve record-setting DDoS attacks against KrebsOnSecurity and French Web host OVH.

A newly discovered variant contains a total of 27 exploits, 11 of which are new to Mirai, researchers with security firm Palo Alto Networks reported in a blog post Monday. Besides demonstrating an attempt to reinvigorate Mirai’s place among powerful botnets, the new exploits signal an attempt to penetrate an arena that's largely new to Mirai. One of the 11 new exploits targets the WePresent WiPG-1000 Wireless Presentation systems, and another exploit targets LG Supersign TVs. Both of these devices are intended for use by businesses, which typically have networks that offer larger amounts of bandwidth than Mirai’s more traditional target of home consumers.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, botnets, Distributed Denial of Service attacks, Internet of things, IoT, mirai | Comments (0)

Review: The June oven made me want a camera in every cooking device

December 22nd, 2018
June oven from the front.

Enlarge (credit: June Oven)

When my husband and I received a flashy, $250 Breville toaster oven for our wedding in 2014, we couldn't believe how awesome it was. It revolutionized the two-person meal in our household. We were freed from using the geriatric, unreliable oven that came with our apartment, and cookies, pizzas, and baked chicken dishes were now heated all the way through.

The best feature was the timer; you could pop a banana bread in there, set it for 40 minutes, and go walk the dog knowing that, when the 40 minutes ended, the Breville would shut off, and your food would slowly stop cooking. The Breville also broiled and roasted, too, so I could char peppers in the summer for salsa. Even four years after buying it, I've maintained that it's the best toaster oven out there.

Enter the June Oven. Ars heard about this Silicon-Valley marvel several months ago, and I was sent a review unit to test out. The appliance, which ships in February, is a $600 Internet-connected toaster oven that acts as a convection oven, toaster, air fryer, dehydrator, slow cooker, broiler, and warming drawer. (Although you'll need to buy June's Air Baskets separately to actually use the device as an air fryer or as a dehydrator, which will set you back another $50.) You can operate the June from the touch screen on the front or from the June app. Most importantly, there's a camera inside the oven, which totally changed the way I cook.

Read 44 remaining paragraphs | Comments

Posted in Cooking, Features, Internet of things, June toaster oven, reviews, Tech | Comments (0)

A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

November 12th, 2018
A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

Enlarge (credit: D-Link)

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.

Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means.

Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, botnets, exploits, Internet of things, IoT, routers, universal plug and play, upnp, vulnerabilities | Comments (0)

Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

August 20th, 2017

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly.

One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices

Posted in google tracking, hacking smart device, Hacking Smart TV, Internet of things, smart device, Smartphone, Technology News | Comments (0)

Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features

August 17th, 2017

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car’s functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled.

No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked.

Car Hacking

Posted in car hacking, hacking news, Internet of things, Smart Car Hacking, Vulnerability | Comments (0)

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated…

Read the whole entry… »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

Siemens, DHS warn of “low skill” exploits against CT and PET Scanners

August 4th, 2017

Enlarge (credit: University of Queensland)

The Department of Homeland Security’s Industrial Control System Computer Emergency Response Team (ICS-CERT) has issued an alert warning of four vulnerabilities in multiple medical molecular imaging systems from Siemens. All of these systems have publicly available exploits that could allow an attacker to execute code remotely—potentially damaging or compromising the safety of the systems. “An attacker with a low skill would be able to exploit these vulnerabilities,” ICS-CERT warned.

Siemens identified the vulnerabilities in a customer alert on July 26, warning that the vulnerabilities were highly critical—giving them a rating of 9.8 out of a possible 10 using the Common Vulnerability Scoring System. The systems affected include Siemens CT, PET, and SPECT scanners and medical imaging workflow systems based on Windows 7.

One of the vulnerabilities is in the built-in Window Web server running on the systems. “An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft Web server (port 80/tcp and port 443/tcp) of affected devices,” Siemens warned in its alert. The bug in the Web server software allows code injection onto the devices.

Read 4 remaining paragraphs | Comments

Posted in Health IT, hospital it, Internet of things, Tech | Comments (0)

Hacking A $1500 ‘Smart Gun’ With $15 Magnets

July 29th, 2017

I think we should stop going crazy over the smart things unless it’s secure enough to be called SMART—from a toaster, security cameras, and routers to the computers and cars—everything is hackable.

But the worst part comes in when these techs just require some cheap and easily available kinds of stuff to get compromised.

Want example? It took just cheap magnets purchased from Amazon online

Posted in hacking news, hacking smart device, hacking smart gun, Internet of things, smart device, smart gun | Comments (0)