Archive for the ‘Internet of things’ Category

Sonos sunsets several smart speakers’ software support, spurring storm [Updated]

January 22nd, 2020
Promotional image of record player in bohemian studio.

Enlarge / The Sonos Connect:Amp in what is soon to be its natural setting: a room filled with old stuff that may or may not work. (credit: Sonos)

Update: Sonos CEO Patrick Spence published an open letter to Sonos customers Wednesday, apologizing for the way his company handled the announcement. Spence pledged to keep legacy products "updated with bug fixes and security patches for as long as possible," although they still will not receive new software updates, and Spence reiterated the company's commitment to creating a workaround to separate legacy products onto a secondary network and allow users to use legacy products and "modern" Sonos equipment in the same home.

"Thank you for taking the time to give us your feedback. I hope that you’ll forgive our misstep and let us earn back your trust," Spence added.

Original post:

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, internet of shit, Internet of things, smart speakers, Sonos, sunset | Comments (0)

Internet routers running Tomato are under attack by notorious crime gang

January 21st, 2020
Internet routers running Tomato are under attack by notorious crime gang

Enlarge (credit: advancedtomato.com)

Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found, the exploit then makes the routers part of a botnet that’s used in a host of online attacks, researchers said on Tuesday.

The Muhstik botnet came to light about two years ago when it started unleashed a string of exploits that attacked Linux servers and Internet-of-things devices. It opportunistically exploited a host of vulnerabilities, including the so-called critical Drupalgeddon2 vulnerability disclosed in early 2018 in the Drupal content management system. Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software. The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress.

On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers.

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, botnets, exploits, Internet of things, passwords, routers, tomato | Comments (0)

Smart scale goes dumb as Under Armour pulls the plug on connected tech

January 21st, 2020
The UA Scale.

The UA Scale. (credit: Under Armour)

Any smart device comes with its own set of benefits and trade-offs, but there's one huge shoe waiting to drop with every single one of them: anything you connect can be disconnected at the other end, and there's absolutely nothing you the consumer can do about it. Today's example of smart stuff going dumb comes courtesy of Under Armour, which is effectively rendering its fitness hardware line very expensive paperweights.

The company quietly pulled its UA Record app from both Google Play and Apple's App Store on New Year's Eve. In an announcement dated sometime around January 8, Under Armour said that not only has the app been removed from all app stores, but the company is no longer providing customer support or bug fixes for the software, which will completely stop working as of March 31.

Under Armour launched its lineup of connected fitness devices in 2016. The trio of trackers included a wrist-worn activity monitor, a smart scale, and a chest-strap-style heart rate monitor. The scale and wristband retailed at $180 each, with the heart monitor going for $80. Shoppers could buy all three together in a $400 bundle called the UA HealthBox.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, internet of shit, Internet of things, under armour | Comments (0)

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

December 4th, 2019
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take

Posted in arbitrary code execution, connected devices, cyber security, GoAhead Web server, hacking smart device, Internet of things, smart device, Vulnerability, web server, website security | Comments (0)

IoT botnet creator cops plea to hacking more than 800,000 devices

September 4th, 2019
A judge's gavel on a desk.

Enlarge (credit: Getty Images | Marilyn Nieves)

A 21-year-old Washington man has pleaded guilty to creating botnets that converted hundreds of thousands of routers, cameras, and other Internet-facing devices into money-making denial-of-service fleets that could knock out entire Web hosting companies.

Kenneth Currin Schuchman of Vancouver, Washington, admitted in federal court documents on Tuesday that he and two other co-conspirators operated Sartori and at least two other botnets that collectively enslaved more than 800,000 Internet-of-Things devices. They then used those botnets to sell denial-of-service attacks that customers could order. Last October, while on supervisory release after being indicted for those crimes, Schuchman created a new botnet and also arranged a swatting attack on one of his co-conspirators, the plea agreement, which is signed by the hacker, said.

The crime outlined in the court documents started with the advent in late 2016 of Mirai, a botnet that changed the DDoS paradigm by capitalizing on two salient features of IoT devices: their sheer numbers and their notoriously bad security. Mirai scanned the Internet for devices that were protected by an easy-to-guess default password. When the botnet found one, it corralled it into a botnet that could overwhelm even large targets with more junk traffic than they could handle.

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, botnets, DDoS, Denial of Service, Internet of things, IoT, Policy | Comments (0)

Microsoft catches Russian state hackers using IoT devices to breach networks

August 5th, 2019
A script used to maintain network persistence.

Enlarge / A script used to maintain network persistence. (credit: Microsoft)

Hackers working for the Russian government have been using printers, video decoders, and other so-called Internet-of-things devices as a beachhead to penetrate targeted computer networks, Microsoft officials warned on Monday.

“These devices became points of ingress from which the actor established a presence on the network and continued looking for further access,” officials with the Microsoft Threat Intelligence Center wrote in a post. “Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.”

The officials continued:

Read 5 remaining paragraphs | Comments

Posted in APT28, Biz & IT, Fancy Bear, Internet of things, IoT, Strontium | Comments (0)

For the industrial Internet of Things, defense in depth is a requirement

June 19th, 2019
Sensors, sensors everywhere!

Enlarge / Sensors, sensors everywhere! (credit: Getty / 7postman)

Ars yesterday wrote a big feature on the concept of "Industry 4.0," the fancy-sounding name that describes the ongoing shift in how products are created from raw materials and distributed along the supply chain to customers.

What the "4.0" revision adds compared to Industries 1.0 through 3.0 is a complex set of linkages between information and operational technologies. (IT stores, transmits, and manipulates data, while "OT" detects and causes changes in physical processes, such as devices for manufacturing or climate control.)

It's a modular and flexible approach to manufacturing that creates digital links among "smart factories" that are powered by the industrial Internet of Things, big data, and machine learning. And that's almost enough fancy CEO words to make bingo. At least in this case, the buzzwords aren't just important-sounding but ultimately meaningless concepts. Similar to how the rise of devops welded programming with operations, making the manufacturing process smarter by stuffing in all those buzzwords really is causing fundamental changes in how things are made.

Read 18 remaining paragraphs | Comments

Posted in Artificial intelligence, Biz & IT, factory of the future, Industry 4.0, Internet of things | Comments (0)

The fourth Industrial revolution emerges from AI and the Internet of Things

June 18th, 2019
Robots making things!

Enlarge / Robots making things! (credit: Getty / Ekkasit Keatsirikul / EyeEm)

Big data, analytics, and machine learning are starting to feel like anonymous business words, but they're not just overused abstract concepts—those buzzwords represent huge changes in much of the technology we deal with in our daily lives. Some of those changes have been for the better, making our interaction with machines and information more natural and more powerful. Others have helped companies tap into consumers' relationships, behaviors, locations and innermost thoughts in powerful and often disturbing ways. And the technologies have left a mark on everything from our highways to our homes.

It's no surprise that the concept of "information about everything" is being aggressively applied to manufacturing contexts. Just as they transformed consumer goods, smart, cheap, sensor-laden devices paired with powerful analytics and algorithms have been changing the industrial world as well over the past decade. The "Internet of Things" has arrived on the factory floor with all the force of a giant electronic Kool-Aid Man exploding through a cinderblock wall.

Tagged as "Industry 4.0," (hey, at least it's better than "Internet of Things"), this fourth industrial revolution has been unfolding over the past decade with fits and starts—largely because of the massive cultural and structural differences between the information technology that fuels the change and the "operational technology" that has been at the heart of industrial automation for decades.

Read 32 remaining paragraphs | Comments

Posted in Artificial intelligence, Biz & IT, factory of the future, feature, Features, Industry 4.0, Internet of things | Comments (0)

Microsoft buys Express Logic, adds a third operating system to its IoT range

April 18th, 2019
Different-colored rolls of thread are lined next to each other.

Enlarge / Multi-threading. (credit: Jamie Golden / Flickr)

Not content with having a Windows-based Internet of Things platform (Windows 10 IoT) and a Linux-based Internet of Things platform (Azure Sphere), Microsoft has added a third option. The company has announced that it has bought Express Logic and its ThreadX real-time operating system for an undisclosed sum.

Real-time operating systems (RTOSes) differ from more conventional platforms in their predictability. With an RTOS, a developer can guarantee that, for example, interrupt handling or switching from one process to another takes a known, bounded amount of time. This gives applications strong guarantees that they'll be able to respond in time to hardware events, timers, or other things that might make an application want to use the CPU. This predictability is essential for control applications; for example, ThreadX was used in NASA's Deep Impact mission that hurled a large object at a comet. ThreadX was also used in the iPhone 4's cellular radio controller, and ThreadX is embedded in the firmware of many Wi-Fi devices. These tasks need the determinism of an RTOS because there are timing constraints on how quickly they need to respond.

Linux can be built with various options to offer more predictable behavior and so can address some similar scenarios. But ThreadX has another big advantage up its sleeve: it's tiny. A minimal ThreadX installation takes 2,000 bytes of storage and needs 1KB of RAM, far less than Linux can use. By way of comparison, Microsoft's Sphere hardware (which uses a custom-designed ARM processor with various security features embedded) has 4MB of RAM for applications and 16MB of storage. There are an estimated 6.2 billion deployments of ThreadX running on several dozen different kinds of processor or microcontroller.

Read 3 remaining paragraphs | Comments

Posted in azure, azure sphere, express logic, Internet of things, microsoft, RTOS, Tech | Comments (0)

New variants of Mirai botnet detected, targeting more IoT devices

April 9th, 2019
New variants of Mirai botnet detected, targeting more IoT devices

Enlarge (credit: BeeBright/Getty Images)

Mirai, the “botnet” malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016—including one against the website of security reporter Brian Krebs—has gotten a number of recent updates. Now, developers using the widely distributed "open" source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems.

Researchers at Palo Alto Networks’ Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors.

The new variants also include a modified encryption algorithm for botnet communications and a new version of the original Mirai TCP SYN denial-of-service attack. Based on the signature of the new attack option, Unit 42 researchers were able to trace activity of the variants back as far as November 2018.

Read 3 remaining paragraphs | Comments

Posted in altera, Biz & IT, botnets, Internet of things, IoT, mirai, OpenRisc, Xilinx, Xtensa | Comments (0)