Archive for the ‘Internet of things’ Category

Microsoft catches Russian state hackers using IoT devices to breach networks

August 5th, 2019
A script used to maintain network persistence.

Enlarge / A script used to maintain network persistence. (credit: Microsoft)

Hackers working for the Russian government have been using printers, video decoders, and other so-called Internet-of-things devices as a beachhead to penetrate targeted computer networks, Microsoft officials warned on Monday.

“These devices became points of ingress from which the actor established a presence on the network and continued looking for further access,” officials with the Microsoft Threat Intelligence Center wrote in a post. “Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.”

The officials continued:

Read 5 remaining paragraphs | Comments

Posted in APT28, Biz & IT, Fancy Bear, Internet of things, IoT, Strontium | Comments (0)

Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

July 29th, 2019
Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries. According to a new report Armis researchers shared with The

Posted in embedded devices, embedded operating system, hacking IoT devices, Internet of things, IoT Hacking, operating system, real-time operating system, Vulnerability, VxWorks | Comments (0)

For the industrial Internet of Things, defense in depth is a requirement

June 19th, 2019
Sensors, sensors everywhere!

Enlarge / Sensors, sensors everywhere! (credit: Getty / 7postman)

Ars yesterday wrote a big feature on the concept of "Industry 4.0," the fancy-sounding name that describes the ongoing shift in how products are created from raw materials and distributed along the supply chain to customers.

What the "4.0" revision adds compared to Industries 1.0 through 3.0 is a complex set of linkages between information and operational technologies. (IT stores, transmits, and manipulates data, while "OT" detects and causes changes in physical processes, such as devices for manufacturing or climate control.)

It's a modular and flexible approach to manufacturing that creates digital links among "smart factories" that are powered by the industrial Internet of Things, big data, and machine learning. And that's almost enough fancy CEO words to make bingo. At least in this case, the buzzwords aren't just important-sounding but ultimately meaningless concepts. Similar to how the rise of devops welded programming with operations, making the manufacturing process smarter by stuffing in all those buzzwords really is causing fundamental changes in how things are made.

Read 18 remaining paragraphs | Comments

Posted in Artificial intelligence, Biz & IT, factory of the future, Industry 4.0, Internet of things | Comments (0)

The fourth Industrial revolution emerges from AI and the Internet of Things

June 18th, 2019
Robots making things!

Enlarge / Robots making things! (credit: Getty / Ekkasit Keatsirikul / EyeEm)

Big data, analytics, and machine learning are starting to feel like anonymous business words, but they're not just overused abstract concepts—those buzzwords represent huge changes in much of the technology we deal with in our daily lives. Some of those changes have been for the better, making our interaction with machines and information more natural and more powerful. Others have helped companies tap into consumers' relationships, behaviors, locations and innermost thoughts in powerful and often disturbing ways. And the technologies have left a mark on everything from our highways to our homes.

It's no surprise that the concept of "information about everything" is being aggressively applied to manufacturing contexts. Just as they transformed consumer goods, smart, cheap, sensor-laden devices paired with powerful analytics and algorithms have been changing the industrial world as well over the past decade. The "Internet of Things" has arrived on the factory floor with all the force of a giant electronic Kool-Aid Man exploding through a cinderblock wall.

Tagged as "Industry 4.0," (hey, at least it's better than "Internet of Things"), this fourth industrial revolution has been unfolding over the past decade with fits and starts—largely because of the massive cultural and structural differences between the information technology that fuels the change and the "operational technology" that has been at the heart of industrial automation for decades.

Read 32 remaining paragraphs | Comments

Posted in Artificial intelligence, Biz & IT, factory of the future, feature, Features, Industry 4.0, Internet of things | Comments (0)

Microsoft buys Express Logic, adds a third operating system to its IoT range

April 18th, 2019
Different-colored rolls of thread are lined next to each other.

Enlarge / Multi-threading. (credit: Jamie Golden / Flickr)

Not content with having a Windows-based Internet of Things platform (Windows 10 IoT) and a Linux-based Internet of Things platform (Azure Sphere), Microsoft has added a third option. The company has announced that it has bought Express Logic and its ThreadX real-time operating system for an undisclosed sum.

Real-time operating systems (RTOSes) differ from more conventional platforms in their predictability. With an RTOS, a developer can guarantee that, for example, interrupt handling or switching from one process to another takes a known, bounded amount of time. This gives applications strong guarantees that they'll be able to respond in time to hardware events, timers, or other things that might make an application want to use the CPU. This predictability is essential for control applications; for example, ThreadX was used in NASA's Deep Impact mission that hurled a large object at a comet. ThreadX was also used in the iPhone 4's cellular radio controller, and ThreadX is embedded in the firmware of many Wi-Fi devices. These tasks need the determinism of an RTOS because there are timing constraints on how quickly they need to respond.

Linux can be built with various options to offer more predictable behavior and so can address some similar scenarios. But ThreadX has another big advantage up its sleeve: it's tiny. A minimal ThreadX installation takes 2,000 bytes of storage and needs 1KB of RAM, far less than Linux can use. By way of comparison, Microsoft's Sphere hardware (which uses a custom-designed ARM processor with various security features embedded) has 4MB of RAM for applications and 16MB of storage. There are an estimated 6.2 billion deployments of ThreadX running on several dozen different kinds of processor or microcontroller.

Read 3 remaining paragraphs | Comments

Posted in azure, azure sphere, express logic, Internet of things, microsoft, RTOS, Tech | Comments (0)

New variants of Mirai botnet detected, targeting more IoT devices

April 9th, 2019
New variants of Mirai botnet detected, targeting more IoT devices

Enlarge (credit: BeeBright/Getty Images)

Mirai, the “botnet” malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016—including one against the website of security reporter Brian Krebs—has gotten a number of recent updates. Now, developers using the widely distributed "open" source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems.

Researchers at Palo Alto Networks’ Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors.

The new variants also include a modified encryption algorithm for botnet communications and a new version of the original Mirai TCP SYN denial-of-service attack. Based on the signature of the new attack option, Unit 42 researchers were able to trace activity of the variants back as far as November 2018.

Read 3 remaining paragraphs | Comments

Posted in altera, Biz & IT, botnets, Internet of things, IoT, mirai, OpenRisc, Xilinx, Xtensa | Comments (0)

Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

March 18th, 2019
Brace yourselves: New variant of Mirai takes aim at a new crop of IoT devices

Enlarge (credit: LG)

Mirai, the virulent Internet of Things malware that delivered record-setting denial-of-service attacks in 2016, has been updated to target a new crop of devices, including two found inside enterprise networks, where bandwidth is often plentiful, researchers said on Monday.

The malware infects webcams, routers, DVRs, and other Internet-connected devices, which typically ship with default credentials and run woefully outdated versions of Linux that are rarely, if ever, updated. The rapidly spreading Mirai first made a name for itself in 2016, when it helped achieve record-setting DDoS attacks against KrebsOnSecurity and French Web host OVH.

A newly discovered variant contains a total of 27 exploits, 11 of which are new to Mirai, researchers with security firm Palo Alto Networks reported in a blog post Monday. Besides demonstrating an attempt to reinvigorate Mirai’s place among powerful botnets, the new exploits signal an attempt to penetrate an arena that's largely new to Mirai. One of the 11 new exploits targets the WePresent WiPG-1000 Wireless Presentation systems, and another exploit targets LG Supersign TVs. Both of these devices are intended for use by businesses, which typically have networks that offer larger amounts of bandwidth than Mirai’s more traditional target of home consumers.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, botnets, Distributed Denial of Service attacks, Internet of things, IoT, mirai | Comments (0)

Review: The June oven made me want a camera in every cooking device

December 22nd, 2018
June oven from the front.

Enlarge (credit: June Oven)

When my husband and I received a flashy, $250 Breville toaster oven for our wedding in 2014, we couldn't believe how awesome it was. It revolutionized the two-person meal in our household. We were freed from using the geriatric, unreliable oven that came with our apartment, and cookies, pizzas, and baked chicken dishes were now heated all the way through.

The best feature was the timer; you could pop a banana bread in there, set it for 40 minutes, and go walk the dog knowing that, when the 40 minutes ended, the Breville would shut off, and your food would slowly stop cooking. The Breville also broiled and roasted, too, so I could char peppers in the summer for salsa. Even four years after buying it, I've maintained that it's the best toaster oven out there.

Enter the June Oven. Ars heard about this Silicon-Valley marvel several months ago, and I was sent a review unit to test out. The appliance, which ships in February, is a $600 Internet-connected toaster oven that acts as a convection oven, toaster, air fryer, dehydrator, slow cooker, broiler, and warming drawer. (Although you'll need to buy June's Air Baskets separately to actually use the device as an air fryer or as a dehydrator, which will set you back another $50.) You can operate the June from the touch screen on the front or from the June app. Most importantly, there's a camera inside the oven, which totally changed the way I cook.

Read 44 remaining paragraphs | Comments

Posted in Cooking, Features, Internet of things, June toaster oven, reviews, Tech | Comments (0)

A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

November 12th, 2018
A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

Enlarge (credit: D-Link)

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.

Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means.

Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, botnets, exploits, Internet of things, IoT, routers, universal plug and play, upnp, vulnerabilities | Comments (0)

Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

August 20th, 2017

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly.

One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices

Posted in google tracking, hacking smart device, Hacking Smart TV, Internet of things, smart device, Smartphone, Technology News | Comments (0)