Firmware, Hacking and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Now for the big challenge - security. Let's dive into it.

IoT

IoT Firmware Risk Manufacturing

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords. Devices in people's homes and on enterprise networks will be tested alike. [.].

IoT

IoT Government Firmware Hacking

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. “The largest share belongs to the version of firmware previous to the current stable one.”

IoT

IoT DDOS Internet Internet

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e.

IoT

IoT Hacking Firmware Advertising

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. Affected devices use VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40 ” concludes the report.

Firmware

Firmware Manufacturing IoT Healthcare

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

I've spent more time IoT'ing my house over the last year than any sane person ever should. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. You also want to be able to change the colour because hey, that's kinda cool.

Internet

Internet Internet IoT Firmware

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

IoT

IoT Government Internet Internet

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. SecurityAffairs – hacking, Ttint botnet).

IoT

IoT Firmware Advertising DNS

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. The flaw could be easily exploited by a remote attacker to take over an IoT device, the only info needed for the attack is the Kalay unique identifier (UID) of the targeted user. .

IoT

IoT Hacking Social Engineering Firmware

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

IoT

IoT Firmware Malware Wireless

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . ” continues the experts.

IoT

IoT Hacking Firmware Advertising

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Security Affairs

FEBRUARY 18, 2020

Even before the appearance of the word (I)IoT, I was breaking hardware devices, as many of you, with a multitude of debuggers (i.e. Successfully dumped the smartlock’s firmware. And after having successfully dumped the firmware we can proceed at extracting some valuable evidences for the forensics case. Some Practical Use-Cases.

IoT

IoT Hacking Firmware Advertising

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Planet Technology has released firmware version 1.305b241111 to address these issues. ” concludes the report. .

Firmware

Firmware IoT Wireless Surveillance

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. If Twinkly lights are present in the network they will be instructed to display the message ‘Hack the Planet!’ Pierluigi Paganini.

IoT

IoT Hacking DNS Authentication

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. SecurityAffairs – hacking, Mozi botnet). Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Chinese national charged for hacking thousands of Sophos firewalls

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. and its employee Guan Tianfeng for hacking U.S. concludes the report. ” The U.S.

Firewall

Firewall Hacking Malware Passwords

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. SecurityAffairs – hacking, IoT devices). Pierluigi Paganini.

IoT

IoT Malware Internet Internet

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” SecurityAffairs – hacking, Western Digital). Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Security Affairs

APRIL 26, 2019

Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. The iLnkP2P system allows users to remotely connect to their IoT devices using a mobile phone or a PC. Potentially affected IoT devices include cameras and smart doorbells. Pierluigi Paganini.

IoT

IoT Hacking Manufacturing Advertising

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

Hikvision cameras could be remotely hacked due to critical flaw

Security Affairs

SEPTEMBER 22, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking

Hacking Firmware IoT Internet

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. To find out how many printers were on the menu for our experiment, we searched for IP addresses with open ports on specialized IoT search engines, such as Shodan and Censys.

Hacking

Hacking IoT Firmware Internet

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

“Check Point’s researchers showed how a threat actor could exploit an IoT network (smart lightbulbs and their control bridge) to launch attacks on conventional computer networks in homes, businesses or even smart cities.” The company released firmware p atches for the device in January. Pierluigi Paganini.

Hacking

Hacking IoT Wireless Firmware

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

eSecurity Planet

FEBRUARY 2, 2024

Within the last couple of months, smart device vulnerabilities have been piling up, prompting businesses to protect their Internet of Things (IoT) environments. While Teslas aren’t the typical business IoT device, their connection to the internet makes them a cyber threat as much as your business’s other IoT technology.

Hacking

Hacking IoT Firmware Cybersecurity

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

“There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” SecurityAffairs – Symantec Web Gateways, hacking). The post Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways appeared first on Security Affairs.

IoT

IoT DDOS Authentication Advertising

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

The researchers found that the botnet comprises MikroTik routers with various firmware versions, including recent ones. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, MikroTik botnet)

DNS

DNS Malware Firmware Authentication

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Security Affairs

DECEMBER 26, 2024

“Using a Mirai malware variant that incorporates ChaCha20 and XOR decryption algorithms, it has been seen compromising vulnerable Internet of Things (IoT) devices in the wild, such as the DigiEver DVR, and TP-Link devices through CVE-2023-1389.” .” reads the analysis published by Akamai. in newer ones.

Manufacturing

Manufacturing Malware Firmware IoT

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

JUNE 26, 2019

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. The only way to recover infected devices is to manually reinstall the device’s firmware. SecurityAffairs – Silex malware, hacking). pic.twitter.com/Ue661ku0fy — Larry W.

IoT

IoT Malware Advertising Firmware

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. IoT market growth. IoT Security Neglected.

Wireless

Wireless IoT Manufacturing Mobile

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Security Affairs

DECEMBER 5, 2021

The researchers analyzed the network devices using IoT Inspector’s security platform, which checked for thousands of CVEs and security flaws. Since the integration of a new kernel into the firmware is costly, no manufacturer was up to date here. SecurityAffairs – hacking, routers). Pierluigi Paganini.

Manufacturing

Manufacturing IoT Firmware VPN

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Critical Success Factors to Widespread Deployment of IoT. Digital technology and connected IoT devices have proliferated across industries and into our daily lives. Finally, IoT devices are being used extensively in smart vehicles and home appliances to provide enhanced user experiences. Threat vectors on IoT.

IoT

IoT Manufacturing Energy and Utilities Data collection

Realtek SDK flaws exploited to deliver Mirai bot variant

Security Affairs

AUGUST 24, 2021

On August 15, firmware security company IoT Inspector published details about the flaws. “On August 16th, three days ago, multiple vulnerabilities in a software SDK distributed as part of Realtek chipsets were disclosed by IoT Inspector Research Lab [1]. ” reported IoT Inspector. Pierluigi Paganini.

IoT

IoT Firmware Internet Internet

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. Xiongmai hereinafter) that are open to hack. ” Experts also discovered that it is possible to execute arbitrary code on the device through a firmware update. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Broadcom WiFi Driver bugs expose devices to hack

Security Affairs

APRIL 19, 2019

“You can find these chips almost everywhere from smartphones to laptops, smart-TVs and IoT devices. Anguelkov confirmed that two of those vulnerabilities affect both in the Linux kernel and firmware of affected Broadcom chips. In this case, firmware event frames from a remote source will be processed. • Pierluigi Paganini.

Hacking

Hacking Firmware Advertising Wireless

Over 80,000 Hikvision cameras can be easily hacked

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable. Pierluigi Paganini.

Hacking

Hacking Firmware Internet Internet

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Security Affairs

JANUARY 15, 2024

The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. “Home users should closely monitor IoT devices and isolate them as completely as possible from the local network.

Firmware

Firmware IoT Hacking Information Security

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Security Affairs

APRIL 13, 2022

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Cynerio ethically disclosed the issues to Aethon and the vendor addressed it with the release of firmware updates. SecurityAffairs – hacking, TUG autonomous mobile robots). Pierluigi Paganini.

Mobile

Mobile Hacking Firmware Surveillance

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking

Hacking Firmware Authentication DNS

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

Security Affairs

DECEMBER 8, 2021

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable.

Firmware

Firmware DDOS Malware IoT

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

JULY 16, 2018

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security.

IoT

IoT Engineering Passwords Firmware

Why Healthcare IoT Requires Strong Machine Identity Management

Security Boulevard

MAY 30, 2022

Why Healthcare IoT Requires Strong Machine Identity Management. The healthcare industry has been leveraging IoT devices for years, steadily increasing its use in facilities and patient care. By 2027, the IoT in Healthcare market is expected to reach $290 billion , up from just $60 billion in 2019. brooke.crothers.

Healthcare

Healthcare IoT Manufacturing Risk

IoT Unravelled Part 3: Security

Japanese Government Will Hack Citizens' IoT Devices

Trending Sources

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Hacking IoT & RF Devices with BürtleinaBoard

PTZOptics cameras zero-days actively exploited in the wild

The Internet of Things is a Complete Mess (and how to Fix it)

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

New Ttint IoT botnet exploits two zero-days in Tenda routers

Kalay cloud platform flaw exposes millions of IoT devices to hack

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

BotenaGo botnet targets millions of IoT devices using 33 exploits

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Hacking IoT devices with Focaccia-Board: A Multipurpose Breakout Board to hack hardware in a clean and easy way!

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Hacking the Twinkly IoT Christmas lights

Mozi Botnet is responsible for most of the IoT Traffic

Chinese national charged for hacking thousands of Sophos firewalls

Researchers used electromagnetic signals to classify malware infecting IoT devices

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Western Digital customers have to update their My Cloud devices to latest firmware version

Millions of IoT Devices exposed to remote hacks due to iLnkP2P flaws

Overview of IoT threats in 2023

Hikvision cameras could be remotely hacked due to critical flaw

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Recent Tesla Hacks Highlight Importance of Protecting Connected Devices

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

MikroTik botnet relies on DNS misconfiguration to spread malware

A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Silex malware bricks thousands of IoT devices in a few hours

EU to Force IoT, Wireless Device Makers to Improve Security

Hundreds of vulnerabilities in common Wi-Fi routers affect millions of users

Critical Success Factors to Widespread Deployment of IoT

Realtek SDK flaws exploited to deliver Mirai bot variant

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Broadcom WiFi Driver bugs expose devices to hack

Over 80,000 Hikvision cameras can be easily hacked

An RCE in Annke video surveillance product allows hacking the device

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Moobot botnet spreads by exploiting CVE-2021-36260 flaw in Hikvision products

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Why Healthcare IoT Requires Strong Machine Identity Management

Stay Connected