Firmware and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Now for the big challenge - security. Let's dive into it.

IoT

IoT Firmware Risk Manufacturing

Weekly Update 219: IoT Unravelled with Scott Helme

Troy Hunt

NOVEMBER 28, 2020

More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Scott and I talking IoT.

IoT

IoT Password Management Firmware Passwords

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords. Devices in people's homes and on enterprise networks will be tested alike. [.].

IoT

IoT Government Firmware Hacking

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. “The largest share belongs to the version of firmware previous to the current stable one.”

IoT

IoT DDOS Internet Internet

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

IoT

IoT Firmware Encryption Authentication

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. He found that 39 percent of the vulnerable IoT things were in China; another 19 percent are located in Europe; seven percent of them are in use in the United States.

IoT

IoT Firewall Manufacturing Computers and Electronics

IoT Unravelled Part 4: Making it All Work for Humans

Troy Hunt

NOVEMBER 25, 2020

The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part 3 , I delved into security. Now let's tackle something really tricky - humans.

IoT

IoT Firmware Media Marketing

Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

Tech Republic Security

JUNE 18, 2021

Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert.

Firmware

Firmware IoT

Measuring the Security of IoT Devices

Schneier on Security

OCTOBER 3, 2019

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.].

IoT

IoT Firmware Data collection Architecture

Dynamic analysis of firmware components in IoT devices

SecureList

JULY 6, 2022

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. The vulnerability assessment of IoT/IIoT devices is based on analyzing their firmware. Qiling is an advanced multi-platform framework for emulating executable files.

Firmware

Firmware IoT Architecture Manufacturing

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. Affected devices use VHD PTZ camera firmware < 6.3.40 “Organizations using VHD PTZ camera firmware < 6.3.40 ” concludes the report.

Firmware

Firmware Manufacturing IoT Healthcare

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. They use numerous customized firmware and hardware, without taking into consideration security issues, which make them a target for cybercriminals, especially malware authors.

Malware

Malware IoT Firmware Internet

Expiring security certificates may start shutting down IoT devices

Tech Republic Security

JUNE 25, 2020

Updating CA root SSL certificates requires updating the firmware on streaming devices, smart devices, routers, cameras, and more.

IoT

IoT Firmware

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

IoT

IoT Government Internet Internet

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

The experts warn that a hidden feature poses a security risk for millions of IoT devices. “Tarlogic Securityhas detected a hidden functionality that can be used as a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present inmillions of mass-market IoT devices.”

Manufacturing

Manufacturing IoT Firmware Mobile

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. Equally alarming was the widespread presence of known vulnerabilities, or “n-day” vulnerabilities, in the firmware images.

Firmware

Firmware IoT Manufacturing Cyber Risk

Hacking IoT & RF Devices with BürtleinaBoard

Security Affairs

JULY 28, 2020

How to hack IoT & RF Devices with BürtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e. his majesty, the Firmware). In a couple of minutes you should get extracted the firmware.

IoT

IoT Hacking Firmware Advertising

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

Security Boulevard

JANUARY 31, 2024

The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration.

IoT

IoT Firmware Authentication Risk

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. ” concludes the report. Pierluigi Paganini.

IoT

IoT Firmware Advertising DNS

Microsoft previews Defender for IoT firmware analysis service

Bleeping Computer

JULY 26, 2023

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [.]

Firmware

Firmware IoT

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. 7)C0 NAS520 before firmware V5.21(AASZ.3)C0

IoT

IoT Firmware Malware Wireless

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

Threat actors are actively exploiting a critical authentication bypass issue (CVE-2021-20090 ) affecting home routers with Arcadyan firmware. Threat actors actively exploit a critical authentication bypass vulnerability, tracked as CVE-2021-20090 , impacting home routers with Arcadyan firmware to deploy a Mirai bot.

IoT

IoT Firmware Authentication Wireless

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. Threats to Open Source, IoT. Also read: Top IoT Security Solutions for 2022. IoT devices pose two fundamental threats,” he said.

IoT

IoT DDOS Malware Internet

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

The Hacker News

NOVEMBER 28, 2022

Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.

Firmware

Firmware IoT Internet Internet

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” reads the report published by IBM. ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

Security Boulevard

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers appeared first on Security Boulevard.

Firmware

Firmware IoT Internet Internet

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

SC Magazine

JUNE 2, 2021

ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware. “Firmware is kind of the software that we politely ignore today,” he said.

Firmware

Firmware IoT Technology Media

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Malwarebytes

JULY 28, 2021

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages. History lessons. Mitigation.

Firmware

Firmware Technology Authentication IoT

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

IoT Startup OP[4] Launches With Firmware Security Platform

Dark Reading

MARCH 22, 2023

Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities Internet of Things and embedded systems.

Firmware

Firmware IoT Internet Internet

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. SecurityAffairs – hacking, IoT devices). Pierluigi Paganini.

IoT

IoT Malware Internet Internet

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

JANUARY 19, 2025

The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. Planet Technology has released firmware version 1.305b241111 to address these issues. ” concludes the report. .

Firmware

Firmware IoT Wireless Surveillance

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. ” To manage your security settings on a Ubiquiti device, visit [link] and log in.

Passwords

Passwords Authentication Firmware Accountability

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

My Cloud OS firmware is reaching the end of support, Western Digital customers have to update their WD My Cloud devices to the latest version. Devices on these older firmware versions will not receive security fixes or technical support.” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

Kalay cloud platform flaw exposes millions of IoT devices to hack

Security Affairs

AUGUST 17, 2021

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. The flaw could be easily exploited by a remote attacker to take over an IoT device, the only info needed for the attack is the Kalay unique identifier (UID) of the targeted user. .

IoT

IoT Hacking Social Engineering Firmware

Microsoft Buys ReFirm Labs to Drive IoT Security Efforts

Dark Reading

JUNE 2, 2021

The acquisition will bring ReFirm's firmware analysis capabilities alongside Microsoft's Azure Defender for IoT to boost device security.

IoT

IoT Firmware

Remote work raises threats from consumer IoT devices

CSO Magazine

FEBRUARY 2, 2021

Security researcher Andrei Costin started to work from home many years ago, and when it comes to security internet of things (IoT) devices, he had his fair share of eyebrow-raising moments.

IoT

IoT Firmware Internet Internet

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Security Affairs

SEPTEMBER 10, 2019

A security researcher disclosed zero-day flaws in Telestar Digital GmbH IoT radio devices that could be exploited by remote attackers to hijack systems without any user interaction. The hardware of the terminals is equipped with Shenzen technology, while the firmware is based on BusyBox Linux Debian. . ” continues the experts.

IoT

IoT Hacking Firmware Advertising

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

SecureWorld News

DECEMBER 23, 2024

Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.

Manufacturing

Manufacturing IoT Data collection Technology

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

“There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” The post Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways appeared first on Security Affairs. ” reads the analysis published by Palo Alto Networks.

IoT

IoT DDOS Authentication Advertising

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Unfixed vulnerability in popular library puts IoT products at risk

Malwarebytes

MAY 4, 2022

Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform DNS poisoning attacks against a target device. The devices like your laptop, phones, tablets and IoT (Internet of Things) devices such as TVs, temperature sensors, and security cameras. Stay safe, everyone!

IoT

IoT DNS Risk Internet

Microsoft Finds New NETGEAR Firmware Vulnerabilities

Heimadal Security

JULY 2, 2021

The post Microsoft Finds New NETGEAR Firmware Vulnerabilities appeared first on Heimdal Security Blog. Tracked as PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365, they range in CVSS rating from high (7.4) to critical (9.4). Microsoft reported […].

Firmware

Firmware Identity Theft IoT Cybersecurity

IoT Unravelled Part 3: Security

Weekly Update 219: IoT Unravelled with Scott Helme

Webinars

Trending Sources

Japanese Government Will Hack Citizens' IoT Devices

Webinars

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

P2P Weakness Exposes Millions of IoT Devices

IoT Unravelled Part 4: Making it All Work for Humans

Microsoft's new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

Measuring the Security of IoT Devices

Dynamic analysis of firmware components in IoT devices

PTZOptics cameras zero-days actively exploited in the wild

Using EM Waves to Detect Malware

Expiring security certificates may start shutting down IoT devices

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Undocumented hidden feature found in Espressif ESP32 microchip

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

Hacking IoT & RF Devices with BürtleinaBoard

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

New Ttint IoT botnet exploits two zero-days in Tenda routers

Microsoft previews Defender for IoT firmware analysis service

BotenaGo botnet targets millions of IoT devices using 33 exploits

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Attacks Escalating Against Linux-Based IoT Devices

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Mozi Botnet is responsible for most of the IoT Traffic

Overview of IoT threats in 2023

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

IoT Startup OP[4] Launches With Firmware Security Platform

Researchers used electromagnetic signals to classify malware infecting IoT devices

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Ubiquiti: Change Your Password, Enable 2FA

Western Digital customers have to update their My Cloud devices to latest firmware version

Kalay cloud platform flaw exposes millions of IoT devices to hack

Microsoft Buys ReFirm Labs to Drive IoT Security Efforts

Remote work raises threats from consumer IoT devices

Million of Telestar Digital GmbH IoT radio devices can be remotely hacked

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Unfixed vulnerability in popular library puts IoT products at risk

Microsoft Finds New NETGEAR Firmware Vulnerabilities

Stay Connected