Firmware, Manufacturing and Surveillance

An RCE in Annke video surveillance product allows hacking the device

Security Affairs

AUGUST 27, 2021

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. The vulnerability, tracked as CVE-2021-32941 can be exploited by an attacker to hack a video surveillance product made by Annke, a provider of home and business security solutions.

Surveillance

Surveillance Hacking Firmware Manufacturing

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs. Pierluigi Paganini.

Surveillance

Surveillance Firmware Advertising Mobile

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. After looking at 28 of the most popular manufacturers, our research team found 3.5 What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies. million internet-facing cameras.

Surveillance

Surveillance Manufacturing Passwords Internet

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Security Affairs

OCTOBER 10, 2018

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates. The flaws reside in a feature named the “XMEye P2P Cloud” that is enabled by default which is used to connect surveillance devices to the cloud infrastructure. Pierluigi Paganini.

Surveillance

Surveillance Hacking Firmware Manufacturing

Chipmaker Qualcomm warns of three actively exploited zero-days

Security Affairs

OCTOBER 4, 2023

Google Threat Analysis Group and Google Project Zero experts focus on attacks carried out by nation-state actors or surveillance firms, this means that one of these threat actors may be behind the exploitation of the Qualcomm flaws. Please contact your device manufacturer for more information on the patch status about specific devices.”

Firmware

Firmware Surveillance Authentication Manufacturing

Patch now! Insecure Hikvision security cameras can be taken over remotely

Malwarebytes

SEPTEMBER 22, 2021

In a detailed post on Github , security researcher Watchful_IP describes how he found that the majority of the recent camera product ranges of Hikvision cameras are susceptible to a critical, unauthenticated, remote code execution (RCE) vulnerability, even with the latest firmware. Hangzhou Hikvision Digital Technology Co., Mitigation.

Firmware

Firmware Surveillance Marketing VPN

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

The Last Watchdog

MAY 16, 2022

Supply chains have vulnerabilities at touchpoints with manufacturers, suppliers, and other service providers.”. Then there are firmware developers, transport agencies, testing facilities, and security evaluation agencies that handle the device before it is sent to the corporate client. Threat detection. Traceability and accountability.

Cyber Attacks

Cyber Attacks Firmware Artificial Intelligence Manufacturing

Botnet operators target multiple zero-day flaws in LILIN DVRs

Security Affairs

MARCH 23, 2020

Experts observed multiple botnets exploiting zero-day vulnerabilities in DVRs for surveillance systems manufactured by Taiwan-based LILIN. Botnet operators are exploiting several zero-day vulnerabilities in digital video recorders (DVRs) for surveillance systems manufactured by Taiwan-based LILIN-.

Firmware

Firmware Surveillance Manufacturing Advertising

Vulnerability makes hackers hijack video streams from millions of connected cameras

CyberSecurity Insiders

JUNE 29, 2021

Security researchers say that the flaw is related to software component used in cloud surveillance platform ThroughTek that is used by OEMs while manufacturing IP Cameras, baby monitoring cams and pet monitoring solutions along with robotic and battery devices. score to the newly discovered P2P SDK vulnerability.

Firmware

Firmware IoT Surveillance Manufacturing

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

SecureList

JUNE 20, 2023

The findings of the study reveal a number of serious security issues, including the use of hard-coded credentials, and an insecure firmware update process. We later managed to extract the firmware from the EEPROM for further static reverse engineering. Further hardware analysis of the circuit board helped us identify chips.

Firmware

Firmware Passwords Manufacturing Mobile

HID Mercury Access Controller flaws could allow to unlock Doors

Security Affairs

JUNE 12, 2022

The flaws impact products manufactured by LenelS2, a provider of advanced physical security solutions (i.e. access control, video surveillance and mobile credentialing) owned by HVAC giant Carrier. The experts focused on Carrier’s LenelS2 access control panels, manufactured by HID Mercury. Overall 4.8.

Firmware

Firmware Penetration Testing Manufacturing Authentication

What Is Industrial Control System (ICS) Cyber Security?

eSecurity Planet

SEPTEMBER 9, 2024

Industrial control systems (ICS) are the backbone of critical infrastructure, powering essential operations in the energy, manufacturing, water treatment, and transportation sectors. These systems are integral to the smooth operation of industries such as manufacturing, power generation, oil and gas, water management, and more.

Firmware

Firmware Encryption Manufacturing Risk

Episode 254: Dennis Giese’s Revolutionary Robot Vacuum Liberation Movement

The Security Ledger

DECEMBER 19, 2023

Security researcher and IoT hacker Dennis Giese talks about his mission to liberate robot vacuums from the control of their manufacturers, letting owners tinker with their own devices and - importantly - control the data they collect about our most intimate surroundings. The post Episode 254: Dennis Giese’s Revolutionary Robot Vacuum.

IoT

IoT Manufacturing Internet Internet

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

Pen Test

OCTOBER 12, 2023

Criminals may use hijacked drones for illegal surveillance, smuggling, or even as weapons. Countermeasures: To prevent drone signal hijacking, drone manufacturers and operators can implement encryption and authentication mechanisms for RF communication. Keeping firmware up to date is essential for security.

Encryption

Encryption Firmware Surveillance Technology

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Security Affairs

JULY 25, 2018

AVTech is one of the world’s leading CCTV manufacturers, it is the largest public-listed company in the Taiwan surveillance industry. EliteLands is using a 2-years old exploit that could be used to trigger tens of well-known vulnerabilities in the AVTech firmware.

Firmware

Firmware Passwords IoT Advertising

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

As if that were not enough, many IoT devices have unalterable main passwords set by manufacturers. Although the manufacturer issued an update that resolved the vulnerability, similar attacks remain a concern. Unfortunately, users tend to leave these passwords unchanged. BTC to recover the data.

IoT

IoT DDOS Passwords Malware

APT trends report Q1 2022

SecureList

APRIL 27, 2022

Another victim in which the same chain was exhibited is a computer game manufacturer in Cambodia, where the attack could have been used for a different purpose, possibly to infiltrate the company’s supply chain. In December we were made aware of a UEFI firmware-level compromise through logs from our firmware scanning technology.

Malware

Malware Firmware Government Phishing

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

Vamosi: This is really the problem with IoT, the appeal to the lowest common denominator device manufacturers, particularly startups are reaching for what already exists, rather than designing something new, in part because they want their cool new toothbrush to incorporate with what's already out there today. How do you do that.

IoT

IoT Hacking Internet Internet

The Hacker Mind: Hacking IoT

ForAllSecure

APRIL 22, 2021

Vamosi: This is really the problem with IoT, the appeal to the lowest common denominator device manufacturers, particularly startups are reaching for what already exists, rather than designing something new, in part because they want their cool new toothbrush to incorporate with what's already out there today. How do you do that.

IoT

IoT Hacking Internet Internet

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

The Security Ledger

NOVEMBER 11, 2019

» Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Terry is a former NSA employee who specializes in firmware security. We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks.

Risk

Risk Surveillance Firmware Technology

Cyber Security Informer

An RCE in Annke video surveillance product allows hacking the device

Expert found Russia’s SORM surveillance equipment leaking user data

Trending Sources

3.5m IP cameras exposed, with US in the lead

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Chipmaker Qualcomm warns of three actively exploited zero-days

Patch now! Insecure Hikvision security cameras can be taken over remotely

GUEST ESSAY: The many ways your supply chain is exposing your company to a cyber attack

Botnet operators target multiple zero-day flaws in LILIN DVRs

Vulnerability makes hackers hijack video streams from millions of connected cameras

A bowl full of security problems: Examining the vulnerabilities of smart pet feeders

HID Mercury Access Controller flaws could allow to unlock Doors

What Is Industrial Control System (ICS) Cyber Security?

Episode 254: Dennis Giese’s Revolutionary Robot Vacuum Liberation Movement

"In our modern world, countless applications rely on radio frequency elements" - an Interview with Larbi Ouiyzme

The Death botnet grows targeting AVTech devices with a 2-years old exploit

Overview of IoT threats in 2023

APT trends report Q1 2022

The Hacker Mind: Hacking IoT

The Hacker Mind: Hacking IoT

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

Stay Connected