6 private links
Watch along as hacked machine grinds, beeps, and spews water.
Japan will attempt to access Internet-connected devices in homes and offices to find their vulnerabilities. The first-of-its-kind survey is aimed at beefing up cyber-security.
TL;DR: An undocumented API in Google home devices is easily exploitable. This command will reboot any on your local network: nmap –open -p 8008 192.168.1.0/24 | awk ‘/is up/ {print up};…
Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.
WASHINGTON: Hey! Take off that Fitbit and turn it off. Hand in that Apple Watch. Make sure you’ve turned off the geolocation capabilities of your Garmin. That was the word today from Deputy Defense Secretary Patrick Shanahan. For years, cell phones have been banned from many offices in the Pentagon, not to mention any Secure Compartmentalized Information Facility (SCIF). The reason was simple: anything that can transmit and has a microphone can be used to record and send information. If it’s got a camera, then photographs or video can be taken as well. Today, the threat is less obvious. It comes from those Apple Watches, Garmins, Fitbits, custom smartwatches and other remote sensors that track your location and share it with remote databases. “These geolocation capabilities can expose personal information, locations, routines, and numbers of DoD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” says Shanahan’s memo, which was released by the Pentagon press office too ensure everyone sees it. This was all sparked when reports surfaced earlier this year of a fitness-tracking company, Strava, publishing maps showing where users jog, bike and exercise. Since many of its users are members of the military, their jogging routes and other exercises showed exactly where the US has service members around the world, as well as showing their running routes. In Pentagon-speak, here’s the broad problem: “The rapidly evolving market of devices, applications, and services with geolocation capabilities (e.g., fitness trackers, smartphones, tablets, smartwatches, and related software applications) presents significant risk to Department of Defense (DoD) personnel both on and off duty, and to our military operations globally.” Strava apparently intended no harm but, you can guess how uneasy this made service members and senior Pentagon officials. A review of Pentagon policies about the devices that made this possible was ordered and that’s what this memo is all about. Note the requirement for the Chief lnformation Officer (CIO) and the Undersecretary of Defense for Intelligence (USDI) to “jointly develop” guidance and training for commanders and others.
Researchers found 20 flaws in Samsung’s SmartThings Hub controller - opening up supported third-party smart home devices to attack.
This time, we’ve chosen a smart hub designed to control sensors and devices installed at home. It can be used for different purposes, such as energy and water management, monitoring and even security systems.
Even some devices with patches available are connected to the naked Internet.
A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack, the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via
White hat hackers have made the first proof of concept for malware that locks a smart thermostat and demands a ransom.