P2P Weakness Exposes Millions of IoT Devices

Credit to Author: BrianKrebs| Date: Fri, 26 Apr 2019 13:17:14 +0000

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.

Read more

FBI: Kindly Reboot Your Router Now, Please

Credit to Author: BrianKrebs| Date: Mon, 28 May 2018 18:54:22 +0000

The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.

Read more

Some Basic Rules for Securing Your IoT Stuff

Credit to Author: BrianKrebs| Date: Wed, 17 Jan 2018 19:36:24 +0000

Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldn’t begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and “smart” lightbulbs. Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

Read more

Dahua, Hikvision IoT Devices Under Siege

Credit to Author: BrianKrebs| Date: Fri, 10 Mar 2017 20:07:51 +0000

Dahua, the world’s second-largest maker of “Internet of Things” devices like security cameras and digital video recorders (DVRs), has shipped a software update that closes a gaping security hole in a broad swath of its products. The vulnerability allows anyone to bypass the login process for these devices and gain remote, direct control over vulnerable systems. Adding urgency to the situation, there is now code available online that allows anyone to exploit this bug and commandeer a large number of IoT devices.

Read more