 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
As IoT devices like Amazon Echo become more and more popular, it isn’t unusual for users to re-sell them. Indeed, it’s increasingly common to come across them on eBay or even at the occasional yard sale. Amazon suggests that, when users are done with a product, they factory reset the device so as to erase any personal information stored within it before sending it back out into the world.
However, it would appear that simply resetting your device won’t actually expunge that data from the face of the Earth and that reselling your device could hypothetically lead to your old information getting boosted.
Researchers with Northeastern University recently spent 16 months buying and reverse engineering 86 used Amazon Echo Dot devices in an attempt to understand any security deficiencies they might have. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things https://www.scoop.it/topic/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
Der größte Anteil angreifbarer Geräte entfalle auf das Internet der Dinge (46 Prozent), gefolgt von OT (je 19 Prozent in den Teilbereichen GA und ICS) und schließlich IT mit 16 Prozent. Auf Nachfrage von heise Security sagte Forescout, dass zwar eine Vielzahl von Gerätetypen für den Business-Einsatz vertreten sei. Die große Menge verkaufter IoT-Geräte für Privatnutzer sorge jedoch dafür, dass die Gefahr auch für diese recht groß sei.
Die Angriffskomplexität ist laut Forescout in vielen Fällen gering, die Schwachstellen sehr "grundliegend". Wie schon bei Ripple20 spielt die Tatsache, dass viele IoT-Geräte für Privatnutzer – oftmals billige No-Name-Produkte – schlecht abgesichert sind und niemals Updates erhalten, Angreifern in die Hände. Unternehmensnetzwerke wiederum bieten eine höhere Zahl miteinander vernetzter, potenzieller Angriffspunkte. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things https://www.scoop.it/topic/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
A l'occasion de la RSA Conférence, Bitdefender a révélé plusieurs vulnérabilités critiques sur des objets connectés, parmi lesquels le babyphone : iBaby Monitor. Dans une démarche éthique, Bitdefender a tout d’abord envoyé plusieurs alertes au fabricant, mais qui sont restées sans réponse à ce jour.
Les vulnérabilités importantes au sein des iBaby Monitor pourraient permettre à des cybercriminels d’accéder à distance à n’importe quelle caméra et aux données privées, photos ou vidéos de tous les utilisateurs, ainsi qu’à leurs informations personnelles (Nom, email, adresse et leur photo de profil de leur compte utilisateur). Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things
|
|
Scooped by
Gust MEES
|
You've heard about wardriving, but what about warshipping? Researchers at IBM X-Force Red have detailed a new tactic that they say can break into victims' Wi-Fi networks from far.
The company calls the technique warshipping, and it is a more efficient evolution of wardriving, a popular technique among hackers seeking access to any wireless network they can find. Whereas wardrivers drive around a wide area with a directional antenna looking for wireless networks to crack, IBM's researchers took a more targeted approach.
Speaking at Black Hat USA, IBM researchers explained how they used off-the-shelf components costing under $100 to create a single-board computer with Wi-Fi and 3G capability. This enables it to connect to a Wi-Fi network to harvest data locally and then send it to a remote location using its cellular connection. The small device runs on a cell phone battery and easily fits into a small package.
Attackers can then send the device to a company via regular mail, where it will probably languish in a mail room for a while. During this time, it can connect to any Wi-Fi networks it finds in the building and harvest data – typically a hashed network access code. It sends this back to the attacker, who can then use their own resources (or a cloud-based cracking service) to extract the original access code. At this point, they have access to the company's Wi-Fi network. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Warshipping
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
Das smarte Heim und das sich darin breitmachende Internet der Dinge gilt seit Langem als große Spielwiese für Hacker. Jenseits von vergleichsweise komplexen Systemen mit Kamera und Mikrofon wie intelligenten Lautsprechern lässt sich mittlerweile schier jedes elektronische Haushaltsgerät bis hin zur Glühbirne oder Steckdose mit Lösungen fürs Internet of Things (IoT) aus der Box ans Netz anschließen und in die Cloud bringen. Dies vergrößert die Flächen für massive IT-Angriffe enorm.
"Der Sicherheitslevel dieser Geräte ist minimal", erklärte Michael Steigerwald, Mitgründer des IT-Security-Startups Vtrust, am Freitag auf dem 35. Chaos Communication Congress (35C3) in Leipzig nach einem umfangreichen Test. "Alles, was ich probiert habe, hat direkt funktioniert", verwies er auf umfangreiche Hackmöglichkeiten. Brisante Daten lägen offen abgreifbar im Speicher, die Kommunikationsübertragung erfolge meist und just in kritischen Fällen unverschlüsselt, der sonstige Einsatz kryptografischer Schutzmechanismen stelle "keine Hürde" für halbwegs versierte Angreifer dar. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things
|
|
Scooped by
Gust MEES
|
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.
The attack —codenamed Z-Shave— relies on tricking two smart devices that are pairing into thinking one of them does not support the newer S-Wave S2 security features, forcing both to use the older S0 security standard.
The problem, as security researchers from Pen Test Partners have explained this week, is that all S0 traffic is secured by default with an encryption key of "0000000000000000."
An attacker that can trick a smart device into pairing with another device, a PC, or a smartphone app via the older S0 standard, can later decrypt all traffic exchanged between the two because the decryption key is widely known.
The Pen Test crew say they identified three methods that can be used to trick two devices into pairing via the old S0 instead of S2, even if both support the newer security standard.
Z-Shave attack is pretty dangerous
The Z-Shave attack is dangerous because devices paired via an older version of Z-Wave can become a point of entry for an attacker into a larger network, or can lead to the theft of personal property.
While this flaw might prove frivolous for some devices in some scenarios, it is a big issue for others —such as smart door locks, alarm systems, or any Z-Wave-capable device on the network of a large corporation. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
New Mirai variant named Mirai OMG
Fortinet has named this variant Mirai OMG —based on the OOMGA string found in some parts of the malware's source code where the term "Mirai" used to be— and this variant now joins a growing Mirai family that also includes variants such as Satori (Okiru), Masuta, and Akuma.
But while Fortinet has not analyzed the traffic flowing through the Mirai OMG network, in theory, it should not be any different from the regular type of traffic that malicious proxy networks have been relaying for years. This includes:
⠕ relaying traffic meant for malware C&C servers to hide their true location
⠕ acting as launching points for dictionary and brute-force attacks to bypass security solutions that limit the number of failed attempts per IP
⠕ launching SQL injection, CSRF, LFI, and XSS attacks to bypass geofencing rules and exploit other web applications
Since Mirai OMG still relies on the classic Mirai spreading technique of brute-forcing devices using weak passwords, changing any IoT equipment's default password should safeguard most users from having their device taken over for a crime spree.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot https://www.scoop.it/t/securite-pc-et-internet/?&tag=Mirai+Botnet
|
|
Scooped by
Gust MEES
|
According to security researchers, a new IoT botnet has quietly hijacked more than 100,000 routers, readying them for paralysing distributed denial-of-service attacks against websites.
The botnet, which some researchers have dubbed “Satori” (a name given to supernatural mind-reading monsters in Japanese folklore), has increased its activity in recent days – propagating very quickly via a zero-day remote code execution vulnerability in Huawei Home Gateway or Huawei’s Echolife Home Gateway devices, and an already documented vulnerability in Realtek routers.
The exploitation of vulnerabilities allows the botnet to infect routers even when they have been secured with strong passwords.
Through the attack, an army of hundreds of thousands of routers are thought to have been commandeered into the botnet. Some commentators have even suggested that over 280,000 IP addresses have been compromised by the attack in just 12 hours.
Like the Reaper IoT botnet before it, Satori is built on the foundations of the notorious Mirai botnet which knocked major websites offline last year, and whose source code was released onto the internet. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Satori+botnet https://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet https://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet&tag=Mirai+Botnet
|
|
Scooped by
Gust MEES
|
The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet several times a day or more, and that’s outside of work. Chatting, shopping, banking, playing games, listening to music, booking travel and managing our increasingly connected homes. The risk of cyberattack can be the furthest thing from our mind. Every year, Kaspersky Lab’s experts look at the main cyberthreats facing connected businesses over the coming 12 months, based on the trends seen during the year. For 2018, we decided to extract some top predictions that also have big implications for everyday connected life. So what could the hackers be after in 2018? Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
|
|
|
Scooped by
Gust MEES
|
Ob Überwachungskameras für Häuser und Firmen, Babycams, der Saugroboter oder die smarte Schließanlage: Immer öfter finden IoT-Geräte den Weg in Netzwerke und öffnen damit Tür und Tor für Hackerattacken.
Mit dem IOT-Inspector lassen sich Sicherheitslücken in IoT-Devices ermitteln.
(Quelle: www.iot-inspector.com )Nahezu jedes Device hat teils gravierende Lücken, so die Security Experten von IoT Inspector: "Das Bewusstsein für die notwendige Sicherheit dieser Geräte ist weder bei den Anwendern, noch bei den Herstellern oder Inverkehrbringern wirklich vorhanden. Ein im Klartext aus dem Staubsauger auslesbarer WLAN-Schlüssel oder ein für den Benutzer unsichtbarer Admin-Account mit gefährlichem Vollzugriff in der Firmware einer Überwachungskamera, der vom OEM-Hersteller in China stammt, sind dabei nur einige der immensen Sicherheitslücken, die wir immer wieder sehen", sagt Rainer M. Richter, Geschäftsführer von IoT Inspector. Das Unternehmen hat die Sicherheitsprüfung der Firmware smarter Devices automatisiert und ermöglicht so in wenigen Minuten eine tiefe Analyse, die eine Vielzahl von Schwachstellen aufdeckt und deren gezielte Behebung ermöglicht. Auch Verletzungen internationaler Vorgaben zu IT-Sicherheit werden durch den integrierten Compliance Checker geprüft. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things https://www.scoop.it/topic/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
Recherches CyberArk : des vulnérabilités dans le protocole LoRaWAN vulnérabilisent des réseaux IoT
octobre 2020 par CyberArk
Les chercheurs de CyberArk ont découvert que des failles courantes d’un protocoles de sécurité IoT exposent les réseaux de ces objets aux attaques, dont les conséquences pourraient être désastreuses.
Des vulnérabilité de LoRaWAN (Long Range Wide Area Network) permettent ainsi aux cybercriminels d’ajouter des appareils compromis à un réseau IoT, à l’aide du protocole MQTT (Message Queuing Telemetry Transport). Ces terminaux malveillants peuvent alors communiquer avec d’autres appareils connectés et procéder à une attaque par déni de service pour désactiver l’ensemble du réseau.
Les conséquences potentielles sont significatives : les entreprises, les industries et les villes elles-mêmes dépendent de plus en plus des réseaux de capteurs IoT pour des actions diverses, et pourraient donc être affectées. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things https://www.scoop.it/topic/securite-pc-et-internet/?&tag=iot https://www.scoop.it/topic/securite-pc-et-internet/?&tag=LoRaWAN
|
|
Scooped by
Gust MEES
|
Security researchers are warning that the technology underpinning many smart city deployments is susceptible to a range of cyber-attacks, enabling hackers to sabotage infrastructure in potentially life-threatening raids.
IOActive’s latest research paper covers LoRaWAN, or the Long-Range Wide Area Network protocol which many low-powered IoT devices use to connect to the internet in scenarios such as smart cities, industrial IoT, smart homes, utilities, vehicle tracking and healthcare.
It claimed that the root keys used to encrypt communications between smart devices, gateways and network servers are poorly protected.
Hackers could extract keys by reverse engineering device firmware, grab hard-coded keys that ship with some open source LoRaWAN libraries, compromise vulnerable LoRaWAN network servers, or even guess the keys in some circumstances, the report claimed.
Once encryption keys are in their possession, the black hats could launch denial of service attacks, or replace legitimate with false comms data. This could cause connected infrastructure to break or even explode, putting lives at risk, IOActive claimed.. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/ https://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine https://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things https://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV https://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things
|
|
Scooped by
Gust MEES
|
Security researchers have disclosed details today about 11 vulnerabilities known collectively as "Urgent11" that impact a wide range of devices, from routers to medical systems, and from printers to industrial equipment.
The vulnerabilities affect VxWorks, a real-time operating system created by Wind River.
Real-time operating systems (RTOSes) are simple pieces of software with very few features that are deployed on chipsets with access to a limited amount of resources, such as the chipsets used in modern Internet of Things (IoT) devices -- where the chipsets only need to manage input/output operations, with little data processing and no need for a visual interface.
Among all RTOS versions, VxWorks is today's most popular product, deployed on more than two billion devices, according to Wind River's website. However, in its 32-year history, only 13 security flaws with a MITRE-asigned CVE have been found in the VxWorks RTOS.
VxWorks' popularity and the lack of any attention from the security community were the two reasons why experts from IoT cybersecurity firm Armis decided to analyze the OS for security flaws, the company told ZDNet in a phone call last week. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Urgent11 https://www.scoop.it/topic/securite-pc-et-internet
|
|
Scooped by
Gust MEES
|
More than two million IoT devices, possibly more, are using a vulnerable P2P firmware component that allows hackers to locate and take over impacted systems.
Vulnerable devices include IP cameras, baby monitors, smart doorbells, DVRs, and many others, manufactured and sold by multiple vendors under hundreds of brands, such as HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM, just to name a few.
What all these devices have in common is that they use iLnkP2P, a firmware component that allows the device to talk to vendors' servers via the P2P (peer-to-peer) protocol.
Earlier this year, security researcher Paul Marrapese discovered two vulnerabilities in this component --tracked under the CVE-2019-11219 and CVE-2019-11220 identifiers.
According to Marrapese, the first "allows attackers to rapidly discover devices that are online," while the second "allows attackers to intercept connections to devices and perform man-in-the-middle attacks" and "to steal the password to a device and take control of it." Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
Des chercheurs danois et suédois en sciences informatiques et systèmes autonomes ont décortiqué la sécurité du robot Pepper de Softbank Robotics utilisé notamment au Japon dans des points de vente Nestlé. Utilisation de logiciels non mis à jour et exposition à des attaques XSS, par force brute et élévation de privilèges font partie des vulnérabilités de sécurité recensées. Depuis quelques années, les études relatives à la sécurité des objets connectés se suivent et se ressemblent. Toutes - ou presque - pointent leurs lacunes en termes de sécurité, un phénomène qui ne remonte pas à hier. Parmi la ribambelle de périphériques reliés au réseau, certains sont plus emblématiques que d'autres, notamment ceux appartenant à la catégorie des robots parmi lesquels Pepper, propriété de SoftBank Robotics suite au rachat du français Aldebaran Robotics. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot https://www.scoop.it/t/luxembourg-europe/?&tag=Pepper
|
|
Scooped by
Gust MEES
|
Microsoft präsentiert mit Azure Sphere eine neue Plattform zur Absicherung des Internet of Things (IoT). Dabei setzen die Redmonder auf ARM-Chipsets, Linux und die hauseigene Cloud.
Azure Sphere setzt sich aus speziellen Chipsets, einem Linux-Betriebssystem und Cloud-Diensten zusammen.
(Quelle: Microsoft )
Das Internet der Dinge stellt die IT-Sicherheit in Unternehmen vor gänzlich neue Herausforderungen. Die schiere Masse an vernetzten Endpunkten liefert eine breite Angriffsfläche für Cyberattacken und Malware-Infektionen. So wurden etwa 2016 im sogenannten Mirai-Botnet rund 100.000 IoT-Geräte kompromittiert und für DDoS-Angriffe auf den Web-Dienstleister Dyn missbraucht. Weitreichende Ausfälle von populären Internet-Diensten wie Twitter, Paypal, Netflix oder Spotify waren die Folge.
Dieser Problematik will Microsoft nun mit seiner neuen Azure Sphere begegnen, einer sicheren Plattform für IoT-Geräte. Dabei setzten die Redmonder auf ein mehrschichtiges Sicherheitskonzept, das sich aus einem Verbund aus Hardware und Software sowie der Cloud zusammensetzt. Zertifizierte ARM-Chipsets treffen auf ein Linux-basierte Azure Sphere OS und werden von Sicherheitsdiensten aus der Cloud unterstützt.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
Most readers here have likely heard or read various prognostications about the impending doom from the proliferation of poorly-secured “Internet of Things” or IoT devices. Loosely defined as any gadget or gizmo that connects to the Internet but which most consumers probably wouldn’t begin to know how to secure, IoT encompasses everything from security cameras, routers and digital video recorders to printers, wearable devices and “smart” lightbulbs.
Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=iot
|
|
Scooped by
Gust MEES
|
A new massive IoT (Internet of Things) botnet dubbed Satori has emerged, which security researchers fear, can launch crippling attacks at any time. The botnet has reportedly already infected over 280,000 IP addresses in just 12 hours, enslaving hundreds of thousands of home routers by exploiting a recently discovered zero-day vulnerability.
Satori, which reportedly means "awakening" in Japanese, is actually the infamous Mirai botnet's successor. Since Mirai's authors made the botnet's source code public last year, cybercriminals have been pushing out new variants of Mirai. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet http://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet&tag=Mirai+Botnet
|
|
Scooped by
Gust MEES
|
Les deux enceintes intelligentes de Google et Amazon, le Google Home et l’Amazon Echo, victimes de la faille Bluetooth BlueBorne.
Des chercheurs ont réussi à prouver que la faille Bluetooth BlueBorne impactait aussi les enceintes intelligentes Google Home et l’Amazon Echo. Révélées il y a quelques semaines, huit failles critiques de Bluetooth ont récemment étaient révélées. Elles affectent des milliards d’appareils Android, iOS, Windows et Linux. Voilà que les deux assistants des deux géants du web sont aussi impliqués dans cet énorme « merdier » numérique comme le confirme la société Armis. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=BlueBorne
|
|
Scooped by
Gust MEES
|
|
|
Scooped by
Gust MEES
|
BRUSSELS (Reuters) - Some smartwatches for children sold in Europe pose security risks, including potentially allowing hackers to take control of and track a watch, the EU’s main consumer lobby said on Wednesday, following a new report by one of its members.
The affected smartwatches, which use the Global Position System (GPS) to allow parents to track their child’s location and communicate with them through their mobile phones, do not have sufficient protection, or firewalls, to stop computer hackers, the Norwegian Consumer Council said.
The council also accused some manufacturers of violating EU data protection laws by not stating clearly the risks in their terms and conditions.
“These watches should not find their way into our shops,” Monique Goyens, the director general of the European Consumer Organisation BEUC - of which the Norwegian council is a member - said in a statement. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables
|
As IoT devices like Amazon Echo become more and more popular, it isn’t unusual for users to re-sell them. Indeed, it’s increasingly common to come across them on eBay or even at the occasional yard sale. Amazon suggests that, when users are done with a product, they factory reset the device so as to erase any personal information stored within it before sending it back out into the world.
However, it would appear that simply resetting your device won’t actually expunge that data from the face of the Earth and that reselling your device could hypothetically lead to your old information getting boosted.
Researchers with Northeastern University recently spent 16 months buying and reverse engineering 86 used Amazon Echo Dot devices in an attempt to understand any security deficiencies they might have.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Internet+of+things
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=iot