IoT, ID IoTs, and other loose cannons

Updates to Internet of (not necessarily necessary) Things

[Many of the Things that crop up on this page are indeed necessary in the modern world. But that doesn’t mean that connecting them to the Internet of Things (or even the Internet of Everything) is necessary, or even desirable, given how often that connectivity widens the attack surface.]

1. Malwarebytes: What’s the real value—and danger—of smart assistants?

“…technologies such as Siri, Alexa, Google Assistant, and Cortana have become ubiquitous in our culture…Here’s what you need to know about smart assistants and the real value (and danger) they provide.” Looks at issues such as kids and smart assistants, and whether it’s a good idea to use a smart assistant to control your IoT devices.

2. Positive Technologies: Positive Technologies experts discover dangerous vulnerabilities in robotic vacuum cleaners. “The first vulnerability, CVE-2018-10987, involves remote code execution…Attackers need physical access to exploit the second vulnerability, CVE-2018-10988…these vulnerabilities may also affect other IoT devices using the same video modules … Such devices include outdoor surveillance cameras, DVRs, and smart doorbells.”

John Leyden for The Register: Doctor, doctor, I feel like my IoT-enabled vacuum cleaner is spying on me – “Snooping on the built-in cam? Remotely controlling it? Well, that sucks *ba-dum tsh*”

Lindsay O’Donnell for ThreatPost: IoT Robot Vacuum Vulnerabilities Let Hackers Spy on Victims – “Two vulnerabilities were discovered in Dongguan Diqee 360 vacuum cleaners, which tout Wi-Fi capabilities, a webcam with night vision, and smartphone-controlled navigation controls. These would allow control over the device as well as the ability to  intercept data on a home Wi-Fi network.”

3. Shaun Nichols for The Register: US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support) – “ES&S admits a handful of systems were shipped with PCAnywhere tool … The software was not in the voting machines themselves, but rather in the election management system (EMS) terminals used to manage the voting machines to do things like configuring scanning equipment or formatting ballots.”

4. John Leyden for The Register: IoT search engine ZoomEye ‘dumbs down’ Dahua DVR hijackings by spewing passwords – “And noone wants to fix it … Many Dahua DVR devices can be hijacked by exploiting a five-year-old firmware-based vulnerability (CVE-2013-6117).”

5. Bleeping Computer: Researchers Mount Successful GPS Spoofing Attack Against Road Navigation Systems – “Academics say they’ve mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations.” Paper available from Microsoft here.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.