hacking, internetofthings, Security technology, vulnerabilities
Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters. Powered by WPeMatico
Category: vulnerabilities
Auto Added by WPeMatico
blockchain, cryptocurrency, patching, Security technology, vulnerabilities
Zcash just fixed a vulnerability that would have allowed “infinite counterfeit” Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary. Powered by WPeMatico
internetofthings, passwords, Security technology, vulnerabilities, wifi
The security is terrible: In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption). Root certificate and RSA private … Read More “Security Analysis of the LIFX Smart Light Bulb” »
apple, eavesdropping, iphone, Security technology, vulnerabilities
This is kind of a crazy iPhone vulnerability: it’s possible to call someone on FaceTime and listen on their microphone — and see from their camera — before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine how an … Read More “iPhone FaceTime Vulnerability” »
backdoors, botnets, exploits, firmware, hacking, internetofthings, japan, passwords, Security technology, vulnerabilities
The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »
hacking, internetofthings, reports, Security technology, vulnerabilities
Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks quickly and … Read More “Hacking Construction Cranes” »
backdoors, computersecurity, crime, cryptowars, eavesdropping, essays, gchq, lawenforcement, Security technology, vulnerabilities
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI — and some of their peer agencies in the UK, Australia, and elsewhere — argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems … Read More “Evaluating the GCHQ Exceptional Access Proposal” »
businessofsecurity, economicsofsecurity, exploits, Security technology, vulnerabilities, zeroday
Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple’s iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and … Read More “Prices for Zero-Day Exploits Are Rising” »
cellphones, eavesdropping, economicsofsecurity, lawenforcement, nationalsecuritypolicy, Security technology, securityengineering, vulnerabilities
Good essay on the inherent vulnerabilities in the cell phone standards and the market barriers to fixing them. So far, industry and policymakers have largely dragged their feet when it comes to blocking cell-site simulators and SS7 attacks. Senator Ron Wyden, one of the few lawmakers vocal about this issue, sent a letter in August … Read More “Security Vulnerabilities in Cell Phone Systems” »
artificialintelligence, economicsofsecurity, essays, machinelearning, Security technology, vulnerabilities
No one doubts that artificial intelligence (AI) and machine learning (ML) will transform cybersecurity. We just don’t know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders  and the resultant arms race between the two  I want to talk about software vulnerabilities. All software … Read More “Machine Learning to Detect Software Vulnerabilities” »