Flaws in MatrixSSL Leave IoT Devices Open to Attack
Researchers have discovered several flaws in the MatrixSSL TLS stack used in IoT devices, two of which could let an attacker execute arbitrary code on a vulnerable device. MatrixSSL is a small TLS/SSL stack that’s designed for use in embedded systems and other constrained environments. The software can run in low-memory environments, which has made […]
Mirai Botnet Attacks on Liberia Drop Off
The attacks from the Mirai botnet against targets in the country of Liberia that have been ongoing for several days have now stopped, at least for the time being. For more than a week, attackers have been throwing short, but highly potent DDoS floods of various types against a number of sites in the small […]
On the Wire Podcast: Ronnie Tokazowski
For a youngster, the Mirai botnet has gotten more than its share of attention in its short life. The botnet first came to prominence when researchers discovered it was used in an attack on Brian Krebs’s site several weeks ago, and later on a hosting provider. It gained more fame because it’s made up of compromised […]
Zombie IoT Devices Are Flooding the Internet With Garbage Traffic
The last couple of weeks have seen two of the larger DDoS attacks ever recorded, and researchers have attributed them in part to a large botnet called Mirai comprising mostly infected IoT devices. Looking closely at some other large-scale DDoS attacks with similar characteristics, researchers at Cloudflare discovered that the attackers are specifically using Layer 7 attacks […]
Your Body is a Wonderland–For Transmitting Passwords
Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies […]
Welcome to the Golden Age of IoT Hacking
TENERIFE–Nostalgia for the 1990s may be all the rage at the moment (see: The X-Files, The People vs. O.J. Simpson) but when it comes to security, no one is looking to go back 20 years. Sadly, that’s about where the security of many IoT devices belongs, experts say, and there doesn’t look to be much […]
When Smart Devices Do Dumb Things
Smart devices are great. Until they’re not. Like when your smart TV is infected with DNS hijacking malware and refuses to do what it’s actually supposed to do, which is to let you watch TV. That’s the situation that a Reddit user found on his sister’s smart TV recently, reporting that after hitting a specific domain […]
On the Wire Podcast: Paul Roberts
Dennis Fisher talks with journalist Paul Roberts (@paulfroberts) of the Security Ledger about the state of security in the Internet of Things. The discussion touches on the way vendors are responding to security researchers who report bugs in their products, whether regulation is needed, emerging IoT protocols, and how the IoT security landscape mirrors the Internet […]
New WiFi HaLow Protocol Could Bring Old Security Issues
Perhaps because smart lightbulbs that refuse firmware updates and refrigerators with blue screens of death aren’t enough fun on their own, a new WiFi protocol designed specifically for IoT devices and appliances is on the horizon, bringing with it all of the potential security challenges you’ve come to know and love in WiFi classic. The new […]