Security Alerts & News
by Tymoteusz A. Góral

History
#1460 Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON
Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.

A month after the conference ended, the results are in: 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.

The types of vulnerabilities found ranged from poor design decisions like the use of plaintext and hard-coded passwords to coding flaws like buffer overflows and command injection.

Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.

A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. A thermostat from Trane used a weak plain text protocol potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality.
Read more
#1460 Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON
#1459 iOS 10 security updates move to HTTPS
#1458 Microsoft patches 47 vulnerabilities with September Patch Tuesday
#1457 UK: Government data security slammed in new report
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12