Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label IoT devices. Show all posts
Vulnerabilities and Exploits
IoT devices Smart TV Threat Landscape Unauthorized access Vulnerabilities and Exploits

91,000 Smart LG TV Devices Susceptible to Unauthorised Remote Access

 

New vulnerabilities have been discovered in LG TVs that could allow unauthorised access to the devices' root systems, possibly exposing thousands of units worldwide. 

The finding, made as part of Bitdefender's continuing inspection of the popular Internet of Things (IoT) technology, focuses on vulnerabilities in WebOS versions 4-7, which are used in LG sets. The detected flaws allow unauthorised access to the TV's root system by circumventing the permission process. 

Despite its intended use for LAN access only, Shodan, an internet-connected device search engine, has identified over 91,000 devices that expose this service to the internet. 

Among the uncovered flaws, CVE-2023-6317 stands out because it allows attackers to bypass authorization methods, allowing unauthorised access to the TV's root system. Additionally, CVE-2023-6318 enables attackers to extend their access to root privileges, heightening the security risk. 

Furthermore, CVE-2023-6319 allows for the injection of operating system commands, whilst CVE-2023-6320 enables authenticated command injection. The concerned models are LG43UM7000PLA, OLED55CXPUA, OLED48C1PUB, and OLED55A23LA. Devices running WebOS versions 4.9.7 through 7.3.1 have been confirmed to be impacted. 

“Attackers could use the compromised Smart TV as a starting point to launch additional attacks against remote systems or hosts,” noted Thomas Richards, principal security consultant at the Synopsys Software Integrity Group.

According to the cybersecurity expert, if attackers get administrator access to the TV, the user's personal information, including login passwords, can be compromised. 

“Smart TV owners should not have their TVs directly connected to the internet. Keeping the TV behind a router will reduce the likelihood of a compromise since remote attackers will not be able to reach it,” Richards added. “Enabling the automatic update option on the TV will keep the TV up to date with vendor patches to remediate security risks.” 

Bitdefender's disclosure timetable highlighted the approach followed, with vendor notice taking place on November 1, 2023, some months before a fix delivery on March 22, 2024. In the face of emerging threats, prompt patching and upgrades are critical to minimising possible risks, safeguarding user privacy, and enhancing device security.
Read more »
TheMoon
Cyber Security Financial Exploit IoT devices Routers TheMoon

Malware Targets End-of-Life Routers and IoT Devices

 




A recent investigation by Black Lotus Labs team at Lumen Technologies has revealed a concerning trend in cybercriminal activity targeting end-of-life (EoL) routers and IoT devices. The research sheds light on a sophisticated campaign utilising updated malware known as TheMoon, which has quietly grown to infect over 40,000 devices across 88 countries by early 2024.

The primary target of this campaign appears to be small home and small office routers, which are often overlooked when it comes to security updates. Unlike desktop and server computing, where automatic updates are the norm, many IoT devices lack this crucial feature. This oversight leaves them vulnerable to exploitation by cybercriminals.

One of the key findings of the investigation is the emergence of a malicious proxy service called Faceless, which offers anonymity services to cybercriminals for a minimal fee. By routing their traffic through compromised devices, malicious actors can conceal their true origins, making it difficult for law enforcement to track their activities.

According to Jason Soroko, a cybersecurity expert, routers and networking equipment with weak passwords have long been easy targets for cyber attacks. However, what sets this campaign apart is the use of proxy networks to obfuscate command-and-control (C2) traffic, indicating a new level of sophistication among cybercriminals.

The Mechanism Behind The Threat

The malware responsible for these attacks is distributed through a botnet orchestrated by TheMoon. It targets vulnerable EoL routers and IoT devices, infecting them with a loader that fetches an executable file from a C2 server. This file includes a worm module that spreads to other vulnerable devices, as well as a component used to proxy traffic to the internet on behalf of the attacker.

Global Impact: Financial Sector Under Siege

Despite a majority of infected hosts being located in the U.S., the threat extends globally, with devices in 88 countries falling victim to the campaign. The financial sector, in particular, is a prime target for password spraying and data exfiltration attacks, posing significant risks to organisations worldwide.

Recommendations for Defenders

Network defenders are urged to remain vigilant against attacks on weak credentials and suspicious login attempts. Additionally, experts recommend implementing measures to protect cloud assets from communicating with malicious bots and blocking indicators of compromise (IoCs) with web application firewalls.

The advent of this new cyber threat calls for regular security updates and proper maintenance of IoT devices, especially those nearing the end of their lifecycle. Failure to address these vulnerabilities could have far-reaching consequences, as cybercriminals continue to exploit them for financial gain.




Read more »
User Security
Data Safety IoT devices Smart Devices Technology User Security

Three Ways Smart Devices Can Compromise Your Privacy

 

Any gadget that has an internet connection and can be operated by a computer or smartphone is considered a smart device. Home appliances, security cameras, thermostats, doorbells, lighting systems, and other networked gadgets are examples of such devices. 

Smart devices are becoming more prevalent due to the comfort they provide. However, with this ease comes a higher risk to your privacy. 

When people talk about smart gadgets, they are referring to the internet of things (IoT) and its ability to connect all of your devices together. This means that all of the data generated by each device can be viewed and shared with other connected devices, potentially exposing sensitive information about you and your home life. Here are three ways that smart devices might jeopardise your privacy. 

Location tracking 

Many smart devices track and save users' whereabouts, allowing detailed profiles of their behaviours to be created. Without the user's knowledge or consent, this data can then be sold to third parties. 

With smart devices like fitness trackers and smartphones, this has become a serious issue. If you're not careful, your smartphone may be sharing more information than you realise. You may believe that you have control over the data it collects, but this is not always the case. 

Insecure Wi-Fi 

Wi-Fi is used by many smart gadgets to connect to the internet. This means that if adequate safety measures are not in place, it may be vulnerable to hackers. Hackers can gain access to your device, look into sensitive data like passwords, and even take control of it. 

Hackers have been known to hijack smart devices via Wi-Fi connections and use them to launch cyber-attacks. This is especially important if you travel with smart gadgets such as phones or laptops, as they may connect to unsecured Wi-Fi networks. 

Webcam vulnerabilities 

Smart devices frequently include built-in cameras and microphones that can be hacked to gain access to the user's audio and video records. This has been a major problem in recent years, with cases of "webcam hacking" growing steadily. 

People are increasingly installing cameras in their doorbells, baby monitors, and even televisions. All of these can be hacked into if the user does not take proper safety measures. For example, in some cases, hackers have taken over security cameras and utilised them to spy on unsuspecting individuals in their homes. This is an extreme example of a privacy infringement that can be avoided with adequate safety measures. 

Bottom line 

Smart devices can be a wonderful addition to the home, but you must be aware of the risks that they involve. They can violate your privacy in a variety of ways, including  targeted attacks, location tracking, real-time recording, and so on. 

Furthermore, flaws in your connectivity solution can expose your devices, data, and family or customers to cyber-attacks. Understanding the threats and implementing the required security measures will help you secure your privacy. Early intrusion detection is the most successful method of preventing cyber-attacks, and this is still true in the Internet of Things era.
Read more »
IoT devices
AI Policy Artificial Intelligence Cloud Device Cloud Platform Cyber Security Information Technology IoT devices

AI's Swift Impact on the IT Industry

The integration of Artificial Intelligence (AI) in the Information Technology (IT) industry is poised to bring about rapid and profound changes. As businesses seek to stay ahead in an increasingly competitive landscape, the adoption of AI technologies promises to revolutionize how IT operations are managed and drive innovation at an unprecedented pace.

According to a recent report by ZDNet, the impact of AI on the IT industry is set to be both swift and far-reaching. The article highlights how AI-powered solutions are automating tasks that were once time-consuming and labour-intensive. This shift allows IT professionals to focus on higher-level strategic initiatives, enhancing productivity and efficiency across the board.

IDC, a renowned market intelligence firm, supports this view in its latest research. The report underscores that AI technologies are becoming indispensable tools for businesses seeking to streamline operations and gain a competitive edge. IDC predicts a significant surge in AI adoption across various sectors, underlining the transformative potential of this technology.

Furthermore, the 2023 Enterprise IoT and OT Threat Report by Zscaler ThreatLabz sheds light on the crucial role AI plays in securing the expanding landscape of enterprise IoT and OT devices. As the Internet of Things continues to grow, so do the associated security risks. AI-powered threat detection and response systems are proving to be instrumental in safeguarding networks against evolving cyber threats.

The convergence of AI and IT is driving innovation across domains such as cloud computing, cybersecurity, and data analytics. Cloud platforms are leveraging AI to optimize resource allocation and enhance performance, while cybersecurity solutions are using AI to detect and respond to threats in real-time.

Organizational structures are changing as a result of AI's incorporation into the IT sector. Organizations are reaching new heights in terms of productivity, security, and innovation thanks to the quick adoption of AI technology. Enterprises adopting AI will have an advantage in navigating the opportunities and difficulties presented by the changing IT ecosystem in the future. The revolutionary potential of artificial intelligence is undoubtedly linked to the future of IT.

Read more »
Mirai botnet
Botnet attack Cyber Attacks IoT devices Mirai botnet

Mirai Botnet Variant 'Pandora' Hijacks Android TVs

 

Pandora, a variant of the Mirai botnet, has been identified targeting budget-friendly Android-based television sets and TV boxes. It utilizes these devices as part of a botnet to execute distributed denial-of-service (DDoS) attacks. Mirai is a type of harmful software that goes after everyday devices like smart cameras and home routers. It takes control of them and makes them part of a group of bots that can be controlled remotely. 

Cybercriminals use these groups, known as Mirai botnets, to launch big attacks on computer systems, called DDoS attacks. What sets Mirai apart is that it mainly affects connected smart home gadgets, like routers, thermostats, baby monitors, and even fridges. It does this by targeting the common Linux operating system that many of these Internet of Things (IoT) devices run on. Mirai exploits weaknesses in these smart devices and links them together into a network of compromised devices, which is called a botnet. 

According to the Doctor Web, compromises are prone to happen either through malicious firmware updates or when users install applications for viewing pirated video content. In the realm of alternative distribution methods, there is suspicion that users are being deceived into installing applications meant for streaming pirated movies and TV shows. 

These deceptive websites predominantly target Spanish-speaking users. The roster of apps includes Latino VOD (com.global.latinotvod), Tele Latino (com.spanish.latinomobile), UniTV (com.global.unitviptv) and YouCine TV (com.world.youcinetv). 

Upon installation of the application, it initiates a background service named "GoMediaService." This service is subsequently utilized to extract various files, including an interpreter running with elevated privileges and an installer for Pandora. In its function, Pandora is crafted to establish contact with a remote server. 

It proceeds to substitute the hosts' file on the system with a deceitful version and awaits further directives. These instructions involve executing DDoS attacks utilizing TCP and UDP protocols, along with initiating a reverse shell. 

The central focus of this campaign is directed towards affordable Android TV boxes, such as the Tanix TX6 TV Box, MX10 Pro 6K, and H96 MAX X3. These devices are equipped with quad-core processors sourced from Allwinner and Amlogic, rendering them well-suited for launching DDoS assaults. 

Understanding Botnet Attacks and Effective Prevention Strategies 

Botnet attacks pose a significant cybersecurity risk, with their prevalence and complexity on the rise. As reported by CSO Online, the initial half of 2022 witnessed a staggering 67 million botnet connections originating from more than 600,000 distinct IP addresses. 

Common Botnet Attacks: 

• DDoS: Overwhelm with traffic
• Credential Theft: Steal login details 
• Spam & Phishing: Mass emails for deception 
• Ad Fraud: Fake user activity 
• Crypto Mining: Hijack processing power. 

In the face of botnet attacks as a significant cybersecurity threat, organizations have an array of prevention techniques at their disposal. These include: 

• Implementing advanced antivirus and antimalware solutions, and ensuring they remain up-to-date. 

• Consistently applying software and operating system updates, along with timely bug fixes. 

• Educating staff on identifying suspicious emails and attachments, and emphasizing the importance of refraining from clicking on them. 

• Strengthening security with robust passwords and employing multi-factor authentication to deter unauthorized access. 

• Enforcing comprehensive cybersecurity training programs for employees, equipping them with the knowledge to recognize and respond to botnet attacks effectively.
Read more »
UK Hospitals Medical Records
Data Breach Data Safety IoT devices NHS UK Hospitals Medical Records

NHS: Hackers have Complete Access to Millions of Medical Devices in UK Hospitals

 

In England's NHS Trust hospitals, millions of medical devices are now entirely vulnerable to ransomware attacks by cybercriminal groups. 

These ostensibly safe online gadgets, such surveillance cameras and blood pressure monitors, are either unable to run security software or rely on outdated versions. They frequently receive no monitoring at all. 

When hackers leapfrog from these devices into the key areas of hospital networks, they can bring down entire hospital systems and leave a path of technological carnage in their wake. 

There have already been significant instances in North America and other parts of the world where security specialists were called in to deal with the fallout from these scenarios, some of which were the result of human error. 

This is a ticking time bomb, and the actual magnitude of the threats was revealed earlier this week by Armis Security, a US cybersecurity firm that sent freedom of information (FOI) requests to 150 NHS Trusts in England.

Armis Security inquired about how hospitals catalogue and monitor their medical devices, namely laptops, desktop computers, MRI machines, CT scanners, drug distribution stations, pacemakers, linked inhalers, and heart-rate and blood-pressure monitors. 

Only 71 NHS Trusts answered with data, but what they stated was eye-opening: one in five hospitals admitted to manually tracking each medical device added to their networks, and nearly one in six hospital networks are not checked for cybersecurity concerns at all. 

While this report focuses on the NHS, Armis stated that it is pushing for international healthcare industry action because the problem is hurting hospitals all around the world. 

Hackers usually want to steal data from businesses or encrypt it and demand a ransom payment. With healthcare, there is an additional risk that patients' lives would be impacted, both by interruption caused by cyberattacks and network failures, as well as by hacking attempts on medical devices, which may cause them to malfunction.

"NHS trusts are responsible for their own cybersecurity and must maintain a register of medical devices connected to their network, including information on their data security assurance process," said a spokesman for NHS England.“The NHS will continue to review the requirements for cybersecurity relating to connected medical devices and take action to make improvements where appropriate.” 

Why should hospitals monitor all IoT devices? 

Trend Micro, a global cybersecurity firm, interviewed 145 healthcare companies worldwide in January and discovered that more than half of them had been damaged by ransomware attacks in the previous three years. One-fourth of those surveyed stated the hacks were so severe that they had to suspend operations entirely.

In addition, the Ponemon Institute's 2022 study indicated that more than half of the 517 healthcare practitioners polled saw their institutions endure greater death rates as a result of cyberattacks. The latest known large ransomware assault on the NHS was the WannaCry ransomware strikes in 2017. However, this does not mean that we are out of the woods. 

"The reason we're good at tracking laptops and desktops is that the IT department buys them and, when we receive them, we install security tools," Mohammad Waqas, principal solutions architect at Armis, explained at Infosecurity Europe 2023.

“With medical devices, the IT team is not involved, it’s the medical departments buying and installing them. But even if I was aware this department bought 10 CT scanners or 10 ultrasound machines, I still can't install my traditional security [software] on the machines to track them.” 

Many medical devices use an open-source Linux operating system, similar to Windows or Android OS on your computer or smartphone. None of these devices are "computers" in the classic sense, yet because they run Linux, CCTV cameras and wireless glucose monitors are just as vulnerable to hackers as traditional computers. 

Armis estimates that 25,000 devices are active on any single hospital network around the world on a daily basis.
Read more »
VMware ESXi
Cyber Security IoT devices Linux Security Online Safety Operating system Server Hack VMware VMware ESXi

Here's Why Cybercriminals are Targeting Linux Operating Systems

 

Internal strife is common among ransomware gangs. They argue, they fight, and they establish allies only to rapidly break them. Take, for instance, the leak of malware code from Babuk, which was compromised in 2021 by hackers enraged at being duped by the infamous ransomware gang. 

The outcomes of this intramural warfare are frequently fruitful for cybersecurity experts. Ten other ransomware gangs used the code to attack VMware and ESXI servers after that, and a number of versions were produced that researchers have been busy updating ever since. 

However, what made this particular family of malware noteworthy was that it specifically targeted Linux, which has quickly become a favourite of developers working on creating virtual machines for cloud-based computer systems, hosting for live websites, or IoT devices. With an estimated 14 million internet-facing gadgets, 46.5% of the top million websites by traffic, and an astounding 71.8% of IoT devices using Linux on any one day, its use has increased significantly in recent years. 

That's excellent news for advocates of open-source software development, for whom Linux has always served as an illustration of what can be accomplished when coding communities work together without being constrained by anything as odious as a corporate culture or a profit motivation. 

It's also really alarming for some cybersecurity specialists. Not only is there a significant dearth of ongoing research into the security of Linux-based systems in comparison to those based on more mainstream operating systems, but there is also no official, overarching method for patching the vulnerabilities in this OS. Instead, as befits an open-source product, 'flavours' of Linux are patched on an ad hoc basis by developers with time and intellect to spare - a valuable resource in the face of a real tsunami of cybercrime. Attackers are taking note. AtlasVPN discovered over 1.9 million new malware threats last year, representing a 50% rise year on year.

Shifting trend 

It wasn't always like this. Bharat Mistry recalls a time when hackers were more interested in cracking open old Windows computers. "I believe cybercriminals stayed away because they believed the popularity wasn't there," says Trend Micro's technical director for the UK and Ireland. Linux had a reputation for being secure by design, with reduced default access levels and other characteristics designed to hinder the easy spread of malware. "But over the last six years, certainly with cloud usage, it's [usage has] exponentially grown," says Mistry, increasing the amount of possible vulnerabilities. 

According to Mistry, this is largely due to the fact that it offers a cheap and cheerful alternative to the dominant OS brands, with many different flavours of unlicensed Linux accessible. "When you look at things like web servers that are hosted in the cloud, [why] should I pay for a Windows licence?" Mistry asks, speaking from the perspective of a savvy, money-conscious company. A Linux alternative is "as cheap as chips and does exactly what I need it to do." I can install Apache on it... and have the performance I want without the extra cost." 

Unfortunately, if an operating system is designed and maintained according to open source principles, hackers looking to exploit it can simply source it on GitHub and other software forums. Ensar Seker, for one, is concerned about the consequences for the use of virtual machines (VMs) in the cloud. "Virtual machines often lack the same level of security monitoring as physical systems, making it easier for attackers to go undetected for a longer period of time," says the chief information security officer at digital risk protection platform SOCRadar. 

The fact that the vast majority of software on IoT devices is based on Linux should also be cause for concern, according to the researcher, especially considering the rate of development expected for the smart device market over the next decade. More concerningly, Mistry continues, "we're seeing Linux being used more and more in critical systems," owing to how easy it is to branch and customise variants of the OS to suit particular jobs compared to its mainstream counterparts.

Given hackers' access to the source code of the operating system, malware designed to break open-source versions of these systems is frequently created to a higher standard than its Windows-targeting counterparts. It's also popular among a wide range of cybercriminal gangs. Tilted Temple, a Chinese cyber group, has utilised Linux-based malware to infiltrate important national infrastructure on three continents. 

Major players in the cybercriminal underworld, such as Black Basta, Lockbit, and Hive, have all been identified as deploying targeted Linux-chomping malware to breach online infrastructure. Another such gang, RTM, has been found on dark web forums as trading in harmful, Linux-targeting software. 

It's unclear how prepared cybersecurity providers are for this new threat. After all, until recently, these companies spent far more time fixing vulnerabilities in more widespread operating systems. Far fewer have investigated how vulnerable Linux systems can be to hacking - a squandered opportunity, according to Mistry. "Everyone's been so focused on Windows over the last few years because it's been the predominant operating system that all enterprises use," he explains. "But, in the background, Linux has always been there." 

Future threats 

Mistry does not believe the current wave of Linux attacks will abate anytime soon. He feels it will be some time before consumers and developers become aware of the risks and alter their behaviours. "The vulnerabilities in Linux platforms are massive," Mistry adds. "No one is actively controlling the vulnerabilities and patching them on a daily basis." 

Does this imply that its open-source framework contributes directly to Linux's lack of security? Certainly less, says Mistry. "You've got the openness, you've got the mass flexibility - the problem is when it comes to support," explains Mistry. 

Organisations developing new software on Linux should educate themselves on the trade-offs involved in adopting the operating system. The communities of developers modifying and patching this or that variant of Linux have "got people who will do things, but there's no kind of set body to say, 'This is the kind of direction we're going [in.]," adds Mistry, let alone any built-in regime mandating security standards. As a result, firms would be advised, according to the TrendMicro researcher, to install their own regime or create a viable audit trail for products built on some of the more unusual varieties of Linux. 

So, are the days of Linux as a popular OS alternative numbered? Probably not in the short term, and many cybersecurity vendors are becoming aware of the threat posed by Linux-based systems, according to Mistry. Nonetheless, according to Seker, each new security event involving Linux-targeting malware only serves to erode its reputation as an economical, secure, and open-source alternative to the monolithic Windows and iOS. "Even a single high-profile incident can quickly change a perception if the security community does not respond to threats promptly and effectively," he says.
Read more »
Vulnerabilities and Exploits
IBM Security X-Force IoT devices JSON Web Token Signing key ThingsBoard ThingsBoard version 3.4.2 Vulnerabilities and Exploits

ThingsBoard: Default Static Key in IoT Platform Gives Attackers Admin Access


The developers of ThingsBoard, an open-source platform used for managing IoT devices for various industry sectors have recently patched a flaw that could apparently enable attackers to acquire administrative access to a server and send requests. 

The vulnerability, identified as CVE-2023-26462, was detected and reported by IBM Security X-Force researchers. Attackers could fake valid requests that would allow them to appear to the system as higher privileged users, with knowledge of that key, which is much easier to obtain. 

"Because ThingsBoard allowed the default key to be used without requiring administrators to change it, and because that default key was also exposed publicly in the configuration files, the door was opened for attackers to gain unauthorized access in excess of what is intended," stated the X-Force researchers in a report. 

The flaw was later patched in ThingsBoard version 3.4.2 by establishing a random key for each new installation or by upgrading to version 3.4.2 or later. If administrators are unable to upgrade immediately, they can manually alter the earlier versions' default signing key in the configuration file or via the admin dashboard. 

Insecure Implementation of JSON Web Tokens 

JSON Web Token is an internet standard for stateless authentication. It is widely used in mobile and web applications, significantly used if the interactive authentication is impractical, like machine-to-machine or service-to-service communication. Stateless authentications do not require users’ passwords or usernames to be imputed and store the state of a user's session on the server. Instead, it makes use of tokens or tickets that include statements or claims about a user that the server is confident are accurate. 

With the help of JWT, the server generates a token for clients and signs it with its secret key. The payload of that token contains information about the user's identity and permissions. The user or client must provide their signed token along with every request they make in order to execute an operation on the server. 

Through this approach, it is simple to understand the significance of securing the signing key. If not, someone who has access to the server's key might take a payload that is already signed and modify its contents before re-signing it with the server's key and getting it to be recognized as genuine. 

In ThingsBoard’s case, a hacker has the ability to alter the scope value from the JWT, which indicates the user's position on the server and, consequently, the capabilities they are granted. The high-privileged scopes include ones like SYS ADMIN and TENANT ADMIN. On the platform, tenants are subsets of an organization, and a tenant's admin can control all of their devices. Yet, system administrators are in charge of the entire system and can manage every tenant. 

"By editing this role value and generating a new, valid signature for the payload, a user can escalate privileges within the platform to the highest level[…]This grants access throughout the entirety of the platform, including other tenants, users, and devices not affiliated with the original account," the researchers said. "ThingsBoard is just one among many IoT platforms which, much like the devices that connect to them, all deserve further research and scrutiny[…]Adoption of IoT devices in all industries will only continue to grow, and with it the need to ensure security in the platforms managing devices and collecting data."

Read more »
Subscribe to: Posts (Atom)