Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Smart Devices Hacked. Show all posts

Computers can be hacked through a "smart" light bulb


Smart light bulbs can not only make the lighting in an apartment and house more convenient and cheaper but also threaten the safety of their owners.

Experts have proven that hackers can hack computers through smart light bulbs. The vulnerability in the smart home system was noticed by cybersecurity company Check Point.

Experts have discovered a way to hack computers through a lamp using a Philips smart home system. At the first stage, the virus program is downloaded to the victim's smartphone and causes the lighting to fail. Experts have noticed that the only way to fix the problem is to reinstall the app, so the user deletes the program and re-downloads it to their phone.

At the stage when the owner of the lamp connects it to the smart home system, attackers take advantage of the vulnerability in the ZigBee protocol, which Philips uses. At the moment of pairing between the lamp and the smart hub, the malicious algorithm causes an overflow of the system buffer, which bypasses the antivirus and is installed on the computer's disk. After that, the device goes under the remote control of hackers.

Check Point experts said that the study has already attracted the attention of the manufacturer of smart lamps and eliminated the gap in the system. Experts advised owners of the Philips smart home system to update their software.

Experts have found vulnerabilities in Philips smart bulbs (at the moment, the problem with these devices has already been solved), but it is possible that similar vulnerabilities are found in many other smart home devices.

Earlier EHackingNews reported that in the fall of 2019, an IT specialist from Russia and blogger Anna Prosvetova discovered a vulnerability in Xiaomi Furrytail Pet Smart Feeder. Since feeders are used when the owners leave the house for a long time, pets may starve to death. The vulnerability was discovered in the application API through which feeders are controlled.

Milwaukee Couple's Nest Smart Home Hacked, Vulgar Music was Played


Smart home products designed by Nest such as smart cameras, smart displays, smart thermostats, and smart doorbells to make our lives more comfortable and safe, may not be all that safe according to a horrifying incident reported by a Milwaukee, Wisconsin based couple, Samantha and Lamont Westmoreland.

 After a hacker hacked into the couple’s home and took control of their gadgets, Samantha said, "It's (installation of gadgets) supposed to make me feel safe, and I didn't feel safe", "My heart was racing, I felt so violated at that point."

As per a report by Fox 6 News, on September 17th, Samantha returned home in which she has Nest camera, a doorbell and a thermostat installed, and found the atmosphere unreasonably warmer, she immediately noticed that her smart thermostat has risen up to 32 degrees Celsius (90 degrees Fahrenheit).

Initially, she assumed it to be a glitch and set it back to the room temperature, but it kept on going up after every time she turned it down. A while later, the couple heard a voice talking to them from their Nest camera and afterward it played vulgar music. Samantha went ahead, unplugged the camera and turned it to face the ceiling. They changed the passwords of all the three devices but as the issues persisted, they resorted to contacting their internet service provider to have their network and Ids reset.

The couple was of the opinion that their Wi-Fi network and Nest camera was hacked, putting the actual problem into perspective, Lamont Westmoreland said, "If someone hacks into your Wi-Fi, they shouldn't be able to have access to those Nest devices without some sort of wall they have to get over,"

In a conversation with Fox 6 News, the couple revealed that the smart home accessories they had installed at their home since last year, cost them $700, and that they have never faced any problem before this; however, in the wake of this terrifying incident they had a change of mind regarding smart home devices.

Meanwhile, responding to the disturbing experience, a spokesperson of Google, told a media outlet, “Nest was not breached. These reports are based on customers using compromised passwords. In nearly all cases, two-factor verification eliminates this type of security risk,"

Hackers Using Smart Devices to Launch Phishing Attack against Russian Business


Cybersecurity experts recorded a unique mass attack on Russian business. It is unique because hackers disguised themselves as well-known brands and used smart devices. This is the first mass attack of this kind.

Hackers presented themselves as representatives of famous brands, including retail chains, construction and oil companies. They sent e-mails with malicious software, in particular, on behalf of the Auchan hypermarket chain, or on behalf of the transnational energy Corporation Gazprom, qualitatively copying their style.

The e-mails contained the encryption virus Shade/Troldesh, it encoded files on users devices and demanded from them a fee for access to them.

Vladimir Dryukov, Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the intensity of this phishing mailing is several times higher than usual. According to him, the attack affected about 50 largest companies in Russia, whose employees received 10-50 letters a day. Group-IB experts recorded up to 2000 mailings per day.

The main feature of these attacks is the use of smart devices, for example, hacked routers around the world, as they are much more difficult to track. In addition, virus emails can be sent from any device that is capable of it, for example, modems, ecosystems of smart homes, network storage. Experts believe that in the future the number of hacker attacks using them will only grow.

"Usually IOT devices are used for DDoS attacks. Sending phishing emails from routers is still exotic, " said Vladimir Dryukov.

It is worth noting that the attacks on Russian companies began in November, but their peak came in February. Which companies were attacked and how much damage was caused to them is not disclosed.