Posts Tagged ‘devices’

Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

Wednesday, July 19th, 2017
internet-of-the-things-hacking

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking.

The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application.

Dubbed “Devil’s Ivy,” the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices.

The Devil’s Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications.

“When exploited, it allows an attacker to remotely access a video feed or deny the owner access to the feed,” researchers say.

“Since these cameras are meant to secure something, like a bank lobby, this could lead to collection of sensitive information or prevent a crime from being observed or recorded.”

Axis confirmed the vulnerability that exists in almost all of its 250 camera models (you can find the complete list of affected camera models here) and has quickly released patched firmware updates on July 6th to address the vulnerability, prompting partners and customers to upgrade as soon as possible.

However, researchers believe that their exploit would work on internet-connected devices from other vendors as well, as the affected software is used by Canon, Siemens, Cisco, Hitachi, and many others.

Axis immediately informed Genivia, the company that maintains gSOAP, about the vulnerability and Genivia released a patch on June 21, 2017.

The company also reached out to electronics industry consortium ONVIF to ensure all of its members, including Canon, Cisco, and Siemens, those who make use of gSOAP become aware of the issue and can develop patches to fix the security hole.

Internet of Things (IoT) devices has always been the weakest link and, therefore, an easy entry for hackers to get into secured networks. So it is always advisable to keep your Internet-connected devices updated and away from the public Internet.

Source: Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

In India, Facebook’s Zuckerberg wants callers to hang up on him – CNET

Wednesday, July 2nd, 2014

10333123747412155323296501197341n.jpg

Facebook is testing out a novel type of advertising in India: the “missed call” ad.

The social-networking company helmed by Mark Zuckerberg said Wednesday that its employees have been researching cell-phone usage in countries including India, Brazil, and Indonesia, to find out how people connect on their devices.

Facebook said it found that in India people have been using missed calls to avoid the high cost of voice calls. People dial a number and hang up before connecting to save on minutes, with the missed calls signaling to friends or family a simple message such as “I’m outside.” The practice is apparently so common that some businesses have started sending recordings or SMS messages to people who place a missed call to them.

Facebook said it is trying to piggyback off that concept in its advertising. When a person sees an ad on Facebook, he or she can place a “missed call” by clicking on the ad on their mobile device. In the return call, the person will receive content, such as music, and a message from the advertiser, without using airtime or data.

“We’ve seen positive results in early tests with advertisers like Garnier Men and plan to scale this product in the coming months,” Facebook said.

The localized approach could help Facebook build up its ad revenue in specific regions, helping the company expand a critical part of its business. Mobile ads have quickly become Facebook’s biggest advertising moneymaker, with mobile representing about 59 percent of total ad revenue in the first quarter, up from about 30 percent a year earlier.

via In India, Facebook’s Zuckerberg wants callers to hang up on him – CNET.

Samsung unveils prototype health device a week before Apple’s expected Healthbook launch | mobihealthnews

Thursday, May 29th, 2014

One week before Apple’s World Wide Developer Conference, where the company is widely expected to announce its rumored Healthbook app, Samsung hosted an event called Voice of the Body in San Francisco to show off a couple of digital health projects.

The two new digital health projects included Simband, an “investigational device” — not a product – that is stocked with a variety of health sensors and room for third party developers to add their own. Samsung also unveiled Samsung Architecture Multimodal Interactions, or SAMI, which it described as a “data broker” that future devices based on the Simband and other third party health tracking devices could upload data to that could then be used by app developers to create new apps.

During his presentation Samsung Electronics’ Young Sohn, president and chief strategy officer of device solutions at the company, said that consumer-driven digital health has had three generations so far. The last five years were all about smartphone health apps, while the second generation — the one we’re in now — is focused on connected fitness devices. Next, digital health is moving into the wearable sensor era.

via Samsung unveils prototype health device a week before Apple’s expected Healthbook launch | mobihealthnews.

Project Ara module maker explores ‘conductive ink’ to create circuitry | PCWorld

Friday, May 2nd, 2014

Project Ara 

3D Systems, the company that will print the modules for Google’s Project Ara smartphone, is exploring conductive ink as a way to create circuitry for the devices.

Ara is Google’s attempt to turn smartphone manufacturing on its head and pro that users will be able to upgrade easily after they buy it, using 3D-printed parts.

The phone has a basic exoskeleton, and components like the camera, battery and memory are housed in plastic modules that snap onto the back. A user who wants new memory or a better camera, for instance, could order a new module and swap out the original.

3D Systems was enlisted by Google to print the modules, and this week it said it was working with Carnegie Mellon University to develop conductive ink, which can be used to print electrical circuits. It hopes to use the ink for components such as antennas, it said in a blog post.

Conductive inks are typically liquid metal and can carry an electric current. Microsoft is also researching the technology, and has shown how a silver nanoparticle ink can be used to print circuit boards with a conventional inkjet printer.

via Project Ara module maker explores ‘conductive ink’ to create circuitry | PCWorld.

FBI Keeps Internet Flaws Secret to Defend Against Hackers – Bloomberg

Wednesday, April 30th, 2014

The Obama administration is letting law enforcement keep computer-security flaws secret in order to further U.S. investigations of cyberspies and hackers.The White House has carved out an exception for the Federal Bureau of Investigation and other agencies to keep information about software vulnerabilities from manufacturers and the public. Until now, most debate has focused on how the National Security Agency stockpiles and uses new-found Internet weaknesses, known as zero-day exploits, for offensive purposes, such as attacking the networks of adversaries.The law enforcement operations expose a delicate and complicated balancing act when it comes to agencies using serious security flaws in investigations versus disclosing them to protect all Internet users, according to former government officials and privacy advocates.

The FBI also hacks into computers and networks of adversaries using what are known as remote access operations coordinated by a team at the bureau’s facility in Quantico, Virginia, said a former government official. Most of the malware and computer exploits used are available for purchase online and the operations are authorized by warrants specifying devices targeted, the official said in a phone interview.

via FBI Keeps Internet Flaws Secret to Defend Against Hackers – Bloomberg.