internet of security vulnerabilities

3 Articles

Yet Another IoT Botnet

May 17, 2017 by 19 Comments

[TrendMicro] are reporting that yet another IoT botnet is emerging. This new botnet had been dubbed Persirai and targets IP cameras. Most of the victims don’t even realize their camera has access to the Internet 24/7 in the first place.

Trend Micro, have found 1,000 IP cameras of different models that have been exploited by Persirai so far. There are at least another 120,000 IP cameras that the botnet could attack using the same method. The problem starts with the IP cameras exposing themselves by default on TCP Port 81 as a web server — never a great idea.

Most IP cameras use Universal Plug and Play, which allows them to open ports from inside the router and start a web server without much in the way of security checks. This paints a giant target in cyber space complete with signs asking to be exploited. After logging into a vulnerable device the attacker can perform a command injection attack which in turn points gets the camera to download further malware.

The exploit runs in memory only, so once it has been rebooted it should all be fine again until your next drive by malware download. Check your devices, because even big named companies make mistakes. IoT is turning into a battlefield. We just hope that with all these attacks, botnets, and hacks the promise of the IoT idea isn’t destroyed because of lazy coders.

Part of feature image from Wikipedia, Creative Commons license.

Massive Cyber Attack Cripples UK Hospitals, Spreads Globally

May 12, 2017 by 179 Comments

A massive ransomware attack is currently under way. It was first widely reported having crippled the UK hospital system, but has since spread to numerous other systems throughout the world including FedEx in the US, the Russian Interior Ministry, and telecommunications firms in Spain and Russia.

The virus is known by names WannaCrypt, WannaCry, and a few other variants. It spreads using the ExternalBlue exploit in unpatched Windows machines older than version 10. The tools used to pull off this attack were likely from an NSA toolset leaked by the Shadow Brokers.

So far the strongest resource for technical information that we’ve found is this factsheet hosted on GitHub.

NHS Services at a Standstill in the UK

NHS services across England and Scotland have been hit by the ransomware attack, crippling multiple hospitals and doctor’s practices. The UK has universal healthcare — the National Health Service  — covering Doctors, Hospitals and generally everything medical related is free at the point of service. but today they have had to turn away patients and cancel consultations.

NHS is unable to access medical records of patients unless they pay £230 ($300) in bitcoin for infected machines. There is no evidence patient data has been compromised, NHS Digital has said. The BBC has stated that up to 39 NHS organisations and some GP practices have been affected.

The National Cyber Security Centre (NCSC) was “working closely” with the NHS and that they will protect patient safety. We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

-Prime Minister Theresa May

Infected Systems Throughout the World

Computers in regions across the globe have been under attack today, including Telefonica (O2 in the UK), with at least 45,000 computers compromised in Russia, Ukraine, India, and Taiwan alone. There’s no indication of who is behind the attack yet.

The ransomware’s code takes advantage of an exploit called EternalBlue, made public in April by Shadow Brokers which was patched by Microsoft in March, It comes as a shock that an organisation the size of the NHS seem not to have kept their computers updated. This is perhaps just a taster of what is to come in the future as cyber crime and warfare become more and more commonplace.

[Ransomware screenshots via @UID_]

Hack Corporate Overlords For Single Button Beer Delivery

April 2, 2016 by 9 Comments

[Brody Berson] is at it again, but this time he’s hacked the services floating in the aether around him to give him beer on demand. Finally the future we’ve been waiting for.

This hack is not as hacky as his first one, which, at the push of a button, could summon a bad driver straight to his house who would then give him pizza. The first one was done with a modified version of a button used to summon paper towels; because there’s nothing like needing paper towels RIGHT NOW, and then pushing a button to get them a few days later.

Apparently Amazon saw how practically no one was pushing the dish detergent button, but a lot of people were making scary mailboxes and magic pizza apps after ruthlessly scratching the branding off. So they shrugged and decided to sell the buttons as the newly branded (these get more hilarious when you don’t use the acronyms) Amazon, Amazon Web Services Internet of Things Button. Now your button can die along with the internet because Amazon is hosting your Raspberry Pi for a small fee, neat.

Anyway, [Brody] did some research on the best beer delivery services in his area, and went with one called Drizzly because they had a nice API. After integrating this system with Amazon’s, he can now push a button and minutes later, after subtracting some currencies from his account, a bad driver will show up and hand him beer.