#iot-security

#iot-security

A closer look at the Android app and Bluetooth traffic showed that locking, unlocking, and basic status checks all occur locally over Bluetooth, with the cloud mostly along for the ride. Before accepting commands, the scooter runs a simple authentication check: it sends a short challenge, the app replies with a cryptographic response, and access is granted. It's designed to stop random passers-by from hopping on and riding off. In theory, at least.

Canonical, Ubuntu Linux's parent company, is the most visible Linux and open-source business in Vegas. While neither Canonical nor anyone else is showing off a new Linux desktop, the company, in partnership with Nvidia, is demonstrating Ubuntu Linux running on the NVIDIA DGX Spark. This is a desktop supercomputer featuring an Nvidia GB10 Grace Blackwell superchip with 128 GB of RAM and 4 TB of storage for $3,999. Now, this is my kind of desktop PC.

Most of us have some internet of things (IoT) devices at home, whether it's a phone, a tablet, or a collection of security cameras and sensors. When you learn that 120,000 home security cameras were hacked in South Korea for sexploitation footage, it makes you think twice about adding such devices to your home, which is your most sacred space for privacy.

That's the conclusion we'd like to believe any sane person would likely draw, reading this week's absurd report from South Korea, where four people were arrested after allegedly hacking an astounding 120,000 separate commercial home video cameras stationed in houses and businesses. As if that level of breach isn't inherently icky enough, several of the suspects then reportedly used the hacked material to make and then sell sexually explicit exploitation videos of strangers to foreign-based web networks that illegally distribute hacked, pornographic camera footage.

WITHDRAW - CyCraft Technology has withdrawn their attempt against the Amazon Smart Plug.

Securing IoT devices must be a top priority from start to finish these days. Whereas the issue used to be seen mainly as an add-on, it is now a fundamental part of product development and partner policy. According to Fabian de Clippelaar, Engineer at Axis Communications, this shift did not come out of the blue. "The growing computing power of devices offers opportunities for innovation. But if that power is not applied or secured in the right way, it can also cause serious problems."

Researchers at Sekoia.io have found that cybercriminals are exploiting Milesight cellular routers on a large scale to spread phishing messages via SMS. This is known as smishing. These devices are typically used in industrial environments, for example, to connect traffic lights, energy meters, and other IoT systems via 3G, 4G, or 5G. The routers are equipped with SIM cards and can be controlled via SMS, Python scripts, and web interfaces.

The latest record-breaking attack peaked at 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), and lasted only 40 seconds. The company said this hyper-volumetric DDoS attack, which was double in size compared to the previous record, was autonomously blocked by its systems. Cloudflare told SecurityWeek that the attack was aimed at a single IP address of an unnamed European network infrastructure company. Cloudflare has yet to determine who was behind the attack, but believes it may have been powered by the Aisuru botnet, which was also linked earlier this year to a massive 6.3 Tbps attack on the website of cybersecurity blogger Brian Krebs.

Pudu Robotics is a Chinese robot manufacturer with over 100,000 units in over 1,000 cities doing everything from serving meals with the cat-like BellaBot, to using its mechanical-armed FlashBot to operate human-designed systems like elevators, as you can see below. According to analysts Frost and Sullivan, last year it captured 23 percent of the market for such kit, but a hacker has found that the backend software systems controlling them are vulnerable to abuse.

Zscaler is launching a cellular solution that utilizes a SIM card to bring Zero Trust security to IoT and OT devices globally, eliminating the need for VPNs.