Newly discovered malicious software dubbed VPNFilter has infected hundreds of thousands of routers and network attached storage (NAS) devices globally and could be used to steal sensitive data or wipe out (“brick”) the devices, the company said.
Podcast: Play in new window | Download (Duration: 39:57 — 45.7MB)Subscribe: Android | Email | Google Podcasts | RSSIn this week’s podcast: researcher Kevin Fu of University of Michigan discusses his work on attacks that use physics to manipulate connected devices. Also: Mark Loveless of DUO discusses his research into how poor implementation of wireless protocols make personal security trackers a privacy risk. And have we seen peak ransomware? Adam Kujawa of the firm Malwarebytes joins us to talk about the findings of that company’s State of Malware Report.
Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned.
Bleeping Computer reported that a new proposal submitted to the Internet Engineering Task Force (IETF) defines a secure framework for delivering firmware updates to Internet of Things (IoT) devices. Insecure software updates for embedded devices (aka ‘firmware’) have been a frequent source of security lapses on mobile and embedded devices like Internet connected webcams. Filed on October 30, the “IoT Firmware Update Architecture,” establishes security requirements for device makers to implement when designing firmware update mechanisms for connected devices. A familiar list of features The proposed rules include features that have long been recommended by security experts to permit safe handling of software updates. Among them the use of cryptographically signed updates and public key cryptography to provide end-to-end security and verify firmware images, as well as the ability to work with low-power and resource constrained IoT devices. Firmware has been the source of widespread security issues. For example, low-cost […]
Flaws in software run by a range of microprocessors could be widespread in embedded systems, security experts and the Department of Homeland Security are warning.