Hardware

Privacy: From Right To Fight

As more and more of our public and private spaces are equipped with remote sensing and surveillance technology, personal privacy – at least as it has been understood for the last two or three centuries – is endangered. The solution, of course, is through improved privacy legislation and, perhaps, a more expansive reading of the U.S. Constitution’s 4th Amendment protecting against search and seizure. But, with policymakers in Washington D.C. stuck in a rut, and many EU nations as hooked on surveillance as the U.S., the onus falls to individuals to do what they can. That’s the subject of my latest column for ITWorld, where I talk about what is likely to be the next stage in our society’s rapid evolution on matters of privacy and security, what I’ve termed “The Jamming Wars.” Like other social movements, this will be fueled by a growing rift between the law and a […]

Updated – Hackout: Philips Smart Lightbulbs Go Dark In Remote Attack

Add lightbulbs to the list of everyday technology that is 1) Internet connected and 2) vulnerable to crippling remote attacks.* Writing on Tuesday, security researcher Nitesh Dhanjani disclosed a proof of concept hack against HUE lightbulbs, a brand of wi-fi enabled bulbs manufactured by the firm Philips. The vulnerability discovered by Dhanjani allows a remote attacker to use her mobile device to control HUE. HUE wi-fi enabled bulbs are sold at Apple stores and allow users to control the function and color of the bulbs using iPhone and Android mobile apps. Dhanjani published his findings in a paper, “Hacking Lightbulbs,” which calls the HUE system of bulbs and a wireless bridge “wonderfully innovative,” but also prone to hacking. The most serious flaw discovered would allow a remote attacker to impersonate a white-listed (or “allowed”) mobile device, sending commands to HUE bulbs that could cause them to turn off or manipulate […]

NEST Thermostat-BlackHat-scaled

Security Of “Things” Increasingly The Stuff Of Headlines

It looks as if the mainstream media is waking to the security implications of the “Internet of Things,” in the wake of recent demonstrations at the Black Hat and DEFCON conferences that highlight vulnerabilities in everything from home automation systems to automobiles to toilets. Stories in The New York Times and other major news outlets in the last week have highlighted concerns about “the cyber crime of things” as Christopher Mims, writing in The Atlantic, called it.¬†Insecure, Internet connected devices ranging from surveillance cameras to home heating and cooling systems could leave consumers vulnerable to remote attacks and spying. The stories come after hacks to non-traditional computing platforms stole most of the headlines from this year’s Black Hat and DEFCON shows in Las Vegas. A compromise of a Toyota Prius hybrid by researchers Charlie Miller of Twitter and Chris Valasek of IOActive was featured prominently in stories by Forbes and […]

Samsung Smart TV: Like A Web App Riddled With Vulnerabilities

Smart television sets aren’t short on cool features. Users can connect to Facebook and Twitter from the same screen that they’re using to watch Real Housewives of New Jersey, or log into Skype and use a built in- or external webcam to have a video chat.¬†Unfortunately, the more TVs start to look like computers, the more they are becoming subject to the same underlying code vulnerabilities that have caused headaches and heartache in the PC space. That was the message of two researchers at the Black Hat Briefings security conference Thursday, who warned that one such product, Samsung’s SmartTV, was rife with vulnerabilities that could leave the devices vulnerable to remote attacks. Vulnerabilities in the underlying operating system and applications on Samsung SmartTVs could be used to steal sensitive information on the device owner, or even spy on the television’s surroundings using an integrated webcam, said Aaron Grattafiori and Josh […]

Nicholas Percoco

Podcast: Black Hat Preview With Trustwave’s Nick Percoco

Next week, the world’s attention will shift to Las Vegas for the annual Black Hat and DEFCON hacking conferences. What will be the big trends this year? We sat down last week with Nicholas Percoco of Trustwave’s Spider Labs to get his thoughts on the show. Nick is a regular at Black Hat and other events – both in the audience and on the stage. He said one of the big themes this year will be hacks on consumer electronics and home automation systems. As we reported, two Trustwave researchers have delved into the security of a wide range of “smart home” technologies, including home automation gateways and even a bluetooth enabled “smart toilet.” Percoco said that manufacturers of these devices need to pay more attention to security, and can’t assume that the people buying their devices are technically sophisticated enough to understand how to safely deploy or manage Internet […]