Products

Updated – Hackout: Philips Smart Lightbulbs Go Dark In Remote Attack

Add lightbulbs to the list of everyday technology that is 1) Internet connected and 2) vulnerable to crippling remote attacks.* Writing on Tuesday, security researcher Nitesh Dhanjani disclosed a proof of concept hack against HUE lightbulbs, a brand of wi-fi enabled bulbs manufactured by the firm Philips. The vulnerability discovered by Dhanjani allows a remote attacker to use her mobile device to control HUE. HUE wi-fi enabled bulbs are sold at Apple stores and allow users to control the function and color of the bulbs using iPhone and Android mobile apps. Dhanjani published his findings in a paper, “Hacking Lightbulbs,” which calls the HUE system of bulbs and a wireless bridge “wonderfully innovative,” but also prone to hacking. The most serious flaw discovered would allow a remote attacker to impersonate a white-listed (or “allowed”) mobile device, sending commands to HUE bulbs that could cause them to turn off or manipulate […]

Continue Reading

Podcast: Black Hat Preview With Trustwave’s Nick Percoco

Next week, the world’s attention will shift to Las Vegas for the annual Black Hat and DEFCON hacking conferences. What will be the big trends this year? We sat down last week with Nicholas Percoco of Trustwave’s Spider Labs to get his thoughts on the show. Nick is a regular at Black Hat and other events – both in the audience and on the stage. He said one of the big themes this year will be hacks on consumer electronics and home automation systems. As we reported, two Trustwave researchers have delved into the security of a wide range of “smart home” technologies, including home automation gateways and even a bluetooth enabled “smart toilet.” Percoco said that manufacturers of these devices need to pay more attention to security, and can’t assume that the people buying their devices are technically sophisticated enough to understand how to safely deploy or manage Internet […]

Continue Reading

Breaking And Entering: Hackers Say “Smart” Homes Are Easy Targets

In just the last two years, the price of home automation technology has come way down, while variety has exploded. Smart home technology goes way beyond niche products like the Nest IP-enabled thermostat or (save us) the “HAPIfork.” A growing list of vendors are selling infrastructure to support a whole network of intelligent “stuff”, enabling remote management of home security and surveillance systems, IP-enabled door locks, IP enabled lights, smart home appliances, HVAC (heat and cooling) and more.   Pretty cool. And, also, pretty scary. What if that IP-enabled door lock or garage door opener could be hacked by someone outside your home and made to open on its own? Breaking and entering just got a lot easier. Or, what if a HVAC system could be hijacked and remotely disabled or forced to operate in ways that would damage the system or even cause a fire or electrical short in the […]

Continue Reading

Microsoft Set To Pay First Bug Bounty For IE Hole

Weeks after launching its first, formal bug bounty program, Microsoft is set to issue its first monetary reward, according to a blog post by Katie Moussouris, the Senior Security Strategist at Microsoft’s Security Response Center (MSRC). Writing on Wednesday, Moussouris said that the company has received “over a dozen” submissions since it launched the paid bounty program on June 26, and that “I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)” Last month, Microsoft announced its new policy to pay for information about serious vulnerabilities in its products. The company had long maintained that it provided other kinds of rewards for information on software holes – mostly recognition and jobs – and didn’t need to offer bounties, as firms like Google, The Mozilla Foundation and Facebook do. In launching the new […]

Continue Reading

NSA’s PRISM Puts Privacy Startup Silent Circle Into Orbit

Government surveillance has been getting a lot of attention in recent weeks, with the leak of classified information about spying by the National Security Agency using information provided by U.S. telecommunications and Internet firms including Verizon, Facebook, Google and Apple. The stories have revealed the very different legal standards that govern electronic communications and more traditional communications such as phone and postal mail. They have also put many otherwise lawful Internet users in search of technology that will keep their private conversations and thoughts well…private. That, in turn, has sparked concern in the government that civilian use of encryption will hamper lawful interception of communications. Wired.com reported last week that, for the first time, encryption thwarted government surveillance under court-approved wiretaps. That report,  from the U.S. Administrative Office of the Courts (AO), said encryption was reported for 15 wiretaps in 2012, compared with just 7 wiretaps conducted during previous years. […]

Continue Reading
1 18 19 20 21 22 23