Search Results for "embedded device"

DDOS Attack

Was An IPMI Flaw Behind 300Gbps DDoS Attack? – ComputerworldUK.com

Computerworld UK has an interesting story that digs into a massive, 300 Gbps DDoS attack that used a flaw in the IPMI protocol to compromise 100,000 unpatched servers, which were then used to send junk traffic to the victim site. The attack was documented by the security firm VeriSign in its quarterly threat report. The flaw, in the Intelligent Platform Management Interface (IPMI) is a well-documented security hole that affects a wide range of devices. The attack in question took place in June and targeted what Verisign described as a content delivery network (CDN) in the media and entertainment sector. The attack combined a variety of techniques, including SYN, TCP and UDP protocols to flood a target data center. The attacks reached a peak traffic volume 300 Gbps and lasted more than a day, prompting Verisign to balance the load across its global network. Verisign attributed the massive volume of the attack to a botnet made up […]

connected car - audi-thumbnail

Remote Car Hacks Depend On The Internal Design, Say Researchers

When purchasing your next car, you face many options. You want a good price, but also good gas mileage and perhaps an entertainment system for the kids in back. But for Dr. Charlie Miller, Twitter, and Chris Valasek, director of vehicle security research at I/OActive, the main criteria is whether or not the car is a likely candidate to be hacked. In particular they said they were interested in cars that would be more susceptible to remote hacking. Work done previously by Professor Stefan Savage along with graduate students from the University of Santa Barbara and the University of Washington used the Onboard Diagnostic port to control a car. Last year Miller and Valasek used internal wiring to gain control of their test cars. This year the pair said they wanted to take a step back and look at how cars in general communicate internally as a predictor of hacking […]

Punch Out: Security Holes In Time Clock Bite TSA, Others

A common time clock that is used by companies and government agencies, including the Transportation Security Administration (TSA) contains pre-programmed “back door” user accounts that could allow malicious attackers to gain access to sensitive networks, according to research by a security researcher at Qualys Inc. Speaking before an audience at the Black Hat Briefings in Las Vegas on Wednesday, Billy Rios, the Director of Threat Intelligence at Qualys Inc., revealed research on the Kronos 4500, a “time and attendance” product (aka time clock) that employees use to ‘punch in’ and ‘punch out’ from work. Rios said that an in-depth analysis of the Kronos equipment and the software that it runs revealed two types of backdoor accounts (user names and passwords) that will provide access to any deployed 4500 device. The accounts are particularly worrying because some vulnerable devices can be discovered using Internet searches, and because TSA is known to use Kronos attendance […]

That LIFX Smart Lightbulb Hack Wasn’t Easy

If you’ve been following your Internet of Things security news, you probably read about the latest hack of a consumer-oriented ‘smart home’ device: Context Information Security’s analysis of security holes in LIFX-brand smart light bulbs. The top line on this is scary enough. As The Register reported: researchers at Context discovered that, by gaining access to a “master bulb” in LIFX deployments, they could control all connected lightbulbs and expose user network configurations. That’s scary – and recalls research on hacking Philips HUE light bulbs that was published last year. But read down in the Context research and you’ll realize that, while the LIFX technology wasn’t perfect, the job of hacking the technology wasn’t child’s play, either. LIFX connected its smart bulbs using a 6LoWPAN-based mesh network. The company made the mistake of transmitting most bulb-bulb communications in the clear, which made analyzing traffic sent between master- and slave bulbs easy. Context researchers found […]

For Smart TVs, Malware May Hide In Broadcast Content

Researchers at Columbia University have published research showing how new technology that combines broadband and broadcast content could enable a wide range of traditional and novel cyber attacks on smart televisions and other devices: forcing them to interact with malicious web pages, harvesting credentials or carrying out denial of service attacks. The paper, published in May, explores potential attacks on combined broadcast-broadband devices that use an industry specification called Hybrid Broadcast-Broadband Television (HbbTV). According to the researchers, Yossef Oren and Angelos D. Keromytis, the HbbTV specification combines broadband technologies like HTML and broadcast features in an insecure manner. The vulnerabilities affect a wide range of smart entertainment devices, including smart televisions, in Europe and the United States. “This enables a large-scale exploitation technique with a localized geographical footprint based on radio frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect,” the researchers write. “The technical complexity and […]