hardware Archives

Tag: hardware

IPMI Insecurity Affects 200k Systems

June 10, 2014 Paul Roberts

It has been almost a year since security researcher Dan Farmer first warned of the danger posed by Intelligent Platform Management Interface (IPMI) – a ubiquitous protocol used to do remote management of servers. According to a new report, however, that warning went unheeded. Writing last week (PDF), Farmer said that a world-wide scan for systems using the Intelligent Platform Management Interface (IPMI) protocol identified over 230,000 Baseboard Management Controllers (BMCs) exposed to the Internet. As many as 90% of the exposed systems could be compromised by exploiting what Farmer characterized as “basic configuration and protocol weaknesses.” Even more worrying, the 230,000 systems that are Internet accessible are probably just a fraction of all the vulnerable systems that might be attacked, with many deployed on (hackable) corporate and private networks. Farmer is reiterating calls for public and private sector organizations to wake up to the dangers posed by IPMI. Hackers who are able to compromise Baseboard Management […]

Survey: Consumers Growing Wary of Information Sharing

June 4, 2014 Paul Roberts

A survey by the business information service Lexis Nexis finds that consumers have grown more wary of programs that ask them to share data in exchange for improved services or other offerings. Editor’s note: LexisNexis has clarified that its survey was released in August, 2013, not October, 2013. The story has been corrected to reflect that information. – Paul 6/4/2014 The survey of 2,072 consumers, aged 21 to 74, was conducted in October 2013 by LexisNexis Risk Solutions. It found consumers were more wary of sharing information online, including at social networking and online banking sites than they were three years earlier. “Consumers are less comfortable with information sharing than three years ago,” the survey concluded. The survey was released in concert with Telematics Detroit 2014, a conference focused on information systems used in vehicles. It was designed to measure consumers’ awareness of- and interest in so-called “use based insurance” (or UBI) – sometimes referred […]

Report: Hell is Unpatched Systems

June 2, 2014 Paul Roberts

One of the ‘subplots’ of the Internet of Things revolution concerns embedded devices. Specifically: the tendency of embedded devices to be either loosely managed or – in some cases – unmanageable. The future holds the promise of more, not fewer of these. That’s the gist of a piece I wrote for InfoWorld, and that you can read here. In short: we’re already seeing the beginning of a shift on the threat landscape. While attacks against traditional endpoints (like Windows desktops, laptops and servers) are still the norm, there are more stories each day about cyber criminal groups and malicious actors who are compromising non-standard endpoints like home wifi routers. In March, for example, the security consultancy Team Cymru identified a botnet consisting of some 300,000 compromised home routers and other in-home devices. The virus called “TheMoon” was also identified spreading between vulnerable home routers and other embedded devices. The […]

Car Makers, Suppliers Going Their Own Way On Security

June 1, 2014 Paul Roberts

I was surprised to see a big feature story over at CNN.com this morning – given that the security of connected vehicles has no obvious link to LA Clippers owner Don Sterling, the on-going shakeup at the Veterans Administration or a tornado or other natural disaster. Still – there it is: “Your car is a giant computer – and it can be hacked.” The feature, by Jose Pagliery is solid enough – though it doesn’t break much new ground. He mentions the research by Chris Valasek and Charlie Miller at The Black Hat Briefings last year. He also talks to the folks over at Security Innovation. [Want more on security and connected vehicles? Check out our video: Insecure At Any Speed: Are Automakers Failing The Software Crash Test? ] The big take-away: automobiles are rife with old and outdated software and hardware, much of it lacking even basic security features like secure communications […]

Bad Actor: With Update, LG Says No Monitoring, No Smart TV!

May 27, 2014 Paul Roberts

Customers of consumer electronics giant LG are raising alarm about a recent software update that asks owners to agree to have their viewing behavior tracked and monitored, or see their ‘smart’ TVs made dumb: with access to features like YouTube and Netflix disabled. Owners of some models of LG brand SmartTVs who have applied a recent firmware have taken to blogs to complain about a firmware update for their TVs that prompt them to agree to lengthy new Terms of Service and Privacy Agreements. The revised documents grant LG permission to monitor and record their viewing habits and their interactions with the device, including voice commands. Users who do not agree to the new terms find many of their smart TV features disabled, according to customer testimony and an analysis by one independent IT researcher. The prompt to read and accept a new “Legal Notice,” “Terms of Use” and “Privacy Policy” appears when SmartTV users first […]