IoT Devices continue to be the focal point of commercially motivated hackers and nation-state spies, aided by numerous vulnerabilities and lack of awareness on the users’ side.
Read it all at our monthly summary of IoT Security news.
Hacks, Exploits and Utter Catastrophes
New vulnerabilities, exploits and hacking attacks continue to target the various segments of IoT devices.
- The latest malware threat based on the EternalRomance NSA exploit is PyRoMineIoT, a crypto jackerinfecting IoT devices.
- Russian hackers were hard at work during the Trump-Kim summit in Singapore on 12 June, scanning IoT devices in the city-state for loopholes to be exploited.
- Hackers could engineer traffic jams, by using their cars to deceive smart traffic lights.
In the routers realm:
- VPNFilter malware discovered to be far more extensive than initially thought.
- The Prowli malware operation infected over 40,000 servers, modems, and IoT devices.
In the latest news regarding smart-home devices:
- protection advice is offered as millions of Roku and Sonos devices are found to be easily hacked.
- Another flaw hits Tapplock smart locks, thanks to a leaky server.
- Mycroft AI vocal assistant is found to be vulnerable to getting “zero-click” remote code execution
- Target and Walmart stop selling the super hackable kids’ toy CloudPets after pressure from Mozilla.
- A new investigation reveals a ‘staggering’ level of smart home surveillance.
- Philips’ Hue smart-home lighting has had an embarrassing outage.
- Pet tracker flaws expose pets and their owners to cybercrime.
- Security researchers have warned that hackers could create web pages that rapidly scan for home IoT devices and then take control of them
- Crypto mining malware takes over Amazon Fire products.
New video surveillance exploits published include:
- a series of critical vulnerabilities detected in Foscam security cameras that could give an attacker root access with nothing but the camera’s IP addresses.
- Researchers disclose 7 flaws in 390 Axis IP cameras, as a remote attacker could take control.
- In Australia, an outage caused serious privacy breach after Telstra outage resulted in a Perth business customer suddenly gaining access to several other businesses’ CCTV cameras,
- Swann security in the Uk suffering from a similar blunder.
IoT Security Laws, Regulations and Standards
Governments and Regulators from the U.S., Korea and Europe push towards greater standardization of IoT devices and security.
- U.S. Departments of Commerce, Homeland Security release report to the president on promoting action against botnets and other automated threats
- Sen. Mark Warner, D-Va., said Thursday that the government is not doing enough to force the private sector to build better security into the Internet of things (IoT) devices.
- Federal Trade Commission advises consumer product safety agency on IoT security for protection against physical “hazards” associated with IoT devices.
- The Netherlands’ Radiocommunication Agency has called for Europe to introduce minimum security standards for IoT devices.
- BSI standard being developed for IOT devices and apps – Privacy by design for consumer goods and services – a new standard aimed at protecting consumers’ domestic privacy.
- South Korea’s Ministry of Science and ICT and the Korea Internet and Security Agency (KISA) have jointly released a medical & transportation cybersecurity guide.
IoT security trends
- New research report: Privacy and the Internet of Things: Emerging Frameworks for Policy and Design
- Cybersecurity Is the Key to Unlocking Demand in the Internet of Things
What’s New at SecuriThings?
We unveiled a new capability that enables system integrators to rapidly deploy the SecuriThings solution onto operating IP cameras for immediate monitoring and remediation.