Smartwatches designed for children have become a target for hackers.

Smartwatches are becoming more and more popular to the general population. However did you know even young children are starting to wear smartwatches. In theory this sounds like not such a bad idea they give the parent a way to see where their young child is and communicate with them if need be. These watches also offer a way for the child to quickly call their parents in case of an emergency. This all sound good until you realize a hacker can get into the watch and do the same things.

The Norwegian Consumer Council tested some of these watches and found that some were transmitting the GPS data without encryption. This allows for hackers with basic tools to get into the watch and track the movements of the child wearing the watch, which is an incredibly dangerous problem. The hacker could also spoof the location and make it look like the child is in a completely different place. They also found that the hacker could communicate with the child and eavesdrop on the conversations the child is having with others on the watch. Thankfully many of the company’s who designed and produce the watches have recalled the watches and started to fix the problems and make them more secure.

-Levi Walker

Sources:

http://www.bbc.com/news/technology-41652742?intlink_from_url=http://www.bbc.com/news/topics/62d838bb-2471-432c-b4db-f134f98157c2/cybersecurity&link_location=live-reporting-story

 

Reaper Botnet Dwarfs Mirai

Mirai-botnet-diagram-1


By this point everyone and their mother has heard of the botnet dubbed ‘Mirai’, an infamous botnet infrastructure from last year that managed to take down a good chunk of the internet by attacking Dyn, a DNS provider. Well as of this September, weak passwords might have become the least of your worries if you’re like 60% of Check Point’s ThreatCloud covered corporations, and have un-patched vulnerabilities on your network.

Dubbed Reaper, or IOTroop by some, a new IoT botnet is propagating, and shows no sign of slowing down. Today, researchers have ruled out the possibility that Mirai and Reaper are connected, at least on a technical level, due to the superiority that Reaper has displayed in its intrusion and propagation techniques. Whereas Mirai was spread through the exploitation of default passwords across IoT devices, Reaper utilizes a specialized strand of malware that exploits well known vulnerabilities (such as those present in many printers and IoT toasters) to gain entry to a device, and further uses that device to spread itself to others connected.

With near exponential growth, Qihoo 360 Netlab witnessed approximately 2 million newly infected devices waiting to be processed by a C&C server, of which there are several that have thus been identified. The best thing that any concerned corporation or user can do at this point in time, would be to ensure that every machine on their network has updated firmware, and software in an attempt to limit the spread of this variable plague infecting IoT networks worldwide.

Currently, it appears as if we all might be witnessing a ‘calm before the storm’, situation, with this botnet ramping up massively in numbers and, according to Check Point, updating its capabilities on a daily basis. What else can I say but stay safe, and brace for impact, as when this thing hits, it’ll make the Dyn attack look like a birthday party.

– Kenneth Nero

Sources: Here, and Here, also Here

A More “Intimate” IoT Issue

As humans get more attached to technology, it appears that we also get more detached from reality and those around us. The meaning of interpersonal relationships gets foggier as our practical need for face-to-face interaction is lost. But the loss of the practicality of it in day-to-day life does not mean that humans do not desire personal relationships. To be more specific, the human desire for a romantic relationship does not dwindle even as our desire to go out and create one does. Some would say that a solution to this issue would be, gently put, robotic escort services.

Whether these robotic prostitutes are for hire or are personally owned is beyond the scope of this discussion. As is whether this is a good direction for humanity to go in. The issue to be discussed is much graver than that.

As the IoT grows more populous with frivolous devices, one cannot help but come across articles stating the dangers of having these devices on the internet. Sure, hacking a toaster can allow you access to someones home network. And yes, a juice press that connects to World Wide Web seems more than a little bit silly. But they are merely pocket change when compared to the possibility of being killed by an IoT device. If during use, one of these sex robots was to be hacked it could be commanded to kill you. If this sounds ridiculous to you, I’m certain that you’re not alone. But Dr. Nick Patterson of Deankin University in Australia will have you know that this is not at ridiculous as it may seem.

“Hackers can hack into a robot or a robotic device and have full control of the connections, arms, legs and other attached tools like in some cases knives or welding devices,” Patterson says. “Often these robots can be upwards of 200 pounds, and very strong. Once a robot is hacked, the hacker has full control and can issue instructions to the robot. The last thing you want is for a hacker to have control over one of these robots. Once hacked they could absolutely be used to perform physical actions for an advantageous scenario or to cause damage.”

While an immediate threat is not thought to be present, it is certainly a consideration one should make before purchasing one of these machines in the future.

-Alan Richman

Sources: Patterson initially gave this information to the Daily Star in the United Kingdom. The given link is to the source with this information containing no graphic, explicit, or sexual imagery.

http://bgr.com/2017/09/11/sex-robot-hack-security-cyborg/

FCC Not Moving Forward with IoT Security Mandates

fcc_logoCurrently facing backlash from the widespread DDoS attacks last week, the FCC is being pressed on how they plan to manage and regulate the increase of IoT devices on the market. Many in congress are pressuring the FCC to regulate IoT devices as different entities than traditional computers, saying that their impact on network infrastructure is fundamentally different.

The current commissioners are pretty unanimous in their belief that the Open Internet Order gives ISP’s the correct amount of leeway to handle threats similar to the recent DDoS attacks themselves. The Open Internet Order grants ISP’s “Reasonable Network Management”. If that sound’s extremely flexible, that’s intentional.

Mostly, the FCC wants to keep their hands out of this mess, opting instead for a more advisory role.

You can read more on this subject by clicking here.