Posts Tagged ‘IOT’

Hundreds of thousands of engine immobilisers hackable over the net

online dating 40s Homer Simpson driving

Kiwi hacker finds brutal holes in location, tracking units

women seeking men in Mount Barker Kiwicon Kiwi hacker Lachlan Temple has found holes in a popular cheap car tracking and immobilisation gadget that can allow remote attackers to locate, eavesdrop, and in some cases cut the fuel intake to hundreds of thousands of vehicles, some while in motion.

kvinna söker kvinna i Kumla The gadgets are rebranded white box units from Chinese concern ThinkRace that allow users to attach to their cars to enable remote tracking, engine immobilisation, microphone recording, geo-fencing, and location tracking over a web interface.

par söker par i Vä In Australia the units badged as “Response” sell for about A$150 at electronics chain JayCar or through some mechanics who offer to install the devices.

nettdating lureri One of the unit’s relay leads is commonly attached to car fuel pumps as a means to remotely-immobilise stolen vehicles.

But session cookie vulnerabilities turn that function – in the worst case scenario – into a means to shut off fuel supply to cars while in motion over the internet.

Read More by Darren Pauli

IoT baby monitors STILL revealing live streams of sleeping kids

The hacker that rocks the cradle

Internet-connected baby monitors are riddled with security flaws that could broadcast live footage of your sleeping children to the world and his dog, according to new research.

Mark Stanislav, a security researcher at Rapid7, discovered numerous security weaknesses and design flaws after evaluating nine different devices from eight different vendors. Security flaws included hidden, hardcoded credentials, unencrypted video streaming, unencrypted web and mobile app functions, and much more.

Isolated real-world reports of hacking of baby monitors date back at least two years, so it’s not as if the problem is new.

Last year privacy watchdogs at the ICO warned parents to change the default passwords on webcams to stop perverts snooping on kids.

The warning followed a security flap created by the site, hosted in Russia, that streamed live footage ranging from CCTV networks to built-in cameras from baby monitors. The website itself – insecam.cc – accesses the cams using the default login credentials, which are freely available online for thousands of devices.

Read More by John Leyden

Social Widgets powered by AB-WebLog.com.