Posts

Which? Report Says Old Routers From Reputable UK Internet Providers Put Millions at Security Risk

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


An investigation by the UK consumer watchdog Which? found that millions of households have outdated router models with various security flaws. Surprisingly, most of the vulnerable devices were provided by reputable UK internet providers such as EE, Sky, TalkTalk, Virgin Media, and Vodafone.

The research covered security threats such as weak default passwords, lack of firmware updates, and local network vulnerabilities. The investigation revealed that the affected internet users faced serious router security risks, including hacking, spying, or redirection to malicious websites.

The report coincided with the proposed new government laws to tackle the security of connected devices.

Report says users unaware of security risks

The Which? report found that most UK internet users were unaware of the router security risks posed by the outdated equipment provided by their internet providers.

About 7.5 million people were affected and six million homes had not updated their routers since 2016, while most had not received an update since 2018. Another 2.4 million households or 7 out of 13 routers had not been upgraded for the past five years.

Which? computing editor Kate Bevan noted that the reliance on outdated routers was concerning given the increasing dependence on the internet during the pandemic.

Which? advised users to discuss with their internet providers about upgrading their outdated routers. The consumer watchdog also urged internet providers to be transparent about their plan to support lasting routers with firmware and security updates.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks,” Bevan said.

Security risks posed by outdated equipment include spying, hacking, and redirecting internet users to malicious websites.

Similarly, some older router models also have weak default passwords that are easy to crack by cybercriminals. They also lacked firmware updates, thus exposing them to various security risks, according to the Which? report.

The consumer watchdog found that two-thirds of 13 router models supplied…

Source…

DNS vulnerabilities put millions of IoT devices at risk of hacking

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Hacker

Image: Stockfresh

The NAME:WRECK flaws affects four popular TCP/IP stacks

Print

PrintPrint

Pro

Read More: cybersecurity Internet of Things IOT

Security researchers have warned of a slew of DNS flaws that could affect millions of Internet of Things (IoT) devices.

According to researchers at Forescout, the nine vulnerabilities have been dubbed “NAME:WRECK,” and they affect four popular TCP/IP stacks: FreeBSD, Nucleus NET, IPnet, and NetX. These vulnerabilities relate to Domain Name System (DNS) implementations, causing Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to target devices offline or take control of them.

The researcher said the widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface.

 
advertisement


 

Forescout researchers teamed up with JSOF to find the flaws and added that these can impact over 100 million consumer, enterprise, and industrial IoT devices worldwide. Millions of IT networks use FreeBSD, including Netflix and Yahoo. Meanwhile, IoT/OT firmware, such as Siemens’ Nucleus NET has been used for decades in critical OT and IoT devices.

If exploited, among the plausible scenarios researchers laid out included exposing government or enterprise…

Source…

New DNS vulnerabilities put millions of IoT devices at risk of hacking


Security researchers have warned of a slew of DNS flaws that could affect millions of internet of things (IoT) devices.

According to researchers at Forescout, the nine vulnerabilities have been dubbed “NAME:WRECK,” and they affect four popular TCP/IP stacks: FreeBSD, Nucleus NET, IPnet, and NetX. These vulnerabilities relate to Domain Name System (DNS) implementations, causing Denial of Service (DoS) or Remote Code Execution (RCE), allowing attackers to target devices offline or take control of them.

The researcher said the widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface. 

Forescout researchers teamed up with JSOF to find the flaws and added that these can impact over 100 million consumer, enterprise, and industrial IoT devices worldwide. Millions of IT networks use FreeBSD, including Netflix and Yahoo. Meanwhile, IoT/OT firmware, such as Siemens’ Nucleus NET has been used for decades in critical OT and IoT devices.

If exploited, among the plausible scenarios researchers laid out included exposing government or enterprise servers by accessing sensitive data, such as financial records, intellectual property, or employee/customer information. They could also compromise hospitals by connecting to medical devices to obtain health care data, taking them offline and preventing health care delivery.

Hackers could also use the flaws to access critical residential and commercial building functions, including major hotels, to endanger residents’ safety. This could include tampering with heating, ventilation and air conditioning systems, disabling critical security systems, or shutting down automated lighting systems.

Researchers said that unless urgent action is taken to adequately protect networks and the devices connected to them, “it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security.”

“NAME:WRECK is a significant and widespread set of vulnerabilities with the potential for large-scale disruption,” said Daniel dos Santos, Research Manager, Forescout Research Labs….

Source…

New algorithm helps BYU team put best face forward in security | Education

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


A group of students and professor Dr. D.J. Lee at BYU have come together to build an algorithm that could possibly bring two-factor authentication to facial recognition technologies in everything from cell phones to surveillance systems.

The project started almost two years ago as Lee and some students tried to think of an interesting research project. The group started looking into facial motion and how it could be analyzed.

That evolved into seeing if students are paying attention in class and it eventually morphed into improved security for facial recognition with the use of facial motion.

With the world of security constantly changing and hackers adapting to those changes, Lee acknowledged that nothing is perfect in terms of security.

“Fingerprinting is easy to do and people even make fake fingerprints,” Lee said. “The most common one is facial recognition and the biggest problem is, all of these can be used when the user is not aware. When you’re sleeping or unconscious, someone could use your biometrics to get into the system. It’s difficult, people come up with all kinds of ideas to hack into the system.”

He added that a company in Japan makes facial masks that look like people and some access social media pages to unlock devices needing facial recognition. Even algorithms can be fooled by photos and this technology can address the biggest concern, which is unintentional identity verification.

Two-factor authentication is not new technology, as companies like Apple and social media apps use it to verify someone’s identity, but integrating it into facial recognition is.

Lee said it is called Concurrent Two-Factor Identity Verification.

“Meaning you show your face and make the facial motion just once, you don’t have to do it twice,” Lee said. “With the facial motion, if people want to use your photo they cannot fool the system since the photo is not moving.”

The technology first uses facial recognition and then a secret phrase is mouthed, a movement with one’s lips is made, or a facial motion is made to satisfy the second step of authentication.

Even if a video is used, the chances of that video matching the secret facial…

Source…