Tag Archive for: smart

Critical security flaw exposes Wemo Smart Plugs to hackers

/in


Wemo Smart Plugs have a flaw

Researchers found a security flaw in an older version of the Wemo Mini Smart Plug that involved changing its name — and Belkin isn’t going to fix it.

The Wemo Mini Smart Plug is designed to offer convenient remote control over lights and basic appliances, such as fan lamps, through a mobile app. The application utilizes Wi-Fi for communication and seamlessly integrates with HomeKit and other smart home ecosystems.

Among other functions, the app lets people change the device name. The length is limited to 30 characters or less, but only the app enforces that rule.

However, through reverse engineering, the security experts at Sternum discovered a method to circumvent the character limit, thereby triggering a buffer overflow. They subsequently named this vulnerability “FriendlyName.”

A buffer overflow happens when there’s too much information put into a storage area (buffer) that it can’t handle. It’s like pouring more water into a cup than it can hold, causing it to overflow.

That can lead to unexpected results in computer systems because the extra information can overwrite or change nearby data. Hackers can use a buffer overflow to gain unauthorized access or cause malfunctions in a computer program.

Accessing the firmware

Accessing the firmware

The researchers from Sternum examined the smart plug’s firmware and used it to change the device’s name to one that was longer than the app’s rule of 30 characters. The resulting overflow allowed them to issue commands to the device and control it.

In the hands of a malicious hacker, that could lead to data theft or possibly controlling other devices plugged into the Wemo device.

The team contacted Belkin to inform the company of the security flaw. However, Belkin said it wouldn’t fix the vulnerability because the Wemo Smart Plug V2 is at the end of its life.

The current Wemo Smart Plug is version 4.

How to protect yourself from “Friendlyname”

Sternum says people who own one of these plugs shouldn’t connect them to the internet. They also shouldn’t be allowed to connect to sensitive devices on a…

Source…

How to hack a smart fridge

/in


I’ve been speaking to people who work in a field called IoT forensics, which is essentially about snooping around these devices to find data and, ultimately, clues. Although law enforcement bodies and courts in the US don’t often explicitly refer to data from IoT devices, those devices are becoming an increasingly important part of building cases. That’s because, when they’re present at a crime scene, they hold secrets that might be invisible to the naked eye. Secrets like when someone switched a light off, brewed a pot of coffee, or turned on a TV can be pivotal in an investigation. 

Mattia Epifani is one such person. He doesn’t call himself a hacker, but he is someone the police turn to when they need help investigating whether data can be extracted from an item. He’s a digital forensic analyst and instructor at the SANS Institute, and he’s worked with lawyers, police, and private clients around the world. 

“I’m like … obsessed. Every time I see a device, I think, How could I extract data from there? I always do it on test devices or under authorization, of course,” says Epifani.

Smartphones and computers are the most common sorts of devices police seize to assist an investigation, but Epifani says evidence of a crime can come from all sorts of places: “It can be a location. It can be a message. It can be a picture. It can be anything. Maybe it can also be the heart rate of a user or how many steps the user took. And all these things are basically stored on electronic devices.” 

Take, for example, a Samsung refrigerator. Epifani used data from VTO Labs, a digital forensics lab in the US, to investigate just how much information a smart fridge keeps about its owners. 

VTO Labs reverse-engineered the data storage system of a Samsung fridge after it had primed the appliance with test data, extracted that data, and posted a copy of its databases publicly on their website for use by researchers. Steve Watson, the lab’s CEO, explained that this involves finding all the places where the fridge could store data, both within the unit itself and outside it, in apps or cloud storage. Once they’d done that, Epifani got to work analyzing and…

Source…

5 IoT Security Fails of Smart Devices And Lessons Learned5 IoT Security Fails Of Smart Devices And Lessons Learned

/in


Hackers are already eyeing unprotected IoT devices every user has in their homes. These small components are a default technology that manufacturers put in all sorts of devices — from baby monitors, printers, and pacemakers to smart TVs.

With billions of Internet of Things devices that are globally connected and sharing what is often sensitive user data, we need to talk about IoT Security.

From harmless pranks to life-endangering hacking, vulnerable IoTs can cause quite a stir. What can we learn from IoT hacking incidents that happened in recent years? Why is putting the best security practices for IoT devices so challenging?

Hacking of Amazon’s Ring Cameras

In 2020, several of Amazon’s Ring security systems, which feature a camera and two-way communication, were hacked. A home security camera allowed strangers to communicate with children. Some people even received death and sexual threats, while others were blackmailed.

This security incident might ring a bell if you’re seen the reports of the class action against Amazon in the news.

What happened, exactly?

Hackers broke into the Ring account linked to the camera, exploiting Amazon’s lax security practices. As a response, Amazon urged customers to change their passwords to stronger ones and enable two-factor authentication.

The security lesson that was learned in this IoT hacking case?

Users have an inherent trust in the technology they purchase — they believe that it’s safe and that it’s not their job to secure it. Pinning the cyber incident on them and failing to improve the security measures is a poor way of handling a security problem.

Roomba Recording Woman On the Toilet

In 2020, workers from Venezuela posted a series of images shot by a robot vacuum, Roomba — raising major data privacy concerns. One of the images captured a woman sitting on a toilet.

This was possible because the data uploaded in the cloud via the IoT device was not secured enough.

Roomba confirmed that the images were, in fact, shared by the robot vacuum. Also, it claims that the images stem from the training of the robot in the development stages and that this version is not the one available on the…

Source…

Best Smart Locks 2023 – Forbes Vetted

/in


The best smart locks make your home safer. These locks not only allow keyless entry, but they can also keep track of who comes and goes—and when they do so. After weeks of testing 11 smart locks, I selected the Level Lock+ as the best smart lock overall because it is easy to use, supports Apple home keys and doesn’t look like a sci-fi prop stuck to your front door. And the Defiant Smart Wi-Fi Deadbolt is my pick for best value smart lock, for delivering all the basics at a reasonable price.

Smart locks might look difficult to install, and that seems to be one thing holding shoppers back from jumping in with both feet. According to Adam Wright, research manager for Smart Home and Office Devices at IDC, “Many consumers aren’t confident in their ability to change the lock and install a new one. They typically seek out the help of a professional installer, which inhibits adoption.”

As you’ll see below, I had no difficulties when installing the 11 locks I tested for this roundup; I found the process quite easy to do on my own with a couple of simple tools. After many hours of testing out smart locks, their apps and the smart home systems they fit into, I chose the following winners:

Type: Single-cylinder deadbolt | Connectivity: Bluetooth | Smart home integrations: Amazon Alexa (via Amazon Sidewalk device) and Apple HomeKit | Entry options: Physical key, touch, NFC keycards, app, keypad (optional) | Power: Lithium CR2 | Finishes: Matte Black, Satin Nickel | Size: 2.4 x 2.4 x 1.1 inches (front), 2.4 x 2.4 x 1.2 inches (rear) 

Best for:

  • Adding a smart lock that doesn’t look like one
  • Those with Apple devices
  • Flexible entry options

Skip if:

  • You are on a budget
  • You use Google Home as your only smart home network

The Level Lock+ excels as a smart lock precisely because it doesn’t look like a smart lock. It looks like an ordinary lock from both the outside and inside. While this lock’s appearance doesn’t scream high-tech, it does a great job of using the latest technologies to make it easier to control who gets in and out.