IoT This Week
Consuming and curating the latest news for you.
April 19, 2018

This issue includes: IoT toothbrushes, compromised fish tanks, game maker shenanigans, crappy government websites, remote priest exorcisms and much more...
router-3

IoT

A dental insurance company sends out "free" internet connected toothbrushes. Moral of this story, be careful with "free" and what you give up for it.

A casino's high-roller database was exfiltrated through an internet connected thermometer in the lobby fish tank.

Microsoft is rolling out Azure Sphere for IoT security. It includes three parts; certified micro controllers, Azure Sphere operating system and a custom linux kernel and the security service.

A Chinese company, Horizon Robotics, has developed a new chip for adding facial recognition to surveillance cameras. Might not be long before $20 security cameras have this feature.

Abbott is releasing a firmware patch to fix security issues in 350,000 medical devices. The patch is meant to prevent unauthorized access to the devices which could allow the programming to be modified.

Apparently hacking tools are out there for resetting the mileage on your car or unlocking paid features and if you use them, you may get more than you bargained for as in your car being remotely controlled from the internet or worse.

Since most of the IoT gadgets get manufactured in China, the question of who owns the intellectual property in these devices is often raised by the person or company financing the product. An interesting write up on this topic and the realization that no one is really sure.

Continental the tire manufacturer is jumping into IoT with tire pressure monitoring made possible using Vodafone's IoT SIM technology. An actual good use of IoT it seems.
document

InfoSec

XMRig malware can mine cryptocurrency without opening a browser session. Coinhive continues to be the favorite for the moment.

Researchers were able to take down a network of 52,000 servers distributing malware. The network was also rented out to various malware authors to use as a distribution mechanism.

Game makers have been installing anti-cheat software for years but ArenaNet has been accused of taking this so far as to be considered spyware. The spyware allegedly scans a player's computer for processes that might be used for cheating and if it finds something it doesn't like, the player can be banned. A flight simulator was caught earlier this year installing malware that attempted to steal passwords from Chrome in an effort to detect people using pirated software.

Intel will start using the integrated GPUs in processors to scan for viruses instead of using the usual CPU cycles.

Russia is blocking large chunks of the internet in an attempt to stop the use of messaging app Telegram.

Amazon now has a patent for a way to identify bitcoin users using data correlation and they want to sell that to governments and law enforcement. Maybe they have their sights set on becoming the new NSA?

A DOJ run site, amberalert.gov, was redirecting users to porn sites due to vulnerable redirect scripts. I like the quote from the person who found it, “This is like the 1990s called and wants its vulnerable redirect script back.” Apparently weather.gov and NOAA were redirecting to bestiality sites.
editor

Tech

Priest are now performing exorcisms remotely... due to high demand.

A 19 year old in Canada has been charged with "unauthorized use of a computer" for downloading 7,000 freedom of information releases. 250 of those contain sensitive personal information. The person was able to get these by changing the number at the end of the URL. Maybe they used the same people that set up the DOJ's website.

Researchers discovered that image recognition systems can be defeated by simply changing the hue and saturation levels to make things appear in an unnatural color. A bird shifted to purple was identified as an airplane in testing.

New York is launching an inquiry into cryptocurrency exchanges like Coinbase, Binance and others to review their policies and practices.

Facebook is looking to design its own own processors. Seems to be the same motive as Apple, to reduce reliance on Intel and other chip makers.

Education company Pearson is getting heat after performing an experiment on 9000 students across the country to see if encouraging messages during testing would help students. Seems harmless enough however they did not inform students or faculty that this was happening.

Pi-hole...


If you're looking to set up something on your local home network to reduce your browsing traffic by blocking ads and such, take a look at Pi-hole. It's meant to be run on something small like a Raspberry Pi but you can also run it on a linux virtual machine. I'm going to do a write up on it but in addition to blocking ad domains, it also blocks known malware and ransomware domains. Combine this with something like OpenDNS Umbrella and your outgoing internet traffic should be in descent shape.

Updated the main website this week. Have a look.


Get Involved!


The OWASP IoT Project is currently reviewing the Top Ten list for 2018. Provide your insight and expertise by joining the #iot-security channel meetups on Slack.

Support the IoT This Week Newsletter and Podcast.

twitter linkedin email
MailPoet