Tag Archives: Internet of things

The search engine for internet-of-things devices

There is very little difference between cybercriminals & business over the internet. Service Hosting companies sell & protect the privacy of every user including cybercriminals. Cyber attackers are buying legitimate services like DDOS-For-Work, Infrastructure hosting services. There is a proper project management tools, development tools, techniques, services & infrastructure to carry out a cyber attack.

Here is another online service that helps anybody to discover all the IoT devices connected to the internet: Smart TV, Toaster, Refrigerator, Radio etc.

As a marketing pitch here is what they sell.

However, let’s take an example. If someone got to know that there is a smart TV, AC, Radio in your house with the default password of the router. Do you think they would leave it as it is? Nope!. They would use it to hack it or use it to attack others.

Try below Url to see how many devices are open to exploits with default password.

https://www.shodan.io/search?query=%22default+password%22

As per the common internet surfer mindset, what anybody can achieve if they hack my Toaster. That is the world we are living in.

Reference

https://beta.shodan.io/

Siri and Google Assistant hacked in new ultrasonic attack

Abstract

Voice assistants – the demo targeted Siri, Google Assistant, and Bixby – are designed to respond when they detect the owner’s voice after noticing a trigger phrase such as ‘Ok, Google’.

Ultimately, commands are just sound waves, which other researchers have already shown can be emulated using ultrasonic waves which humans can’t hear, providing an attacker has a line of sight on the device and the distance is short.

What SurfingAttack adds to this is the ability to send the ultrasonic commands through a solid glass or wood table on which the smartphone was sitting using a circular piezoelectric disc connected to its underside.

Although the distance was only 43cm (17 inches), hiding the disc under a surface represents a more plausible, easier-to-conceal attack method than previous techniques.

As explained in a video showcasing the method, a remote laptop generates voice commands using text-to-speech (TTS) Module to produce simulated voice commands which are then transmitted to the disc using Wi-Fi or Bluetooth.

The researchers tested the method on 17 different smartphones models from Apple, Google, Samsung, Motorola, Xiaomi, and Huawei, successfully deploying SurfingAttack against 15 of them.

Read more in

Collections of tutorials for OSI, TCP/IP learning

First & foremost important thing to learn in networking is How a computer connects to another computer on the network.

Understanding TCP/IP addressing and subnetting basics

https://support.microsoft.com/en-ca/help/164015/understanding-tcp-ip-addressing-and-subnetting-basics

if you wish go little bit deep down then you probably wish to learn how a computer gets an IP address and what are the protocols work behind the scene.

What Is an IP Address?

An IP address uniquely identifies a device on a network. You’ve seen these addresses before; they look something like 192.168.1.34.

An IP address is always a set of four numbers like that. Each number can range from 0 to 255. So, the full IP addressing range goes from 0.0.0.0 to 255.255.255.255.

The reason each number can only reach up to 255 is that each of the numbers is really an eight digit binary number (sometimes called an octet). In an octet, the number zero would be 00000000, while the number 255 would be 11111111, the maximum number the octet can reach. That IP address we mentioned before (192.168.1.34) in binary would look like this: 11000000.10101000.00000001.00100010.

https://www.howtogeek.com/341307/how-do-ip-addresses-work/

DHCP defined and how it works

DHCP stands for dynamic host configuration protocol and is a network protocol used on IP networks where a DHCP server automatically assigns an IP address and other information to each host on the network so they can communicate efficiently with other endpoints. Read more in

The Internet Of Bodies

Abstract

Have you heard the term the Internet of Bodies (IoB)? That may conjure up a few thoughts that have nothing to do with the true nature of the term, but it’s about using the human body as the latest data platform. At first, this concept seems quite creepy, but then when you realize the possibilities it creates, it becomes quite exciting. Here we explore what the Internet of Bodies is, some examples in use today, and a few of the challenges it presents.

There are three generations of Internet of Bodies that include:

·        Body external: These are wearable devices such as Apple Watches or Fitbits that can monitor our health.Today In: Innovation

·        Body internal: These include pacemakers, cochlear implants, and digital pills that go inside our bodies to monitor or control various aspects of our health.

·        Body embedded: The third generation of the Internet of Bodies is embedded technology where technology and the human body are melded together and have a real-time connection to a remote machine.  

Read more in

https://www.forbes.com/sites/bernardmarr/2019/12/06/what-is-the-internet-of-bodies-and-how-is-it-changing-our-world/#396f41e68b7a

IoTSecurity: IoT Code of Practice by UK Govt

The United Kingdom has been very pro-active in regulating the most important cybersecurity concerns. Bruce Schneier (Cyber Guru ) often suggests that it is time for the govt’s to act & regulate on the IoT devices. In recent times, U.K govt has done phenomenal job regulating following important security concerns.

Apart from regulations, The significant part is that UK govt partner with private companies to come up with solutions. Many govt’s hesitate to take other stakeholders onboard.

Who are the audiences of Code of Practice regulation?

  • Device Manufacturer
  • IoT Service Providers
  • Mobile Application Developers
  • Retailers

So, What are the security Concerns on IoT devices?

  • Consumer privacy: Many devices are more of spy devices & keep track of every user movement, private conversation, video recording etc. Experts tell us that Privacy isn’t a right anymore in today’s world & We should get over it. However, It can still be controlled with the right tools.
  • Consumer security: Biggest concern is that consumer security. The more you can connected the more you are vulnerable. Unlock home, remotely hacking home video, smart TV etc are normal nowadays.
  • Unsecured manufacturing & Retailing: Most of the IoT devices are unsecured. And, Organizations has huge controlled on it. A consumer does not have the authority to ask for more security. If someone can unlock the door because of misconfiguration, Manufacturer & service providers are not liable.
  • Used these unsecured devices in large hacking (i.e DDOS): You might be familiar with distributed denial of service. These IoT devices help to achieve that.

Code of Practice regulation applies in following types of devices

  • Connected children’s toys and baby monitors
  • Connected safety-relevant products such as smoke detectors and door locks
  • Smart cameras, TVs and speakers
  • Wearable health trackers
  • Connected home automation and alarm systems
  • Connected appliances (e.g. washing machines, fridges)
  • Smart home assistants

Code of Practice Guidelines

  1. No default passwords
  2. Implement a vulnerability disclosure policy
  3. Keep software updated
  4. Securely store credentials and security-sensitive data
  5. Communicate securely
  6. Minimize exposed attack surfaces
  7. Ensure software integrity
  8. Ensure that personal data is protected
  9. Make systems resilient to outages
  10. Monitor system telemetry data
  11. Make it easy for consumers to delete personal data
  12. Make installation and maintenance of devices easy
  13. Validate input data

Reference

https://www.gov.uk/government/publications/secure-by-design/code-of-practice-for-consumer-iot-security