A Botnet Compromises 18,000 Huawei Routers

A cyber hacker, by the pseudonym Anarchy, claims to have made a botnet within 24 hours by utilizing an old vulnerability that has reportedly compromised 18, 000 routers of Chinese telecom goliath Huawei.

http://www.ehackingnews.com/2018/07/a-botnet-compromises-18000-huawei.html

As indicated by a report in Bleeping Computer, this new botnet was first recognized in this current week by security researchers from a cyber-security organization called Newsky Security.

Following the news, other security firms including Rapid7 and Qihoo 360 Netlab affirmed the presence of the new danger as they saw an immense recent uptick in Huawei device scanning.

The botnet creator contacted NewSky security analyst and researcher Ankit Anubhav who believes that Anarchy may really be a notable danger who was already distinguished as Wicked.

The activity surge was because of outputs looking for devices that are vulnerable against CVE-2017-17215, a critical security imperfection which can be misused through port 37215. These outputs to discover the vulnerable routers against the issue had begun on 18 July.

Russian hackers penetrate US power stations

https://www.bbc.co.uk/news/technology-44937787

Russian hackers have won remote access to the control rooms of many US power suppliers, the Wall Street Journal reports.

The access could have let them shut down networks and cause blackouts, US officials told the newspaper.

The state-backed hackers won access even though command centre computers were not directly linked to the web.

The attacks succeeded by targeting smaller firms which supply utilities with other services.

Only 14% of businesses have implemented even the most basic cybersecurity practices

#IoT #cybersecurity must be a vital and integral part of every organization’s strategic plan.

https://www.techrepublic.com/article/only-14-of-businesses-have-implemented-even-the-most-basic-cybersecurity-practices/

According to a 2018 report from security company Symantec, the number of Internet of Things (IoT) attacks increased from about 6,000 in 2016 to more than 50,000 in 2017, which translates into a 600% rise in just one year. IoT devices are increasingly the attack vector of choice for cybercriminals around the world. IoT is particularly popular for ransomware attacks and illegal cryptocurrency miners.

According to Verizon’s Mobile Security Index 2018, only 14% of the responding organizations said they had implemented even the most basic cybersecurity practices, with an astonishing 32% of these IT professionals admitting that their organization sacrifices mobile security to improve business performance on a regular basis. That general lax attitude toward cybersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.

Cybersecurity Is the Key to Unlocking Demand in the Internet of Things

 

Research by Bain & Company finds that enterprise customers would be willing to buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might buy if their concerns remain unresolved (see Figure 2). In addition, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9 billion to $11 billion.

See Bain Brief:

Cybersecurity Is the Key to Unlocking Demand in the Internet of Things

 

‘Farm to fork’ IoT project

Woolworths reveals large-scale ‘farm to fork’ IoT project

Woolworths is quietly pursuing one of Australia’s largest-scale internet of things (IoT) projects, installing sensors throughout its supply chain to track fresh produce “from farm to fork”.

The project, understood to be codenamed ‘Fresh Insights’, offers the supermarket giant data collected across its supply chain, from growing food to transporting it to shops and then selling it.

“We’re looking at putting internet of things devices – and we have already – everywhere from the farms, vineyards that we run, to dairy farms, to see from beginning to end what has happened,” Woolworths’ GM of IT service operations and infrastructure Patrick Misciagna told a recent industry forum.

Misciagna said Woolworths is able to keep track of how much sunlight and water its crops receive, when produce is picked up by a truck, how long it is refrigerated in transit, how fast it is travelling and even “how bumpy the roads are”.

“You don’t want your produce damaged on the way,” Misciagna said.

“Not only because we’re the ‘fresh food people’ and we want to give you that fine product, but also because anything that’s damaged is waste.

“Even if we do send it back to a farm to feed animals with, I have to pay for the fuel to [take it back]. So we took all that into consideration.”

Aside from optimising its supply chain, it appears Woolworths plans to make some of the data available to shoppers so they can check the provenance of goods.

Both Woolworths and its supermarket rival Coles have previously tried a version of this, where shoppers could scan a QR code on the back of a bag of carrots – in the case of Woolworths – and receive some information on where they were grown.

However, the latest implementation of this idea appears to be far more sophisticated, potentially relying on some of the insights taken from the farm to fork project.

“We’re doing some very cool things with IoT in the stores … where you can scan over the food product with your phone and actually see the entire journey that piece of fruit or meat took throughout its life,” Misciagna said.

 

Smart lock can be hacked ‘in seconds’

Smart lock can be hacked ‘in seconds’

A hi-tech padlock secured with a fingerprint can be opened by anyone with a smartphone, security researchers have found.

On its website, Tapplock is described as the “world’s first smart fingerprint padlock”.

But researchers said it took just 45 minutes to find a way to unlock any Tapplock.

In response, the firm acknowledged the flaw and said it was issuing “an important security patch”.

In a blogpost, security expert Andrew Tierney from Pen Test Partners (PTP), outlined how he had hacked the lock.

“You can just walk up to any Tapplock and unlock it in under two seconds. It requires no skill or knowledge to do this.”

He said he was “so astounded” by how easy it was that he ordered another lock in case his first attempt had been a fluke.

The lock’s software does not take even simple steps to secure the data it broadcasts, he said, leaving it open to several “trivial” attacks.

The “major flaw” in its design is that the unlock key for the device is easily discovered because it is generated from the Bluetooth Low Energy ID that is broadcast by the lock.

Anyone with a smartphone would be able to pick up this key if they scanned for Bluetooth devices when close to a Tapplock.

Using this key in conjunction with commands broadcast by the Tapplock would let attackers successfully open any one they found, said Mr Tierney.

Arm buys Stream Technologies

Arm buys Stream Technologies to provide an integrated device and connectivity management offering to the IoT market

  • Arm has acquired Stream Technologies and will add the company to Arm’s IoT Service Group to extend the Mbed Device Management Platform with connectivity services/service management capabilities.
  • Arm acquired Stream Technologies primarily to further Arm’s overall goal of having its processor designs used in the expected hundreds of billions of future IoT devices.
  • The acquisition’s impact to Arm’s strategic positioning is likely only marginal and incremental, unless Arm adopts “Internet-scale” pricing for the combined service.

Arm makes its sixth acquisition since being acquired itself by Softbank

Arm, the British chip designer acquired by Softbank in September 2016 for $32 billion, today announced its acquisition of Stream Technologies.

Stream Technologies, based in Glasgow, UK, is primarily a mobile virtual network operator (MVNO) providing Internet of Things (IoT) connectivity services over cellular, satellite, and LoRaWAN networks, leveraging its connectivity service provider (CSP) partners’ infrastructure. Arm states that Stream Technologies supports roughly 770,000 IoT devices at present.

Stream Technologies also licenses its IoT-X connectivity management platform (CMP) to a handful of mobile operators, but is a relatively small player in this market, compared to companies like Cisco Jasper, Ericsson, Huawei, and Vodafone.

Arm will add Stream Technologies to its IoT Services Group (ISG), where Stream Technologies’ CMP and other technologies will extend the current Mbed Device Management Platform’s capabilities with connectivity management functionality. Since the acquisition of Arm by Softbank, Arm has itself acquired five other smaller firms and increased its headcount by 25%.

The goal is for the integrated platform to further reduce risk, time-to-market, and development costs for IoT developers and customers, by reducing overall development and management complexity. Indeed, IoT developers and other stakeholders regularly report that complexity, along with cybersecurity, poses a very significant challenge to overall IoT market development.

Telling Lies about Smart Meters

Article by Nick Hunn:

Telling Lies about Smart Meters

“What do you do when your smart metering plan isn’t working?  Looking at the efforts of Smart Energy GB, who are tasked with persuading the nation to install 50 million smart meters which aren’t really fit for purpose you do two things:”

  • “You ask the Government to double your funding with an additional £95 million of public money. Then…
  • You spend it on inaccurate adverts.”