Search This Blog

Showing posts with label IoT devices. Show all posts

Microsoft Finds Critical Code Execution Bugs In IoT, OT Devices

 

Recently, world-leading giant Microsoft security unit has reported that around 24 critical remote code execution (RCE) vulnerabilities have been found in Operational Technology (OT) industrial systems and Internet of Things (IoT) appliances. The research unit said that this security flaw in the system is collectively known as BadAlloc and because of the memory allocation Integer Overflow or Wraparound bugs, the attack occurred. 

The unit reported that the cybercriminal could utilize this access into the system to crash and execute malicious code remotely into the system. The vulnerabilities have been discovered by Microsoft's researchers into standard memory allocation systems that come into use in multiple real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. 

"Our research shows that memory allocation implementations written throughout the years as part of IoT devices and embedded software have not incorporated proper input validations…”, the research team noted. 

"…Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device, the Microsoft security research team has reported”, they further added.

There is a long list of appliance that get affected by the BadAlloc vulnerabilities: 

• Amazon FreeRTOS, Version 10.4.1 
• ARM Mbed OS, Version 6.3.0 
• eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3 
• ARM mbed-uallaoc, Version 1.3.0 
• Cesanta Software Mongoose OS, v2.17.0 
• ARM CMSIS-RTOS2, versions prior to 2.1.3 
• Apache Nuttx OS, Version 9.1.0 
• Media Tek LinkIt SDK, versions prior to 4.6.1 
• Google Cloud IoT Device SDK, Version 1.0.2 
• Micrium OS, Versions 5.10.1 and prior 
• Micrium uCOS II/uCOS III Versions 1.39.0 and prior 
• Linux Zephyr RTOS, versions prior to 2.4.0 
• NXP MCUXpresso SDK, versions prior to 2.8.2 
• NXP MQX, Versions 5.1 and prior 
• RIOT OS, Version 2020.01.1 
• Samsung Tizen RT RTOS, versions prior 3.0.GBB 
• Redhat newlib, versions prior to 4.0.0 
• Texas Instruments SimpleLink MSP432E4XX 
• Texas Instruments CC32XX, versions prior to 4.40.00.07 
• Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00 
• Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03 
• Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00 
• Windriver VxWorks, prior to 7.0 
• Uclibc-NG, versions prior to 1.0.36 
• TencentOS-tiny, Version 3.1.0 

Reportedly, as soon as the security flaw was found out into the system the research unit reported it to the CISA and the vendors.

Canadian IoT Solutions Provider, Sierra Wireless Hit by a Ransomware Attack


Sierra Wireless, a Canadian IoT solutions provider said that it has reopened its manufacturing site's production after the company suffered a ransomware attack that breached its internal infrastructure and official website on March 20. When the company came to know about the attack, it called one of the world's best cybersecurity firms "KPMG," to help Sierra Wireless in the investigation and inquiry of the incident.

According to Sierra Wireless, "security is a top priority, and Sierra Wireless is committed to taking all appropriate measures to ensure the highest integrity of all of our systems. As the investigation continues, Sierra Wireless commits to communicating directly to any impacted customers or partners, whom we thank for their patience as we work through this situation." 

Currently, the staff at Sierra Wireless is working on re-installing the company's internal infrastructure, after the corporate website was brought back online. Besides this, the Canadian MNC said that ransomware attacks couldn't breach services and customer-oriented products as the internal systems that were attacked were separated. The company believes that the scope of the attack was limited to Sierra Wireless' corporate website and internal systems, it is confident that the connectivity services and products weren't affected, and the breach couldn't penetrate the systems during the incident. 

As of now, the company isn't expected to issue any firmware or software security updates or product security patches, which are generally required after the ransomware attack. The company hasn't disclosed the ransomware operator behind the attack, it has also not specified what data was stolen from the incident before the encryption could happen. 

The attack happened in March, after that the company took back its Q1 guidance. A company spokesperson said that Sierra wireless won't reveal any further information regarding the attack as per the company protocol, because the data involved is highly confidential and sensitive. Bleeping Computer reports, "Siera Wireless' products (including wireless modems, routers, and gateways) sold directly to OEMs are being used in IoT devices and other electronic devices such as smartphones, and an extensive array of industries." Stay updated for more news.

Interview with Waylay: Power of Automation to Everyone?

 

On 8th January, E-Hacking News conducted an interesting interview with Waylay. The guest speaker for the interview was Mr. Veselin Pizurica, CTO & Co-Founder, Waylay. The company helps to connect IoT solutions to IT systems, empowering them to build new applications faster and better than ever before.

Q1. Can you please tell us about “Waylay” as a company? 
Waylay is a technology company that builds automation software for the Internet of Things. Our platform is used by enterprises to develop new digital solutions with IoT, IT, and OT data in the most flexible way. We have about fifty enterprise customers from Australia, Japan, Europe to the US. We are expanding to the US with a physical presence because we’ll like to get better support for our US customers. Today we are more focused on OEM technology meaning we work as an invisible layer, where other companies can buy our software that integrates our automation technology with their solutions. 

Q2. In what industries Waylay is useful for? What type of customers may be interested? 
In the context of IoT, one has two approaches – either go for a vertical approach or being a platform-neutral player where other customers create their own solutions based on automation technology. In this regard, we are the latter case. Our customers are either in the smart buildings or HVAC connected appliances or even B2C. Our technology is used mostly in manufacturing spaces, smart buildings as well as HVAC. The reason for customers being interested in Waylay is because we are a cloud-capable platform as well. We have built a unique set of interfaces that work on top of all other cloud technology in a way that the bigger automation players can replicate the same use case in different clouds. 

Q3. Do you integrate with the existing HVAC system? What if an end customer wants to integrate into your dashboard, how do they do it? Do they need to put a specific IoT controller for this? 
What we have done is to create a kind of convergence layer that integrates to other IoT clouds or IoT systems in such a way that we put in just data for a variety of different systems. In other words, we are just saying we’ll create a bridge layer that can integrate with our system. Secondly, many of these HVACs are not connected and they will never be connected. Our technology offers the opportunity to integrate with other IoT systems. We are not enforcing our connectivity on our customers; we are rather saying whatever we have already we’ll create a layer that will enable us to get data in our systems 

Q4. Do you directly work with OEM (Original Equipment Manufacturer)? If so, do you have a development kit for OEM? What are the types of OEM you work with? 
We do actually. If you have the HVAC suppliers/manufacturers they, face a couple of different problems and none of them are actually trivial. So, basically what we offer is a sort of total automation that enables experts from both sides of the story (machine learning builders and machine learning experts) to bring them on one platform to be able to do total automation. The next thing you could do is offer new services; people are actually renting machines as a service rather than actually selling them. For instance, if you like to rent a machine as a service then your absolute interest is that the machine operates with optimum settings. 

Q5. IoT awareness is so low in many countries, will Waylay contribute positively to increase awareness in the IoT space? 
There are various angles to answer this question. First, IoT is something that people have been talking about for a long time. In a B2C context, if you buy any device, one or the other way, it is connected, it’s just that people are not aware of that. In smart home automation, it is already happening. In industries, things are much more complicated as there is a lot of different technology. Now, awareness also depends on the countries, some people are more eager to try things than others. In industries, the very first problem is connectivity, it not only depends on the use case vertical but also on the country. The thing with IoT is, it’s already happening but not at the same pace (compared to other technologies). What makes our company very confident is eventually, everything will be connected, it’s just that the pace of adoption in some countries is slower than others. 

Q.6 Your blog talked about “Waylay’s Digital Twin Revolutionizes Provisioning in Industrial IoT.” Please tell us more about it. 
When we talk about Digital Twins, we are talking about the digital representations of the objects. It can mean different things to different people. “In an ideal world, all equipment would be connected. In reality, millions of legacy machines are locked out of Industry 4.0 solutions because of the prohibitive cost of retro-fitting them.” 

Q.7 How has Waylay helped to bring a change in Digital Industry? 
Our goal is to bring the power of automation to everyone. Waylay believes that automation liberates human intelligence, cuts down costs, and increases value creation.

Active Cypher: Great Deal of Orchestration of Our Intelligence in AI into Existing Systems

 
Active Cypher: The company is built upon a socially responsible fabric, that provides information security for individuals and corporations in an increasingly complex digital age. The guest speaker for the interview was Mr. Michael Quinn, CEO, and Mr. Caspian Tavallali, COO Active Cypher. Active Cypher’s Ransom Data Guard utilizes a combination of Active Cypher’s proprietary encryption orchestration, smart AI, and advanced endpoint protection. 
 
Please tell us about your company Active Cypher? 
 

I am Michael Quinn, CEO of Active Cypher. We are a data protection company; we have an ethos within a company that the data needs to be able to protect itself wherever it is created. We have built a product line that offers those capabilities of protection against ransomware attacks through protecting data at the file level in the server environment and in the cloud. What our product allows us to do is be crypto agile. We can work with numerous encryption schemes. Once we are installed we basically back out of the situation and allow the client to run and trust their own data. 

 
Your company talked about game-changing software “Ransom Data Guard” that will protect organizations against ransomware threats. Please describe more about it. 
 
What we developed is a capability where understanding what ransomware has to do in order to take control of the device in a user environment. We built a product just before the Covid-19 and work from home culture started and we realized that people are using shared environments on the same device at home. So we basically allow the organization to encrypt the data down to the device level and protect it. The ransomware protection that we provide basically allows us to manage the files in such a way that they are not accessible to external sources like ransomware. We put this product along with our cloud fortress product to make sure that we were meeting compliance regulations. What we found after working with the law firms is we allow the companies to meet compliance through this capability if the product was ransomed or even if it was exfiltrated because we encrypt the data so the actual data itself is useless. On the ransomware side, the beauty of it is we allow a lot of flexibility in how the data can be stored and used. 
 
Besides ransomware protection, what are the other solutions Active Cypher provides? 
 
We do a great deal of orchestration of our intelligence in AI into existing systems, we integrate into Microsoft tools as well as we have APIs that can write to any of the tools that are out there. We don’t bring in to replace anything or add to anybody’s burden, we integrate into it with our information.  
 
Let’s say somebody opens a doc. file or they load up a doc. file which has an exploit. How do you handle that? 

If somebody uploads an exploit or malware and when it’s opened, because of the process we use to interrogate the document for its integrity, we will stop any process that is trying to intervene with the environment and we’ll put a warning out. What will happen is you’ll get an alert from us, let’s say you open up a “wannacry” as an example, you will get a screenshot saying “your device has been ransomed.” The reality is you can still open all your files. What we do is, with our cloud fortress product, we do a real-time backup. 
 
At a time when hospitals and medical institutions are struggling with Covid-19, how has Active Cypher protected them from ransomware threats? 

In most of the hospitals and medical environments, their IT staff lacked the sophistication to understand what was happening. Earlier, the attackers were not really trying to damage the data, they were trying to ransom it and return it. Now what the attackers are doing is, that they are actually getting into the environment and not going after the data because most of the hospitals have upgraded their capabilities along with using our products. Now, the hackers are attacking the IoT (internet of things) at the device level, which is more life-threatening. What we have done to help healthcare institutions is basically putting a “Data Guard” which is the stand-alone ransomware product on devices. 
 
How do you handle the GDPR (General Data Protection Regulation) and Privacy requirements when it’s the home environment? 

With “Data Guard,” the way the product is designed, it can be installed on a consumer device. In that environment it allows people to protect what they have like personal data or business data that they have on their device is protected. And that’s the simplicity of Data Guard, is the fact that it protects your device and the files on it and ensures that ransomware can’t launch successfully.  
 
With cyberattacks rising, is there any advice you can give to our readers on cybersecurity? 

Everybody has to be aware, you don’t have to be afraid. With the stress of work, particularly with this remote work environment, the user has to be more diligent. So, ease of use and awareness are probably the keys to maintaining good data hygiene.

Internet of Things (IoT): Greater Threat for Businesses Reopening Amid COVID-19 Pandemic

 

Businesses have increasingly adopted IoT devices, especially amid the COVID-19 pandemic to keep their operations safe. Over the past year, the number of IoT devices employed by various organizations in their network has risen by a remarkable margin, as per research conducted by Palo Alto Networks' threat intelligence arm, Unit 42. 
 
While looking into the current IoT supply ecosystem, Unit 42 explained the multi exploits and vulnerabilities affecting IoT supply chains. The research also examined potential kinds of motivation for exploiting the IoT supply chain, illustrating how no layer is completely immune to the threat.  

The analysis of the same has been reported during this year's National Cybersecurity Awareness Month (NCSAM), which is encouraging the individual's role in protecting their part of cyberspace and stressing personal accountability and the significance of taking proactive measures to strengthen cybersecurity. 
 
The analysis also noted that supply chain attacks in IoT are of two types – through a piece of hardware modified to bring alterations in a device's performance or from software downloaded in a particular device that has been affected to hide malware. 
 
While highlighting a common breach of ethics, the research mentioned the incorporation of third-party and hardware components without making a list of the components added to the device. The practice makes it hard to find how many products from the same manufacturer are infected when a vulnerability is found on any of the components. Additionally, it also becomes difficult to determine how many devices across various vendors have been affected in general, by the vulnerability.

"The main goals for cyberespionage campaigns are maintaining long-term access to confidential information and to affected systems without being detected. The wide range of IoT devices, the access they have, the size of the user base, and the presence of trusted certificates make supply chain vendors attractive targets to advanced persistent threat (APT) groups..." the report stated. 
 
"In 2018, Operation ShadowHammer revealed that legitimate ASUS security certificates (such as “ASUSTeK Computer Inc.”) were abused by attackers and signed trojanized softwares, which misled targeted victims to install backdoors in their system and download additional malicious payloads onto their machines." 
 
While putting things in a cybercrime perspective, the report noted - "The potential access and impact of compromising a large number of IoT devices also make IoT vendors and unprotected devices popular choices for financially motivated cybercriminals. A NICTER report in 2019 shows close to 48% of dark web threats detected are IoT related. Also in 2019, Trend Micro researchers looked into cybercriminals in Russian-, Portuguese-, English-, Arabic-, and Spanish-speaking marketplaces and discovered various illicit services and products that are actively exploiting IoT devices." 
 
The report stressed the need to "enlist" all the devices connected to a certain network as it will help in identifying devices and their manufacturers, enabling administrators to patch, monitor, or even disconnect the devices when needed. There are instances when all the vulnerable devices are unknown in the absence of a complete list, therefore it is imperative to have complete visibility of the list of all the connected devices in order to defend your infrastructure. 

Vulnerabilities with AvertX IP security cameras


Palo Alto Networks Unit 42, this February found three vulnerabilities present in AvertX IP cameras in their latest version.

These three vulnerabilities were found in models HD838 and 438IR of AvertX used as outdoor surveillance cameras with object-detection and infrared and technology built-in. The users can store the recordings both in the cloud on a Network Video Recorder (NVR) or in a memory card.

The three vulnerabilities that were found and confirmed by AvertX were:

CVE-2020-11625: User enumeration 

Faulty web user interface (UI) login attempts lead to varied results when the account doesn't exist that could enable attackers to use brute force attacks.

 CVE-2020-11624: Weak password requirements 

The software does not require users to change from the default password. When the user tries to login with the default password the pop shows 'password has been changed' but lets the user login.

 CVE-2020-11623: Exposed dangerous method or function 

An exposed UART interface exists that could be exploited by an attacker with physical access to the UART and change diagnostic and configuration functionalities.

 The Impact of these Vulnerabilities

The attackers can use a brute force attack by gaining legitimate accounts as the vulnerability allows to collect valid usernames and once the username is accessed it is easy to gain the password via brute force attack.

Since the camera can be accessed by using the default password- can easily make your camera and machine compromised. And the default password can be as easily accessed by reading a user manual, as a result, can connect to Iot devices.

Physical access to UATR ( universal asynchronous receiver-transmitter) can allow the attacker to change configurations, modify them, or even shut the camera down.

 The company AvertX, analyzed the faults and vulnerabilities and have released a patch with proper modifications and removed the UATR connector as well as changed the interface in the later produced batches.
2020 Unit 42 IoT Threat Report showed that security cameras make 5% of Interest Of Things (IoT) devices all over but they cover 33% of security issues related to IoT devices.

Bot List Containing Telnet Credentials for More than 500,000 Servers, Routers and IoT Devices Leaked Online


This week, a hacker published a list on a popular hacking forum containing Telnet credentials for over 515,000 servers, home routers and IoT (Internet of Things) "smart" devices. The massive list which reportedly was concluded by browsing the whole internet in search of devices that left their Telnet port exposed, included IP addresses of all the devices, username and password for the Telnet service and a remote access protocol that can be employed to control devices over the internet.

After scanning the Internet in search of devices exposing their Telnet port, the hacker attempts to use either factory-set default usernames and passwords or custom but guessable combinations, as per the statements by the leaker himself.

These lists, generally kept private – are known as 'bot lists' that are built after hackers scan the Internet and then employed them to connect to the devices and install malware. Sources say that although there have been some leaks in the past, this one is recorded as the biggest leak of Telnet passwords till date.

As per the reports of ZDNet, the list was made available online by one of a DDoS-for-hire (DDoS booter) service's maintainer. There's a probability that some of these devices might now run on a different IP address or use other login credentials as all the leaked lists are dated around October-November 2019. Given that using any of the listed username and password to access any of the devices would be illegal, ZDNet did not use it. Therefore, they were not able to comment on the validity of these credentials.

A security expert in the field of IoT, requesting for anonymity, tells that even if some of the listed credentials are invalid by the time for devices now have a new IP address or password. However, the listings still hold a lot of value for a skillful and talented attacker who can possibly use the present information in the list to identify the service provider and hence update the list with the current IP addresses.

Certain authentic and verified security researchers are given access to the list of credentials as they volunteered for it.

IoT Devices Fall Prey to Attacks up to 10 Crore by Hackers


With more than 40 lakh attacks on IoT (Internet of Things) devices, India is among one of the Top 10 Victims Countries lists in the world. This can be a disappointment for Tech Freaks and companies that have just begun using IoT devices but don't consider protecting their IoT devices such as smart cameras. Hackers didn't even flinch while penetrating the systems. That's how simple the breakthrough was.


Simple methods like password guessing are used for getting the entry in IoT devices. Some sufferers of these attacks set passwords as naive as 'Admin.' And now, India has made it to the index of the top 10 countries that fell prey to IoT attacks in 2019. As shocking as the disturbance was, all of these hacks have happened in just the first half of the year. Nevertheless, it's ironical that India wasn't on this list at the same time last year. That is how distressing the circumstance has become.

In a study titled, 'IoT: A Malware Story,' Kaspersky, a cybersecurity company, says "There is an immense explosion in smart technologies like routers and smart cameras but people hardly care to guard them against cyber invasions, cyber safety solutions." This is due to a massive number of attacks happening in the first half of the year 2019. “Kasperky's honey pots (used as baits by the company to lure hackers) caught 10.5 crore invasions on IoT gadgets from 276,000 different IPs in contrast to 12 million invasions arising from 69,000 IPs in the very time previous year,” said its report.

The increase of IoT gadgets and lack of knowledge on cyber safety make this a sweet harvest for hackers. Invasions on IoT gadgets traversed 10-crore line in the first half of 2019, 9 times the number of attacks happened in the year 2018 at the same time. The Honey pots used as baits to catch the hackers have obtained fascinating knowledge about the manner of working of the hackers. Fortunately, the invasions on IoT gadgets are not complicated. However, lack of knowledge leads to attacks on IoT gadgets. Clicking on vulnerable links in IoT systems, hackers have sharpened their drives to ship into IoT devices and make a profit.

Around 25 million Home Voice Assistants vulnerable to hacking globally

          





According to a cybersecurity report of McAfee, over 25 million voice assistants which are connected  IoT(internet of things ) devices at home globally are at huge risk of hacking.

Raj Samani, McAfee Fellow and Chief Scientist at McAfee said “ Most IoT devices are being compromised by exploiting rudimentary vulnerabilities, such as easily guessable passwords and insecure default settings”

He further added that “From building botnets, to stealing banking credentials, perpetrating click fraud, or threatening reputation damage unless a ransom is paid, money is the ultimate goal for criminals,”

The hackers around the world are exploiting basic vulnerabilities of IoT devices like easily guessable passwords, weak security settings, exploitation through voice commands.

According to the “Mobile threat report” from McAfee, there has been a 550 percent increase in security vulnerabilities related to fake apps in the second half of 2018.

According to the report “"Most notably, the number of fake app detections by McAfee's Global Threat Intelligence increased from around 10,000 in June 2018 to nearly 65,000 in December 2018,"

 Gary Davis, Chief Consumer Security Evangelist at McAfee said "The rapid growth and broad access to connected IoT devices push us to deliver innovations with our partners that go beyond traditional anti-virus. We are creating solutions that address real-world digital security challenges,"


McAfee and Samsung are now in partnership to secure Samsung Galaxy S10 devices from a malicious hacking attempt