Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible.
Shodan is a search engine for the Internet of Things, scanning the public Internet for devices communicating on ports and over protocols that are commonly used by IoT devices. By feeding it the right parameters -- Real Time Streaming Protocol (RTSP, port 554) -- you can find innumerable publicly shared webcams, ranging from CCTVs that oversee marijuana grow-ops and many, many baby-monitors.
"The consumers are saying 'we're not supposed to know anything about this stuff [cybersecurity]," he said. "The vendors don't want to lift a finger to help users because it costs them money."
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? When 2008-era malware like Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
"The bigger picture here is not just personal privacy, but the security of IoT devices," security researcher Scott Erven told Ars Technica UK. "As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby's crib."
Internet of Things security is so bad, there’s a search engine for sleeping kids
[J.M. Porup/Ars Technica]
Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips ("Trusted Computing Modules" or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software […]
The privacy-focused web browser Brave has finally launched a 1.0 version, bringing it officially out of beta.
A number of popular health-related websites in the UK are reported to be actively sharing sensitive user data with dozens of third parties, including Google and Facebook, but also various adtech firms and data brokers.
Sous vide cooking: It sounds fancy, but it’s actually one of the easiest and most reliable ways to cook. It’s the reason why many restaurants are able to put out delicious dishes with a consistent flavor. All you need is the right equipment, and that hasn’t always been available to those outside the resto crowd. […]
The more you use your computer, the more it becomes possible for others to use it too. Where there are anti-virus systems, there are hackers looking for a way to get around them. That’s why it’s important to get software that doesn’t just passively scout for viruses in the background. The folks behind GlassWire have […]
Knowledge is power. It’s a cliché, but sometimes things turn into a cliché because they’re true. If you’re making your way through the world of business and entrepreneurship, it only makes sense to read about the insights of people who have climbed that ladder before you. Trouble is, the modern workday doesn’t leave a lot […]