Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday June 19 2019, @10:28AM   Printer-friendly
from the seems-ok-to-me dept.

Submitted via IRC for Bytram

Consumers Urged to Junk Insecure IoT Devices

A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security.

More than 2 million connected security cameras, baby monitors and other IoT devices have serious vulnerabilities that have been publicly disclosed for more than two months – yet they are still without a patch or even any vendor response.

Security researcher Paul Marrapese, who disclosed the flaws in April and has yet to hear back from any impacted vendors, is sounding off that consumers throw the devices away. The flaws could enable an attacker to hijack the devices and spy on their owners – or further pivot into the network and carry out more malicious actions.

“I 100 percent suggest that people throw them out,” he told Threatpost in a podcast interview. “I really, I don’t think that there’s going to be any patch for this. The issues are very, very hard to fix, in part because, once a device is shipped with a serial number, you can’t really change that, you can’t really patch that, it’s a physical issue.”

Marrapese said that he sent an initial advisory to device vendors in January, and after coordinating with CERT eventually disclosed the flaws in April due to their severity. However, even in the months after disclosure he has yet to receive any responses from any impacted vendors despite multiple attempts at contact. The incident points to a dire outlook when it comes to security, vendor responsibility, and the IoT market in general, he told Threatpost.

b-b-b-b-but it is still working!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by RS3 on Thursday June 20 2019, @04:52AM

    by RS3 (6367) on Thursday June 20 2019, @04:52AM (#857768)

    Yes, I know several people who have cars with hotspots, including a Chevy Bolt.

    Well, I have an automotive tracker module in my hand. It's made by Enfora. It plugs into the OBD-II connector in the car. It's about 5 cm x 5 cm x 2 cm. It's mostly empty space. There are 2 circuit boards with active circuits, including a SIM socket. 2 circuit boards are printed antennas. It has GPS and GSM cell network and possibly bluetooth or some other local communications, and also a micro-USB port.

    Many (most?) cell phones are using ceramic antennas, which are quite tiny. https://www.johansontechnology.com/antennas [johansontechnology.com]

    The point being the cell communication electronics can be quite small. So to find them in a car you might search the web for info from others who figured it out. Or someone would need an RF field detector with a small directional antenna. The RF won't be on all the time, but possibly when ignition is switched ON, or OFF.

    I have a pair of wireless 900MHz headphones through which you can hear sounds from both cell phones and WiFi, so it might be good enough to locate the little bug. The antenna might have an accident at that point.

    All that said, I worked on a friends 2007 Mercedes recently and under the rear seat we found fairly large electronics modules with antenna cables going to antennas in the rear window. So in some cases the bugger (literally) might be easy to find and disable.

    I bet someone sells RF transmitter locators.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2