Browsing category

IoT

Browser Vulnerability, Computer Security, explo, Exploit, Exploit Browser, hacking, IoT, Pwn2Own, Uncategorized, ZERO day,

Pwn2Own 2019 – Tesla Car Internet Browser Hacked – Hackers Won the Car & $545,000 in Total – Day 3

First and the second-day contest ended up with a various successful attempt to exploit the different bugs in multiple software vendors including, Microsoft, VMware, Oracle and Apple. In Pwn2Own 2019 final day, Zero Day Initiative introduced the Tesla car in automotive category and the Fluoroacetate team made an attempt to exploit the Tesla Model 3 […]

The post Pwn2Own 2019 – Tesla Car Internet Browser Hacked – Hackers Won the Car & $545,000 in Total – Day 3 appeared first on GBHackers On Security.

Internet of Things, IoT, Mobile, Telecom, Telecommunications,

Telecom Crimes Against the IoT and 5G

by: Trend Micro Research and Europol’s European Cybercrime Centre (EC3)

Telecommunications or telecom technology is the underpinning of the modern internet, and consequently, the internet’s growing segment, the internet of things (IoT). Likewise, the global telecommunications network we enjoy today has been greatly influenced by the existence and growth of the internet. Between telecom and the internet is a two-way relationship, even an indistinguishable divide for users. We experience this since the very same telecom carriers we subscribe to allow us to connect to the internet. At its best, this relationship is exemplified as advances in network connectivity as we move to 5G. In our paper with Europol’s European Cybercrime Centre (EC3), “Cyber-Telecom Crime Report 2019,” we explore how this relationship can also be used to threaten and defraud the IoT.

The SIM Connection

A common and well-known link that communication devices and internet devices have is the use of a SIM card. For IoT devices to have a unique presence and connection to the internet, they should have a SIM in the same way a phone does. This could be a familiar white SIM card, or something smaller attached to the circuitry of the device. A phone makes or receives calls, SMS, or data. Identically, an IoT device has a SIM to allow it to receive and make calls, SMS, or data.

SIM cards can serve like credit or debit cards in that they are used to initiate billing or connections that have corresponding fees. That’s why SIM cards, unfortunately, can be subject to many of the same frauds and risks credit cards are. In addition, the use of SIM cards — and telecom in general — in fraud appeals to criminals, perhaps because the telecom sector is not under regulation for money laundering controls.

In the case of smart city devices like traffic lights and smart garbage bins, cybercriminals have various ways to abuse SIM cards. They could choose to extract the SIM cards embedded in the IoT devices and use the SIMs to launder money or conduct other illicit activities. In some cases, even when the SIM cards might be difficult to extract, vulnerabilities still lie in how the devices have the capability to change carriers remotely. Moving from one carrier to another creates risks as some carriers could be cooperating with or created by criminals.

Bucketed subscription aggregation is also a problem with the IoT, especially in the development of more complex and large-scale IoT environments like smart cities. Such scale could be met with inadequate security measures, wherein many IoT devices (as many as millions) are aggregated to a single accounting line. When even just a single SIM of these IoT devices is compromised, the fraud it facilitates will be left undetected due to the inadequate accounting oversight.

It is also important to note that even if an IoT device is “dumb” or doesn’t have the ability to call or send messages, it doesn’t mean that its SIM is also limited — a fact that many procurement departments of large-scale IoT implementations might forget. These dumb devices could hold unknown telecom capabilities, ones that could be exploited by cybercriminals for data malware infection or very costly long distance fraud.

Figure 1. IoT SIM supply chain compromise threat model

Figure 1. IoT SIM supply chain compromise threat model

Large IoT Infrastructures

The scalability of IoT is one of its greatest assets, which, in the case of telecom fraudsters, is something of an opportunity as well. Depending on the number of deployed IoT devices and supporting technologies like dedicated servers, its environment can scale from one entire home to an entire city. The larger the scale, the more challenging it would be to monitor each connected device.

Even smaller-scale environments like smart homes, buildings, and factories do not escape the risk of being used for telecom fraud. Although smart factories are typically isolated from the internet, they do still require some form of cellular data connection to perform backups to an offsite location or undergo remote maintenance. Through this connection, cybercriminals can use cyber-telecom vulnerabilities against them and use them for outbound fraud.

Even smart and autonomous vehicles can be subject to the same attacks as mobile phones. Telephony denial of service (TDoS), for example, could cause a smart car to become lost due to a broken internet connection.

Securing Telecom and the IoT

Keeping in mind the connection between IoT and telecom should help in creating defenses against threats that shift from one to the other. Getting a grasp on common channels used by IoT devices can uncover hidden telecom capabilities in them. For IoT devices, simple measures like changing the default settings and credentials of the device can already prevent some of the mentioned telecom attacks.

Telecom technology and the IoT have proven that connectivity can be a powerful tool that helps us save time, improve efficiency, and bridge borders, among others. However, connections that run beyond our awareness can be abused to the detriment of others, through crimes like fraud and money laundering. It is important to acknowledge that there is only so much a single organization or industry can do against an interconnected web of threats. Collaboration and cooperation between all stakeholders, from telecom carriers to security experts and law enforcement, are necessary in keeping our connections safe.

For the complete discussion on telecom threats, read our paper “Cyber-Telecom Crime Report 2019.”

The post Telecom Crimes Against the IoT and 5G appeared first on .

This post appeared first on Trend Macro Blog
Author: Trend Micro

Car Hacking, Cyber Security News, Hack the Car, hacking, Hijacking, IoT, Mobile Attacks, Network Security, Vulnerability,

Hack the Car in Real Time – Car Alarm Flaw let Hackers Remotely Hijack 3 Million Vehicles Globally

car alarm

Researchers discovered a serious Vulnerability in famous vendors car alarm system that allows attackers to hijack the car remotely and kill the engine while driving, even steal the car. These alarms available in the market for $5,000, that already fitted in several high-end cars and the critical vulnerabilities were discovered in two leading alarm vendors […]

The post Hack the Car in Real Time – Car Alarm Flaw let Hackers Remotely Hijack 3 Million Vehicles Globally appeared first on GBHackers On Security.

Automation, Internet of Things, IoT, smart buildings, smart homes,

Exposed IoT Automation Servers and Cybercrime

by: Stephen Hilt, Numaan Huq, Martin Rösler, and Akira Urano

In our latest research “Cybersecurity Risks in Complex IoT Environments: Threats to Smart Homes, Buildings and Other Structures,” we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of the research also involved a look into exposed automation platforms or servers, which are integral components of complex IoT environments.

We define Complex IoT Environments (CIEs) as being made up of enough IoT devices — 10 from our experience — to create a web of dynamic interactions based on set rules. In these environments, an automation server functionally chains the devices together and enables functional interactions of devices that characterize such environments. There are two types of automation servers an IoT environment could have: the open-source server and the commercial server. Both not only have great control over devices but also hold important information. These servers are critical for such an environment – with each additional device added, the number of possible interactions and rules grows exponentially.

If a server is unknowingly exposed online, it could allow attackers to reprogram automation rules or steal hardcoded information. As the automation rules get more and more complex with more devices added, an administrator will have a hard time noticing attacker’s logic changes even after inspection. Checking if an automation server is exposed online is therefore a significant aspect of CIE security. For our research, we used Shodan to see if there were indeed any exposed automation servers and share details on those that we found in this post.

General findings

We searched through Shodan, a search engine for internet-connected devices, and came across a number of open-source automation servers. What sets open-source automation servers apart is their programmable logic layer, which allows users to change rules and add devices to a CIE. Compared to commercial automation servers we will discuss later, open-source servers are a lot more versatile.

The most common exposed open-source IoT automation servers that we found were Domoticz, Home Assistant, openHAB, and Fibaro Home Center. Countries that had the most number of exposed servers were mostly industrial nations in Europe, North America, Australia, and Japan. Of note are the automation servers we found in Thailand, Vietnam, Chile and Argentina, which could be an indication that although IoT automation is still in its early stages, it is quickly spreading globally.

Figure 1. Exposed IoT servers found using Shodan

Figure 1. Exposed IoT servers found using Shodan

The count is based purely on servers found in Shodan, so we need to point out certain considerations: 1) Shodan data does not include all exposed servers, 2) not all automation servers are exposed on the internet, and 3) daily results are constantly changing because of dynamic IP addresses. Therefore, the actual total number of exposed automation servers could be greater.

Whatever the actual number is, the fact that it is in the tens of thousands is concerning. Exposed systems can contain sensitive information and provide access to anyone who finds them. This is demonstrated by the exposed open-source servers Home Assistant, FHEM, and Node RED, which we will discuss further.

Open-source home automation servers

As can be seen in Figure 1, we found thousands of Home Assistant servers exposed in Shodan. Home Assistant is an open-source home automation server that allows users to run all their connected home devices from a single, mobile-friendly interface. Home Assistant runs on a dedicated server, whether RPi or local, so all device data is stored locally and not in the cloud. Home Assistant out-of-the-box supports many of the popular IoT devices, rules can be programmed via the GUI as well as written in YAML.

We found more than 6,200 exposed Home Assistant servers online, most of which were from the U.S. and Europe. Home Assistant has a history feature that shows the operational status of devices and, once accessed, could indicate when the inhabitants are away from home. In some exposed homes, their Home Assistant configuration file contained important credentials, like hardcoded router username and password. It is good to note however, that Home Assistant enforces password protection and most of the exposed home servers were password protected.

Figure 2. Exposed history of devices

Figure 2. Exposed history of devices

On the other hand, we found fewer exposed smart homes using FHEM servers. FHEM is a home automation server popular in Europe, a fact that coincides with our findings as most of the exposed FHEM servers were from Austria and Germany. It’s a Perl server that can be used to automate repetitive day-to-day tasks at home, like controlling the thermostat, switching lights on and off, and regulating power consumption. Like Home Assistant, its program runs on a dedicated device and can be controlled using the web, a smartphone, Telnet, or TCP/IP.

Information on the exposed FHEM servers included configuration files and device activities. Configuration files contain a wealth of information, like hardcoded credentials, lists of all devices in the home, and each device’s location. Exposed FHEM servers could also show others details from the devices connected to it, like device status, sensor readings, and even electricity usage.

Open-source home and industrial servers

Another type of automation server we found exposed online was Node-RED, a flow-based programming tool for chaining together devices, APIs, and online services. What sets Node-Red apart is its support for both smart homes and industrial processes. This crossover support for IoT and IIoT spaces is a capability that we think will eventually be possible for other IoT automation platforms.

Figure 3. Exposed detailed log files recording all events triggered, found in the same location as the configuration file

Figure 3. Exposed detailed log files recording all events triggered, found in the same location as the configuration file

We found around 880 exposed Node-RED servers online. Most of these were located in the U.S., Germany, Japan, U.K., and the Netherlands. Since Node-RED can be used for both home and industrial applications, these servers came from a wide variety of settings. Examples that we found that were not smart homes included a greenhouse and a parking garage flow in Japan.

Figure 4. Exposed automation flow for a parking garage in Japan

Figure 4. Exposed automation flow for a parking garage in Japan

Commercial automation servers

We’re adding in this discussion the few commercial home automation servers we came across in our Shodan search. Commercial automation servers offer a lot less flexibility than open-source servers. This means they can’t integrate as wide a range of IoT devices in their systems. However, they are still capable of some level of control over households since they can be used to operate preinstalled devices.

Potential attackers would not be able to conduct significant smart attacks against exposed commercial automation servers using the logic layer — commercial ones do not have a user-programmable logic. However, these exposed servers freely share information and access to anyone querying them without requiring proper authentication. Some of the controls that we found included those for the intercom, cameras, lights, and alarm systems.

Figure 5. Exposed controls for a home alarm system

Figure 5. Exposed controls for a home alarm system

Security and control

Exposure of automation servers opens smart homes and even smart buildings to several attack scenarios. For open-source automation servers, attackers can reprogram rules which, in turn, lead to a slew of different other attacks — from secretly adding devices to the system to turning off all security setups. Even exposed commercial servers can give attackers physical control over a household by allowing them to interact with controls like alarm systems. Exposed automation servers in buildings and industrial settings could impede business operations should their setups be tampered with. In addition, attackers can monitor and note patterns in resident behaviors using the information readily available in the exposed server.

In securing a CIE, a good place to start is its automation server. Since automation servers do not alert users if there had been a change in its rules, users should frequently check the logic layer for any changes. In this regard, using version control software would help users track changes in their code, as well as revert their code quickly to its original version in case of compromise. Users should also filter the information their automation servers hold. An automation server is a powerful tool that makes CIEs run smoothly and efficiently. As such, it is crucial for its control to remain in the right hands and not fall into the hands of unforeseen attackers.

To get a fuller understanding of other threat scenarios, you can read the rest of our findings in our paper “Cybersecurity Risks in Complex IoT Environments: Threats to Smart Homes, Buildings and Other Structures.” We also detail best practices to help build safer CIEs.

The post Exposed IoT Automation Servers and Cybercrime appeared first on .

This post appeared first on Trend Macro Blog
Author: Trend Micro