Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. I also looked at custom firmware and soldering and why, to my mind, that was a path I didn't need to go down at this time. Now for the big challenge - security. Let's dive into it.

IoT 358

IoT Firmware Risk Manufacturing 358

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT 86

IoT DDOS Passwords Malware 86

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. ” Once the mobile app has discovered the IP address of the lights, it authenticates with them, receives an authentication token and retrieves information about the device.

IoT 81

IoT Hacking DNS Authentication 81

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.” The remaining ones are authentication bypass and command injection flaws.

Hacking 98

Hacking Firmware Authentication DNS 98

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device.

DNS 82

DNS Malware Firmware Phishing 82

eSecurity Planet

MARCH 16, 2023

DNS attacks : DNS cache poisoning, or hijacking, redirects a legitimate site’s DNS address and takes users to a malicious site when they attempt to navigate to that webpage. This includes IoT devices. And network users don’t just need to be authorized — they need to be authenticated, too. Segmentation.

Network Security 108

Network Security Firewall Internet Internet 108

eSecurity Planet

MARCH 22, 2023

Although beyond the scope of the network, effective network security relies upon the effective authentication of the user elsewhere in the security stack. Two-Factor Authentication (2FA) : In today’s ransomware-riddled environment, two-factor authentication should also be considered a minimum requirement for all forms of remote access.

Firewall 105

Firewall Network Security Penetration Testing Encryption 105