GDPR is finally here and IoT service providers are struggling to comply with privacy regulation. Multiple vulnerabilities and cyber attacks against routers, smart home and video surveillance systems are exposed and an old Botnet makes a comeback. Read it all at our monthly summary of IoT Security news.

Hacks, Exploits and Utter Catastrophes

There are so many new vulnerabilities, exploits and hacking attacks that we’ve had to break this section into subsections. It seems that any IoT device type is hackable and will be exploited at some point.

• Hide and Seek IoT Botnet resurfaces with new tricks and persistence
• Anew, “Wicked” variant of Mirai botnet has been discovered.
• ‏Proving how vulnerable IoT can be, a hacker shuts down Copenhagen’s public city bikes system.

In the routers realm:

• The FBI has announced to America: “Reboot Your Routers, Right Now!” .
• In the UK, a four-year-old WPS Security flaw is still affecting TalkTalk ISP routers.
• A backdoor account was found in D-Link routers
• DrayTek Router Zero-Day was utilized for cyber-attacks
• a critical vulnerability was found in over a million GPON Home Routers.
• Singtel left approximately 1,000 customer routers wide open to a potential attack via an unprotected port.

In the latest news regarding smart-home devices:

• Amazon confirms that Echo devices shared users’ private audio recordings.
• A Z-Wave vulnerability Exposes Up To 100 Million Smart Home Devices to hacking
• Comcast website was leaking the names and passwords of customers’ routers.
• A new advisory was issued for CyberVision Kaa IoT Platform susceptibility.
• A smart doorbell vulnerability allowed people to snoop on each other even after a password change has occurred.
• Bugs in Logitech Harmony Hub put connected IoT devices at ‘High Risk’
• The Entire Nest ecosystem of smart home devices went offline.

New video surveillance exploits published include:

• A new hacking tool that lets users access a multiple DVRs and their video feed,
• iVideon (Russian-based) video surveillance solution leaked data and hundreds of thousands of records were exposed.
• Dozens of Canon security cameras were hacked in Japan, Netgear asks Arlo customers to change passwords in light of a security threat.

IoT Security Laws, Regulations and Standards

Governments and Regulators are pushing towards greater standardization of IoT devices and security, with the European Union leading the charge.

• The Dutch standards organization NEN has created an IoTS work group in order to address security and privacy issues in the growing IoT sector.

• The British Standards Institution (BSI) has launched a new kitemark for IoT devices, helping consumers make more informed decisions.

• People’s smart homes stop working as GDPR introduction devolves into chaos.

• GDPR legislation is expected to have a substantial impact on the IoT world.

IoT security trends

• U.S. leads the world in the origination of IoT  DDoS attacks
• Quantifying Consumer Costs of Insecure Internet of Things Devices

What’s New at SecuriThings?

As part of SecuriThings focus on providing cyber security for connected security devices, we will participate in two industry events in the coming month: Cyber:Secured Forum, June 4-6, Denver, Colorado, and IFSEC, 19-21 June 2018, London UK.

To schedule your 1:1 meeting contact us at:  [email protected]

Yours, The SecuriThings Team