A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation.
Link: https://threatpost.com/firestarter-hacked-hair-straighteners/146434/
Tag: IoT
Google Home Silently Captures Recordings of Domestic Violence and More
Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used.
Link: https://threatpost.com/google-home-recordings-domestic-violence/146424/
Apple Disables Walkie-Talkie App Due to Eavesdropping Flaw
Apple has disabled the Walkie Talkie app from its Apple Watch products after a vulnerability was discovered enabling bad actors to eavesdrop on iPhone conversations.
Link: https://threatpost.com/apple-disables-walkie-talkie-app-due-to-eavesdropping-flaw/146410/
Bug in Anesthesia Respirators Allows Cyber-Tampering
GE Healthcare said an attacker could modify gas composition parameters within the devices’ respirator function.
Link: https://threatpost.com/anesthesia-respirators-cyber-tampering/146405/
Microsoft Patches A Pair of Zero-Days Under Active Attack
The software giant also addressed 15 critical flaws and advised on the recently disclosed Linux Kernel “SACK Panic" bug.
Link: https://threatpost.com/microsoft-patches-zero-days-active-attack/146349/
Amazon Admits Alexa Voice Recordings Saved Indefinitely
Amazon’s acknowledgment that it saves Alexa voice recordings – even sometimes after consumers manually delete their interaction history – has thrust voice assistant privacy policies into the spotlight once again.
Link: https://threatpost.com/amazon-admits-alexa-voice-recordings-saved-indefinitely/146225/
FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps
The FDA sent out an urgent advisory warning of serious flaws in Medtronic’s insulin pumps, which are used by thousands across the U.S.
Link: https://threatpost.com/fda-warns-of-potentially-fatal-flaws-in-medtronic-insulin-pumps/146109/
Smart Lock Turns Out to be Not So Smart, or Secure
Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure.
Link: https://threatpost.com/smart-lock-turns-out-to-be-not-so-smart-or-secure/146091/
Thousands of IoT Devices Bricked By Silex Malware
A 14-year-old hacker bricked at least 4,000 Internet of Things devices with a new strain of malware called Silex this week. Threatpost talks to the researcher who discovered the malware.
Link: https://threatpost.com/thousands-of-iot-devices-bricked-by-silex-malware/146065/
Consumers Urged to Junk Insecure IoT Devices
A security researcher who disclosed flaws impacting 2 million IoT devices in April – and has yet to see a patch or even hear back from the manufacturers contacted – is sounding off on the dire state of IoT security.
Link: https://threatpost.com/consumers-urged-to-junk-insecure-iot-devices/145800/