Z-Wave smart-home gadgets announce new IoT security standards

Ry Crist for CNet:  Less than a month ago, hackers took control of an ocean of unsecured connected home devices, then essentially crashed the entire internet by using them to flood the web's largest internet management company with bogus traffic. Now, the makers of smart gadgets that communicate using Z-Wave are ratcheting up their security standards to help reassure consumers that their products don't come with glaring vulnerabilities.

"No one can afford to sit on their hands and wait," says Mitchell Klein, executive director of the Z-Wave Alliance. "Consumers deserve IoT devices in their home to have the strongest levels of security possible. IoT smart home technologies that don't act will be left behind."

The new standards are called the "Security 2" framework, or S2 for short. Aside from shoring up encryption standards for transmissions between sensors, cameras, and thermostats that broadcast using Z-Wave, S2 also mandates new pairing procedures for each device -- namely, unique PIN or QR codes on the devices themselves.  Cont'd...

Researchers' Belkin Home Automation Hacks Show IoT Risks

Mathew J. Schwartz for BankInfoSecurity:  As if the internet of things didn't seem secure enough, now we have to worry about apps on our smartphones posing a risk too.

That's just one of the takeaways from the discovery of two zero-day vulnerabilities and one hardware-bypass flaw - now patched - in Belkin's WeMo line of home automation products. The flaws, and how to exploit them, were demonstrated Nov. 4 at Black Hat Europe by two researchers from endpoint security software firm Invincea, in a presentation titled: Breaking Bhad: Abusing Belkin Home Automation Devices.

Belkin bills its WeMo apps as being "designed to address simple automation needs without the hassle or expense of whole home automation." Compatible products include everything from "smart" LED light bulbs, power switches and baby video monitors to coffeemakers, slow cookers and heating controls. In November 2015, Belkin reported that 2.5 million devices using their technology were in the market.  Cont'd...

Your smart home could help "bring the internet to its knees," expert says

Melanie Ehrenkranz for Tech.Mic:  Last week, a distributed denial of service attack took down Twitter, Reddit, Spotify and oh so much more. The hackers remain at large, but the root of the hack is clear: tens of millions of insecure IoT devices attacked by a massive botnet. 

"This could mean everything from camera systems, to power company self-reading meters, to smart lightbulbs," Radware vice president of security solutions Carl Herberger said in an email Monday. 

The devices that were vulnerable to hackers during last week's attack were mainly DVRs and security cameras, but any device connected to the internet is a potential target: lightbulbs, webcams, toasters, coffeemakers, thermostats, televisions, shower heads, connected locks — and the list goes on.   Cont'd...

Continued Growth of the "Internet of Me" Has 88 Percent of Consumers Considering the Risks of Using Connected Devices

National Cyber Security Awareness Month reminds all digital citizens to stay educated about cutting-edge technology and better protect against their associated threats

7 ways to keep your smart home from being hacked

Kari Paul for MarketWatch:  As the recent announcement that 500 million Yahoo email accounts were hacked shows, emails and passwords are never fully safe. On a daily basis, hackers use strategies like phishing scams to steal usernames and passwords, posing as a bank or other legitimate establishment to trick users. Consumers should be wary of any email asking for personal information and always check the sender address to be sure it’s based at the website the sender claims to be (like an @paypal.com email address versus a deceptively similar location like @paypal.co or @paypalhelp.com). No measure will guarantee users won’t be hacked (email addresses can even be spoofed, and there are ways to check for this by tracing IP addresses). But a number of actions can be taken to lower the risk of hacking and secure your home.  Cont'd...

Step Up Your Smart-Home Security Now

NATHAN OLIVAREZ-GILES for The Wall Street Journal:  Connected cameras and other smart-home devices promise a Jetsons-esque future. But as a recent hijacking of more than 100,000 networked cameras and DVRs demonstrates, they also provide fertile ground for hackers.

“You should make the assumption that anything that’s internet accessible is hackable. If it has a camera or a mic built in, it can be taken over,” said Kenneth White, a security researcher and director of the Open Crypto Audit Project, a nonprofit that promotes cybersecurity.

To protect yourself, you have to have the right perspective. “You need to take this seriously, but not be afraid of it either,” he said. Once you accept that hacking happens, embrace the security at your disposal. Here are some easy tips to help you step up your smart-home defenses:  Cont'd...

Will Hackers Outsmart the Smart Home? Why Security Needs to Happen at the Design Level

ABI Research:  The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI Research forecasting 360 million smart home device shipments by 2020. But many companies are leaving major security flaws in the wake of their hurried attempts to penetrate the market, producing products riddled with bugs and unpatched vulnerabilities. Ignoring cybersecurity at the design level provides a wide open door for malicious threat actors to exploit smart home products.

“We see an alarming increase in ransomware in smart TVs and IP cameras, code injection attacks, evidence of zero-day threats, and password eavesdropping for smart locks and connected devices,” says Dimitrios Pavlakis, Industry Analyst at ABI Research. “The current state of security in the smart home ecosystem is woefully inadequate. Smart home device vendors need to start implementing cybersecurity mechanisms at the design stage of their products.”

Numerous attack vectors have been identified in popular smart home communication protocols, such as ZigBee, Z-Wave, and Wi-Fi. Many companies are creating and selling easy-to-tamper smart locking systems, easy-to-hack sensor systems, and products that host a plethora of software vulnerabilities.  Cont'd...

MacKeeper Partners with CUJO to Protect Smart Homes from Cyber Threats

As part of their partnership, MacKeeper's parent company, Kromtech Alliance Corp., and CUJO signed a reseller deal under which MacKeeper will distribute CUJO devices among their customers starting in July 2016.

Now You Can Hide Your Smart Home on the Darknet

Andy Greenberg for WIRED:  The Privacy Software Tor has aided everything from drug dealing marketplaces to whistleblowing websites in evading surveillance on the darknet. Now that same software can be applied to a far more personal form of security: keeping hackers out of your toaster.
On Wednesday, the privacy-focused non-profit Guardian Project, a partner of the Tor Project that maintains and develops the Tor anonymity network, announced a new technique it’s developed to apply Tor’s layers of encryption and network stealth to protecting so-called “Internet of things” or “smart home” devices. That growing class of gadgets, ranging from refrigerators to lightbulbs to security cameras, are connected to the Internet to make possible new forms of remote management and automation. They also, as the security research community has repeatedly demonstrated, enable a new breed of over-the-Internet attacks, such as the rash of hackers harassing infants via baby monitors or the potential for hackers tosteal your Gmail password from your fridge.  Cont'd...
 

Simplifying Security for IoT Device Engineers and Manufacturers

A Guide to Security Requirements for Specific Types of IoT Devices and Systems.

From NetworkWorld - Interview with the creators of EZ-Wave, a Z-Wave hacking tool

The synopsis for Breaking Bulbs Briskly by Bogus Broadcastsmentions the promise of smart energy and building automation, as well as the many unintended vulnerabilities that are introduced in the rush to bring IoT devices to market. The researchers believe “the ability to physically damage hardware by abusing network access is particularly interesting.” I agree.

Frustrated by the “lack of functionality in current Z-Wave hacking tools,” ShmooCon presenters Joseph Hall and Ben Ramsey created and released a new, open source EZ-Wave tool. Not only did the duo discuss how to use the tool for pen-testing Z-Wave wireless automation networks, they also discussed “a rapid process for destroying florescent lights.” They added, “Once access is gained to an automated lighting system, regardless of the protocol used, we  demonstrate how to destroy florescent lamps rated for 30K hours within a single night of abuse.” Full Article:

Belkin Is on a Mission to Fix WeMo's Buggy Smart Home Software

By Stacey Higginbotham for Fortune:  The WeMo line of devices has been around since 2012, and has expanded gradually to include outlets, light switches, light bulbs, as well as a line of sensors that was shown at CES, the consumer electronics trade show in Las Vegas last January but are still not out yet. However, WeMo products have a huge and glaring problem. The software running them is terrible. It has been beset by security issues, customer complaints, and generally can drive a user batty.
However, that’s about to change. Taylor said last week that the WeMo team has been focused on repairing the software and that in January WeMo’s users should expect an update. This means that daylights savings time won’t break all your schedules as sometimes happens. Or adding something to your Wi-Fi network won’t inexplicably confuse every WeMo device in the house. Or that one day your WeMo products will just decide that they no longer want to respond to their product names. Every WeMo user has a story, and like Tolstoy, every WeMo user is unhappy in their own way.  Cont'd...

Could This Single Device Protect Your Smart Home?

Joseph Bernstein for BuzzFeed News:  Sense is a smart router combined with software that sits on top of and monitors all of the connected devices in your house. It reads all the traffic coming into those devices in real time and analyzes it using F-Secure’s cloud security network, “an analytics engine and information repository for malware and a variety of other digital threats.”

When Sense detects unwanted or malicious traffic — say, a botnet trying to connect to your smart television — it simply blocks it.

By drawing all of the IoT devices in the home into one protected network, Sense presents a remarkably elegant solution to a problem the cybersecurity world has been worrying about for a long time.  Cont'd...

Cybersecurity

To protect your company, rethink what you reveal on social media, as it is all fodder for social engineers. Develop policies for handling sensitive requests like password resets over the phone. Have a security audit done.

Records 1 to 14 of 14

Featured Product

This is Control4 Home Automation with Amazon Alexa.

This is Control4 Home Automation with Amazon Alexa.

INTRODUCING THE SIMPLEST WAY TO CONTROL YOUR ENTIRE HOUSE YOUR VOICE. Imagine this... We've all been there-walking through the door into a dark house, arms full. Wouldn't it be nice to tell your house to offer a helping hand? Now you can. A simple voice command-such as "Alexa, turn on Welcome"-lights up the hallway and kitchen, fires up your favorite Pandora station, while the door locks itself behind you. This is Control4 Home Automation with Amazon Alexa.