Securing your IoT

Technical topics whether its hardware or software.
Post Reply
JanesAddiction_{HoF}
Posts: 31
Joined: Fri Sep 29, 2017 2:46 am

Securing your IoT

Post by JanesAddiction_{HoF} »

https://krebsonsecurity.com/2018/01/som ... iot-stuff/

Rule #1: Avoid connecting your devices directly to the Internet
Rule #2: If you can, change the thing’s default credentials
Rule #3: Update the firmware
Rule #4: Check the defaults - like universal plug and play UPnP
Nelsona
Posts: 1737
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona »

For some gadgets aka "devices" that can be connected to Internet you can forget security, they are flawed by default including default Wi-Fi protocol used in common networking - thanks it has a limited range and we are somehow safe as long as expert intruder has to be closer - but there are chances to be hacked from a nearby location if hacker is coming around - no password is required.
Also there are routers vulnerable from factory - have fun with them.
Not the last but the most evil thing is devices and machines messed up by default having whatever debug tools "forgotten" there in final build, like logging as root with a blank password after repeated hitting Enter key. It's the night of the mind how do these geniuses are working.

There is one default rule: When you are connected to the Internet you might forget about security and privacy. Keep in mind that not every specialist is well intended speaking about his finds, some of them are keeping secrets about flaws for using them later if someone is pissing them off.
UncodeX Stuff
Not often maintained
My UT Mapping works...
Learn the rules like a pro, so you can break them like an artist.
- Pablo Picasso -
Nelsona
Posts: 1737
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona »

Bump here with something - not that new...
In the past old people especially have read about funky CPU bugs - processors more exactly which made M$ mad at doing Kernel systems - All but ALL of those CPU were having bugs.

Some years have passed - supposed with security privacy protection and all these nice words (myths). Some smart IT guys have just figured other bugs used by about 139 malware type apps which are based on newer discovered bugs which are part of nowadays CPUs and which do exist in a wide range of devices PC MAC Smart_Whatever thingy.
These are based on memory corruptions and are heading to control and steal private data from device - draw conclusion. These bugs were here since 1995 only "imported" upgraded to a bigger speed of execution... and unchanged. So to refrain, frankly, you had exploits for 23 years...

As long as equipment has an unpatched kernel, the system cannot be claimed secured regarding to what you think.

If you have an idea which you don't want to be stolen (a new invention) you'd better keep that on PAPER rather than in your computer /tablet/phone/etc. - just saying...

Fixing exploits for an already done machine with bugged hardware is doable by doing major changes to OS's kernel affecting SPEED for applications running based on CPU (not GPU). These exploits can be triggered by common stuff (like Java, FlashPlayers, documents shared, and so on).

Have a nice day, machines users !
UncodeX Stuff
Not often maintained
My UT Mapping works...
Learn the rules like a pro, so you can break them like an artist.
- Pablo Picasso -
Nelsona
Posts: 1737
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona »

Bump here. In case that you have failed latest news.

Some smarty people (I gotta admit) have discovered a new solution to take down Web-Sites and/or Internet Users, regarding to default "measures" taken. Solution was... simple. By spoofing victim's IP address and using a borked request, response from a default server is coming with an UDP reflection being 51,000 times more powerful (more reach in data) like a mirror of a projector intended for light amplification, without any hack operated to those servers. By doing such requests to multiple hosts you can get a sort of Flood/DDoS which previous days went to 1,7 Tbits of data with meaning of 120 millions of packets/second - it was hilarious to see GitHub being brutalized like that - coders ground :!: . As result, victim is bombed until has no connections from any kind. You can secure everything, when some flood is taking all your Internet bandwidth down, then you can say bye to web surfing - no malware, no crap-ware, just outta Network using probably the most domestic solution invented ever.
Admins owning Web-Servers generally have to take measures to restrict UDP to a limited traffic or simply disabling it if it's not used. Then we can wait for the next Round...

Is your IoT secured ? Yeah ? Who cares ? New tech is aiming your Internet not your device, :| .
UncodeX Stuff
Not often maintained
My UT Mapping works...
Learn the rules like a pro, so you can break them like an artist.
- Pablo Picasso -
Nelsona
Posts: 1737
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona »

And now allow me to point you at some info toward "awesome IoT" devices. I would like to know if you feel secured in a way or another after reading here some article called
"Most IoT devices can be hacked into botnets". I have to admit there is more entertaining stuff to read...
Clowns are happy with their new "devices" - "garbage objects" made for earning money.
UT's addicted people said "obj garbage" in their consoles...
So to speak multiple copies of these "toys" are doing more damage than you might even dream.

Foot-Note:
Even your router supposed to protect the network is an "IoT" and... I've hear about people capable of breaching them easily, they were helping a poor brain which was forgetting password in order to prevent device's factory-reboot and losing all configuration data... words coming later were "Thanks for helping me, I owe you a lot of beer"...
UncodeX Stuff
Not often maintained
My UT Mapping works...
Learn the rules like a pro, so you can break them like an artist.
- Pablo Picasso -
JanesAddiction_{HoF}
Posts: 31
Joined: Fri Sep 29, 2017 2:46 am

Re: Securing your IoT

Post by JanesAddiction_{HoF} »

Here is an article that describes how to secure your network with IoT ...

https://www.pcper.com/reviews/General-T ... Insecurity
Nelsona
Posts: 1737
Joined: Sat Sep 30, 2017 5:03 am

Re: Securing your IoT

Post by Nelsona »

Bump okay, self note probably I should not ask those tech guys if this thing worth thinking too much about "securing" it.
Can you guess what this thing does ?
A_CstDev.png
A_CstDev.png (1.06 MiB) Viewed 12066 times
Let me answer, this device do works in sessions, it's not permanent connected, it is for broadcasting various videos and music guided by other machine or just managed by other machine and capturing a network stream itself from... Internet or from said machine, into your awesome HDMI port from whatever display Box (TV, whatever). As long as this one is dedicated to access Internet natively I think I can forget the security chapter because Internet for it means food. Of course, it won't need to stay connected forever, at random it do needs a restart. I spent last time looking at videos cleaned by adds and crap, this is a major advantage against getting annoyed by stupid content never asked and wasting viewer's time. Not the last thing, more apps which I'm using on the phone is Adds-Free, some of them "corrected" properly by self person, other downloaded from another guys - those apps supporting extra-damage (no names for a better Planet), and then life is changing when you can breath relaxed at favorite videos.
UncodeX Stuff
Not often maintained
My UT Mapping works...
Learn the rules like a pro, so you can break them like an artist.
- Pablo Picasso -
Post Reply