- Feb 7, 2014
- 1,540
The results from this year's IoT hacking contest are in and it's not a pretty picture
Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.
A month after the conference ended, the results are in: 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.
The types of vulnerabilities found ranged from poor design decisions like the use of plaintext and hard-coded passwords to coding flaws like buffer overflows and command injection.
Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.
A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. A thermostat from Trane used a weak plain text protocol potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality.
Several security issues, including a hard-coded password, a command injection flaw, an open access point connection and a lack of network segmentation were found in a solar array management device from Tigro Energy.
You can catch the rest of this news here: Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON
Smart door locks, padlocks, thermostats, refrigerators, wheelchairs and even solar panel arrays were among the internet-of-things devices that fell to hackers during the IoT Village held at the DEF CON security conference in August.
A month after the conference ended, the results are in: 47 new vulnerabilities affecting 23 devices from 21 manufacturers were disclosed during the IoT security talks, workshops and onsite hacking contests.
The types of vulnerabilities found ranged from poor design decisions like the use of plaintext and hard-coded passwords to coding flaws like buffer overflows and command injection.
Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, Elecycle, Vians, Lagute, Okidokeys, Danalock were found to be vulnerable to password sniffing and replay attacks, where a captured command can be replayed later to open the locks.
A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. A thermostat from Trane used a weak plain text protocol potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality.
Several security issues, including a hard-coded password, a command injection flaw, an open access point connection and a lack of network segmentation were found in a solar array management device from Tigro Energy.
You can catch the rest of this news here: Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON
