Source: National Cyber Security – Produced By Gregory Evans
New security research has revealed a whole new area of concerns for the soon-to-be-everywhere Internet of Things – smart home hubs. Hubs – devices that link into home networks to control lighting, dead-bolt locks and cameras – can be dangerously vulnerable to attack, according to security tools firm TripWire. Craig Young, a Tripwire VERT (Vulnerability and Exposure Research Team) security researcher, tested Wink Hub, Vera and SmartThings Hub (all smart home hubs), discovering a variety of issues in the process. The most serious issues affected Wink Hub and Vera. El Reg contacted both vendors, who downplayed the significance of the findings and stated the testing was done on kit using old versions of firmware. Open sesame Kit from Vera displayed improper neutralisation of special elements used in an OS Command (CWE-78) and cross-site request forgery (CWE-352) problems. Equipment from Wink turned out to have similarly serious problems, namely improper neutralisation of special elements used in an SQL Command (CWE-89) and cross-site Request forgery (CWE-352). Left unresolved, both sets of flaws created a means for hackers to obtain remote root shell access with minimal user interaction. Wink has developed an update to block exploits against its hubs. The SmartThings hub is […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Cyber poltergeist threat discovered in Internet of Stuff hubs appeared first on National Cyber Security.
View full post on National Cyber Security
