Critical Flaw Found In ZigBee Smart Home Devices. Millions at Risk.

Security researchers have identified a critical vulnerability in devices using ZigBee, a wireless standard used for connectivity in multiple Internet of Things and smart home devices — raising the specter of hackers breaking into your smart home and doing what they like with your connected locks, alarm system and even controlling your lightbulbs.

Cognosec presented a paper at the Black Hat confab in Vegas today outlining a flaw in ZigBee implementations it said affects multiple device types, and asserting it’s possible for hackers to compromise ZigBee networks and “take over control of all connected devices on a network.”

“The practical security analysis of every device assessed showed that the solutions are designed for easy setup and usage but lack configuration possibilities for security and perform a vulnerable device pairing procedure that allows external parties to sniff the exchanged network key,” the researchers write.

“This represents a critical vulnerability, as the security of the solution is solely reliant on the secrecy of this network key.”



Russian hackers crack Pentagon email system

Russian hackers are attacking the Pentagon’s Joint Staff unclassified email system, leaving thousands of Department of Defense (DOD) workers without email for nearly two weeks, a DOD spokeswoman confirmed.

Officials believe Moscow may have orchestrated the “sophisticated cyberattack,” which infiltrated the Joint Chiefs of Staff email system….


Security needs to be a top priority for healthcare providers

Back in the old days – say, a whole 10 years ago – thieves had to be physically inside a healthcare facility to steal patient information. How times have changed.

Now, with the Internet and the seeming lack of consistent implementation of online security best practices when it comes to patient information, we’re making things much easier for attackers. The proof is in the data. Gartner research conservatively estimates close to 40 million health care records have been breached to date. That’s likely a conservative figure, given that breaches of fewer than 500 records are not required to be reported.


Hacker shows he can locate, unlock and remote start GM vehicles

A security researcher has posted a video on YouTube demonstrating how a device he made can intercept wireless communications to locate, unlock and remotely start GM vehicles that use the OnStar RemoteLink mobile app.

Samy Kamkar, who refers to himself as a hacker and whistleblower, posted the video today showing him using a device he calls OwnStar. The device, he said, intercepts communications between GM’s OnStar RemoteLink mobile app and the OnStar cloud service.


Is Cyber-Armageddon Upon Us? 3 Glitches Today Have Some Saying Yes

A trio of cyber incidents this morning had some people seeing cyber-armageddon. We’re looking at you, Senator Bill Nelson (D-Florida).

Following reports this morning that United Airlines had grounded all of its flights worldwide due to a computer problem, and the New York Stock Exchange had also halted all trading due to its own digital problem there were some who wondering mildly if the two were connected in some way. But then the Wall Street Journal web site also went down and the good senator tweeted that the three together had the makings of a major cyberattack…


5 Identity Theft Myths You Should Ignore

According to a Gallup poll, the majority of American consumers are more worried about identity theft than any other issue. This hardly seems surprising, since id theft is the fastest growing crime in the country. Stories about it are constantly in the news, and there has also been a dramatic increase in data breaches over the past year. Additionally, the growth of smartphone and digital use among consumers has made individuals and their personal information more vulnerable to identity theft….


IoT’s dark side: Hundreds of unsecured devices open to attack

A self-described security “amateur” discovered hundreds of Internet-connected devices ranging from cameras to industrial control systems that were connected to the Internet without even basic password protection — meaning they could be easily turned on and off or otherwise manipulated with a single click of a mouse.