locks

now browsing by tag

 
 

Apple #HomeKit #bug made #smart locks #vulnerable to #hacking

Apple #HomeKit #bug made #smart locks #vulnerable to #hacking

The software bug in HomeKit can apparently allow bad actors to control accessories in smart homes.

Following the news of Apple’s recent security flaw in High Sierra OS for Macs, news has broken of a zero-day vulnerability in the firm’s HomeKit.

According to 9to5Mac, a flaw in the current version of iOS 11.2 could theoretically allow unauthorised individuals access to smart accessories such as smart locks and garage doors, using the home automation platform. 9to5Mac described the vulnerability as “difficult to reproduce” and said it also affected other smart accessories such as lights and thermostats.

The issue was not with the smart accessories, but with the HomeKit framework itself, which connects products from a broad range of companies together in a single interface. The details of the vulnerability itself are scant, but it required at least one iPhone or iPad running iOS 11.2 connected to the HomeKit user’s iCloud account.

Apple quick to remedy the HomeKit issue
Apple has released a temporary server-side fix that remedies the issue. On the user end, nothing needs to be done, but they will notice that the ‘remote access to shared users’ feature for HomeKit-connected devices has been disabled temporarily.

A full patch that completely solves the issue will arrive early next week along with the next iOS update.

The discovery of this vulnerability highlights existing concerns around smart home devices, and the general need for more robust protocols in terms of IoT, particularly in a domestic setting.

It also raises questions for Apple in terms of its own security-auditing process for its operating systems and products, especially considering its otherwise positive reputation as a technology vendor and innovator. Bugs are not uncommon in the development process but when it comes to home security, a certain level of trust is required in order to get customers on board.

More than 50 brands worldwide are compatible with HomeKit, including some models of Honeywell thermostats, the August smart lock and Chamberlain MyQ Home Bridge, a garage-door opener.

View full post on National Cyber Security Ventures

Hacking Hotel Locks and Point of Sale Systems with a MagSpoofer – Defcon 24

11

Source: National Cyber Security – Produced By Gregory Evans

Hacking Hotel Locks and Point of Sale Systems with a MagSpoofer – Defcon 24

Several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. Using a Samy Kumkar’s work on mag spoofing, you can inject keystrokes into POS systems just as if you

The post Hacking Hotel Locks and Point of Sale Systems with a MagSpoofer – Defcon 24 appeared first on National Cyber Security.

View full post on National Cyber Security

BMW fixes security flaw that left locks open to hackers

_80724006_478390649

Source: National Cyber Security – Produced By Gregory Evans

The flaw affected models fitted with BMW’s ConnectedDrive software, which uses an on-board Sim card. The software operated door locks, air conditioning and traffic updates but no driving firmware such as brakes or steering, BMW said. No cars have actually been hacked, but the flaw was identified by German motorist association ADAC. ADAC’s researchers found the cars would try to communicate via a spoofed phone network, leaving potential hackers able to control anything activated by the Sim. The patch, which would be applied automatically, included making data from the car encrypted via HTTPS (HyperText Transfer Protocol Secure) – the same security commonly used for online banking, BMW said. “On the one hand, data are encrypted with the HTTPS protocol, and on the other hand, the identity of the BMW Group server is checked by the vehicle before data are transmitted over the mobile phone network,” it said in a statement. This should have already been in place, said security expert Graham Cluley. “You would probably have hoped that BMW’s engineers would have thought about [using HTTPS] in the first place,” he wrote on his blog. “If you are worried that your vehicle may not have received the update (perhaps because […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post BMW fixes security flaw that left locks open to hackers appeared first on National Cyber Security.

View full post on National Cyber Security

New malware puts child porn on your phone and locks it

New malware puts child porn on your phone and locks it

Ransomeware, the malware that was alerted last year is back again 2015. Previously, the malware would lock your smartphone and the hacker would demand a particular amount of money to be transferred to his account in order to unlock your […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security