ring

now browsing by tag

 
 

Ring Flaw Underscores Impact of IoT Vulnerabilities

Source: National Cyber Security – Produced By Gregory Evans

A vulnerability in Amazon’s Ring doorbell cameras would have allowed a local attacker to gain access to a target’s entire wireless network.

A vulnerability in Amazon’s Ring Video Doorbell Pro IoT device could have allowed a nearby attacker to imitate a disconnected device and then sniff the credentials of the wireless networks when the owner reconfigured the device, according to a report issued by security firm Bitdefender.

The issue, which was fixed by Amazon in September, underscores the impact of a single insecure Internet-of-Things device on the organization in which it is deployed. While the vulnerability may only occur in a single network device, the result of the flaw could be leaked information — the wireless network password, for example — which  would have far more serious repercussions.

“IoT is a security disaster, any way you look at it,” says Alexandru Balan, Bitdefender’s chief security researcher. “Security is not the strong suit of IoT vendors — only rarely, do we see vendors who take security seriously.”

The discovery of a serious vulnerability in a popular IoT product comes as businesses and consumers increasingly worry about the impact that such devices may have on their own security. Only about half of security teams have a response plan in place to deal with attacks on connected devices, according to recent report from Neustar. Even critical-infrastructure firms, such as utilities that have to deal with connected operational technology, a widespread class of Internet-of-Things devices, are ill-prepared to deal with vulnerabilities and attacks, the report says.

Vulnerabilities in IoT devices can have serious repercussions. In July, a team of researchers found widespread flaws in the networking software deployed in as many as 200 million embedded devices and found millions more that could be impacted by a variant of the issue in other real-time operating systems.

The issue with Amazon Ring is not as serious but it is a reminder that vulnerabilities can still be easily found in the devices by attackers paying attention, says Balan“We tend to look at the popular devices, and those tend to have better security than the less popular devices,” 

The rest of the Ring device’s communications are encrypted and secure, according to Bitdefender. The mobile application only communicates with the device through the cloud, even if the app and device are already on the same network, the company’s analysis stated. Cloud communications are conducted over encrypted connections to API services using Transport Layer Security (TLS) and certificated pinning. 

The device’s initial connection with the local network is the only time that it sends data without encryption, Balan says. “This is a proximity based attack, so its not that big of a threat on a global scale. You need to be with a hundred meters or so to issue the deauthentication packets and force the user to reset the password.”

The existence of the vulnerability is not an indicator of the commitment of Ring’s security team, Balan adds, noting that within a few days Amazon responded and two months later closed out the report. By September, the company issued a patch — within three months after the initial communication, according to Bitdefender’s disclosure timeline. As of November, all affected devices had been patched, which Balan says is a better outcome then the majority of disclosures that Bitdefender works on with other IoT vendors.

“Amazon is one of the few that take security seriously,” he says. “Inherently everything has some flaw that will be discovered. The only challenge with IoT is whether you take that disclosure seriously.”

The trend that more vulnerabilities are being discovered in popular products is a sign that the manufacturers are paying attention and responding to researchers, Balan observes. “If someone does not have vulnerabilities disclosed in their product, then that is likely the most risky product, from a security perspective. If the vulnerabilities were discovered, then props to them — that’s a good thing.”

Related Content

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “What a Security Products Blacklist Means for End Users and Integrators.”

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

More Insights

Click here for the news story.

The post Ring Flaw Underscores Impact of IoT Vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

2 more members of ATM skimmer ring plead guilty

Source: National Cyber Security – Produced By Gregory Evans

NEWARK– Two men who were among 13 people accused of using secret card readers and pinhole cameras attached to ATMs to obtain banking information pleaded guilty Thursday, the U.S. Attorney’s Office said. Florin Mares, 49, and Gabriel Mares, 44, of College Point, N.Y., pleaded guilty to conspiracy to commit bank…

The post 2 more members of ATM skimmer ring plead guilty appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Identity theft ring bought information online, used student loan website to get $12 million in tax refunds

Source: National Cyber Security – Produced By Gregory Evans

Identity theft ring bought information online, used student loan website to get $12 million in tax refunds

Two people were indicted on federal charges related to a $12 million scam in which they stole identities in order to file fake tax returns and profit from the refunds. Taiwo K. Onamuti, 29, Doraville, Ga., and Muideen A. Adebule, 49, Indianapolis, face 23 federal charges including aggravated identity theft,…

The post Identity theft ring bought information online, used student loan website to get $12 million in tax refunds appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Front Range Identity Theft Ring Busted

Source: National Cyber Security – Produced By Gregory Evans

Front Range Identity Theft Ring Busted

A grand jury indicted 11 people on Wednesday, accused in an elaborate identity theft ring. Prosecutors say the suspects stole mail from victims’ homes along the front range, gathering any personal information they could find. They allegedly used that information to make counterfeit checks, then traded the blank checks for…

The post Front Range Identity Theft Ring Busted appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Central OH group charged with running identity theft ring

Source: National Cyber Security – Produced By Gregory Evans

Central OH group charged with running identity theft ring

A federal grand jury has charged five individuals in an identity theft ring that allegedly used victims’ information to obtain and use new and existing in-store lines of credit at well-known retailers in an indictment returned here yesterday. Benjamin C. Glassman, United States Attorney for the Southern District of Ohio, Frank S. Turner II, Special Agent in Charge, Internal Revenue …

The post Central OH group charged with running identity theft ring appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Additional sex charges raise new concerns of possible trafficking ring

Police forwarded new information to prosecutors that they believe could result with a human trafficking charge being filed against a former Muskogee firefighter who already faces several sex crimes.

Muskogee Police Officer Lincoln Anderson said during a news conference Tuesday the investigative findings have prompted concerns about a possible child pornographic, trafficking ring. Anderson said investigators have identified a second child who is believed to be a victim an another adult co-conspirator.

Zackery Blaine Perry, 30, was charged Jan. 19 with four felonies that included possessing and distributing child pornography, sexual exploitation of a child and crimes against nature. He was charged Monday along with Melissa Skelton, 26, for conspiracy and sexual abuse of a child younger 12 years old — both are being held without bond.

Read More

The post Additional sex charges raise new concerns of possible trafficking ring appeared first on Parent Security Online.

View full post on Parent Security Online

Bayrob Fraud Ring Extradited to US

Source: National Cyber Security – Produced By Gregory Evans

Bayrob Fraud Ring Extradited to US

Symantec is claiming victory after a Romanian fraud ring thought to have made as much as $35 million from their illegal activities was arrested and extradited to the US.
Bogdan Nicolescu (aka “Masterfraud”, aka “mf”); Danet Tiberiu (aka “Amightysa”, aka

The post Bayrob Fraud Ring Extradited to US appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

HACKER-AIDED INSIDER TRADING RING NETS $100 MILLION

Source: National Cyber Security – Produced By Gregory Evans

What do you get when you bring a Ukrainian cyber-criminal gang and crooked Wall Street stock traders, together? A $100 million racket of illegal profits due to an insider trading ring. It was a milestone event for malicious hackers. A unique insider trading ring had American stock market traders and Ukrainian hackers team up to steal (hack) thousands of unpublished corporate press releases, Reuters reports. The result of said trading ring? A staggering $100 million in illegal profits, over five years. Nine people linked to the insider-trading scheme have been charged by prosecutors. Scalping yet another landmark, the criminal charges are the first of their kind for a securities fraud scheme that is directly related to hacked insider information.  Altogether, a lawsuit filed by the U.S. Securities and Exchange Commission bringing civil charges named: 9 individuals from New Jersey and New York City 17 individuals in Russia, Ukraine, and the US. 15 companies in the U.S., Malta, Russia, France and Cyprus. All of the above are said to have profited from the elaborate insider scheme, according to a report from the Associated Press. Source: https://hacked.com/hacker-aided-insider-trading-ring-nets-100-million/

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post HACKER-AIDED INSIDER TRADING RING NETS $100 MILLION appeared first on National Cyber Security.

View full post on National Cyber Security

US busts hacking/insider trading ring

Source: National Cyber Security – Produced By Gregory Evans

NEW YORK (AFP) – An international team of computer hackers and stock traders was charged with pocketing more than $100 million in illicit profits based on stolen market-moving financial information, US officials announced Tuesday. The Department of Justice charged nine people in a criminal conspiracy with pocketing more than $30 million in illegal trades on the pilfered information. A parallel civil case from the US Securities and Exchange Commission listing 32 defendants said the scheme yielded over $100 million in unlawful profits. “This international scheme is unprecedented in terms of the scope of the hacking, the number of traders, the number of securities traded and profits generated,” said SEC Chair Mary Jo White. The conspiracy was engineered by a pair of hackers in Ukraine who successfully penetrated the computer systems of Marketwired, PR Newswire and Business Wire, which distribute press releases for major publicly traded companies, the officials said. The Ukraine-based hackers stole some 150,000 press releases from February 2010 through this year that contained non-public information critical to stock valuation, the DOJ said. Other defendants then “executed profitable trades based on the material nonpublic information contained in the Stolen Releases,” the department said in announcing the criminal indictment. Besides […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post US busts hacking/insider trading ring appeared first on National Cyber Security.

View full post on National Cyber Security

Ramnit Botnet Crime Ring Taken Down By Europol

ENISA_Botnetreport-455x250

Source: National Cyber Security – Produced By Gregory Evans

A major European police operation has taken down a botnet that had been stealing banking data.The operation was co-ordinated by the European Cybercrime Centre at Europol, the European police agency, and also involved a number of technology companies including Microsoft, Symantec and AnubisNetworks. Europol reportedly worked with investigators from the UK, Germany, Italy and the Netherlands to take down the long-running botnet. Indeed, the Ramnit botnet has been going since 2010, and it has been mostly focused on banking fraud as well as stealing cookies and credentials from its victims. Most of the infected computers that made up the Ramnit botnet were apparently located in the United Kingdom, the Guardian quoted Paul Gillen, head of operations at the cybercrime centre, as saying. “We worked together to shut down the command-and-control servers for the network in various countries across the European Union. The criminals have lost control of the infrastructure they were using,” Gillen reportedly said. But Symantec on its blog said that most of the infected PCs were located in India, Indonesia, Vietnam, Bangladesh, the US, and the Philippines. Microsoft on its blog said that it has been monitoring Ramnit since April 2010, and during the last six months it […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Ramnit Botnet Crime Ring Taken Down By Europol appeared first on National Cyber Security.

View full post on National Cyber Security