The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.
A Brazilian ISP appears to have deployed routers without a Telnet password for nearly 5,000 customers, leaving the devices wide open to abuse.
An unidentified hacker has breached Bycyklen —Copenhagen's city bikes network— and deleted the organization's entire database, disabling the public's access to bicycles over the weekend.
Security researchers have discovered the first IoT botnet malware strain that can survive device reboots and remain on infected devices after the initial compromise.
An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.
Microsoft engineers have started working on a new project codenamed TCPS —short for Trusted Cyber Physical Systems— that is intended to provide a hardened system for securing Internet of Things (IoT) and Industrial Control Systems (ICS) devices.
Officials from the city of Innsbruck in Austria have shut down a local ski lift after two security researchers found its control panel open wide on the Internet, and allowing anyone to take control of the ski lift's operational settings.
Yesterday, at the RSA 2018 security conference, Microsoft announced a new security-focused product named Azure Sphere. According to Microsoft chief financial officer Brad Smith, Microsoft created Azure Sphere for the sole purpose of securing Internet of Things (IoT) devices.
Firmware updates are available for a wide range of security flaws that are bound to cause a lot of problems on the IoT landscape.
The Linux Foundation announced a new project called ACRN (pronounced "acorn") that will provide generic code for the creation of hypervisors for IoT devices.
Academics from the University of Michigan have shown that one single malicious car could trick US-based smart traffic control systems into believing an intersection is full and force the traffic control algorithm to alter its normal behavior, and indirectly cause traffic slowdowns and even block street intersections.
Vulnerabilities in the Mi-Cam smart baby monitor allow hackers to hijack video feeds from all devices, located anywhere in the world.
Similar vulnerabilities affect some Sonos and Bose smart speakers that allow hackers to take over devices, collect data on users, and even make devices to play desired audio tracks.
Here's something to be cheery on Christmas Day —a vulnerability affecting a web server that's been embedded in hundreds of thousands of IoT devices.
The author of the BrickerBot malware has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016.
Researchers find three vulnerabilities in an IoT safe that can be exploited to acquire the safe's PIN code, pair with the device, and open the safe.
A month after Amazon launched Amazon Key, security experts have already identified a flaw in the device's mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded.
Logitech will intentionally brick all Harmony Link universal hubs next year, on March 16, 2018. The company has emailed all Harmony Link customers with the bad news.
LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices.