< ciso
brief />
Tag Banner

All news with #iot security tag

96 articles

Yarbo robot mower backdoor exposes devices

πŸ› οΈ Independent researcher Andreas Makris discovered a universal hardcoded root password and permanent remote-access mechanism in Yarbo robotic mowers that allowed him to control thousands of units remotely. He demonstrated the flaw by hijacking a mower in the U.S. from Germany, showing how attackers could steer the machine, access cameras, and extract owner data. Yarbo has issued updates and plans to make remote access opt-in, but owners should install patches and follow basic IoT security hygiene.
read more β†’

AWS releases IoT Device SDK for Swift across platforms

πŸ”’ The AWS IoT Device SDK for Swift is now generally available, enabling Swift developers to build secure, scalable IoT applications natively on Apple platforms (macOS, iOS, tvOS) and Linux. The SDK fills a prior gap in native Swift support for AWS IoT services and provides production-ready APIs for teams managing device fleets and cross-platform Apple ecosystem solutions. It integrates service clients for AWS IoT Device Shadow, Jobs, and Fleet Provisioning and includes built-in TLS 1.3 support on Apple platforms. Install via Swift Package Manager and consult the documentation and GitHub samples to get started.
read more β†’

Canada’s Spy Agency Uses Court Warrant to Disrupt Botnets

πŸ›‘οΈ The Federal Court authorized the Canadian Security Intelligence Service to reach into infected servers, SOHO routers, and IoT devices on Canadian soil to neutralize two foreign-run botnets. The public ruling, released June 15, confirms CSIS used its threat reduction warrant powers for the first time to alter, degrade, and destroy botnet data while ensuring the operation targeted devices rather than people. The court found the threat imminent and proportional, but redactions leave the precise foreign actor(s) unidentified.
read more β†’

AryStinger malware converts legacy routers into relays

πŸ” QiAnXin XLab has identified a new malware family named AryStinger that has infected at least 4,300 legacy home routers, turning them into a distributed reconnaissance and proxy network rather than a typical DDoS botnet. The campaign targets routers using Realtek RTL819X chips via old vulnerabilities (CVE-2013-3307, CVE-2016-5681) and favors D-Link DIR-850L units, with infections concentrated in South Korea and China. A second strain targeting QNAP NAS devices via CVE-2025-11837 was also observed; both builds support scanning, tunneling, and remote task execution. Defenders are advised to check for C2 connections, suspicious binaries and processes, retire unsupported devices, and disable remote administration.
read more β†’

Bluetooth flaws in Apollo Pharmacy glucose monitor

πŸ”’ CISA warns that the Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT suffers from vulnerabilities allowing cleartext transmission of sensitive data and missing authorization. An attacker within BLE range can passively intercept glucose readings or monopolize the device's single BLE connection, blocking legitimate users. Users are urged to follow Bluetooth security guidance and contact Apollo Pharmacy for vendor-specific information.
read more β†’

AVer PTC Camera Remote Code Execution Advisory

πŸ”’ AVer PTC500S, PTC115, PTC500+, and PTC115+ cameras contain an input validation flaw that could permit unauthenticated remote arbitrary code execution via a crafted web request. Affected devices are rated CVSS v3 9.8 and relate to CWE-552 Files or Directories Accessible to External Parties. AVer has released firmware to address the issue and CISA advises minimizing network exposure, placing devices behind firewalls, and using secure remote access methods such as updated VPNs.
read more β†’

Brickcom Camera Flaw Allows Unauthenticated Video Access

πŸ”’ The advisory describes vulnerabilities in Brickcom cameras that permit unauthenticated attackers to access live snapshots via the /ONVIF endpoint and exploit default credentials to obtain administrative control. CISA reports vendor non-coordination and urges users to contact Brickcom for support while following defensive measures. Recommended mitigations include isolating devices behind firewalls, minimizing internet exposure, and using secure remote access methods such as updated VPNs.
read more β†’

Yarbo MQTT Credentials and Authorization Flaw

πŸ”’ Yarbo mobile apps and cloud infrastructure expose hard-coded MQTT broker credentials and lack per-device authorization, enabling broad access to telemetry and command topics across the robot fleet. The vulnerability allows wildcard subscription to telemetry and publishing to individual robot command topics using only a serial number. Yarbo recommends updating the mobile app to 3.17.4 or later; server-side broker authorization will be enforced with the May 2026 update. CISA advises network restrictions, isolation behind firewalls, and use of secure remote access methods while organizations perform risk assessments.
read more β†’

Critical IoT Platform Flaws Enable Device Takeover

πŸ”’ CISA published an advisory on multiple critical vulnerabilities in the Naxclow IoT Platform that allow device impersonation, credential exposure, and fleet enumeration. A replayable onboarding flow and inadequate authorization let attackers reassign devices, while persistent, non-rotating relay credentials enable long-term access. Additional weaknesses include a hard-coded platform salt for request signing, predictable device identifiers, and cleartext Wi‑Fi secrets exposed via UART.
read more β†’

China-linked JDY botnet accelerates enterprise risk

πŸ” Lumen’s Black Lotus Labs reports a China-linked botnet called JDY has grown to over 1,500 compromised SOHO and IoT devices used to rapidly discover and fingerprint internet-facing systems after public vulnerability disclosures. The activity, tied to nation-state actors including Volt Typhoon, enables persistent, distributed reconnaissance that can evade geofencing and IP-reputation controls. Researchers warn this marks a shift toward industrialized pre-exploitation scanning and undermines traditional perimeter patch and monitoring assumptions.
read more β†’

Research shows free apps turn smart TVs into proxies

πŸ” A reverse-engineered iOS SDK from Bright Data reveals free apps can turn devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic. The SDK, embedded behind opt-in screens, uses peer channels with weak authentication and can bypass VPNs on iOS, allowing background relays that consume home bandwidth. Blocking a handful of SDK domains at the router or scanning apps on managed devices can stop the behavior.
read more β†’

AWS IoT Device Management adds MQTT session visibility

πŸ”§ AWS IoT Device Management now surfaces MQTT session data in its connectivity status API, helping teams troubleshoot device connectivity and audit connection patterns across IoT fleets. The update provides session timeout and expiry values and, optionally, socket-level details like source/destination IPs, ports, and client VPC endpoint IDs. Access to socket information is controlled by granular IAM policies. The API keeps connection records indefinitely, exceeding the 30-minute retention of AWS IoT Core's GetConnection API.
read more β†’

AWS IoT Core adds Ping and AuthNError logs

πŸ” AWS IoT Core now emits two new Amazon CloudWatch Log event types to help troubleshoot device connectivity and authentication across IoT fleets. The Ping log captures MQTT Keep‑alive messages to identify connections or devices that fail to maintain connectivity. The Connection.AuthNError log records rejected connection attempts with detailed error codes to speed resolution of credential and certificate issues. Enable event-level logging and choose a CloudWatch log group, then opt into these event types; they are available in all AWS Regions where AWS IoT Core operates.
read more β†’

AWS IoT Core adds MQTT connection management APIs

πŸ”§ AWS IoT Core introduces two MQTT connection management APIs: GetConnection and ListSubscriptions. These APIs provide detailed visibility into device MQTT connections and subscriptions, including session details and optional socket-level data, controlled by granular IAM policies. They complement the existing DeleteConnection API to offer a fuller connection management capability available in all supported AWS regions.
read more β†’

AWS IoT Core adds point-to-point direct messaging

πŸ”” AWS IoT Core now supports direct point-to-point messaging to any connected device, enabling delivery acknowledgements and improved visibility into message status. The new SendDirectMessage API lets you send messages directly to a device and optionally receive delivery confirmations. Delivery acknowledgements produce detailed API response codes and Amazon CloudWatch Logs for diagnostics. Direct messaging is available in all regions where AWS IoT Core operates, including Amazon China and AWS GovCloud (US).
read more β†’

Critical unauthenticated password reset in KMW cameras

πŸ”’ The advisory details a critical vulnerability in KMW CCTV Security Cameras that allows an unauthenticated attacker to reset the administrator password to a known value, granting full access to camera feeds and settings. Vendor firmware (KM-IP421) is available to address the issue, though it may require re-authorizing cloud P2P connections. CISA urges network segmentation, restricted internet access, regular firmware updates, and other defensive measures to reduce exposure.
read more β†’

XCharge C6 charger firmware and access vulnerabilities

πŸ”’ CISA reports critical vulnerabilities in the XCharge C6 electric vehicle charging controller that could allow attackers to gain administrator rights or execute arbitrary code. A firmware update mechanism lacks signature validation, a stack-based buffer overflow exists in signal processing, and a management service exposes default credentials over the charging interface. XCharge has deployed updates for affected units; users should contact XCharge Support for details.
read more β†’

Frontier X2 BLE Authentication Vulnerability Alert

πŸ”’ The Frontier X2 wearable and its companion Frontier X mobile app are affected by a vulnerability allowing unauthenticated BLE read/write access to critical GATT characteristics, enabling attackers in range to control device functions and inject fabricated health telemetry. Fourth Frontier is developing a fix; users should contact the vendor for assistance and connect the device to only one app at a time. CISA recommends isolating control networks, minimizing exposure, using secure remote access, and following ICS defensive best practices to reduce exploitation risk.
read more β†’

Hard-coded Credentials in USR-W610 Converter Exposed

πŸ”’ The USR-W610 RS232/485 to Wi‑Fi/Ethernet Converter from Jinan USR IOT Technology Limited contains plaintext administrative credentials embedded in its firmware. These hard-coded credentials can be extracted through firmware analysis and used to authenticate to device services, enabling potential administrator access. CISA reports no confirmed public exploitation and encourages users to contact the vendor and apply updates where available. Mitigations include network segmentation, firewalling, and using secure remote access methods such as VPNs with current updates.
read more β†’

Researchers Demonstrate Person Identification via Wi‑Fi

πŸ“‘ Researchers show WiFi signals can reveal people and environments by analyzing how radio waves reflect, scatter, and absorb compared with expected patterns. WiFi sensing uses these variations to infer spatial structure and presence, effectively creating an image of surroundings and occupants. Thorsten Strufe of KIT explains it functions like a camera, but with radio waves instead of light, enabling recognition through signal propagation analysis.
read more β†’