Collaborating Authors

security flaw

Hospital robots face attacks by hackers after security flaws found


Servers that control robots working in hospitals were found to have major gaps in security coding. The robots perform menial tasks like delivering medications and transporting materials across hospitals but could be exploited to do harm. Aethon TUG smart autonomous robots are a cost-effective way for hospitals and other businesses to delegate simple tasks away from busy human employees. They can lift hundreds of pounds, clean floors and execute other maintenance-adjacent tasks. To navigate, the TUG robot uses radio waves to tap into a given hospital's network of motion sensor doors and elevators.

IoT security challenges and common attack types - Dataconomy


IoT security is a subset of information technology that focuses on securing connected devices and internet of things networks. When bad actors search for IoT security flaws, they have a high probability of hacking vulnerable devices. Industrial and equipment connected to them robots have also been hacked. Hackers can alter control-loop settings, interfere with manufacturing logic, and change the robot's status of those devices. While the Internet of Things revolution benefits manufacturers and consumers, it also comes with significant security concerns.

Log4j software bug is 'severe risk' to the entire internet

New Scientist

A major security flaw has been discovered in a piece of software called Log4j, which is used by millions of web servers. The bug leaves them vulnerable to attack, and teams around the world are scrambling to patch affected systems before hackers can exploit them. "The internet's on fire right now," said Adam Meyers at security company Crowdstrike. The problem with Log4j was first noticed in the video game Minecraft but it quickly became apparent that its impact was far larger. The software is used in millions of web applications, including Apple's iCloud.

AI Can Write Code Like Humans--Bugs and All


Some software developers are now letting artificial intelligence help write their code. They're finding that AI is just as flawed as humans. Last June, GitHub, a subsidiary of Microsoft that provides tools for hosting and collaborating on code, released a beta version of a program that uses AI to assist programmers. Start typing a command, a database query, or a request to an API, and the program, called Copilot, will guess your intent and write the rest. Alex Naka, a data scientist at a biotech firm who signed up to test Copilot, says the program can be very helpful, and it has changed the way he works.

Researchers Develop Artificial Skin for Robots NewsGram


HP has issued a security advisory for its Touchpoint Analytics, to fix Bloatware which was said to be containing a security flaw that could let malware gain admin rights and take over vulnerable systems, as noted by security researchers from SafeBreach Labs. HP has released updates this month to address the issue. HP desktop and laptop owners were advised to follow instruction details in the company's security advisory and updated its Touchpoint Analytics client at their earliest convenience, ZDNet reported on Friday. The researchers had found the security flaw in HP Touchpoint Analytics in July, according to the Tech republic. Security researchers at SafeBreach said that they uncovered a new vulnerability which meant every version below was affected by what they found.

Flaw in Apple's iOS makes it easy to use Siri to message ANYONE from a locked iPhone

Daily Mail - Science & tech

Siri just doesn't know when to keep quiet. A security flaw in Apple's digital assistant makes it so that users can easily send a message or make a phone call on someone else's locked device, according to Quartz. All users need to do is take advantage of the'Hey Siri' feature, which activates the digital assistant once those wake words are spoken. Siri just doesn't know when to keep quiet. A security flaw in Apple's digital assistant makes it so that users can easily send a message or make a phone call on someone else's device Apple offers Siri on every iPhone released after the iPhone 6S, which was launched in September 2015.

Smart 'unhackable' car alarms open the doors of 3 million vehicles to hackers


Calling a product "smart" and "unhackable' does not magically make it so, as two of the largest vendors of car alarms in the world have now found out. Viper -- known as Clifford in the United Kingdom -- and Pandora Car Alarm System, which cater for at least three million customers between them, recently became the topic of interest to researchers from Pen Test Partners. On Friday, the cybersecurity researchers published their findings into the true security posture of these so-called smart alarms and found them falling woefully short of the vendors' claims. Not only could compromising the smart alarms result in the vehicle type and owner's details to be stolen, but the car could be unlocked, the alarm disabled, the vehicle tracked, microphones compromised, and the immobilizer to be hijacked. In some cases, cyberattacks could also result in the car engine being killed during use, which in a real-world scenario could result in serious injury or death. As shown in the video below, such bold assertions will only entice cybersecurity experts to prove you wrong. What makes the situation even worse is how easy it was for Pen Test Partners to refute these lofty statements. The discovery of simple, relatively straightforward vulnerabilities in the products' API, known as insecure direct object references (IDORs), permitted the researchers to tamper with vehicle parameters, reset user credentials, hijack accounts, and more. In Viper's case, a third-party company called CalAmp provides the back-end system. A security flaw in the'modify user' API parameter leads to improper validation, which in turn permits attackers to compromise user accounts. The research team found that the same bug could be used to compromise the vehicle's engine system. "Promotional videos from Pandora indicate this is possible too, though it doesn't appear to be working on our car," Pen Test Partners said. "The intention is to halt a stolen vehicle.

WhatsApp confirms worrying security flaw that lets ANYONE bypass Face ID or Touch ID locking feature

Daily Mail - Science & tech

A worrying WhatsApp bug has compromised new privacy controls introduced by the app on iPhones this month. WhatsApp recently introduced new biometric security features that let users lock the app using Face ID or Touch ID. The feature is meant to keep nosy friends from scrolling through your messages when your phone is unlocked. But a Reddit user has discovered a security flaw where anyone can bypass Face ID or Touch ID authentication, even if it's turned on. A worrying WhatsApp bug has compromised new privacy controls introduced by the app on iPhones this month.

Google refutes reported Home Hub security flaw


A security researcher discovered a series of commands that could be used to brick the Google Home Hub. According to Jeremy Gamblin, it's possible to exploit a "undocumented (and amazingly unsecured)" API. It can be used to force the device to reboot or reveal data about a victim's network. Gamblin wrote in a blog post that after he purchased the Google Home Hub and set it up in his home, he noticed a number of open ports being used by the device. Curiosity got the best of him, and he started using the command prompt on his computer to text the smart display's security.

Security flaw in Amazon Echo devices could let hackers spy on you

Daily Mail - Science & tech

A group of security researchers have exposed a flaw in the Amazon Echo that allows hackers to secretly listen to unsuspecting users' conversations - but only if they're savvy enough to be able to carry out the attack. In a presentation dubbed'Breaking Smart Speakers: We are Listening to You,' researchers from Chinese tech giant Tencent explained how they were able to build a doctored Echo speaker and use that to gain access to other Echo devices. The researchers have since notified Amazon of the vulnerability, and the company issued a patch in July. Hackers from Tencent's Blade security research team exposed a flaw in Amazon's Echo smart speaker that would allow someone to secretly spy on others and play random sounds'After several months of research, we successfully break the Amazon Echo by using multiple vulnerabilities in the Amazon Echo system, and [achieve] remote eavesdropping,' the researchers said in the presentation, which was given at the DEF CON security conference, according to Wired. 'When the attack [succeeds], we can control Amazon Echo for eavesdropping and send the voice data through network to the attacker.'