| Domain |
Report |
Submitter |
Submitted On |
|
Home Automation
|
A thermostat in a town house owned by US Chamber of Commerce on Capitol Hill was communicating with an Internet address in China.
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Office
|
HP printers reported vulnerable. Weaknesses within the firmware update process allows the attacker to make arbitrary modifications to the NVRAM contents of the device. Attacks can be delivered over the network, either directly or through a print server (active attack) or as hidden payloads within documents (reflexive attack).
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
General/Other
|
Non-IoT devices (e.g. tea kettle, refrigerator) contain capability to connect to IoT and create trouble.
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
General/Other
|
IoT enabled devices (e.g. routers, multimedia, television) contain malware.
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Smart Cities
|
Traffic control sensors vulnerable to hacking
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Smart Homes
|
Network connected smart LED light bulbs vulnerable to attack
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Smart Homes
|
Smart power meters vulnerable
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Infrastructure
|
SCADA Gateway contains hardcoded credentials
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Environmental
|
Environmental sensor bundle submerged by unusually high tide.
>> more
|
Phil Laplante
|
16 Jul 2015 |
|
Smart Homes
|
Beacon hacking
>> more
|
Phil Laplante
|
15 Jul 2015 |
|
Automotive
|
In vehicle to vehicle communications, module spoofing on HB Tri. This was a localized CAN network issue, offending module, affected the OAT and overhead display. Someone was intermittently injecting a bad value, under an incorrect ID, and this was throwing everything off.
It was the WMR, or WMF.
>> more
|
Phil Laplante
|
16 Jul 2015 |
|
Entertainment
|
"Fisher-Price's Smart Toy, a Wi-Fi-enabled stuffed animal, was vulnerable to a remote flaw. An attacker could trick the web service (API) to send requests that shouldn't be authorized. From there, an attacker could allow easily find all customers -- whose accounts were associated with a unique sequential integer -- and associated children's profiles, and have wide access to create, edit, or delete children's profiles on a customer's account." http://www.zdnet.com/article/two-newly-discovered-security-flaws-light-fire-under-internet-of-things-again/
>> more
|
Anonymous |
08 Feb 2016 |
|
General/Other
|
"HereO, a smart GPS watch designed for children, similarly took advantage of a flaw in how the watch authenticates with its web service. The flaw, which relied on tricking a family's group into accepting a request to join their group, could let an attacker have access to every family member's location and location history." http://www.zdnet.com/article/two-newly-discovered-security-flaws-light-fire-under-internet-of-things-again/
>> more
|
Anonymous |
08 Feb 2016 |