A CSV representation of the displayed failures (all pages) can be downloaded here.


Viewing all 13 reports

Domain Report Submitter Submitted On
Home Automation A thermostat in a town house owned by US Chamber of Commerce on Capitol Hill was communicating with an Internet address in China.  >> more Phil Laplante 15 Jul 2015
Office HP printers reported vulnerable. Weaknesses within the firmware update process allows the attacker to make arbitrary modifications to the NVRAM contents of the device. Attacks can be delivered over the network, either directly or through a print server (active attack) or as hidden payloads within documents (reflexive attack).  >> more Phil Laplante 15 Jul 2015
General/Other Non-IoT devices (e.g. tea kettle, refrigerator) contain capability to connect to IoT and create trouble.  >> more Phil Laplante 15 Jul 2015
General/Other IoT enabled devices (e.g. routers, multimedia, television) contain malware.  >> more Phil Laplante 15 Jul 2015
Smart Cities Traffic control sensors vulnerable to hacking  >> more Phil Laplante 15 Jul 2015
Smart Homes Network connected smart LED light bulbs vulnerable to attack  >> more Phil Laplante 15 Jul 2015
Smart Homes Smart power meters vulnerable  >> more Phil Laplante 15 Jul 2015
Infrastructure SCADA Gateway contains hardcoded credentials  >> more Phil Laplante 15 Jul 2015
Environmental Environmental sensor bundle submerged by unusually high tide.  >> more Phil Laplante 16 Jul 2015
Smart Homes Beacon hacking  >> more Phil Laplante 15 Jul 2015
Automotive In vehicle to vehicle communications, module spoofing on HB Tri. ┬áThis was a localized CAN network issue, offending module, affected the OAT and overhead display. ┬áSomeone was intermittently injecting a bad value, under an incorrect ID, and this was throwing everything off. It was the WMR, or WMF.  >> more Phil Laplante 16 Jul 2015
Entertainment "Fisher-Price's Smart Toy, a Wi-Fi-enabled stuffed animal, was vulnerable to a remote flaw. An attacker could trick the web service (API) to send requests that shouldn't be authorized. From there, an attacker could allow easily find all customers -- whose accounts were associated with a unique sequential integer -- and associated children's profiles, and have wide access to create, edit, or delete children's profiles on a customer's account." http://www.zdnet.com/article/two-newly-discovered-security-flaws-light-fire-under-internet-of-things-again/  >> more Anonymous 08 Feb 2016
General/Other "HereO, a smart GPS watch designed for children, similarly took advantage of a flaw in how the watch authenticates with its web service. The flaw, which relied on tricking a family's group into accepting a request to join their group, could let an attacker have access to every family member's location and location history." http://www.zdnet.com/article/two-newly-discovered-security-flaws-light-fire-under-internet-of-things-again/  >> more Anonymous 08 Feb 2016