Friday, March 11, 2016

A Metasploit for the Internet of Things is created

Bruce Schneier said it in his recent chat on the RSA Conference: careful with the Internet of Things because we're playing with an insecure thing. It's proved everyday  by the new discoveries in the Shodan vulnerable devices search engine, from cameras to trucks. Now, two researchers have created a vulnerabilities scanner for the Internet of  Things. We'll talk today about an attack to an anti-DDoS company, the Bangladesh bank robbery and a new way to spy Tor users.
The creators of this scanner, the Internet of Thing Nessus have been the pentesters Julien Moinard and Gwénolé Audic, who have just presented it in the NullCon, in India. They have called it Hardsploit and they want it to be the Swiss penknife for security audits in devices with insecure software. By the way these days the NullCon is giving us more news, like a 0day in Huawei, ZTE, Gemtek and Quanta 3G and 4G routers and modems affecting Million devices.

Attack to Staminus

We go to California where the Staminus firm, specialized in defending companies against DDoS attacks, has suffered a strong attack which forced it to be 20 hours without offering its services and with the website down. According to the journalist Brian Krebs, the bombing would have been accompanied with the client database robbery, including access credentials and credit cards numbers. An ezine showed yesterday in the network, like old school ezines, offered links to the stolen databases.

The dumb-robbery

We expand now the highlight yesterday news: the robbery of 100 million dollars to the Bangladesh Central Bank. Today we know the thieves could have robbed many more, concretely thousand million dollars, but they made a mistake when typing the orders on the last transference: they wrote "fandation"instead of "foundation", which alerted the bank, stopping the transaction. By the way the Bangladesh Bank ensure they recovered part of the stolen money.

Spying Tor

We finish the Friday post and start the weekend with the hacker José Carlos Norte from Barcelona who this weekend has experienced plenty of success proving trucks, buses or ambulances are "hackable". He explains this research in his blog, and there is another news attracting the attention of the international media: it's possible monitoring Tor users by the movements made with their mouses. We suspect José Carlos, whose name has appeared in "Forbes", "Wired" and others won't forget this successful week in his life.

We say goodbye until Monday, placing our readers to visit the Sunday interview to the malware expert Alberto Moro, best known as Mandingo.


Post a Comment