Friday, July 23, 2021

Smart Doorbells Are Open to Various Security Flaws

Must Read

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on...

NetWire and Remcos Trojan targeted US taxpayers

Investigators have analyzed an effective campaign targeted by US taxpayers to distribute both NetWire and Remcos Trojans. The tax season...

Twitter hires hacker ‘Mudge’ as its head of security

Twitter has been facing cybersecurity-related concerns lately. To that end, the social media giant has appointed one of the...

A consumer rights group has discovered security vulnerabilities from 11 popular smart doorbell products on just two of the planet’s greatest online marketplaces.

Which? Enlisted the support of investigators in NCC Group to conduct tests on the wise devices they discovered on eBay and Amazon, a lot of which had dozens of five-star evaluations, were advocated as”Amazon’s Choice,” or onto a bestsellers list.

Normal issues contained: weak password policies, meaning hackers might suspect that the factory defaults to ditch the apparatus; excess data collection, and absence of information encryption, meaning robots may raise Wi-Fi password information to hijack different devices in your home network.

The Victure VD300 was discovered to be sending unencrypted information including Wi-Fi name and password used to servers in China, whereas the Qihoo 360 D819 saved video files in unencrypted format and may even be removed from the wall using a SIM-card ejector instrument, Which? said.

Another unnamed device analyzed by NCC Group featured the notorious KRACK vulnerability, which could allow attackers to violate WPA-2 safety to catch home community passwords.

The united kingdom government is introducing new laws meant to boost baseline safety of customer IoT products marketed in the nation. Including a mandate for makers to make sure they all have special passwords a public point of contact for exposure management along a definite time period where security upgrades will be provided.

But not all the flaws listed above could be fixed by law. Which?

Meanwhile, Amazon asserted it needs all goods offered online to obey applicable legislation and regulations and has”developed state-of-the-art tools to stop dangerous or non-compliant goods from being recorded in our shops.”

E-commerce giant eBay said it instantly removes any merchandise found to violate its security criteria.

“These listings don’t violate our security criteria but represent specialized product problems which need to be addressed with the vendor or maker,” it stated of this report. And the vendors so the problems could be addressed.”

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This