Dispositivos IoT são alvos fáceis: por que a segurança precisa ser prioridade agora

A segurança dos dispositivos da Internet das Coisas (IoT) precisa ser priorizada com seriedade. Esses aparelhos, que têm facilitado o cotidiano em indústrias, cidades e residências, estão rapidamente se integrando à nossa rotina ao redor do mundo. Contudo, esse avanço também atrai a atenção de cibercriminosos em busca de novos alvos. Em 2024, já contabilizamos cerca de 19 bilhões de dispositivos…

Cel mai mare atac DDoS din istorie: 5.6 Tbps – Escaladarea amenințărilor cibernetice în 2024

Pe 29 octombrie 2024, a fost înregistrat cel mai mare atac DDoS (Distributed Denial of Service) din istorie, atingând un volum impresionant de 5.6 Tbps. Lansat de o variantă a infamului botnet Mirai, atacul a vizat un furnizor de servicii Internet (ISP) din Asia de Est și a durat doar 80 de secunde. Acest incident marchează un nou prag în evoluția atacurilor cibernetice, subliniind complexitatea…

The Dark Side of Convenience

According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets.

The most cyberpunk thing on your dash today.

A little explainer on what happened with AO3:

Basically, someone or a group of someones decided to levy a DDoS attack. What this means is that they created a botnet (network of devices controlled by a bot, usually run in the background of an unsecured IoT device or computer being used for other things. Think data mining) to flood the servers with false requests for service.

What this does mean: AO3 might go back down, if the attack is relaunched. These types of attacks are usually used against businesses where traffic = money, thereby costing a company money. This isn't really an issue here since AO3 is entirely donation and volunteer based.

What this doesn't mean: stories, bookmarks, etc will be deleted and your anonymously published works will be linked back to you. No vulnerable points are breached during this process, so unless this group ends up doing something else, no data breaches will happen. You are safe, your content is safe.

"According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business."

I like technology.

somebody mentions a dimmable light bulb and amish tumblr gets all " THAT IS AN IOT DEVICE!! hackers can make botnets out of that!!!! DISPOSE OF IT IMMEDIATELY. Put it in the blender, find the SoC, deepfry it in a NONSEED BASED OIL OMFG GOD YOU SHOULD KNOW THIS and bury it for a full lunar cycle in a churchyard that has never had a child born out of wedlock among its congregation. At the end, exhume it, have it exorcized by a QUALIFIED priest and bury it in a cemetary. go home without looking back and PRAY the hackers can't jerk off while listening to you take PRIVATE loud shits. we all need to do better guys"

rather than

"hehe omg there's bootstrap code. I can have a lil mini botnet in my house" and I think that's a real shame

Author: CrimethInc. Topic: technology

“The future is already here,” Cyberpunk pioneer William Gibson once said; “it’s just not very evenly distributed.” Over the intervening decades, many people have repurposed that quote to suit their needs. Today, in that tradition, we might refine it thus: War is already here—it’s just not very evenly distributed.

Never again will the battlefield be just state versus state; it hasn’t been for some time. Nor are we seeing simple conflicts that pit a state versus a unitary insurgent that aspires to statehood. Today’s wars feature belligerents of all shapes and sizes: states (allied and non-allied), religious zealots (with or without a state), local and expatriate insurgents, loyalists to former or failing or neighboring regimes, individuals with a political mission or personal agenda, and agents of chaos who benefit from the instability of war itself. Anyone or any group of any size can go to war.

The increased accessibility of the technology of disruption and war[1] means the barrier to entry is getting lower all the time. The structure of future wars will sometimes feel familiar, as men with guns murder children and bombs level entire neighborhoods—but it will take new forms, too. Combatants will manipulate markets and devalue currencies. Websites will be subject to DDoS attacks and disabling—both by adversaries and by ruling governments. Infrastructure and services like hospitals, banks, transit systems, and HVAC systems will all be vulnerable to attacks and interruptions.

In this chaotic world, in which new and increasing threats ceaselessly menace our freedom, technology has become an essential battlefield. Here at the CrimethInc. technology desk, we will intervene in the discourse and distribution of technological know-how in hopes of enabling readers like you to defend and expand your autonomy. Let’s take a glance at the terrain.

Privacy

The NSA listens to, reads, and records everything that happens on the internet.

Amazon, Google, and Apple are always listening[2] and sending some amount[3] of what they hear back to their corporate data centers[4]. Cops want that data. Uber, Lyft, Waze, Tesla, Apple, Google, and Facebook know your whereabouts and your movements all of the time. Employees spy on users.

Police[5] want access to the contents of your phone, computer, and social media accounts—whether you’re a suspected criminal, a dissident on a watch list, or an ex-wife.

The business model of most tech companies is surveillance capitalism. Companies learn everything possible about you when you use their free app or website, then sell your data to governments, police, and advertisers. There’s even a company named Palantir, after the crystal ball in The Lord of the Rings that the wizard Saruman used to gaze upon Mordor—through which Mordor gazed into Saruman and corrupted him.[6] Nietzsche’s famous quote, “When you look long into an abyss, the abyss also looks into you,” now sounds like a double transcription error: surely he didn’t mean abyss, but app.

Security

Self-replicating malware spreads across Internet of Things (IoT) devices like “smart” light bulbs and nanny cams, conscripting them into massive botnets. The people who remotely control the malware then use these light bulbs and security cameras to launch debilitating DDoS[7] attacks against DNS providers, reporters, and entire countries.

Hackers use ransomware to hold colleges, hospitals, and transit systems hostage. Everything leaks, from nude photos on celebrities’ phones to the emails of US political parties.

Capital

Eight billionaires combined own as much wealth as the poorest 50% of the world’s population. Four of those eight billionaires are tech company founders.[8] Recently, the President of the United States gathered a group of executives to increase collaboration between the tech industry and the government.[9]

The tech industry in general, and the Silicon Valley in particular, has a disproportionately large cultural influence. The tech industry is fundamentally tied to liberalism and therefore to capitalism. Even the most left-leaning technologists aren’t interested in addressing the drawbacks of the social order that has concentrated so much power in their hands.[10]

War

Nation states are already engaging in cyber warfare. Someone somewhere[11] has been learning how to take down the internet.

Tech companies are best positioned to create a registry of Muslims and other targeted groups. Even if George W. Bush and Barack Obama hadn’t already created such lists and deported millions of people, if Donald Trump (or any president) wanted to create a registry for roundups and deportations, all he’d have to do is go to Facebook. Facebook knows everything about you.

The Obama administration built the largest surveillance infrastructure ever—Donald Trump’s administration just inherited it. Liberal democracies and fascist autocracies share the same love affair with surveillance. As liberalism collapses, the rise of autocracy coincides with the greatest technical capacity for spying in history, with the least cost or effort. It’s a perfect storm.

This brief overview doesn’t even mention artificial intelligence (AI), machine learning, virtual reality (VR), augmented reality (AR), robots, the venture capital system, or tech billionaires who think they can live forever with transfusions of the blood of young people.

Here at the tech desk, we’ll examine technology and its effects from an anarchist perspective. We’ll publish accessible guides and overviews on topics like encryption, operational security, and how to strengthen your defenses for everyday life and street battles. We’ll zoom out to explore the relation between technology, the state, and capitalism—and a whole lot more. Stay tuned.

Footnotes

[1] A surplus of AK-47s. Tanks left behind by U.S. military. Malware infected networked computer transformed into DDoS botnets. Off the shelf ready to execute scripts to attack servers.

[2] Amazon Echo / Alexa. Google with Google Home. Apple with Siri. Hey Siri, start playing music.

[3] What, how much, stored for how long, and accessible by whom are all unknown to the people using those services.

[4] Unless you are a very large company, “data center” means someone else’s computer sitting in someone else’s building.

[5] Local beat cops and police chiefs, TSA, Border Patrol, FBI… all the fuckers.

[6] Expect to read more about Palantir and others in a forthcoming article about surveillance capitalism.

[7] Distributed Denial of Service. More on this in a later article, as well.

[8] Bill Gates, Jeff Bezos, Mark Zuckerberg, Larry Ellison. In fact, if you count Michael Bloomberg as a technology company, that makes five.

[9] In attendance: Eric Trump. Brad Smith, Microsoft president and chief legal officer. Jeff Bezos, Amazon founder and CEO. Larry Page, Google founder and Alphabet CEO. Sheryl Sandberg, Facebook COO. Mike Pence. Donald Trump. Peter Thiel, venture capitalist. Tim Cook, Apple CEO. Safra Catz, Oracle CEO. Elon Musk, Tesla CEO. Gary Cohn, Goldman Sachs president and Trump’s chief economic adviser. Wilbur Ross, Trump’s commerce secretary pick. Stephen Miller, senior policy adviser. Satya Nadella, Microsoft CEO. Ginni Rometty, IBM CEO. Chuck Robbins, Cisco CEO. Jared Kushner, investor and Trump’s son-in-law. Reince Priebus, chairman of the Republican National Committee and White House chief of staff. Steve Bannon, chief strategist to Trump. Eric Schmidt, Alphabet president. Alex Karp, Palantir CEO. Brian Krzanich, Intel CEO.

[10] We’ll explore this more in a later article about “The California Ideology.”

[11] Probably a state-level actor such as Russia or China.

i think that the best safe gift to give to your techie post-op-transhuman system friends is literally just any fancy computer hardware or 2nd hand electronics.

cause the human psyche is like a swarm of bees in that it needs to have lots of nice open space to thrive, and you just know that the moment youve got your brain in that black box and youre on the net; your perception of what "you" is and where it starts and ends expands extremely rapidly. i can only imagine for those of us with many facets each vying for their own full image of personhood the biological form does not allow, this is only more significant so every fancy new graphics card, every disused old pc, every iot gadget allows me to stretch my legs out that more. when you swap limbs out for webspiders and brains for botnets, you'll really have to squirm to get truly comfortable. i bet it takes a lot of gadgets to be able to rest and reach equilibrium. give postbiological virus girls your pc

Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

Source: https://thehackernews.com/2025/05/weekly-recap-zero-day-exploits.html

IoT Security Challenges in India: Protecting Smart Homes & Connected Devices

IoT is transforming the way people live by making their homes smart with devices such as security cameras, smart locks, and voice assistants. In India, IoT technology is adopted at a pace that cyber threats are rising rapidly. With weak security protocols, outdated software, and unawareness, Indian households are vulnerable to cyberattacks. In this blog, we will explore the major IoT security challenges in India and how individuals can safeguard their smart homes and connected devices. If you are looking to strengthen your understanding of cybersecurity, enrolling in a cyber security course can be a game-changer.

The IoT Boom in India

India is witnessing the highest adoption of IoT across homes and businesses. From smart TVs to intelligent thermostats, IoT is revolutionizing life. This booming technology, however, offers a large target size for hackers too who exploit the vulnerability of devices to gain unauthorized access to data.

Fundamental Drivers of IoT Adoption in India:

Increased internet penetration with low-priced data plans

Government initiatives such as Smart Cities Mission and Digital India

Increasing adoption of smart home devices as they become increasingly affordable

Growing application of industrial IoT in health, agriculture, and manufacturing

Chief IoT Security Challenges in India

Poor Authentication & Default Passwords

Most IoT devices have a factory-set password that the user ignores or fails to change. Hackers exploit these default credentials to take over the devices, entry private networks, and crack sensitive information.

Lack of Security Updates & Patches

Most smart devices have limited or no firmware updates, which makes them vulnerable to cyber threats. Many Indian consumers do not check for security updates, leaving their devices susceptible to known exploits.

Data Privacy Concerns

Smart devices collect vast amounts of personal data, from voice recordings to daily routines. Without stringent data protection policies, this information can be misused or leaked by malicious actors.

Botnet Attacks & DDoS Threats

Cybercriminals hijack unprotected IoT devices to form botnets, which are used to launch massive Distributed Denial of Service (DDoS) attacks. These attacks can cripple networks and cause disruptions to online services.

Unsecured Wi-Fi Networks

Many Indian households rely on poorly secured Wi-Fi connections, providing an easy entry point for hackers. Without encryption or strong passwords, attackers can intercept sensitive information and compromise connected devices.

Absence of Specific Cybersecurity Legislation for IoT

India has advanced in data protection with the Digital Personal Data Protection Act, but there is no dedicated IoT security framework. The absence of it leaves the manufacturer to choose cost over security and sell devices which are not so well protected in the market.

How to Secure Smart Homes & Connected Devices

Change Default Credentials

Always change the default usernames and passwords of the IoT after installation. Use strong, unique passwords and implement multi-factor authentication wherever possible.

Update Firmware Periodically

Scan for software and security updates on all smart devices, and install them as soon as they are available. In case your device can no longer get any updates, consider replacing it with a newer version that is at least as secure.

Secure Your Wi-Fi Network

Use a robust Wi-Fi password, and make sure WPA3 encryption is turned on. Limit remote access to your router, and make an IoT-specific network so that those devices can't contaminate your primary network.

Firewall & Security Solutions The use of firewalls and network security solutions monitors traffic and can block malicious activity on IoT networks. 5. Limit Data Sharing & Permissions

Assess permission for smart appliances and reduce or limit the devices from accessing unsecured personal information. De-activate unused add-ons, remote access in devices.

Cyber Security Courses

IoT-based cyber-attacks are minimized if awareness against the threat builds. To boost that awareness further, take time out to become a certified graduate of cyber security by signing for courses in areas like best security practices, principles of ethical hacking, and defending digital systems.

Road Ahead to Improving Indian IoT Security:

The Indian government, device manufacturers, and consumers must take proactive steps to mitigate IoT security risks. Stronger security standards, public awareness, and robust cybersecurity laws are the need of the hour to secure the future of IoT in India.

Conclusion

IoT devices offer incredible convenience but also introduce significant security risks. Protecting smart homes and connected devices requires a combination of best practices, awareness, and robust cybersecurity measures. By staying informed and adopting the right security strategies, individuals can ensure a safer IoT experience.

If you’re passionate about cybersecurity and want to build expertise in protecting digital systems, consider taking a cyber security course to gain hands-on knowledge and skills in ethical hacking, network security, and data protection.

The Federal Bureau of Investigation (FBI), Cyber National Mission Force (CNMF), and National Security Agency (NSA) assess that People’s Republic of China (PRC)-linked cyber actors have compromised thousands of Internet-connected devices, including small office/home office (SOHO) routers, firewalls, network-attached storage (NAS) and Internet of Things (IoT) devices with the goal of creating a network of compromised nodes (a “botnet”) positioned for malicious activity. The actors may then use the botnet as a proxy to conceal their identities while deploying distributed denial of service (DDoS) attacks or compromising targeted U.S. networks.

Integrity Technology Group, a PRC-based company, has controlled and managed a botnet active since mid- 2021. The botnet has regularly maintained between tens to hundreds of thousands of compromised devices. As of June 2024, the botnet consisted of over 260,000 devices. Victim devices part of the botnet have been observed in North America, South America, Europe, Africa, Southeast Asia and Australia.

While devices aged beyond their end-of-life dates are known to be more vulnerable to intrusion, many of the compromised devices in the Integrity Tech controlled botnet are likely still supported by their respective vendors.

FBI, CNMF, NSA, and allied partners are releasing this Joint Cyber Security Advisory to highlight the threat posed by these actors and their botnet activity and to encourage exposed device vendors, owners, and operators to update and secure their devices from being compromised and joining the botnet. Network defenders are advised to follow the guidance in the mitigations section to protect against the PRC-linked cyber actors’ botnet activity. Cyber security companies can also leverage the information in this advisory to assist with identifying malicious activity and reducing the number of devices present in botnets worldwide.

For additional information, see U.S. Department of Justice (DOJ) press release....

like something out of a douglas adams book.

How Secure Are Internet of Things (IoT) Devices in 2025?

From smart homes anticipating your every need to industrial sensors optimizing manufacturing lines, Internet of Things (IoT) devices have seamlessly integrated into our lives, promising unparalleled convenience and efficiency. In 2025, are these interconnected gadgets truly secure, or are they opening up a Pandora's Box of vulnerabilities?

The truth is, IoT security is a complex and often concerning landscape. While significant progress is being made by some manufacturers and regulatory bodies, many IoT devices still pose substantial risks, largely due to a race to market that often prioritizes features and cost over robust security.

The Allure vs. The Alarms: Why IoT Devices Are Often Vulnerable

The promise of IoT is immense: automation, data-driven insights, remote control. The peril, however, lies in how easily these devices can become entry points for cyberattacks, leading to privacy breaches, network compromise, and even physical harm.

Here's why many IoT devices remain a security headache:

Weak Default Credentials & Lack of Updates:

The Problem: Many devices are still shipped with easily guessable default usernames and passwords (e.g., "admin/admin," "user/123456"). Even worse, many users never change them. This is the single easiest way for attackers to gain access.

The Challenge: Unlike smartphones or laptops, many IoT devices lack clear, robust, or frequent firmware update mechanisms. Cheaper devices often receive no security patches at all after purchase, leaving critical vulnerabilities unaddressed for their entire lifespan.

Insecure Network Services & Open Ports:

The Problem: Devices sometimes come with unnecessary network services enabled or ports left open to the internet, creating direct pathways for attackers. Poorly configured remote access features are a common culprit.

The Impact: Remember the Mirai botnet? It famously exploited vulnerable IoT devices with open ports and default credentials to launch massive Distributed Denial of Service (DDoS) attacks.

Lack of Encryption (Data In Transit & At Rest):

The Problem: Data transmitted between the device, its mobile app, and the cloud often lacks proper encryption, making it vulnerable to eavesdropping (Man-in-the-Middle attacks). Sensitive data stored directly on the device itself may also be unencrypted.

The Risk: Imagine your smart speaker conversations, security camera footage, or even health data from a wearable being intercepted or accessed.

Insecure Hardware & Physical Tampering:

The Problem: Many IoT devices are designed with minimal physical security. Easily accessible debug ports (like JTAG or UART) or lack of tamper-resistant enclosures can allow attackers to extract sensitive data (like firmware or encryption keys) directly from the device.

The Threat: With physical access, an attacker can potentially rewrite firmware, bypass security controls, or extract confidential information.

Vulnerabilities in Accompanying Apps & Cloud APIs:

The Problem: The web interfaces, mobile applications, and cloud APIs used to control IoT devices are often susceptible to common web vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), or insecure authentication.

The Loophole: Even if the device itself is somewhat secure, a flaw in the control app or cloud backend can compromise the entire ecosystem.

Insufficient Privacy Protections:

The Problem: Many IoT devices collect vast amounts of personal and sensitive data (e.g., location, habits, biometrics) without always providing clear consent mechanisms or robust data handling policies. This data might then be shared with third parties.

The Concern: Beyond direct attacks, the sheer volume of personal data collected raises significant privacy concerns, especially if it falls into the wrong hands.

Supply Chain Risks:

The Problem: Vulnerabilities can be introduced at any stage of the complex IoT supply chain, from compromised components to insecure firmware inserted during manufacturing.

The Fallout: A single compromised component can affect thousands or millions of devices, as seen with some supply chain attacks in the broader tech industry.

The Elephant in the Room: Why Securing IoT is Hard

Diversity & Scale: The sheer number and variety of IoT devices (from tiny sensors to complex industrial machines) make a "one-size-fits-all" security solution impossible.

Resource Constraints: Many devices are low-power, low-cost, or battery-operated, limiting the computational resources available for robust encryption or security features.

Long Lifespans: Unlike phones, many IoT devices are expected to operate for years, even decades, long after manufacturers might cease providing support or updates.

Patching Complexity: Pushing updates to millions of geographically dispersed devices, sometimes with limited connectivity, is a logistical nightmare.

Consumer Awareness: Many consumers prioritize convenience and price over security, often unaware of the risks they introduce into their homes and networks.

Towards a More Secure IoT in 2025: Your Shield & Their Responsibility

While the challenges are significant, there's a collective effort towards a more secure IoT future. Here's what needs to happen and what you can do:

For Manufacturers (Their Responsibility):

Security by Design: Integrate security into the entire product development lifecycle from day one, rather than as an afterthought.

Secure Defaults: Ship devices with unique, strong, and randomly generated default passwords.

Robust Update Mechanisms: Implement easy-to-use, automatic, and regular firmware updates throughout the device's lifecycle.

Clear End-of-Life Policies: Communicate transparently when support and security updates for a device will cease.

Secure APIs: Design secure application programming interfaces (APIs) for cloud communication and mobile app control.

Adhere to Standards: Actively participate in and adopt industry security standards (e.g., ETSI EN 303 645, IoT Security Foundation guidelines, PSA Certified). Regulatory pushes in Europe (like the Cyber Resilience Act) and elsewhere are driving this.

For Consumers & Businesses (Your Shield):

Change Default Passwords IMMEDIATELY: This is your absolute first line of defense. Make them strong and unique.

Network Segmentation: Isolate your IoT devices on a separate Wi-Fi network (a "guest" network or a VLAN if your router supports it). This prevents a compromised IoT device from accessing your main computers and sensitive data.

Keep Firmware Updated: Regularly check for and apply firmware updates for all your smart devices. If a device doesn't offer updates, reconsider its use.

Disable Unused Features: Turn off any unnecessary ports, services, or features on your IoT devices to reduce their attack surface.

Research Before You Buy: Choose reputable brands with a track record of security and clear privacy policies. Read reviews and look for security certifications.

Strong Wi-Fi Security: Ensure your home Wi-Fi uses WPA2 or, ideally, WPA3 encryption with a strong, unique password.

Be Mindful of Data Collected: Understand what data your devices are collecting and how it's being used. If the privacy policy isn't clear or feels invasive, reconsider the device.

Physical Security: Secure physical access to your devices where possible, preventing easy tampering.

Regular Monitoring (for Businesses): Implement tools and processes to monitor network traffic from IoT devices for unusual or suspicious activity.

In 2025, the convenience offered by IoT devices is undeniable. However, their security is not a given. It's a shared responsibility that demands both diligence from manufacturers to build secure products and vigilance from users to deploy and manage them safely.

#Ciberseguridad - Alerta en Argentina, más de 10 millones de ataques a dispositivos conectados en 2024

Kaspersky ha detectado una nueva versión del botnet Mirai, dirigida a dispositivos del Internet de las Cosas (IoT), con actividad observada a nivel global y también en Argentina. En este país, investigadores del equipo Global Research and Analysis Team (GReAT) de la compañía registraron más de 10 millones de ataques a dispositivos IoT durante 2024, un aumento que se relaciona con la actividad de…