Get subscribed to our newsletter
Get interesting updates to your email inbox.
Security and technology researchers on Wednesday warned that cyber criminals could exploit an Internet of Things (IoT) network – smart light bulbs and their control bridge — to launch attacks on conventional computer networks in homes, businesses or even smart cities.
The researchers from cybersecurity firm Check Point discovered vulnerabilities in the communication protocol used by Philips Hue smart lightbulbs — a marquee smart home device that relies on the Zigbee protocol.
The research, which was done with the help of the Check Point Institute for Information Security (CPIIS) in Tel Aviv University, Israel was disclosed to Philips and Signify (owner of the Philips Hue brand) in November 2019.
Signify confirmed the existence of the vulnerability in their product, and issued a patched firmware version (Firmware 1935144040) which is now via an automatic update.
For the study, the researchers focused on the Philips Hue smart bulbs and bridge, and found vulnerabilities (CVE-2020-6007) that enabled them to infiltrate networks using a remote exploit in the ZigBee low-power wireless protocol that is used to control a wide range of IoT devices.
The researchers used the Hue lightbulb as a platform to take over the bulbs’ control bridge and ultimately, attacking the target’s computer network.
The more recent hardware generations of Hue lightbulbs do not have the exploited vulnerability, the study said.
“Many of us are aware that IoT devices can pose a security risk, but this research shows how even the most mundane, seemingly ‘dumb’ devices such as lightbulbs can be exploited by hackers and used to take over networks, or plant malware,” said Yaniv Balmas, Head of Cyber Research, Check Point Research.
“It’s critical that organisations and individuals protect themselves against these possible attacks by updating their devices with the latest patches and separating them from other machines on their networks, to limit the possible spread of malware. In today’s complex fifth-generation attack landscape, we cannot afford to overlook the security of anything that is connected to our networks,” Balmas said.
In an attack scenario that the researchers unravelled, the hacker controls the bulb’s colour or brightness to trick users into thinking the bulb has a glitch. The bulb appears as ‘unreachable’ in the user’s control app, so they will try to ‘reset’ it.
The only way to reset the bulb is to delete it from the app, and then instruct the control bridge to re-discover the bulb.
The bridge discovers the compromised bulb, and the user adds it back onto their network.
The hacker-controlled bulb with updated firmware then uses the ZigBee protocol vulnerabilities to trigger a heap-based buffer overflow on the control bridge, by sending a large amount of data to it.
This data also enables the hacker to install malware on the bridge – which is in turn connected to the target business or home network.
The malware connects back to the hacker and using a known exploit (such as EternalBlue), they can infiltrate the target IP network from the bridge to spread ransomware or spyware.
“We recommend users to make sure that their product received the automatic update of this firmware version,” Check Point said. (IANS)
WASHINGTON — U.S. federal law enforcement agencies and Europol announced dozens of arrests to break up a global operation that sold illegal drugs using a shadowy realm of the internet.
At a Department of Justice news conference Tuesday in Washington, officials said they arrested 150 people for allegedly selling illicit drugs, including fake prescription opioids and cocaine, over the so-called darknet. Those charged are alleged to have carried out tens of thousands of illegal sales using a part of the internet that is accessible only by using specialized anonymity tools.
The 10-month dragnet called "Operation HunTor" — named after encrypted internet tools — resulted in the seizure of 234 kilograms of drugs, including amphetamines, cocaine and opioids worth more than $31 million. Officials said many of the confiscated drugs were fake prescription pills laced with the powerful synthetic opioid fentanyl. The counterfeit tablets are linked to a wave of drug overdoses.
"This international law enforcement operation spanned across three continents and sends one clear message to those hiding on the darknet peddling illegal drugs: there is no dark internet," said U.S. Deputy Attorney General Lisa Monaco.
Deputy Attorney General Lisa Monaco speaks during a news at the Department of Justice in Washington, Oct. 26, 2021. Photo credit: VOA
Investigators rounded up and arrested 65 people in the United States. Other arrests occurred in Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, and the United Kingdom. In addition to counterfeit medicine, authorities also confiscated more than 200,000 ecstasy, fentanyl, oxycodone, hydrocodone, and methamphetamine pills.
"We face new and increasingly dangerous threats as drug traffickers expand into the digital world and use the darknet to sell dangerous drugs like fentanyl and methamphetamine," said Anne Milgram, administrator of the Drug Enforcement Administration (DEA). "We cannot stress enough the danger of these substances."
The international police agency Europol worked alongside the U.S. Justice Department's Joint Criminal Opioid and Darknet Enforcement team.
"No one is beyond the reach of the law, even on the dark web," said Jean-Philippe Lecouffe, Europol's deputy executive director.
The dark web is preferred by criminal networks who want to keep their internet activities private and anonymous. In this case, it served as a platform for illegal cyber sales of counterfeit medication and other drugs that were delivered by private shipping companies.
Investigators said the fake drugs are primarily made in laboratories in Mexico using chemicals imported from China. Prosecutors also targeted drug dealers who operated home labs to manufacture fake prescription pain pills.
FBI Deputy Director Paul Abbate, second from left, speaks during a news conference at the Department of Justice in Washington, Oct. 26, 2021. Photo credit: VOA
"Those purchasing drugs through the darknet often don't know what they're getting," Associate Deputy FBI Director Paul Abbate said. The joint investigation followed enforcement efforts in January in which authorities shut down "DarkMarket," the world's largest illegal international marketplace on the dark web.
Last month, the DEA warned Americans that international and domestic drug dealers were flooding the country with fake pills, driving the U.S. overdose crisis. The agency confiscated more the 9.5 million potentially lethal pills in the last year.
More than 93,000 Americans died from drug overdoses in 2020, the highest number on record, according the U.S. Centers for Disease Control. U.S. health officials attribute the rise to the use of fentanyl, which can be 100 times more potent than morphine.
U.S. officials said investigations are continuing and more arrests are expected. (VOA/RN)
(This article is originally wriiten by Chris Simkins)
Keywords: Drug Vendors, Investigation, DEA, Illegal purchase, Police Operation, Internet
Facebook-owned WhatsApp may soon ask users to verify their identity to make payments on the platform. According to XDA Developers, new strings spotted in the latest WhatsApp beta release suggest that the messenger will require users to upload verification documents to continue using payments on WhatsApp. Currently, when users set up WhatsApp Pay in India, the service only verifies the phone number linked to your bank account to enable UPI-based transactions. In Brazil, the messenger uses Facebook Pay to validate users' credit or debit cards to facilitate payments.
At the moment, the service doesn't require users to submit any identity verification documents to make payments. However, that might change soon, the report said. WhatsApp v188.8.131.52 beta includes a few new strings which suggest that users might have to submit identity verification documents to continue using payments.
The identity verification might be limited to those who use WhatsApp Pay to receive payments for their businesses. UPI-based apps, like Google Pay, PhonePe and even WhatsApp Pay don't require users to submit any documents to transfer or receive money. However, wallet apps like PayTM do ask for KYC verification as per RBI guidelines.
WhatsApp is yet to make an official announcement regarding this change. Since the new strings have just made their way to the beta version, it might be a while before the company reveals any details, the report said. (IANS/ MBI)
Keywords: WhatsApp, UPI, payments, verify, identity, documents
By Rajesh U. Pandya
Although the world is recovering from coronavirus pandemic, we must not lower our guards and stay alert when it comes to hand hygiene to curb the spread of the deadly virus. But are we paying sufficient attention to our nail hygiene? Our nails are the index of well-being for our entire body. The manifestations of several critical diseases were first detected within the dirty nails.
The ignorance towards our nails becomes the breeding ground of harmful bacteria. These germs enter our body through our hands because in India we eat through our bare hands. Therefore, nail hygiene is crucial and without it hand hygiene is incomplete.
Practising good nail hygiene involves following a systematic process to ensure the longevity of our nail health. It includes ensuring that food particles, dirt and dust are not sticking to our nails and there is no build-up of nail bacteria. Thankfully, contrary to popular belief, it is not that difficult to maintain good nail hygiene. A little diligence, awareness and attention are sufficient to keep our nails healthy.
Avoiding nail hygiene makes you prone to viral infections
Due to constant negligence towards the cleanliness of the nails, many serious issues like bacterial and viral infections arise. Often these lead to serious health problems. Our hand hygiene is not perfect till the time we clean the undersides of our nails besides washing hands regularly. Most people don't mind sharing nail clippers with others. This is however an extremely unhygienic practice. When we don't share any of our personal hygiene products then why do we share our nail clippers? Nails harbour abundant germs, bacteria and viruses and sharing nail clippers is equivalent to exchanging those microorganisms.
Nails harbour abundant germs, bacteria and viruses and sharing nail clippers is equivalent to exchanging those microorganisms.| Photo by CDC on Unsplash
Keep fingernails dry and clean
It prevents bacterial and fungal infections from growing under our nails. It has been observed that prolonged exposure to water can break nails. It is always recommended to wear cotton-lined rubber gloves when washing dishes, cleaning or using harsh chemicals. In order to follow good nail hygiene, we have to be careful about our nail care products. Use a sharp stainless-steel nail clipper with a grime remover, that can remove the hidden germs and grime below the nails. Trim nails straight, then round the tips into a gentle curve. Always wash hands and under nails with soap and water after a nail clipping session.
Always wash hands and under nails with soap and water after a nail clipping session. Photo by rashid khreiss on Unsplash
Keep hands and nails moisturized to avoid the cuticles from overgrowing. Frequent use of nail paint remover, hand sanitisers and harsh soaps can result in the dryness of cuticles along with nails. Keep nails short, trim them regularly and wash hands for at least 20 seconds and then moisturize them, This will make the chance of diseases slimmer and can prevent any kind of viruses. KAI India nail clipper comes with unique features like 100 per cent stainless steel, nail filer, grime remover, nail tray and non-chromium coating making them safe and most effective for maintaining proper nail hygiene.
Here are some of the more ways through which we can keep our nail hygiene intact, thereby protecting it from the damage to nails:
* Stay away from chewing fingernails: It has the potential of damaging the nail bed as a minor cut can cause infection. Moreover, when we bite our nails, germs enter our mouths directly.
* Be gentle towards hangnails: Never pull off your hangnails. Rather, be gentle towards them and carefully clip them off. Stop using those products which are harsh on nails. Always go for acetone-free products.
* Go for a regular nail checkup: If you have a persistent nail problem, consult a doctor or dermatologist for an evaluation.
* Do not share: Try not to share your nail clipper, as they contain germs. Wash the nail clipper with lukewarm water and wipe with a soft cloth. (IANS/ MBI)
Keywords: Nails, hygiene, covid, clipper, products, infections