A look at some of the top stories this week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
How to Hack Alexa with a Laser Pointer (New York Times)
We all know laser pointers can hijack a house cat’s attention - but it turns out they can do much more. Researchers in Japan and at the University of Michigan reveal how they can seize control of Google Home, Amazon’s Alexa, or Apple’s Siri, by aiming a laser pointer - and even a simple flashlight - at the devices’ microphones from hundreds of feet away. Researchers said once inside they could then hack any digital smart systems attached to the voice-controlled assistants.
Amazon Ring Doorbells Exposed Home Wi-Fi Passwords to Hackers (Tech Crunch)
Researchers say doorbells send owner’s Wi-Fi password in clear text over the internet, which allows nearby hackers to intercept it and gain access to the network, where they can launch larger attacks or carry out surveillance.
Attackers Exploit Flaws in Cisco Firewalls to Carry Out the First-Ever Hack on a Renewable Energy Provider (Security Affairs)
Utah-based sPower says the attack did not affect any of their critical control systems or power generation, but according to CyberScoop, operators at sPower were unable to communicate with a dozen generation sites for five minute intervals over the course of several hours. Attackers also carried out DoS attacks, causing target devices and websites to crash.
BlueKeep Remote Code Execution Vulnerability Being Exploited for Crypto Mining (Bleeping Computer)
Researchers say honeypots have recorded exploits of BlueKeep (CVE-2019-0708), which can spread malware across connected systems without user intervention. Windows released a patch in May, but there is still an unknown number of users who have not updated.
Carmakers and Repair Shops Clash over Crash-Prevention Technology (Auto Blog)
Due to the sophistication of the systems, many automakers say only parts and repairs from their authorized dealers can ensure safety, drawing fire from independent repair shops and suppliers who say they are being locked out.
New Variant of IoT Malware Targets Small Business and Home (Mashviral)
New version of Gafgyt malware targets Huawei, Realtek, and Zyxel routers, and hijacks them to form botnet armies for DoS attacks.
Thousands of QNAP NAS Devices Fall Victim to New Malware (Security Affairs)
“QSnatch” malware has reportedly hit over 7,000 devices in Germany alone. Once inside a vulnerable device, the malware injects malicious code to gain reboot persistence.