What You Need to Know About the Latest IoT Device Flaws

The McAfee Advanced Threat Research (ATR) team recently uncovered a security flaw in a popular connected garage door opener and a security design issue in an NFC (meaning near field communication, which is a technology that allows devices to communicate with each other) smart ring used to unlock doors. As we head into CES 2020, the global stage where innovators showcase the next generation of consumer technologies, let’s take a look at these new security flaws and discover how users can connect securely and with confidence.

The McAfee ATR team recently investigated the Chamberlain MyQ Hub, a “universal” garage door automation platform. The Hub acts as a new garage door opener, similar to the one that you would have in your car. However, the McAfee ATR team discovered an inherent flaw in the way the MyQ Hub communicates over radio frequency signals. It turns out that hackers can “jam” the radio frequency signals while the garage is being remotely closed. How? By jamming or blocking the code signal from ever making it to the Hub receiver, the remote sensor will never respond with the closed signal. This delivers an error message to the user, prompting them to attempt to close the door again through the app, which actually causes the garage door to open.

How could a hacker exploit this flaw to attack an innocent user? Let’s break it down:

  • Many users enjoy using the MyQ Hub for the convenience of package delivery, ensuring that their packages are safe from porch pirates and placed directly in the garage by the carrier.
  • However, an attacker could wait for a package delivery using the connected garage door opener. The hacker could then jam the MyQ signal once the carrier opens the door and prompt an error message for the user. If and when the user attempts to close the door, the door will open and grant the attacker access to the home.
  • An attacker could also wait and see when a homeowner physically leaves the premises to jam the MyQ signal and prompt the error message. This would potentially allow further access into the home.

The McAfee ATR team also discovered an insecure design with the McLear Smart Ring, a household access control device that can be used to interact with NFC-enabled door locks. Once the Smart Ring has been paired with an NFC-enabled door lock, the user can access their house by simply placing the Smart Ring within the NFC range of the door lock instead of using a traditional house key. However, due to an insecure design, hackers could easily clone the ring and gain access to a user’s home.

How exactly can hackers exploit this attack?

  • First, the attacker can do some basic research on the victim, such as finding a social media post about how excited they are to use their new Smart Ring.
  • Now, say the attacker locates the victim in a public setting and asks them to take a picture of them on the attacker’s phone. The attacker’s phone, equipped with an app to read NFC tags, can record the relevant information without giving any signs of foul play.
  • The ring is now compromised, and the information can be programmed on a standard writable card, which can be used to unlock smart home locks that partner with the product.

In the era of IoT, the balance between security and convenience is an important factor to get right. According to Steve Povolny, head of McAfee Advanced Threat Research, “the numerous benefits technology enhancements bring us are exciting and often highly valuable; but many people are unaware of the lengths hackers will go and the many ways new features can impact the security of a system.” To help safeguard your security while still enjoying the benefits of your connected devices, check out the following tips:

  • Practice proper online security habits. Fortunately, users have many tools at their disposal, even when security concerns do manifest. Implement a strong password policy, put IoT devices on their own, separate network, utilize dual-factor authentication when possible, minimize redundant systems, and patch quickly when issues are found.
  • Do your research. Before purchasing a new device, take the time to look into its security features. Users should ensure they are aware of the security risks associated with products available on the market.

To stay on top of McAfee’s CES news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What You Need to Know About the Latest IoT Device Flaws appeared first on McAfee Blogs.

Read more: What You Need to Know About the Latest IoT Device Flaws

Story added 7. January 2020, content source with full text you can find at link above.


Comments are closed.

What You Need to Know About the Latest IoT Device Flaws

The McAfee Advanced Threat Research (ATR) team recently uncovered a security flaw in a popular connected garage door opener and a security design issue in an NFC (meaning near field communication, which is a technology that allows devices to communicate with each other) smart ring used to unlock doors. As we head into CES 2020, the global stage where innovators showcase the next generation of consumer technologies, let’s take a look at these new security flaws and discover how users can connect securely and with confidence.

The McAfee ATR team recently investigated the Chamberlain MyQ Hub, a “universal” garage door automation platform. The Hub acts as a new garage door opener, similar to the one that you would have in your car. However, the McAfee ATR team discovered an inherent flaw in the way the MyQ Hub communicates over radio frequency signals. It turns out that hackers can “jam” the radio frequency signals while the garage is being remotely closed. How? By jamming or blocking the code signal from ever making it to the Hub receiver, the remote sensor will never respond with the closed signal. This delivers an error message to the user, prompting them to attempt to close the door again through the app, which actually causes the garage door to open.

How could a hacker exploit this flaw to attack an innocent user? Let’s break it down:

  • Many users enjoy using the MyQ Hub for the convenience of package delivery, ensuring that their packages are safe from porch pirates and placed directly in the garage by the carrier.
  • However, an attacker could wait for a package delivery using the connected garage door opener. The hacker could then jam the MyQ signal once the carrier opens the door and prompt an error message for the user. If and when the user attempts to close the door, the door will open and grant the attacker access to the home.
  • An attacker could also wait and see when a homeowner physically leaves the premises to jam the MyQ signal and prompt the error message. This would potentially allow further access into the home.

The McAfee ATR team also discovered an insecure design with the McLear Smart Ring, a household access control device that can be used to interact with NFC-enabled door locks. Once the Smart Ring has been paired with an NFC-enabled door lock, the user can access their house by simply placing the Smart Ring within the NFC range of the door lock instead of using a traditional house key. However, due to an insecure design, hackers could easily clone the ring and gain access to a user’s home.

How exactly can hackers exploit this attack?

  • First, the attacker can do some basic research on the victim, such as finding a social media post about how excited they are to use their new Smart Ring.
  • Now, say the attacker locates the victim in a public setting and asks them to take a picture of them on the attacker’s phone. The attacker’s phone, equipped with an app to read NFC tags, can record the relevant information without giving any signs of foul play.
  • The ring is now compromised, and the information can be programmed on a standard writable card, which can be used to unlock smart home locks that partner with the product.

In the era of IoT, the balance between security and convenience is an important factor to get right. According to Steve Povolny, head of McAfee Advanced Threat Research, “the numerous benefits technology enhancements bring us are exciting and often highly valuable; but many people are unaware of the lengths hackers will go and the many ways new features can impact the security of a system.” To help safeguard your security while still enjoying the benefits of your connected devices, check out the following tips:

  • Practice proper online security habits. Fortunately, users have many tools at their disposal, even when security concerns do manifest. Implement a strong password policy, put IoT devices on their own, separate network, utilize dual-factor authentication when possible, minimize redundant systems, and patch quickly when issues are found.
  • Do your research. Before purchasing a new device, take the time to look into its security features. Users should ensure they are aware of the security risks associated with products available on the market.

To stay on top of McAfee’s CES news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What You Need to Know About the Latest IoT Device Flaws appeared first on McAfee Blogs.

(more…)

Story added 7. January 2020, content source with full text you can find at link above.


Comments are closed.

What You Need to Know About the Latest IoT Device Flaws

The McAfee Advanced Threat Research (ATR) team recently uncovered a security flaw in a popular connected garage door opener and a security design issue in an NFC (meaning near field communication, which is a technology that allows devices to communicate with each other) smart ring used to unlock doors. As we head into CES 2020, the global stage where innovators showcase the next generation of consumer technologies, let’s take a look at these new security flaws and discover how users can connect securely and with confidence.

The McAfee ATR team recently investigated the Chamberlain MyQ Hub, a “universal” garage door automation platform. The Hub acts as a new garage door opener, similar to the one that you would have in your car. However, the McAfee ATR team discovered an inherent flaw in the way the MyQ Hub communicates over radio frequency signals. It turns out that hackers can “jam” the radio frequency signals while the garage is being remotely closed. How? By jamming or blocking the code signal from ever making it to the Hub receiver, the remote sensor will never respond with the closed signal. This delivers an error message to the user, prompting them to attempt to close the door again through the app, which actually causes the garage door to open.

How could a hacker exploit this flaw to attack an innocent user? Let’s break it down:

  • Many users enjoy using the MyQ Hub for the convenience of package delivery, ensuring that their packages are safe from porch pirates and placed directly in the garage by the carrier.
  • However, an attacker could wait for a package delivery using the connected garage door opener. The hacker could then jam the MyQ signal once the carrier opens the door and prompt an error message for the user. If and when the user attempts to close the door, the door will open and grant the attacker access to the home.
  • An attacker could also wait and see when a homeowner physically leaves the premises to jam the MyQ signal and prompt the error message. This would potentially allow further access into the home.

The McAfee ATR team also discovered an insecure design with the McLear Smart Ring, a household access control device that can be used to interact with NFC-enabled door locks. Once the Smart Ring has been paired with an NFC-enabled door lock, the user can access their house by simply placing the Smart Ring within the NFC range of the door lock instead of using a traditional house key. However, due to an insecure design, hackers could easily clone the ring and gain access to a user’s home.

How exactly can hackers exploit this attack?

  • First, the attacker can do some basic research on the victim, such as finding a social media post about how excited they are to use their new Smart Ring.
  • Now, say the attacker locates the victim in a public setting and asks them to take a picture of them on the attacker’s phone. The attacker’s phone, equipped with an app to read NFC tags, can record the relevant information without giving any signs of foul play.
  • The ring is now compromised, and the information can be programmed on a standard writable card, which can be used to unlock smart home locks that partner with the product.

In the era of IoT, the balance between security and convenience is an important factor to get right. According to Steve Povolny, head of McAfee Advanced Threat Research, “the numerous benefits technology enhancements bring us are exciting and often highly valuable; but many people are unaware of the lengths hackers will go and the many ways new features can impact the security of a system.” To help safeguard your security while still enjoying the benefits of your connected devices, check out the following tips:

  • Practice proper online security habits. Fortunately, users have many tools at their disposal, even when security concerns do manifest. Implement a strong password policy, put IoT devices on their own, separate network, utilize dual-factor authentication when possible, minimize redundant systems, and patch quickly when issues are found.
  • Do your research. Before purchasing a new device, take the time to look into its security features. Users should ensure they are aware of the security risks associated with products available on the market.

To stay on top of McAfee’s CES news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What You Need to Know About the Latest IoT Device Flaws appeared first on McAfee Blogs.

(more…)

Story added 7. January 2020, content source with full text you can find at link above.


Comments are closed.

What You Need to Know About the Latest IoT Device Flaws

The McAfee Advanced Threat Research (ATR) team recently uncovered a security flaw in a popular connected garage door opener and a security design issue in an NFC (meaning near field communication, which is a technology that allows devices to communicate with each other) smart ring used to unlock doors. As we head into CES 2020, the global stage where innovators showcase the next generation of consumer technologies, let’s take a look at these new security flaws and discover how users can connect securely and with confidence.

The McAfee ATR team recently investigated the Chamberlain MyQ Hub, a “universal” garage door automation platform. The Hub acts as a new garage door opener, similar to the one that you would have in your car. However, the McAfee ATR team discovered an inherent flaw in the way the MyQ Hub communicates over radio frequency signals. It turns out that hackers can “jam” the radio frequency signals while the garage is being remotely closed. How? By jamming or blocking the code signal from ever making it to the Hub receiver, the remote sensor will never respond with the closed signal. This delivers an error message to the user, prompting them to attempt to close the door again through the app, which actually causes the garage door to open.

How could a hacker exploit this flaw to attack an innocent user? Let’s break it down:

  • Many users enjoy using the MyQ Hub for the convenience of package delivery, ensuring that their packages are safe from porch pirates and placed directly in the garage by the carrier.
  • However, an attacker could wait for a package delivery using the connected garage door opener. The hacker could then jam the MyQ signal once the carrier opens the door and prompt an error message for the user. If and when the user attempts to close the door, the door will open and grant the attacker access to the home.
  • An attacker could also wait and see when a homeowner physically leaves the premises to jam the MyQ signal and prompt the error message. This would potentially allow further access into the home.

The McAfee ATR team also discovered an insecure design with the McLear Smart Ring, a household access control device that can be used to interact with NFC-enabled door locks. Once the Smart Ring has been paired with an NFC-enabled door lock, the user can access their house by simply placing the Smart Ring within the NFC range of the door lock instead of using a traditional house key. However, due to an insecure design, hackers could easily clone the ring and gain access to a user’s home.

How exactly can hackers exploit this attack?

  • First, the attacker can do some basic research on the victim, such as finding a social media post about how excited they are to use their new Smart Ring.
  • Now, say the attacker locates the victim in a public setting and asks them to take a picture of them on the attacker’s phone. The attacker’s phone, equipped with an app to read NFC tags, can record the relevant information without giving any signs of foul play.
  • The ring is now compromised, and the information can be programmed on a standard writable card, which can be used to unlock smart home locks that partner with the product.

In the era of IoT, the balance between security and convenience is an important factor to get right. According to Steve Povolny, head of McAfee Advanced Threat Research, “the numerous benefits technology enhancements bring us are exciting and often highly valuable; but many people are unaware of the lengths hackers will go and the many ways new features can impact the security of a system.” To help safeguard your security while still enjoying the benefits of your connected devices, check out the following tips:

  • Practice proper online security habits. Fortunately, users have many tools at their disposal, even when security concerns do manifest. Implement a strong password policy, put IoT devices on their own, separate network, utilize dual-factor authentication when possible, minimize redundant systems, and patch quickly when issues are found.
  • Do your research. Before purchasing a new device, take the time to look into its security features. Users should ensure they are aware of the security risks associated with products available on the market.

To stay on top of McAfee’s CES news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What You Need to Know About the Latest IoT Device Flaws appeared first on McAfee Blogs.

(more…)

Story added 7. January 2020, content source with full text you can find at link above.


Comments are closed.

More antivirus and malware news?


2017 Antivirus News | Powered by WordPress | Fluxipress Theme | Show My IP Address, check blacklists | Free Favicon, Android and Apple Icon Generator | Bitcoin and Crypto Currency News