May 07, 2017

"Drones, many readily available on ecommerce shops such as Amazon, are plagued by vulnerabilities that could give attackers full root access to the device, read or delete files, or crash the device."

threat post: The United States Computer Emergency Readiness Team (US-CERT) published a warning about one model, the DBPOWER U818A WiFi quadcopter, last month, but according to the researcher who reported the vulnerabilities, multiple drone models– manufactured by the same company but sold under different names – are also vulnerable. by Chris Brook

'Junia Valente, a Ph.D. candidate in software engineering at the University of Texas Dallas, discovered the bugs last fall through UT’s Cyber-Physical Systems Security Lab, a program in the school’s computer science department that provides students IoT devices.

'Valente’s research, carried out under the supervision of Dr. Álvaro Cárdenas, has been mostly focused on the security of these devices. The researcher is currently in discussions with a smart toy manufacturer to fix a vulnerability that could allow an attacker to eavesdrop on communications of a child from the internet and inject the attacker’s voice into a smart toy. In February, US-CERT warned of vulnerabilities – a hardcoded password and an authentication bypass – Valente found in surveillance systems manufactured by Swann.'

No comments: