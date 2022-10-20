U.S. markets closed

  • S&P 500

    3,665.78
    -29.38 (-0.80%)
     

  • Dow 30

    30,333.59
    -90.22 (-0.30%)
     

  • Nasdaq

    10,614.84
    -65.66 (-0.61%)
     

  • Russell 2000

    1,704.39
    -21.36 (-1.24%)
     

  • Crude Oil

    85.71
    +0.16 (+0.19%)
     

  • Gold

    1,631.60
    -2.60 (-0.16%)
     

  • Silver

    18.60
    +0.24 (+1.31%)
     

  • EUR/USD

    0.9788
    +0.0011 (+0.11%)
     

  • 10-Yr Bond

    4.2260
    +0.0990 (+2.40%)
     

  • GBP/USD

    1.1230
    +0.0009 (+0.08%)
     

  • USD/JPY

    150.1640
    +0.3490 (+0.23%)
     

  • BTC-USD

    19,029.66
    -161.07 (-0.84%)
     

  • CMC Crypto 200

    430.49
    -0.91 (-0.21%)
     

  • FTSE 100

    6,943.91
    +18.92 (+0.27%)
     

  • Nikkei 225

    27,006.96
    -250.42 (-0.92%)
     

A bug in Abode's home security system could let hackers remotely switch off cameras

Carly Page
·3 min read

A security vulnerability in Abode’s all-in-one home security system could allow malicious actors to remotely switch off customers' security cameras.

Abode's Iota All-In-One Security Kit is a DIY home security system that includes a main security camera, motion sensors that can be attached to windows and doors, and a hub that can alert users of unwanted movement in their homes. It also integrates with third-party smart hubs like Google Home, Amazon Alexa and Apple HomeKit.

Researchers at Cisco's Talos cybersecurity unit this week disclosed several vulnerabilities in Abode’s security system, including a critical-rated authentication bypass flaw that could allow anyone to remotely trigger several sensitive device functions without needing a password by bypassing the authentication mechanism of the devices.

The flaw, tracked as CVE-2022-27805 and given a vulnerability severity rating of 9.8 out of 10, sits in the UDP service — a communications protocol used to establish low-latency connections between applications on the internet — responsible for handling remote configuration changes.

As explained by Matt Wiseman, a senior security researcher at Cisco Talos, a lack of authorization checks means an attacker can remotely execute commands through Abode’s mobile and web applications, such as rebooting the device, changing the admin password and completely disarming the security system.

Wiseman told TechCrunch that, in general, the affected device would be deployed in a local network and wouldn't be directly accessible over the internet. "The more likely attack is from someone on the local network or if someone has access to the device through Abode's network — for example, if they have the username and password for the mobile application."

"That being said, it could be deployed in a situation where it's directly accessible over the internet or where someone specifically routes traffic to certain services," added Wiseman.

Talos on Thursday disclosed several other vulnerabilities in Abode’s security system. This includes several 10-rated vulnerabilities that could be exploited by sending a series of malicious payloads to execute arbitrary system commands with the highest privileges and a second authentication bypass flaw that could allow an attacker to access several sensitive functions on the device, including triggering a factory reset, simply by setting a particular HTTP header to a hard-coded value.

Cisco initially disclosed the vulnerability to Abode in July and publicly disclosed the flaws this week after patches were made available. Users are advised to update their Iota All-In-One Security Kit to the latest version as soon as possible.

In a statement given to TechCrunch, Chris Carney, Abode's founder and CEO said: "As a security-first company, we promptly worked to fix, address and patch their findings. This work has already been done, completed and pushed as an update to customers. Additionally, there have been zero reports from Abode customers related to these findings.” Carney confirmed Abode worked with Talos to resolve the security issues.

News of flaws in Abode's internet-connected home security system comes after the U.S. government this week shared more details about its plans to launch a cybersecurity labeling program for consumer Internet of Things devices to better protect Americans from “significant national security risks.” The initiative will launch next year for the "highest-risk" devices — including home security cameras.

Recommended Stories

  • After fentanyl killed her soulmate, recovering drug user fights to end stigma of addiction

    Gwen Dudley seeks to end the stigma and shame around addiction and to raise awareness about the dangers of fentanyl after her partner, Paul Duffy, overdosed.

  • Stuart Weitzman boots and loafers are an extra 25% off at this Black Friday preview sale

    Step out of the house in style this fall with Stuart Weitzman boots, loafers and pumps. Shop now to save an extra 25% ahead of Black Friday 2022.

  • Mercedes-Benz partners with Canadian mining company for CO2-neutral lithium hydroxide for EVs

    Mercedes-Benz AG will source carbon-neutral lithium hydroxide to build batteries for electric vehicles from a Vancouver-based mining startup. Starting in 2026, the agreement with Rock Tech Lithium will provide Mercedes-Benz AG with an average of 10,000 tons of battery-grade lithium hydroxide per year -- enough for around 150,000 electric vehicles. Mercedes-Benz, which sells about two million vehicles worldwide annually, plans to go all-electric by the end of the decade.

  • Atlanta police release surveillance video of man they say robbed cellphone store

    In the video, a man with a limp can be seen crossing the street and getting into a getaway car.

  • Giverny Capital is Bullish on CarMax (KMX)

    Giverny Capital, an investment management company, recently published its third-quarter investor letter in 2022. A copy of the same can be downloaded here. In the third quarter, the fund’s performance was in line with the market, but it underperformed year-to-date. During the quarter, the fund fell by 4.64%, net of fees, compared to a 4.88% decline […]

  • China Summons Chip Firms for Emergency Talks After US Curbs

    (Bloomberg) -- China’s top technology overseer convened a series of emergency meetings over the past week with leading semiconductor companies, seeking to assess the damage from the Biden administration’s sweeping chip restrictions and pledging support for the critical sector.Most Read from BloombergWeed Is Coming to Circle K Gas Stations in US Next YearTrump Prosecutors See Evidence for Obstruction ChargesChina Is Debating a Reduction to Covid Quarantine for Inbound TravelersTruss’s Government

  • 2 Semiconductor Stocks With 149% to 178% Upside, According to Wall Street

    Regardless of whether you're new to investing or have been putting your money to work on Wall Street for decades, short-term losses in the three major U.S. indexes have put a dent in most portfolios. Since hitting their respective all-time highs between mid-November and the first week of January, the iconic Dow Jones Industrial Average, broad-based S&P 500, and technology-fueled Nasdaq Composite have plunged by as much as 22%, 28%, and 38%. For instance, semiconductor stocks have been taken to the woodshed on the growing prospect of a recession amid higher interest rates and persistent supply chain issues.

  • Ambarella Gets a Downgrade and Looks Bearish on the Charts

    Ambarella Inc. manufactures high-definition video compression and image processing semiconductors. The stock has been on a downward path all year and Wednesday TheStreet's Quant Ratings service downgraded the stock. Let's check Ambarella's old-school charts to see if they align with the number crunching.

  • Riot Breaks Ground With 1GW Data Center Facility in Corsicana, Texas

    Riot Blockchain, Inc (NASDAQ: RIOT), a Bitcoin mining and data center hosting company broke ground with its 1-gigawatt expansion project in Corsicana, Navarro County, Texas. “This groundbreaking marks a significant step forward in demonstrating Riot’s ongoing commitment to positively impacting the rural communities that we operate in,” EVP Chad Harris said. “The development of the Corsicana Facility builds on the success of our 700-megawatt Rockdale Facility and, when complete, will bring Riot’s

  • Oracle (ORCL) Extends its Business Application to Developers

    Oracle (ORCL) is expanding its business application to customers and partners to enable them to personalize their applications as needed.

  • JFrog (FROG) Unveils Security Solutions to Boost Growth

    JFrog (FROG) launches security solutions to address threats being posed to company's software supply chain, such as critical vulnerabilities, misconfigured services and leaked secrets.

  • Intel Is in Trouble as PC Demand Dlumps

    A recent report mentions Intel is planning to lay off a significant number of employees to reduce costs amid a demand slump for PCs

  • Apple Cuts iPhone 14 Plus Production To Tap Demand For Premium iPhone Pro Models

    Apple Inc (NASDAQ: AAPL) slashed the iPhone 14 Plus production less than two weeks after its debut, the Information reports. Apple has told at least one manufacturer in China to immediately halt production of iPhone 14 Plus components while its procurement team reevaluated demand for the product. Apple had positioned the iPhone 14 Plus as a cheaper alternative to its more expensive iPhone Pro models equipped with a large screen. Two downstream Apple suppliers in China that rely on the parts and

  • Intermap Announces New Contract Powering Urban Air Mobility

    Intermap Technologies (TSX: IMP) (OTCQX: ITMSF) ("Intermap" or the "Company"), a global leader in 3D geospatial data and intelligence solutions, today announced a new contract with Skyroads AG and cloudeo AG to power an Automated Airspace Management and Vehicle Guidance System. Under the agreement, Intermap's NEXTView™ will be integrated into Skyroads' system to ensure safety, efficiency and obstacle avoidance as vehicles travel above urban environments.

  • 7 things you NEVER want to throw in the trash, from cellphones to car batteries

    Many everyday items contain harmful or dangerous elements that should never be thrown out with the trash. Here's how to safely dispose of them.

  • Orlando’s digital recreation of the region to aid developers, businesses

    Why it matters: It is a way for economic development organization Orlando Economic Partnership to attract new companies to Central Florida, by using the technology to show off the region and its advantages. The Orlando Economic Partnership and San Francisco-based Unity Software Inc. (NYSE: U) on Oct. 19 unveiled a Central Florida digital twin, a virtual recreation of hundreds of square miles, including 40 square miles across Orange, Seminole and Osceola counties mapped out in high fidelity. The technology, which the Orlando Economic Partnership claims is the only large-scale digital twin in use by an economic development organization, presents a new way for real estate developers, local governments, universities and other groups to visualize how master plans, transportation projects and other large-scale projects will look.

  • AT&T Is in Talks With Investors on Fiber Build-Out

    (Bloomberg) -- AT&T Inc. is in discussions to create a joint venture that would invest billions of dollars on fiber-optic network expansion, according to people familiar with the matter.Most Read from BloombergTrump Prosecutors See Evidence for Obstruction ChargesWeed Is Coming to Circle K Gas Stations in US Next YearA Tense Pay Dispute Overshadows Nintendo’s Upcoming Bayonetta 3Trump Special Master Has ‘No Patience’ for Records Spats$200 Diesel Puts Biden in an Ugly CornerThe company is working

  • Analyst Report: AT&T Inc.

    The wireless business contributes about two thirds of AT&T’s revenue following the spinoff of WarnerMedia. The firm is the third-largest U.S. wireless carrier, connecting 69 million postpaid and 18 million prepaid phone customers. Fixed-line enterprise services, which account for about 20% of revenue, include internet access, private networking, security, voice, and wholesale network capacity. Residential fixed-line services, about 10% of revenue, primarily consist of broadband internet access service. AT&T also has a sizable presence in Mexico, serving 21 million customers, but this business only accounts for 2% of revenue. The firm still holds a 70% equity stake in satellite television provider DirecTV but does not consolidate this business in its financial statements.

  • Apple Fitness+ comes to iPhone on October 24th

    Apple has revealed that Fitness+ will reach the iPhone on October 24th, and iOS 16.1 should debut at the same time.

  • Elon Musk’s Dogecoin & Toon Finance Sky Rocketing After Twitter News

    Meme Coins DOGE VS TFT In recent months, there’s been a lot of talk about so-called “meme coins” like DOGE in which Elon Musk claims to be a huge fan of.