Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Flaws in Diqee 360 Smart Vacuums Let Hackers Spy on Their Owners

Diqee-vacuum

Security researchers from Positive Technologies have released public details on two vulnerabilities affecting Dongguan Diqee 360 smart vacuum cleaners.

The two vulnerabilities allow an attacker to run malicious code on a device with superuser privileges and effectively take over the vacuum.

"Like any other IoT device, these robot vacuum cleaners could be marshaled into a botnet for DDoS attacks," said Leigh-Anne Galloway, Cyber Security Resilience lead at Positive Technologies.

"But that's not even the worst-case scenario, at least for owners," she adds. "Since the vacuum has Wi-Fi, a webcam with night vision, and smartphone-controlled navigation, an attacker could secretly spy on the owner."

Technical details published today

The two vulnerabilities are CVE-2018-10987 and CVE-2018-10988. The first one can be exploited remotely, while the second needs physical access to the device.

The first bug can only be exploited by an authenticated attacker, but Positive Technologies...(continued)

View All Trending Stories