CyberSecurity news
FlagThis - #iotsecurity
|
@thehackernews.com
//
References:
Cyber Security News
, securityaffairs.com
,
Cybersecurity researchers have uncovered critical vulnerabilities in Kigen's eSIM technology, potentially impacting billions of Internet of Things (IoT) devices and mobile networks worldwide. Security Explorations, a research lab, demonstrated that they could compromise Kigen's eUICC cards, a component essential for eSIM functionality. The attack allowed researchers to extract private encryption keys and download arbitrary eSIM profiles from major mobile network operators. This breach raises significant concerns about identity theft and the potential interception of communications for a vast number of connected devices.
The exploitation of these flaws builds upon prior Java Card research from 2019, which highlighted fundamental weaknesses in virtual machine implementations. Researchers were able to bypass security measures on the eUICC chip, which is designed to securely store and manage mobile carrier profiles. By exploiting type confusion vulnerabilities, they gained unauthorized access to the chip's memory, enabling the extraction of critical cryptographic keys like the private ECC key for GSMA certificates. This effectively undermined the trust model that underpins the entire eSIM ecosystem, as the eSIM profiles themselves and the Java applications stored on the chip were found to lack proper isolation or protection. While Kigen has acknowledged the issue and deployed mitigations, including hardening bytecodes and tightening test profile rules, concerns remain regarding the root cause of the vulnerability. The GSMA TS.48 Generic Test Profile, versions 6.0 and earlier, has been identified as a contributing factor, allowing for the installation of unverified or malicious applets. Although the latest version of the GSMA standard addresses this, the existence of these fundamental flaws in widely deployed eSIM technology highlights the ongoing challenges in securing the rapidly expanding IoT landscape and the potential for widespread compromise if not adequately addressed. Recommended read:
References :
Pierluigi Paganini@Security Affairs
//
US CISA has issued a warning about critical vulnerabilities discovered in SinoTrack GPS devices, which could allow attackers to remotely control vehicles and track their locations. The vulnerabilities affect all versions of the SinoTrack IoT PC Platform. Successful exploitation of these flaws could grant unauthorized access to device profiles through the common web management interface, enabling malicious actors to perform remote functions on connected vehicles.
The two main vulnerabilities are CVE-2025-5484 and CVE-2025-5485. CVE-2025-5484 is a weak authentication flaw stemming from the use of a default password and a username that is the identifier printed on the receiver. CVE-2025-5485 is an observable response discrepancy where the username used to authenticate to the web management interface is a numerical value of no more than 10 digits, making it easy for attackers to guess valid usernames. An attacker could retrieve device identifiers with physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. CISA recommends that device users take defensive measures to minimize the risk of exploitation of these vulnerabilities. The most crucial step is to change the default password to a unique, complex password as soon as possible. In the absence of a patch, users are advised to also take steps to conceal the identifier. Security researcher Raúl Ignacio Cruz Jiménez stated that due to its lack of security, this device allows remote execution and control of the vehicles to which it is connected and also steals sensitive information about you and your vehicles. As of June 11, 2025, SinoTrack has not responded to CISA’s requests for information or provided fixes for these problems. Recommended read:
References :
Pierluigi Paganini@Security Affairs
//
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding two critical vulnerabilities discovered in SinoTrack GPS devices. These flaws could allow malicious actors to remotely control vehicles and track their locations. The vulnerabilities affect all known SinoTrack devices and the SinoTrack IOT PC Platform. This alert follows the disclosure of these security weaknesses by independent researcher Raúl Ignacio Cruz Jiménez.
The identified vulnerabilities include a weak authentication flaw (CVE-2025-5484) and an observable response discrepancy (CVE-2025-5485). The weak authentication stems from the use of a default password across all devices and the use of the device identifier as the username. The identifier, which is printed on the receiver, is easily accessible, either through physical access to the device or through images posted online. The observable response discrepancy arises from the numerical structure of usernames, which are up to 10 digits long. This enables attackers to guess valid usernames by trying different number sequences. Successful exploitation of these vulnerabilities could grant attackers unauthorized access to device profiles through the web management interface. This access could then be used to perform remote functions on connected vehicles, such as tracking the vehicle's location and, in some cases, disconnecting power to the fuel pump. With a CVSS v4 score of 8.8, CVE-2025-5485 is considered highly severe. While there are currently no official fixes available, CISA advises users to change the default password immediately and to conceal the device identifier, particularly in publicly accessible photographs. SinoTrack has not yet responded to CISA’s request. Recommended read:
References :
Mike Moore@techradar.com
//
A new wave of cyberattacks is targeting Internet of Things (IoT) devices through both the Mirai botnet and BadBox 2.0 malware. Cybersecurity researchers have discovered a new variant of the Mirai botnet that exploits a critical vulnerability, CVE-2024-3721, in TBK DVR devices. This vulnerability allows attackers to remotely deploy malicious code on digital video recording systems commonly used for surveillance. Kaspersky GReAT experts have described the new features of this Mirai variant, noting that the latest botnet infections specifically target TBK DVR devices.
Simultaneously, the FBI has issued a warning about the dangerous BadBox 2.0 malware, which has already infected over a million devices, including smart TVs, streaming boxes, digital projectors, and tablets. These devices, often cheap, off-brand, Android-powered units, are being hijacked to form a global botnet used for malicious activities such as ad fraud, click fraud, and distributed denial-of-service (DDoS) attacks. The compromised devices are turned into residential proxies, which are then sold or provided for free to cybercriminals, enabling a wide range of illicit activities. The Mirai botnet leverages a vulnerability in TBK DVR devices, enabling unauthorized system command execution. Attackers send targeted POST requests to vulnerable endpoints, containing encoded shell commands to download and execute ARM32 binary payloads. This streamlined approach allows for efficient infection, bypassing traditional reconnaissance phases. Meanwhile, BadBox 2.0 often comes preloaded on devices or is transferred through malicious firmware updates and Android applications. Once infected, devices become part of a botnet that cybercriminals exploit for various nefarious purposes, highlighting the persistent threat IoT devices pose to cybersecurity. Recommended read:
References :
|