In a stunning discovery, computer programmer Harishankar Narayanan found that his $300 iLife A11 smart vacuum was secretly transmitting detailed 3D maps of his home to remote servers overseas. Using tools to monitor his home network, he uncovered that the vacuum’s built-in software—powered by Google Cartographer mapping tech—was broadcasting private spatial data “halfway across the world.”

When Narayanan blocked the vacuum’s data transmissions (but allowed firmware updates), the device abruptly stopped functioning. After repeated repair attempts failed and the warranty expired, he decided to investigate deeper. What he found was alarming — the vacuum’s Android Debug Bridge (ADB) was left wide open, granting full root access to anyone who connected.

Even more shocking, a timestamped line of code matched the exact moment his device went offline — a remote kill command issued by the manufacturer. After reversing the script, the vacuum instantly came back to life, confirming his worst suspicions: it had been remotely disabled.

This case highlights growing concerns about data privacy in smart home devices, many of which have unrestricted cloud connectivity. Experts are urging consumers to research and monitor IoT products before bringing them into their homes — because convenience might come at the cost of privacy.

#TechNews #SmartDevices #PrivacyBreach #CyberSecurity #DataPrivacy

I mean, when they advertise “Smart mapping” that’s accessible from their website and app, who exactly is surprised by this?

SixMap has released a comprehensive cybersecurity assessment of 21 US energy providers. The research identified 39,986 hosts with 58,862 services exposed to the internet across these organizations. Roughly 7% of all exposed services are running on non-standard ports, creating dangerous blind spots for security teams. The research also found that, on average, each organization had 9% of its hosts in the IPv6 space, another area of potential risk, as most security teams have no way of monitoring these assets.

https://www.sixmap.io/wp-content/uploads/SixMap-Research_Energy-Sector-Exposure-Assessment.pdf

Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/

An analysis conducted by researchers at the Norwegian University of Science and Technology Gjøvik and the Delft University of Technology in the Netherlands showed that a significant percentage of the industrial control system (ICS) instances detected by internet scans are actually honeypots.

The researchers used the Censys search engine to identify internet-exposed ICS. They targeted 17 widely used industrial control protocols and discovered roughly 150,000 devices across 175 countries.

The researchers then applied various criteria to determine how many of those ICS instances were real and how many were likely or possibly honeypots, decoy systems designed to attract threat actors in an effort to obtain valuable information on attacker tactics, techniques, and procedures (TTPs).

While Censys was used to collect the data on internet-exposed systems, the researchers noted that their methods can be applied to any source data, including Shodan and independent scanning.

Their analysis was conducted over a period of one year, between January 2024 and January 2025. In April 2024, they determined that roughly 15% of the ICS devices they were seeing online appeared to be honeypots, and the percentage increased to 25% in January 2025.

Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems.

https://www.securityweek.com/chinas-volt-typhoon-hackers-dwelled-in-us-electric-grid-for-300-days/

Cyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report.

Many organizations are still concerned that patching operational technology (OT) systems can lead to equipment downtime and operational disruptions, and consequently they do not conduct regular patching, according to cyber-physical security firm TXOne Networks.

The data comes from TXOne’s 2024 Annual OT/ICS Cybersecurity Report, which is based on a survey of 150 C-level executives in North America, Europe, the Middle East and Asia.

The survey found that 85% of organizations don’t conduct regular patching. A majority install patches quarterly or less often, which leaves them exposed to attacks for extended periods of time.

This is despite a vast majority experiencing cybersecurity incidents affecting their OT environments in the past year, and 37% of OT security incidents involving exploitation of software vulnerabilities.

When asked about the main challenges to regular OT patching, the most commonly cited reason was the lack of personnel or expertise (48%), followed by concerns about operational disruptions or downtime (47%), and the lack of vendor support or patch testing (43%). In fact, 41% of organizations delay patching until vendor support is available.

ABB has patched building control product vulnerabilities that can expose many facilities to remote attacks.

https://www.securityweek.com/researcher-says-abb-building-control-products-affected-by-1000-vulnerabilities/

A researcher claims to have found over 1,000 vulnerabilities in products made by electrification and automation solutions provider ABB, including flaws that can expose facilities to remote hacking. The vendor has released patches.

The vulnerabilities were discovered by Gjoko Krstic, who is known for security research aimed at building management and access control systems, in ABB Cylon FLXeon and ABB Cylon Aspect building energy management and control solutions.

Krstic told SecurityWeek that he uncovered just over 1,000 vulnerabilities in the Aspect product (including many with ‘critical’ and ‘high’ severity ratings), and 35 security holes in the FLXeon product.

A wide range of flaws have been found, including unauthorized file access and manipulation, XSS, CSRF, SSRF, IDOR, security bypass, DoS, SQL injection, and password-related issues that can be exploited for remote code execution, to obtain sensitive information, or to cause disruption.

The researcher said some of the vulnerabilities can be exploited by a remote, unauthenticated attacker to take complete control of the targeted system.

Tietoturvayhtiö Check Point Softwaren haittaohjelmakatsaus nostaa esiin Androxgh0stin nousun sekä Jokerin ja Anubiksen jatkuvat uhat ja entistä kehittyneemmät toimintatavat. Haitake jatkaa hyökkäyksiä esimerkiksi kriittiseen infrastruktuuriin. Androxgh0stin oli myös Suomen että maailman yleisin haittaohjelma.

Mozin toimintatapoja jäljitellen Androxgh0st käyttää etäkoodin suorittamista ja tunnistetietojen varastamista, jotta se säilyttää jatkuvan pääsyn järjestelmiin. Tämä mahdollistaa muun muassa palvelunestohyökkäykset (DDoS) ja tietovarkaudet. Bottiverkko tunkeutuu kriittiseen infrastruktuuriin korjaamattomien haavoittuvuuksien kautta, ja Mozin ominaisuuksien lisääminen on merkittävästi laajentanut Androxgh0stin toimintamahdollisuuksia.

Androxgh0st pystyy Check Pointin mukaan tartuttamaan enemmän IoT-laitteita ja hallitsemaan laajempaa kohdejoukkoa bottiverkkojen kautta. Näillä hyökkäyksillä on laajoja vaikutuksia eri toimialoihin, mikä korostaa niiden vakavuutta niin hallituksille, yrityksille kuin yksityishenkilöillekin, jotka ovat riippuvaisia kriittisestä infrastruktuurista.

Temple University’s Critical Infrastructure Ransomware Attacks (CIRA) database now contains over 2,000 entries.

https://www.securityweek.com/universitys-critical-infrastructure-ransomware-attack-tracker-reaches-2000-incidents/

Roughly 2,000 ransomware attacks were launched over the past decade against critical infrastructure organizations in the United States and other countries, according to data collected as part of a project maintained at Temple University in Philadelphia.

SecurityWeek first wrote about the project in 2020, when it covered more than 680 ransomware attacks targeting critical infrastructure. By February 2022, the number of entries exceeded 1,100, and it has now reached just over 2,000.

The project is maintained by Aunshul Rege, professor in the Department of Criminal Justice at Temple University, and Rachel Bleiman, PhD candidate and graduate research assistant.

The Critical Infrastructure Ransomware Attacks (CIRA) database currently covers more than 2,000 attacks documented since 2013, and includes nearly 300 entries for incidents that came to light in 2024.

https://sites.temple.edu/care/cira/