IoT roundup: Apple Watch Patches, Router Vulnerabilities, (Tue, May 19th)

Yes, there is a security patch for the Apple Watch now. It fixes 13 different vulnerabilities. At least one of the vulnerabilities (CVE-2015-1093) can be used to execute arbitrary code. But not all of the vulnerabilities are cutting edge. We also got an ICMP redirect issue (CVE-2015-1103) and of course SSL issues that are addressed by disabling old ciphers (FREAK vulnerability) and updating the list of trusted CAs.

The Internet of Thinks certainly does get a lot of attention this year, and I think rightfully so. I consider web gateways/routers a prime example, and just to make that point, here the top 10 attacks against our web application honeypot:

25700 GET / HTTP/1.1rn
10596 GET http
9059 “>GET /cgi-bin/authLogin.cgi HTTP/1.1n – QNAPshellshock issue
6771 GET /phpMyAdmin/scripts/setup.php HTTP/1.1rn
6638 GET /pma/scripts/setup.php HTTP/1.1rn
6511 GET /myadmin/scripts/setup.php HTTP/1.1rn
4297 GET /manager/html HTTP/1.1rn
3939 GET /manager/html/ HTTP/1.1rn
3672 “>GET /tmUnblock.cgi HTTP/1.1rn – Linksys Routers (see Moon Worm)
2820 GET /pony/includes/templates/error.tpl HTTP/1.1rn

Two of our top ten URLs are attacking exclusively devices. So better make sure you are patched as well as it gets, and try to avoid exposing the admin interface to the public.

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.