Million Hacked IOT Devices broke the internet

A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

But how the attack happened? What's the cause behind the attack?

Exact details of the attack remain vague, but Dyn reported a huge army of hijacked internet-connected devices could be responsible for the massive attack.

Yes, the same method recently employed by hackers to carry out record-breaking DDoS attack of over 1 Tbps against France-based hosting provider OVH.

According to security intelligence firm Flashpoint, Mirai bots were detected driving much, but not necessarily all, of the traffic in the DDoS attacks against DynDNS.

Mirai is a piece of malware that targets Internet of Things (IoT) devices such as routers, and security cameras, DVRs, and enslaves vast numbers of these compromised devices into a botnet, which is then used to conduct DDoS attacks.

Since the source code of Mirai Botnet has already made available to the public, anyone can wield DDoS attacks against targets.

This time hackers did not target an individual site, rather they attacked Dyn that many sites and services are using as their upstream DNS provider for turning internet protocol (IP) addresses into human-readable websites.

The result we all know: Major sites and services including Twitter, GitHub, Reddit, PayPal, Amazon, AirBnb, Netflix, Pinterest, and so on, were among hundreds of services rendered inaccessible to Millions of people worldwide for several hours on Friday.

"Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures associated with previous known Mirai botnet attacks," Flashpoint says in a blog post.

This type of attack is notable and concerning because it largely consists of unsecured IoT devices, which are growing exponentially with time. These devices are implemented in a way that they cannot easily be updated and thus are nearly impossible to secure.

Manufacturers majorly focus on performance and usability of IoT devices but ignore security measures and encryption mechanisms, which is why they are routinely being hacked and widely becoming part of DDoS botnets used as weapons in cyber attacks.

An online tracker of the Mirai botnet suggests there are more than 1.2 Million Mirai-infected devices on the Internet, with over 166,000 devices active right now.

In short, IoT botnets like Mirai are growing rapidly, and there is no easy way to stop them.

According to officials speaking to Reuters, the US Department of Homeland Security (DHS) and the FBI are both investigating the massive DDoS attacks hitting DynDNS, but none of the agencies yet speculated on who might be behind them.

Softbank buys ARM for $32 billion in cash

Japanese telecommunication giant SoftBank has confirmed that the company intends to acquire UK chip designer ARM Holdings for almost $32 Billion (£24.3 Billion) in an all-cash deal.

ARM has also agreed to this offer from SoftBank and said that its board would recommend the all-cash deal to shareholders.

SoftBank will pay nearly $22.5 per ARM share, which is 43 percent more than ARM's closing share price on Friday and 41 percent more than ARM's all-time high closing share price.

The deal is the largest-ever acquisition of a European technology business, first reported by The Financial Times.

Wondering Why is ARM really Worth $32 Billion?

Founded in 1990, Cambridge-based ARM Holdings designs microchips for a variety of smartphones and powers more than 95 percent of the smartphones in the market.

Whether it is Apple's iPhones or iPads, Samsung's Galaxy smartphones, Amazon's Kindle e-readers, the cheapest Nokia phones or Internet-connected devices like Nest's smart thermostats, Fitbit's fitness trackers, Canon's EOS cameras, Ford's cars, and DJI's drones, all are powered by ARM-based chips.

Here’s what ARM chairman Stuart Chambers said about the acquisition:

"This is a compelling offer for ARM shareholders, which secures the delivery of future value today and in cash. The board of ARM is reassured that ARM will remain a very significant UK business and will continue to play a key role in the development of new technology."

ARM does not actually manufacture chips, but rather it licenses its semiconductor technologies to a huge variety of device makers. ARM not only dominates the market for smartphones but also used in other consumer gadgets, industrial-like devices and "Internet of things."

So, SoftBank’s acquisition of ARM Holdings means the Japanese company is buying the most valuable company in the world of mobile processors.

SoftBank said that ARM Holdings, which currently has 4,064 employees worldwide, will remain headquartered in Cambridge, and that the company would retain ARM's senior management team, brand, as well as a lucrative partnership-based business model.

The Japanese firm has also promised to double the staff headcount in the United Kingdom over the next five years.

Here’s what SoftBank CEO Masayoshi Son said about the acquisition:

"We have long admired ARM as a world renowned and highly respected technology company that is by some distance the market-leader in its field. ARM will be an excellent strategic fit within the SoftBank group as we invest to capture the very significant opportunities provided by the Internet of Things."

Son described the ARM acquisition as "one of the most important" acquisitions in the history of its Japan-based business.

This is the latest major tech acquisition in last few months. At the beginning of this month, Antivirus firm Avast acquired AVG Technologies for $1.3 Billion in cash and last month; Microsoft made its biggest acquisition by buying LinkedIn for $26.2 Billion in cash.

WebUSB API- Connect USB with Internet, SECURELY

Two Google engineers have developed a draft version of an API called WebUSB that would allow you to connect your USB devices to the Web safely and securely, bypassing the need for native drivers.

WebUSB – developed by Reilly Grant and Ken Rockot – has been introduced to the World Wide Web Consortium's Web Incubator Community Group (W3C WICG), is build to offer a universal platform that could be adopted by browser makers in future versions of their software.

Connecting USB Devices to the Web

WebUSB API allows USB-connected devices, from keyboards, mice, 3D printers and hard drives to complex Internet of Things (IoTs) appliances, to be addressed by Web pages.

The aim is to help hardware manufacturers have their USB devices work on any platform, including Web, without having any need to write native drivers or SDKs for a dedicated platform.

Besides controlling the hardware, a Web page could also install firmware updates as well as perform other essential tasks.

However, the draft API (Application Program Interface) is not meant to be used for transferring files to or from flash drives.

"With this API hardware manufacturers will have the ability to build cross-platform JavaScript SDKs for their devices," Google engineers wrote in the draft project description.

"This will be good for the Web because, instead of waiting for a new kind of device to be popular enough for browsers to provide a specific API, new and innovative hardware can be built for the Web from day one."

Privacy and Security Concerns

The Google engineers also outlined security concerns.

• WebUSB will include origin protections, like a type of the Cross-Origin Resource Sharing (CORS), to restrict the Web pages from requesting data from other domains except the one from where they originate.

This means a Web page could not be able to exploit your USB device to access your PC, or your important files or any files that your computer or the USB device itself may hold.

• To address the issue of USB devices leaking data, WebUSB will always prompt the user to authorize a website or web page in order to detect the presence of a device and connect to it.

For now, the WebUSB is only a draft of a potential specification, which hasn't been officially adopted by W3C. WebUSB remains a work in progress at the current, though you can check out the full WebUSB codebase on GitHub.

Linux Foundation Introduces "Zephyr", a tiny OS for Internet Of Things

The 21st century is witnessing a great change over in the daily life of folks with the advent of IoT devices that are capable of talking to each other without any human intervention.

Yeah! Now you do not have to individually cascade an instruction to each of your home devices to accomplish a task. All have gone automated with the actuators and sensors which are infused into the home appliances.

The fact is that your IoT devices would only comply within the family of same manufacturers. For example, if you have a Samsung smart refrigerator, and your wearable device is from Apple or any other vendors, then it couldn't sync as both are from different genres.

No need to worry now!

Zephyr: Future of IoTs

The Linux Foundation has broken all the barriers of compatibility issues by releasing a Real-Time Operating System (RTOS) for Internet of Things devices, dubbed "Zephyr". This OS enables connected devices to communicate with the same protocol.

So, no more digital barricades between your thermostat and your wearable devices, as they could communicate with each other using the same protocols.

The Zephyr project is supported by multiple platforms like NXP Semiconductors, Synopsys, and UbiquiOS Technology and is licensed under Apache 2.0.

Why is Zephyr so important?

Zephyr stands out from the crowd as it provides a scalable, customizable, secure and open source operating system to be used across multiple architectures.

Doing so, Zephyr could help solve many of the current limitations that prevent, so far, Internet of Things from becoming really mainstream.

Zephyr is expected to take the best of both sides: low-consumption as well as speed. 

Here's some key points about Zephyr:

• Scalability: Universality of Interconnected devices
• Umbrella Platform: All smart devices could run under a single roof.
• Baby Footprint Kernel: Zephyr kernel can run on 8kb memory devices
• Modularity: Supports to integrate 3rd party modules for additional functions as intended by the developer.
• Licensing: As startups does not have to bother about any licensing clash, as a unique license file would be mailed to everyone.

Apart from the special features, Zephyr also supports technologies including Bluetooth, Bluetooth Low Energy, IEEE 802.15.4, 6Lowpan, CoAP, IPv4 and IPv6, NFC, Arduino 101, Arduino Due, Intel Galileo' Gen 2, and NXP FRDM-K64F Freedom board.

Security in Mind

Since connected devices are most hack prone items, these devices may malfunction when gets compromised.

However, Linux is more concerned about the Security of Individuals, and generally open source software is considered more secure, as anyone can inspect flaws and debug the code.

For this, the Linux Foundation is maintaining a dedicated security working group and a delegated security maintainer to be available through IRC Chats, so that anyone could help report the vulnerabilities in open discussions.

Although there are many other alternatives available for Internet of Things RTOS like Brillo from Google, Rocket from Intel, and Ubuntu Core from Canonicals, nothing would be as fascinating as Zephyr.

A Secret to Internet of Things (IoT) Success

In July 2015, an independent online survey of 450 businesses in 45 industry verticals around the world revealed that 88% of businesses either did not have Internet of Things (IoT) applications, or were only in preliminary study phases.

"While IoT is definitely not science fiction, it's not something that's available off the shelf," said Mark Bartolomeo, Group Vice President of Verizon Connected Solutions - IoT in a 2014 Harvard Business Review Analytics Services Report (PDF).

"It's not that the technology is cutting edge; most of it is actually very familiar. But building an IoT application requires the selection and integration of multiple components: sensors, communications modules, and networks as a start. And turning the data that you collect into something useful will typically involve cloud computing, analytics, integration with core systems, and process changes....In our experience, clear leadership and close collaboration between IT and business teams to steer the organization together through changes to underlying business processes, and even business model transformation, are crucial to ensure the success of an IoT project."

Transformative efforts that require active collaboration, work process reform and system integration can rapidly become both daunting and expensive. It is the reason why many organizations excited about IoT are taking their time to assess its potential business value before they move forward with projects.

"When we talk to organizations about IoT, what we encounter are discussions that center more around the potential for IoT innovation than an actual plan for implementation," said Michael Morton, chief technology officer of Dell Boomi, a cloud integration provider for IoT and other data. "What companies are trying to figure out is what the business value of IoT will be for them."

IoT success stories

• The integration into logistics networks of sensors on shipment containers that measure the environmental (temperature and humidity) of the containers for sensitive items, and that also issue network alerts if a container seal is compromised;

• The integration of sensor-based technology and machine feedback into a central tram network that detects when tracks and/or tram components are in need of repair or maintenance;

• The use of IoT in building video security monitoring;

• The insertion of embedded sensors in products so manufacturers can monitor performance and make product improvements;

• Monitoring the quality of tap water; and

• Home security and energy monitoring.

Tips for getting started with IoT

Figuring out IoT business value is a present line of demarcation today for IoT, because those that are categorized as early IoT adaptors are already off and running with it — and seeing the business benefits. Among the early IoT success stories are:

For those companies just getting their feet wet with IoT, Dell Boomi's Morton notes that they are looking for small applications, like being able to get readings from a thermostat in a remote location. This begins a use case history for IoT without the need to move prematurely into expensive and expansive computer systems.

"One key to IoT success is being able to start small," said Morton. "In other words, identify the simplest problem that you have that can be addressed with IoT — and avoid going for a 'big bang' effect all at once."

Organizations can gain additional business value out of their IoT project choices if they select small projects that are capable of being scaled upward into larger projects when the organization is ready to move forward.

Finally, companies should choose their IoT vendors carefully. "If your goal is monitoring your buildings and facilities, learn about the different devices and their technical capabilities first," said Morton. "If you're considering linking them into an IoT network, research what their ability is to expose data, and what their security characteristics are, too — as well as their ability to pass data."

Ransom ware attacks threatens to wearable smart watches and IOT

Are you a proud owner of a Smartwatch, a Smart TV, a Smart fridge, a Smart lock, an Internet enabled car, or live in a smart city?

Caution!

Recently, it has been reported that the growth of the Internet of Things would eventually lead to cyber criminals in making lots of money, as they started attacking the Internet of Things for Ransom.

Yes, the latest Interest of the cyber criminals in the field of Internet of Things is ‘Ransomware’.

Internet of Things (IoT) such as Android and iOS-based wearable Smartwatches and the concept of connected homes has now given a treat to the current generation Ransomware.

With the advancements in Technology, cyber criminals are simultaneously promoting themselves from the threat known for restricting computers or encrypting files and asking users for money in return for gaining back access to their systems.

From computers to mobile phones, now criminals are targeting the IoT and the wearables devices.

Security researchers at Symantec demonstrated how an Android Wear device might be impacted by typical Android ransomware.

In order to conduct this test, the researchers simply repackaged a current Android ransomware app (.apk file) – dubbed “Android.Simplocker”, inside a new Android Wear project.

Next, they took a Moto 360 Smartwatch and paired it with an Android phone. When they installed the new .apk file on the phone, they found that the phone became infected with the ransomware.

As the Smartwatch and an Android phone are required to be paired via Bluetooth for wireless connectivity, the ransomware also got pushed onto the smartwatch once the pairing of both the devices were done.

Once installed on the smartwatch, the malware could be easily activated by the user if they were tricked into running it, by clicking on a malicious app.

After installation, the ransomware will cause the smartwatch to become unresponsive and unusable!

Simplocker Android ransomware then checks for the display of the ransom message every second, and if it is not shown, will push it onto the screen again.

In addition, Simplocker encrypts a range of different files stored on the smartwatch’s SD card.

Now, you must be thinking of escaping from the situation?

You can recover from this situation, but unfortunately, it involves a factory reset of your smartwatch.

But there also stands a condition where the rebooting of the device through hardware buttons is possible, then quickly navigating to the factory reset setting (within 20-30 seconds) before the ransomware is rebooted.

According to Symantec, while this would erase all files on the smartwatch, those files would have been encrypted by the malware in the first place.

For this one needs to keep an updated backup.

No such ransomware has been seen yet, but the day is not far when this becomes a reality.

As, in the past it was evident how smart Televisions got attacked with the ransomware also IoT devices being remotely controlled by the attacker.

Therefore, the crux is that the users need to be more vigilant and even smarter than the technology they are dependent on.

Download FREE Windows 10 for the IOT and Rasberry Pi 2

In the month of February 2015, second generation Raspberry Pi was made available and was commonly known as Raspberry Pi 2.

Buzz was that Windows 10 will be supporting the hardware for its compatibility with the smart objects, popularly known as the ‘Internet of Things’

So, finally the Free version of Windows 10 for Raspberry Pi 2 is here.

On Monday, public release of Microsoft’s Windows 10 for IoT Core, offering support for the Raspberry Pi 2 and the MinnowBoard Max, was made available.

Microsoft’s goal of spreading Windows 10 to a Billion user is going to get fulfilled with this specially trimmed edition for small and embedded devices, that may or may not have screens.

Also for devices with screens, Windows 10 IoT Core operating system does not have a Windows shell experience; rather you can write a Universal Windows app that is the interface and ‘personality’ for your device.

It’s neither the Windows, as we already are familiar with, nor a substitute for the Windows desktop, instead Windows 10 IoT Core is a single full-screen Universal Windows app.

A single app at a point of time will be visible to the users accessing the system while the additional software can be run in the background. Apps are loaded onto the Raspberry Pi from a Windows 10 desktop machine.

Windows 10 on the Raspberry Pi board will not run traditional Windows desktop applications, such as Microsoft Word, Internet Explorer, or Microsoft

Office. As these are incompatible with the Raspberry Pi's ARM-based hardware.

The universal Windows app are developed to run on different types of devices mainly PCs, phones, tablets, Xboxes and IoT-related machines like the Raspberry Pi.

Universal Windows apps adapt their look and feel based on which device they are running on.

Apps work intelligently, in a manner by keeping the app alive even if any feature is not compatible with a particular platform i.e. the app will work and not ultimately go unavailable, but some features may not work along.

The Universal Windows apps mechanism will generate more manpower, as the apps development would require Visual Studio 2015, Microsoft's Integrated Development Environment for its platforms whose Community edition can be downloaded for free.

Apps can be developed using a range of languages, such as C# or Visual Basic with XAML, C++ with DirectX and/or Extensible Application Markup Language (XAML), or JavaScript with HTML.

Microsoft is primarily promoting Windows 10 IoT Core as an Operating System that makes it easier to create IoT devices with or without a display.

What encouraged Microsoft to come out of cocoon was the Raspberry Pi’s low price and ability to control a range of hardware via its General Purpose Input Output (GPIO) pins with which the Windows 10 IoT core edition will go smoothly and delivering better performance.

Steve Teixeira, who heads the program management team for the Internet of Things division quoted "IoT Core is designed to have a low barrier to entry and make it easy to build professional-grade devices. It's designed to work with a variety of open source languages and works well with Visual Studio."

Since a beta version was released and previewed in May at Microsoft's Build developer conference, ‘Windows 10 IoT Core’ has been updated with significant new functionality, including WiFi and Bluetooth connectivity.

Microsoft's IoT team and Pi-owners have been busy building since the preview, also new in the official release is improved support for Python and Node.js. Additionally, a new Express Node.js project template is available.

The apps development would require an environment i.e. a PC running Windows 10, Build 10240 or later, to create and deploy apps to the Pi based systems, as well as a Raspberry Pi 2 Model B board.