MWC2017: Day 1

Today was productive at Mobile World Congress 2017. Our booth assignment is in Hall 8 at Fira Montjuic, with a detailed map here. We met with a myriad of companies already including carriers, IoT developers, and several high-profile companies in the mobile industry. We demonstrated our offerings via demo and we conveyed the importance of…

We’re attending Mobile World Congress #MWC2017

We have been sponsored to participate in Mobile World Congress hosted in beautiful Barcelona Spain, Feb 27 – Mar 2, 2017. MWC is an annual gathering for the mobile industry and for related industries. The annual event provides an excellent channel for these interconnected entities to display cutting-edge technologies, network, make partnerships, and more. They…

NewSky Security LLC Partners With People Power

This week, we announce our a partnering opportunity to incorporate IoT Halo (TM) with People Power Company’s Pro Security IoT Home Gateway and help protect IoT devices from harmful attacks.  The gateway incorporates NewSky Security’s most advanced hacker-resistant device security technology and answers the need for a home internet gateway with extraordinary levels of internet security for…

Brute Force Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 Base Station to Camera Communication Basics As we shared in a previous blog article, the Netgear ARLO security camera system consists of a base station and multiple camera units that operate on batteries. The ARLO base station and camera…

Factory Reset Vulnerability in Netgear ARLO

Netgear Arlo

Update: CVE-2016-10115 and CVE-2016-10116 have been enlisted by MITRE.  Refer to the following CVE entries: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10116 In our ongoing curiosity of IoT products, we took a look at ARLO, a home security camera system from Netgear. ARLO is Netgear’s competing product to the Google Nest Dropcam. When I first researched network security cameras last summer ahead…

Sonorousness ransomware unmasked

Figure 4. the file structure of Sonorousness ransomware

Sonorousness: the latest ransomware of the S-Locker family Recently, NewSky Security received a threat sample from the security community that is a derivative of the S-Locker ransomware malware group, or family. This new derivative is known as Sonorousness, named for a class within the malware called “com.sonorousness“. When compared to S-Locker, this new malware contains…

Rediscovery of NetUSB Vulnerability in Broadband Routers

Figure 1 Connecting UART connections to the target device

Recently NewSky Security Labs performed white-box testing on a Netgear networking product, the R6050 model. During our investigation into the system, we found an exploitable vulnerability in the NetUSB module present in the system. NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide “USB over IP” functionality. NetUSB is included in…