Denis Makrushin

smartcity

26/03/17 |Research # , , , ,

Fooling the ‘Smart City’

How to trick traffic sensors

The concept of a smart city involves bringing together various modern technologies and solutions that can ensure comfortable and convenient provision of services to people, public safety, efficient consumption of resources, etc. However, something that often goes under the radar of enthusiasts championing the smart city concept is the security of smart city components themselves. The truth is that a smart city’s infrastructure develops faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals. Continue reading

0 likes no responses
24/03/17 |Research # , , , ,

Как одурачить «умный город»

Как обмануть датчики дорожного движения

Концепция умного города включает в себя объединение различных современных технологий и решений, способных обеспечить комфорт и удобство получения услуг, безопасность граждан, рациональное потребление ресурсов и т.д. Мы хотим обратить внимание на то, что часто выпадает из поля зрения поклонников концепции умного города – на безопасность самих элементов умного города. Инфраструктура умных городов развивается быстрее, чем средства ее защиты, что оставляет большой простор для деятельности как любопытных исследователей, так и злоумышленников. Continue reading

0 likes no responses
Twitter

One more backdoor in D-Link DIR-620 (RevG) #CVE201812676
As I mentioned, #CVE201812677 exposures a config-file. I found there the strange account with “support<substring>”. The creds for web-dashboard are hardcoded for ISP support purposes.
Update and restore to factory settings

Thank you #ISCR2018 for the opportunity to share an expertise with the high-motivated audience. Probably, it will change something in their way of thinking. Anyway, the gift from Tokyo Cybercrimes Control Division gives me hope.

Next week at Seoul I will present at "International Symposium on Cybercrime Response" the following topic: “Tracking Cybercrime in IoThreat Era”. Within the presentation I will focus on IoT-related issues on perimeter, how to identify them and how to mislead the attacker.

New vulnerabilities in D-Link DIR-620 (RevG).
#CVE201812677 exposes all user credentials in config-file (plaintext) inside the firmware. It wouldn’t be so critical if part of the file was not stored in JS-variable, that available for unauthenticated user (#CVE201812419).

Tiesto, Aphrodite, SubFocus and... Denis. Still about #cybersecurity in Technology track. In case of emergency will sing something. #alfafuturepeople #AFP2018

Recent Comments
- Sergey to Погружение в даркнет: Снифаем выходную ноду Tor и анализируем получившийся контент
лучше заходиииииииить через тор онлайн http://torproject.online/,...
- Denis Makrushin to The problems of heterogeneous means of protection
Of course!...
- K. Olbert to The problems of heterogeneous means of protection
Insightful diagram, Denis. Would you mind if I use it in a presentation, with credit, of course?...