Weerarada dib-u-soo-celinta muhiimka^(Key) ah ama KRACK waa weerarro internet-ka ah oo ka faa'iidaysta nuglaanshaha habka shabakadaha WiFi ay u xafidaan una gudbiyaan xogta, iyada oo ujeedadu tahay in la xado waxa lagu kala qaado shabakadda. Weerarada noocan oo kale ah waxay keeni karaan in la xado macluumaadka xasaasiga ah ama waxaa loo isticmaali karaa weerarrada dhex-dhexaadka ah, u adeega dhibbanaha shabakad been abuur ah ama in lagu duro kood xaasidnimo ah goobta sharciga ah. Dhawaan, cilmi-baarayaal ka socda ESET ayaa shaaca ka qaaday in qaar ka mid ah qalabka Echo iyo Kindle ee ^(Kindle)Amazon ay u nugul yihiin weerarkan. Waa kan waxa tani ka dhigan tahay, sababta aaladaha IoT loo weeraro, iyo sida looga hortago weerarada gurigaaga ama ganacsigaaga:

Amazon 's Echo iyo jiilka 8-aad ee Amazon Kindle waxay u nugul yihiin weerarrada KRACK

Sida laga soo xigtay cilmi-baarista^(research) ESET 's^(ESET) Smart Home Research Kooxda^{(Smart Home Research Team)} , jiilkii ugu horreeyay ee Amazon Echo aaladaha (la sii daayay 2015), iyo jiilka 8-aad ee Kindle (oo la sii daayay 2016) ayaa u nugul weerarka KRACK , kaas oo sameeyay cinwaannada 2017. Waa nuglaansanaan weyn oo saamaysay dhammaan shabakadaha WiFi , una ogolaatay weeraryahannada inay furaan dhammaan xogta ay dhibanayaashu gudbiyaan, oo ay u isticmaalaan sida ay ku habboon yihiin.

Nuglaantan awgeed, aaladaha Amazon Echo iyo Kindle ee aan la daboolin ayaa laga yaabaa in isgaarsiintooda la gooyo, xogta waa la duri karaa oo la been-abuuri karaa, iyo macluumaadka xasaasiga ah ayaa loo bandhigi karaa qofka weerarka geystay.

ESET waxay dhibaatadan u gudbisay Amazon^(Amazon) bishii Oktoobar 2018^{(October 2018)} , iyo, Janaayo 2019^{(January 2019)} , Amazon waxay xaqiijisay in ay ku celin karaan arrinta, waxayna bilaabeen inay ka shaqeeyaan balastar. Toddobaadyada soo socda, Amazon waxay sidoo kale soo saartay cusbooneysiin cusub oo qalabaysan oo loogu talagalay aaladaha nugul, si loo xalliyo dhibaatada. Sidaa darteed, haddii aad leedahay aaladda Echo , Hubi oo Cusbooneysii Qalabkaaga Alexa Software Software^{(Check & Update Your Alexa Device Software)} . Haddii aad leedahay Kindle jiilka 8aad , aad Kindle E-Reader Software Updates .

Waa maxay sababta tuugadu u jecel yihiin inay beegsadaan aaladaha IoT sida ^(IoT)Amazon Echo

Amazon Echo waa aalad IoT ah ( Internet of Things ) oo caan ku ah guryaha iyo ganacsiyada casriga ah. Dadku waxay u adeegsadaan sababo badan, oo ay ku jiraan xakamaynta aaladaha kale ee IoT ee guryahooda, sida jiheeyayaasha bilaa-waayirka ah, nalalka smart, furyada smart, dareemayaasha, heerkulbeegyada, iyo wixii la mid ah. Echo waxaa loo isticmaalaa in lagula falgalo Amazon 's Alexa , kaas oo leh in ka badan 100,000 xirfadood oo koraya. Caawinteeda, waxaad samayn kartaa waxyaabo ay ka mid yihiin dalbashada pizza, u daadi kartaa TV-ga qalab ku habboon gurigaaga, maamuli kartaa liiskaaga wax-qabadka, hel wararkii ugu dambeeyay, ama maamuli kartaa heerkulbeegyada Nest Learning^{(Nest Learning Thermostat)} .

Amazon Echo iyo dhammaan aaladaha kale ee IoT waxay wadaagaan sifooyinka soo socda ee ka dhigaya inay soo jiidaan weeraryahannada:

• Had iyo jeer shid - ma damin Amazon Echo ama furkaaga smart. Had iyo jeer waa shid oo waxay sugtaa amarradaada. Sidoo kale waa dhammaan aaladaha kale ee IoT ee gurigaaga ama ganacsigaaga.
• Had iyo jeer ku xiran - qalabkaaga IoT had iyo jeer waxay ku xiran yihiin WiFi , iyo inta badan, sidoo kale internetka.
• Way fududahay^(Easy) in laga faa'iidaysto nuglaanta - tani waa run, gaar ahaan aaladaha ka jaban, kuwaas oo soo saarayaashu aysan wax badan gelin amniga. Qaar ka mid ah aaladaha IoT ayaa si dhib yar u hela cusboonaysiinta firmware-ka iyo hagaajinta amniga.
• Malware way adag tahay in la ogaado, lafo-guro, lagana saaro - marka aaladda IoT uu waxyeeleeyo qofka wax weeraraya, ma ogaan kartid ilaa aad haysato qalabka lagama maarmaanka ah ee lagu falanqeeyo taraafikada shabakadda ee uu sameeyay aaladdaas. Intaa waxaa dheer, marka caabuq la ogaado, ka saarida way adag tahay haddii aadan haysan xirfadaha farsamada iyo qalabka lagama maarmaanka ah.
• Qaar badan oo ka mid ah koodhka isha malware-ka ayaa la heli karaa - way fududahay in la helo labada koodhka isha iyo agabka ka faa'iidaysanaya dayacanka la yaqaan ee aaladaha IoT . Sidoo kale waa wax ku ool sababtoo ah aalado badan oo IoT ah si joogto ah uma cusboonaysiiyaan.

Dhammaan sababahan ayaa ka dhigaya aaladaha IoT bartilmaameed soo jiidasho leh oo loogu talagalay hackers-ka iyo weeraryahannada adduunka oo dhan.

Sida looga hortago weerarada oo loo ilaaliyo aaladahaaga IoT

Ma jirto "xabad lacageed" oo ka ilaalin karta qalabkaaga IoT dhammaan khataraha. Si kastaba ha ahaatee, waxaa jira waxyaabo ay tahay inaad sameyso si aad u kordhiso ammaanka, oo aad hoos u dhigto fursadda guusha ee weerarka:

• Haddii aad ku raaxaysan karto faa'iidooyinka isticmaalka aaladda IoT , adoon si toos ah ugu xidhin internetka, oo kaliya shabakadaada, jar marinka internetka. Tani waxay si weyn hoos ugu dhigi doontaa fursadaha aaladda IoT inay noqoto dhibbanaha weerarka.
• U isticmaal^(Use) furaha sirta ah ee xooggan, dhammaan aaladahaaga IoT , iyo sidoo kale xaqiijinta laba-tallaabo^{(two-step authentication)} marka la heli karo.
• Si joogto ah u cusboonaysii firmware -ka aaladahaaga IoT Qaar badan^(Many) oo iyaga ka mid ah ma bixiyaan digniino firfircoon oo ku saabsan cusbooneysiinta firmware-ka, markaa waa inaad abuurtaa caado aad gacanta ku hubiso cusbooneysiinta hal mar.
• U sahle sirta isgaarsiinta shabakada U deji aaladahaaga IoT si ay u isticmaalaan ^(IoT)HTTPS - nooca aaminka ah ee HTTP - si taraafikada shabakadooda loo qariyo. Sidaa darteed^(Therefore) , xitaa haddii baakidhyada la ursado ama si kale loo qabto, waxay la kulmi doonaan jilayaal aan macno lahayn.
• Jooji^(Disable) adeegyada aan la isticmaalin. Amazon 's Echo iyo Alexa waa tusaalayaal qumman oo ah aaladaha IoT ee caqliga leh ee leh xirfado iyo adeegyo badan. Iyadoo tani ay ka dhigayso mid faa'iido leh, waxay sidoo kale kordhisaa dusha weerarka. Sidaa darteed, haddii aadan isticmaalin astaamo gaar ah (ama xirfado) aaladda IoT , dami haddii aad awooddo, si uusan u isticmaalin weeraryahan.
• Adeegso router-ka wireless-ka oo leh ammaan ku dhex dhisan – qaar ka mid ah router-yada wireless-ka waxaa ka mid ah anti-virus iyo nidaamka ka-hortagga faragelinta labadaba, taas oo ku adkeynaysa weerarrada dibadda inay waxyeelleeyaan shabakadda iyo aaladaha IoT ee ku xiran. Sidoo kale, haddii ay maamulaan inay waxyeeleeyaan aaladda IoT , routerkaaga bilaa-waayirka ah ayaa calaamadin kara dhibaatadan, si aad u qaaddo tallaabo aad ku hagaajinayso.
• Adeegso^(Use) agab ammaan oo horumarsan oo baadhaya aaladaha shabakadaada oo qiimeeya ammaankooda. Tusaale ahaan, ESET Smart Security Premium waxa ay leedahay sifo la yidhaa Connected Home Monitor , kaas oo qiimeeya amniga shabakadaada, tilmaamaysa aaladaha la jabsaday, oo ku siinaya talooyin ku saabsan horumarinta amniga.

Sideed u ilaalisaa aaladaha IoT ee gurigaaga ama ganacsigaaga?

Dhibaatooyinka ay shaaca ka qaaday ESET ee ku saabsan Amazon Echo iyo Kindle waxay muujinayaan sida aaladaha IoT u nugul yihiin. ^(IoT)Haa, way faa'iido leeyihiin oo waxay noo fududeeyaan nolosheenna, laakiin sidoo kale waa vector weerar ah oo soo jiidanaya hackers iyo abuurayaasha malware. Kahor intaadan xidhin, noo sheeg waxa aad ka qabto waxa shaaca ka qaaday ESET iyo sida aad u ilaaliso aaladaha shabakadaada. Hoos ka faallooda, oo aan ka wada hadalno.

Why IoT devices like Amazon Echo are a target for attackers, and how to protect yourself

Key reinstallation attacks оr KRACK are cyberattacks that exploit a vulnerability in the way WіFi nеtworks encrypt and transmit datа, with the aim of stealing what is transmitted over the network. Such аttacks can result in theft of sensitivе information or can bе used as man-in-the-middle attаcks, serving the victim a fake website or injecting malicious code into a legitimate site. Recently, researchers from ESET haνe revealed that some Echо and Kindle devices from Amazon are vulnerable to this attack. Here is what this means, why IoT devices are attaсked, and how to prevent attacks in your home or busіnеss:

Amazon's Echo and the 8th generation of Amazon Kindle are vulnerable to KRACK attacks

According to research from ESET's Smart Home Research Team, the first generation of Amazon Echo devices (released in 2015), and the 8th generation of Kindle (released in 2016) are vulnerable to the KRACK attack, which made the headlines in 2017. It is a significant vulnerability that affected all WiFi networks, and allowed attackers to decrypt all the data that their victims transmit, and use it as they see fit.

Because of this vulnerability, unpatched Amazon Echo and Kindle devices could have their communication decrypted, data could be injected and forged, and sensitive information could be exposed to the attacker.

ESET communicated this problem to Amazon in October 2018, and, in January 2019, Amazon confirmed that they could replicate the issue, and started to work on a patch. In the coming weeks, Amazon has also released new firmware updates for the vulnerable devices, to fix the problem. Therefore, if you have an Echo device, Check & Update Your Alexa Device Software. If you have an 8th generation Kindle, go to Kindle E-Reader Software Updates.

Why hackers love to target IoT devices like Amazon Echo

Amazon Echo is an IoT (Internet of Things) device that's popular in modern homes and businesses. People use it for many reasons, including for controlling other IoT devices in their homes, like their wireless routers, smart bulbs, smart plugs, sensors, thermostats, and so on. Echo is used to interact with Amazon's Alexa, which has more than 100,000 skills and growing. With its help, you can do things like order pizza, stream TV to a compatible device in your home, manage your to-do list, get the latest news, or control your Nest Learning Thermostat.

Amazon Echo and all other IoT devices share the following characteristics that make them appealing to attackers:

• Always on - you do not turn your Amazon Echo or your smart plug off. It is always turned on and waiting for your commands. So are all other IoT devices in your home or business.
• Always connected - your IoT devices are always connected to the WiFi, and often, also to the internet.
• Easy to exploit vulnerabilities - this is true, especially for cheaper devices, whose manufacturers did not invest a lot into security. Some IoT devices barely get firmware updates and security fixes.
• Malware is hard to detect, analyze, and remove - when an IoT device is compromised by an attacker, you may not notice unless you have the necessary tools to analyze the network traffic generated by that device. Furthermore, when an infection is detected, removing it is difficult if you do not possess the technical skills and tools necessary.
• A lot of malware source code available - it is easy to find both source code and tools that take advantage of known vulnerabilities for IoT devices. They are also effective because many IoT devices do not get updated regularly.

All these reasons make IoT devices an appealing target for hackers and attackers worldwide.

How to prevent attacks and protect your IoT devices

There is no "silver bullet" that can protect your IoT devices from all threats. However, there are some things you should do to increase security, and lower the success chance of an attack:

• If you can enjoy the benefits of using an IoT device, without connecting it directly to the internet, and only to your network, cut its internet access. This would significantly lower the chances of that IoT device becoming the victim of an attack.
• Use strong, unique passwords for all your IoT devices, as well as two-step authentication when available.
• Regularly update the firmware of your IoT devices. Many of them do not offer proactive alerts about firmware updates, so you have to create a habit of manually checking for updates once in a while.
• Enable encryption for network communication. Set your IoT devices to use HTTPS - the secure version of HTTP - so that their network traffic is encrypted. Therefore, even if the packets are sniffed or otherwise intercepted, they would come across as nonsensical characters.
• Disable unused services. Amazon's Echo and Alexa are perfect examples of smart IoT devices that have many skills and services. While this makes them useful, it also increases the attack surface. Therefore, if you are not using specific features (or skills) of an IoT device, disable them if you can, so that they cannot be used by an attacker.
• Use a wireless router with built-in security - some wireless routers include both an antivirus and intrusion prevention system, which makes it difficult for external attackers to compromise the network and the IoT devices that are connected to it. Also, if they do manage to compromise an IoT device, your wireless router can signal this problem, so that you can take action to fix it.
• Use an advanced security product that scans the devices in your network and evaluates their security. For example, ESET Smart Security Premium has a feature called Connected Home Monitor, which assesses the security of your network, identifies compromised devices, and gives you tips on improving safety.

How do you protect the IoT devices in your home or business?

The problems revealed by ESET about Amazon Echo and Kindle showcase how vulnerable IoT devices are. Yes, they are useful and make our life easier, but they are also an attack vector that is tempting to hackers and malware creators. Before closing, tell us what you think about what was revealed by ESET and how you protect the devices in your network. Comment below, and let's discuss.

Related posts

• Ku-noqoshada ugu fiican ee Wi-Fi-ga-dugsiga ee ASUS -

• Wi-Fi 6 waa deegaan, ma aha oo kaliya router-

• 6 sababood oo lagu iibsado TP-Link Wi-Fi 6 router -

• ASUS RT-AX92U: Saamaynta isticmaalka Wi-Fi 6 dib-u-hagaajinta!

• 8 tillaabo si aad kor ugu qaaddo amniga ASUS router kaaga ama ASUS Lyra mesh WiFi

• Sida loo sameeyo TP-Link OneMesh Wi-Fi 6 router iyo fidiyeyaasha kala duwan

• Sideen awood ugu yeeshaa ama u joojin karaa Wi-Fi-ga Windows 11? -

• Sideen dib ugu dejiyaa ASUS router-kayga goobtiisa warshadda? (4 siyaabo)

• 2 siyaabood oo loo cusbooneysiiyo firmware-ka TP-Link Wi-Fi 6 router -

• Dib u eegis ASUS RP-AC87: Bahal weyn xagga cabbirka iyo xawaaraha soo dejinta

• Dib u eegista TP-Link Archer AX50: Wi-Fi 6 iyo antivirus, oo si macquul ah loo qiimeeyo

• ASUS mesh Wi-Fi: kan ugu fiican labada adduun!

• Sida loo sameeyo Windows 11 hotspot-

• ASUS RT-AX82U dib u eegis: ciyaaruhu waxay la kulmaan Wi-Fi 6! -

• Sanduuqa Bitdefender 2 dib u eegis: Amniga shabakada guriga jiilka xiga!

• Linksys Velop AC1300 dib u eegis: Linksys 'nidaamka mesh WiFi ee ugu dheelitiran!

• Sida loo doorto router-ka wireless-ka: 10 arrimood oo ay tahay in la tixgeliyo!

• ASUS Lyra vs. ASUS Lyra Trio vs. ASUS Lyra Mini: Qiimaha, waxqabadka, iyo sifooyinka!

• 2 siyaabood oo aad ku dejisan karto TP-Link Wi-Fi 6 router kaaga -

• Su'aalo fudud: Waa maxay cinwaanka MAC, sideese loo isticmaalaa?