News in brief: moving Segway hacked; Google Glass resurrected; 308 Oracle fixes


Your daily round-up of some of the other stories in the news

Moving Segway hacked

Security researchers have discovered that Segway’s Ninebot MiniPRO, a so-called “hover board” can be hacked and controlled remotely.

The attack is made possible by two major oversights: every Ninebot MiniPRO has the same PIN code and none bothers to check the authenticity of its firmware. According to IOActive, the company who discovered the vulnerability:

Even though the rider could set a PIN, the hoverboard did not actually change its default pin … This allowed me to connect over Bluetooth while bypassing the security controls. I could also document the communications between the app and the hoverboard, since they were not encrypted.

Researchers were able to use these flaws to install their own firmware and then make merry with the hacked non-hovering not-boards: shutting them down, changing the colours of their lights, disabling safety mechanisms or just driving (not flying) them off.

It’s been understood for many years that hard-coded or default passcodes are a bad idea but discovering that something as shiny and new as a Ninebot MiniPRO has one isn’t the surprise it should be. The ‘PRO is part of the IoT (Internet of Things) and the IoT has recently given giving hard-coded passwords, and many other bad old ideas, a new lease of life.

Google Glass resurrected

A year and a half after pulling the plug on Google Glass, the search giant has brought the wearable tech back from the dead. Which is rather interesting, because few seemed sad to see it go away.

Google said it’s designing an upgraded and more comfortable version of the Glass headset with a longer battery life. The revised headset, called Glass Enterprise Edition, will be targeted at industries such as healthcare and manufacturing where users can benefit from hands-free information as they work.

Jay Kothari, lead of the Glass project at Google, told the UK Telegraph:

Glass, as you might remember, is a very small, lightweight wearable computer with a transparent display that brings information into your line of sight … In a work setting, you can clip it onto glasses or industry frames like safety goggles so you don’t have to switch focus between what you’re doing with your hands and the content you need to see to do your job.

In its previous four-year existence, Google Glass received a fair amount of ridicule. In some cases, people took their disdain too far. In 2014, for example, Sarah Slocum, a social media consultant, posted about being attacked in a bar called Molotov in San Francisco, over her face contraption.

Oracle releases its largest Critical Patch Update yet

Oracle’s critical patch update for July comes with a mammoth 308 bug fixes, reports SC Magazine.

Updates cover vulnerabilities across more than 90 Oracle products, including Oracle Enterprise Manager, Oracle Hyperion, Oracle E-Business Suite, Oracle Fusion Middleware and Oracle Java SE and products used by retail and financial organisations.

But, it was Oracle’s Hospitality Applications that received the most updates, with 48 patches. Of which, 11 of these are “remotely exploitable without authentication”.

In their Critical Patch Update Advisory, the company explains that, though they have previously released the patches, they still receive reports of efforts to exploit security holes and, as such, urge customer to apply these latest fixes “without delay”.

Catch up with all of today’s stories on Naked Security