News Items

Rob Joyce, the Director of Cybersecurity at the National Security Agency (NSA), stated that Russian hackers had accessed private security cameras in Ukrainian coffee shops in order to gather information on passing aid convoys. The cybersecurity official added that these attacks were part of the ongoing invasion of Ukraine by the Russian government. He said there are ongoing attacks on Ukrainian interests, whether financial, government, personal, or individual business, in an attempt to cause disruption. Government-backed hackers actively targeted Ukrainian cyberspace, with CCTV cameras as one of the attack vectors. Joyce explained that while the surveillance cameras in the town square are accessible online, hackers are exploiting zero-day and N-day vulnerabilities to gain access to the private cameras of local businesses in order to monitor the roads they need to see. This article continues to discuss Russian hackers targeting Cameras installed in Ukrainian coffee shops.

Cybernews reports "Russians Hijack Cameras in Ukraine Coffee Shops to Monitor Western Aid, Says Official"

In the first quarter of 2023, hyper-volumetric Distributed Denial-of-Service (DDoS) attacks shifted from relying on compromised Internet of Things (IoT) devices to exploiting compromised Virtual Private Servers (VPS). Cloudflare, an Internet security company, reports that the newer generation of botnets has abandoned the tactic of forming large swarms of individually weak IoT devices and is instead focusing on enslaving vulnerable and misconfigured VPS servers using leaked Application Programming Interface (API) credentials or known exploits. This method enables threat actors to form high-performance botnets with greater ease and speed, which can be up to 5,000 times more powerful than IoT-based botnets. This article continues to discuss findings and observations regarding DDoS attacks shifting to VPS infrastructure.

Bleeping Computer reports "DDoS Attacks Shifting to VPS Infrastructure for Increased Power"

Evotec is still recovering from a cyberattack that forced it to shut down its Information Technology (IT) systems. The cyberattack prompted the disconnection of their systems from the Internet to prevent data corruption or breaches. In a recent update, the company stated that cybersecurity experts and others are conducting a forensic examination of its systems. Evotec has also informed German law enforcement agencies of the attack. Evotec has over 4,200 employees and generated nearly $700 million in revenue in 2021 by developing pharmaceuticals to treat Alzheimer's, Huntington's disease, and other diseases. The company has long-term partnerships with Bristol Myers Squibb, Bayer, Sanofi, and other pharmaceutical titans for drug discovery. Evotec has not yet reconnected its network, but all of its global locations have maintained business continuity, according to the company. This article continues to discuss the cyberattack on the German drug development giant Evotec.

The Record reports "German Drug Development Company Says Cyberattack Causing Production Delays"

Hyundai has recently disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. HaveIBeenPwned said the incident has exposed: e-mail addresses, physical addresses, telephone numbers, and vehicle chassis numbers. HaveIBeenPwned noted that the hacker who accessed Hyundai's database did not steal financial data or identification numbers. Hyundai says they engaged IT experts in response to the incident, who have taken the impacted systems offline until additional security measures are implemented. Hyundai warns its customers to be cautious with unsolicited e-mails and SMS texts claiming to originate from them, as they could be phishing and social engineering attempts. It is unclear how many Hyundai customers this incident impacts, how long the network intrusion lasted, and what other countries might be affected. Hyundai has suffered from a range of cybersecurity issues recently. In February 2023, the company rolled out emergency software updates on several car models impacted by a simple USB cable hack that enabled thieves to steal them. In December 2022, bugs in the Hyundai app allowed remote attackers to unlock and start various impacted models or expose car owner information.

BleepingComputer reports: "Hyundai Data Breach Exposes Owner Details in France and Italy"

Cybersecurity solutions provider Fortinet recently announced the release of security updates across multiple products, including patches for a critical vulnerability in FortiPresence. Offering analytics, heat maps, and reporting, FortiPresence is a data analytics solution available as a hosted cloud service or as a virtual machine for private installations. Fortinet stated that a critical missing authentication vulnerability in the FortiPresence infrastructure server may be exploited to access Redis and MongoDB instances. Tracked as CVE-2022-41331 (CVSS score of 9.3), the vulnerability can be exploited by a remote, unauthenticated attacker through crafted authentication requests. The company noted that the security defect impacts FortiPresence versions 1.0, 1.1, and 1.2 and was addressed with the release of FortiPresence version 2.0.0. As part of its April 2023 vulnerability advisories published this week, Fortinet also announced patches for multiple high-severity flaws in FortiOS, FortiProxy, FortiSandbox, FortiDeceptor, FortiWeb, FortiClient for Windows and macOS, FortiSOAR, FortiADC, FortiDDoS, FortiDDoS-F, FortiAnalyzer, and FortiManager. The company stated that the addressed issues could lead to cross-site scripting (XSS) attacks, unauthorized API calls, command execution, arbitrary code execution, arbitrary file creation, privilege escalation, information disclosure, arbitrary file retrieval, and man-in-the-middle (MitM) attacks. Additionally, Fortinet released an advisory detailing a vulnerability in the Linux kernel version used in FortiAuthenticator, FortiProxy, and FortiSIEM, which could allow an attacker with low privileges to write to page cache and escalate privileges on the system. Tracked as CVE-2022-0847 and also referred to as Dirty Pipe, the flaw was introduced in Linux kernel version 5.8 and was addressed last year in Linux 5.16.11, 5.15.25, and 5.10.102. Several medium and low-severity vulnerabilities impacting FortiNAC, FortiOS, FortiProxy, FortiADC, FortiGate, and FortiAuthenticator were also addressed. Fortinet is advising customers to update their installations as soon as possible. Although the company does not mention any of these vulnerabilities being exploited in attacks, unpatched Fortinet products are known to have been targeted in malicious attacks, including by nation-state threat actors.

SecurityWeek reports: "Fortinet Patches Critical Vulnerability in Data Analytics Solution"

OpenAI recently announced that it is offering white hat hackers up to $20,000 to find security flaws as part of its bug bounty program launched on April 11, 2023. The ChatGPT developer announced the initiative as part of its commitment to secure artificial intelligence (AI). Security experts have scrutinized the company since the launch of the ChatGPT prototype in November 2022. In its announcement, OpenAI acknowledged that despite its heavy investment in research and engineering to ensure its AI systems are safe and secure, vulnerabilities and flaws can emerge. The company stated that it believes that transparency and collaboration are crucial to addressing this reality. That's why they are inviting the global community of security researchers, ethical hackers, and technology enthusiasts to help them identify and address vulnerabilities in their systems. On March 23, OpenAI announced it had fixed a vulnerability in ChatGPT4, which had allowed users to view the titles of chats by other users for nine hours on March 20. Concerns were raised that the bug in the ChatGPT open-source library could lead to privacy concerns. Recent research by BlackBerry found that 51% of security leaders expect ChatGPT to be at the heart of a successful cyberattack within a year. The biggest security concerns center around how threat actors could leverage the large language model to launch attacks, including malware development and convincing social engineering scams.

Infosecurity reports: "Ethical Hackers Could Earn up to $20,000 Uncovering ChatGPT Vulnerabilities"

Researchers from the CyLab Security and Privacy Institute at Carnegie Mellon University (CMU), the University of Michigan, and Fordham University have made it easy for users to choose how websites use their personal information, all in a single spot. The privacy experts have conducted user studies for years, searching for the most effective methods to help website visitors make informed decisions regarding their personal data. In 2019, when the California Attorney General's office requested public input on the California Consumer Privacy Act, the group decided to examine the new regulations to determine how they could help. The statute required websites that collect and share the personal information of visitors to include a link labeled "do not sell my personal information," optionally accompanied by an icon to be specified by the Attorney General's office. Therefore, the researchers began developing and evaluating various options. Lorrie Cranor, the director of CyLab, stated that when brainstorming possible icons, they considered attempting to directly convey the "do not sell my personal information" or "opt-out" concept. However, they understood that individuals would likely have multiple privacy options that extend beyond the sale of information in the future. Thus, it is preferable to design an icon that effectively communicates the concept of choices. Numerous websites, including Spotify, Procter & Gamble, Walmart, Ford Motor Company, Verizon, and more, now feature the CyLab icon. This article continues to discuss the CyLab icon that connects users with online privacy choices.

CyLab reports "CyLab Icon Connects Users With Online Privacy Choices"

According to Check Point Research, the education and research sector has experienced a significant increase in attacks against Internet of Things (IoT) devices, with 131 weekly attacks per organization, more than double the global average and a staggering 34 percent increase from the previous year. Check Point observed an increase in IoT-related attacks across all regions and industries. Europe had the most IoT cyberattacks, with an average of nearly 70 per organization each week, followed by the Asia-Pacific region with 64, Latin America with 48, North America with 37, and Africa with 34. Check Point reported that the IoT devices targeted by threat actors include routers, IP cameras, and digital video recorders, as well as network video recorders and printers. This article continues to discuss the rise in IoT attacks in the education sector.

SC Magazine reports "Education Sector Sees 34% Increase in IoT Attacks"

The world is becoming aware of the threat posed by adversaries equipped with quantum computers. Andersen Cheng, CEO of Post-Quantum, a cybersecurity company specializing in quantum-safe security and identity solutions, believes the OODA framework, pioneered by US Air Force Colonel John Boyd, could be used to help prepare for the post-quantum future. According to Cheng, the findings of each organization's analysis and the steps taken are likely to differ, but for those wondering where to begin, OODA is well suited to structure the road to quantum safety. The first step is identifying the problem and gaining an awareness of the internal and external environments. The next step is to analyze what has been discovered and what should be done next. The third phase is to make suggestions for a response strategy after you have contextualized your company and identified risk exposure. The final step is to carry out the decision and any relevant changes that are required as a result of the decision. This article continues to discuss the potential use of the OODA framework to prepare for the post-quantum future.

HSToday reports "A Practical Framework to Prepare for the Post-Quantum Future"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has published the second version of the Zero Trust Maturity Model. This version incorporates recommendations from a public comment period and advances the federal government's commitment to a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. Although the Zero Trust Maturity Model is intended primarily for federal agencies, all organizations are encouraged to consider it and take steps to accelerate their progress toward a zero trust model. Zero trust is a method in which access to data, networks, and infrastructure is limited to what is minimally required, and the validity of that access is constantly verified. Understanding that organizations begin their path toward zero trust architectures differently, the Zero Trust Maturity Model update includes a new maturity stage dubbed "Initial" that can be used as a guide to determine maturity for each pillar. In all four stages of maturity (Traditional, Initial, Advanced, and Optimal), CISA has added several new functions and updated existing functions for organizations to consider when planning and making decisions regarding the implementation of zero trust architecture. This article continues to discuss CISA's release of the updated Zero Trust Maturity Model.

CISA reports "CISA Releases Updated Zero Trust Maturity Model"

According to researchers at XM Cyber, only 2% of all exposures enable attackers with seamless access to critical assets, while 75% of exposures along attack paths lead to "dead ends." The researchers analyzed over 60 million exposures in over 10 million entities on-premise and in the cloud during the study. The researchers discovered that 71% of organizations have exposures in their on-premise networks that put their critical assets in the cloud at risk. Once there, 92% of critical assets become vulnerable. The researchers noted that once attackers infiltrate cloud environments, it's easy for them to compromise assets. The researchers stated that cloud security is not yet mature, and many security teams don't fully understand what security issues they need to look for. The researchers also found that average organizations have 11,000 exploitable security exposures monthly, with techniques targeting credentials and permissions affecting 82% of organizations and exploits accounting for over 70% of all identified security exposures. The researchers stated that instead of focusing on a list of 20,000 vulnerabilities to address, focus on identifying the quickest wins in your external-facing infrastructure, then work to reduce the scope of permissions that your user and service accounts have. By reducing the amount of systems that users can access, you reduce the risk of those credentials being abused in later stages of an attack, and you increase the efficacy of this practice when you stack on multi-factor authentication and device health attestation.

Infosecurity reports: "Eliminating 2% of Exposures Could Protect 90% of Critical Assets"

A leading Australian lender has refused to pay online extorters demanding a ransom for the personal data they stole on an estimated 14 million customers. Latitude Financial CEO, Bob Belan, stated that paying the threat actors would bring no guarantees that they would destroy the data as promised. He noted that it would only encourage further extortion attempts on Australian and New Zealand businesses in the future. A recent study from Trend Micro found that firms like Latitude Financial are now in the majority. Only an estimated 10% of victim organizations actually pay their extorters today, and because of the relatively small share, they're usually forced to pay more per compromise than in years past. Trend Micro calculated using AI tools that those companies who pay are effectively subsidizing between six and 10 new cyberattacks. Latitude Financial initially claimed that a March breach had only resulted in the loss of around 100,000 identification documents and 225,000 customer records. However, it was soon forced to recalculate these figures, admitting that the hackers had taken 7.9 million Australian and New Zealand driver's license numbers, plus 6.1 million records dating back to 2005, including names, addresses, telephone numbers, and dates of birth. It is still unclear which ransomware group was behind the attack, although a compromised employee credential is thought to have provided initial access to the network. Latitude Financial is Australia's largest non-bank lender, providing buy now, pay later (BNPL) services to many domestic retailers.

Infosecurity reports: "Latitude Financial Refuses to Pay Ransom"

German shipbuilder Lurssen, which makes military vessels and luxury yachts, has recently become the target of a ransomware cyberattack. The Bremen-based company was attacked over the Easter holiday period. The company stated that in coordination with internal and external experts, they immediately initiated all necessary protective measures and informed the responsible authorities. According to a local news outlet, "the cyberattack has brought large parts of Luerssen's shipyard operations to a standstill." Lurssen has built several superyachts, including the world's largest by volume, the 156-meter (512-foot) Dilbar, owned by a trust linked to Russian billionaire Alisher Usmanov. The company traces its origins back almost 150 years.

Bloomberg reports: "German Superyacht Maker Targeted by Ransomware Cyberattack"

According to Trend Micro, as cybercriminal groups grow, they adopt corporate-like behavior, which presents its own set of challenges and costs. The cybercriminal world is rapidly professionalizing, with groups imitating legitimate businesses that are growing in complexity and revenue. However, larger cybercrime groups can be more difficult to manage and contain more 'office politics,' underachievers, and trust issues. Trend Micro's report emphasizes to investigators the significance of understanding the size of the such groups with which they are dealing. According to the report, a typical large cybercriminal group allocates 80 percent of its operating expenses to wages, while small groups allocate 78 percent. Infrastructure such as servers, routers, Virtual Private Networks (VPNs), virtual machines, and software are also major expenses. This article continues to discuss key findings from Trend Micro's analysis of three types of cybercriminal groups.

Help Net Security reports "Criminal Businesses Adopt Corporate Behavior as They Grow"

Researchers have described the inner workings of the cryptocurrency-stealing malware that was spread via 13 malicious NuGet packages as part of a supply chain attack aimed at .NET developers. The typosquatting campaign, detailed by JFrog late last month, impersonated legitimate packages in order to execute PowerShell code designed to retrieve a following binary from a hard-coded server. The two-stage attack leads to the deployment of Impala Stealer, a .NET-based persistent backdoor capable of gaining unauthorized access to cryptocurrency accounts. The payload used a rare obfuscation technique known as '.NET AoT compilation,' which is significantly more covert than using off-the-shelf obfuscators while still making the binary difficult to reverse engineer, according to JFrog. .NET AoT compilation is an optimization technique that enables apps to be compiled to native code in advance. This article continues to discuss the distribution of cryptocurrency stealer malware via 13 malicious NuGet packages.

THN reports "Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages"

Quantum computer research and development continues to expand at an accelerated rate. In 2022, the US government spent over $800 million on Quantum Information Science (QIS) research. Quantum computers hold great promise because they will be able to solve certain classically intractable problems, meaning that a conventional computer cannot perform the calculations in a practical timeframe for humans. Given this computational capability, there are growing concerns about the future cyber threats quantum computers could pose. For example, Secretary of Homeland Security Alejandro Mayorkas has identified the transition to post-quantum encryption as a priority for ensuring cyber resilience. There needs to be more discussion about how to protect quantum computers in the future. If quantum computers become valuable, it is reasonable to assume that they will ultimately be the target of cybercriminal activity. Understanding how quantum computers will be incorporated with classical computers is crucial for exploring cyber threats against quantum computers. The interface between classical and quantum computers in the hybrid computing environments typical of the Noisy Intermediate-Scale Quantum (NISQ) era is ideal for cyberattacks. This interface is the gateway between the classical and quantum environments, allowing known classical computer exploits to traverse into quantum domains. A hybrid system can be compromised by using various known cyberattack techniques against traditional computers. This article continues to discuss the concept of quantum computing, cyber threats to quantum computers, and six key areas of future research in quantum cybersecurity.

Carnegie Mellon University reports "Cybersecurity of Quantum Computing: A New Frontier"

Researchers have discovered that Artificial Intelligence (AI) systems can easily crack nearly all passwords. Researchers from Home Security Heroes fed millions of passwords from RockYou to the PassGAN AI platform to observe how quickly it could crack them. In the early days of social media, the widget RockYou was immensely popular on MySpace and, later, Facebook. However, it was compromised by hackers in 2009, and 32 million plaintext passwords were released to the dark web. The researchers extracted 15.6 million passwords from the data set and fed them into PassGAN, in which the passwords are now often used to train AI tools. PassGAN is a password generator based on Generative Adversarial Network (GAN) that creates fake passwords mimicking real ones discovered in the wild. After excluding passwords shorter than four characters and longer than 18, researchers discovered that 51 percent of "common" passwords could be cracked in less than one minute. It required less than an hour to crack 65 percent, less than a day to crack 71 percent, and less than a month to identify 81 percent. This article continues to discuss the researchers' findings from running 15.6 million common passwords through an AI password cracker.

TechRadar reports "AI Can Crack Most Passwords in Less Than a Minute"

In addition to maintaining a high profile, the LockBit group has turned ransom monetization on its head. Forty-four percent of all ransomware attacks launched in 2022 have been attributed to this group due to its innovative approach. The LockBit ransomware gang has become one of the most infamous cybercriminal groups in history. LockBit, formerly known as "ABCD ransomware," debuted in late 2019 and experienced a rapid rise in popularity. As a Ransomware-as-a-Service (RaaS), the group includes a central team that creates the malware and administers its website. In the meantime, the group provides access to its code to affiliates who help in the execution of cyberattacks. Affiliates have been found to be experts in various areas, including vulnerability search and network breaching. This article continues to discuss the evolution of LockBit.

Security Intelligence reports "How LockBit Changed Cybersecurity Forever"

On Thursday, April 6, the University of Hawai`i Maui College said they learned of a data breach that affected their system. According to UH, the breach occurred in mid-February. The university learned that an unauthorized third party had gained access to the university's computer network. The university stated they took immediate action once the breach was discovered and reported to law enforcement. The university engaged with experts to investigate and determine the scope and nature of the breach. According to UH, the breach was isolated to UH Maui College's network. They said that prior to the intrusion from the breach, the network was protected by a firewall and other safeguards. UH made a point to indicate that the breach did not impact the larger UH System network. Current employees and staff were notified of the breach, and UH also sent out notification letters to 10,500 people who may have been impacted by the breach. The letter included an offer for free credit monitoring and identity theft protection services through Experian.

KHON2 reports: "UH Maui College Warns of Data Breach"

Microsoft recently warned that Iranian advanced persistent threat (APT) actors MuddyWater and DEV-1084 had been observed launching destructive cyberattacks disguised as ransomware. Also tracked as Mercury, Seedworm, and Static Kitten and known to be launching espionage campaigns against targets in the Middle East since at least 2017, MuddyWater was officially linked by the U.S. government to Iran's Ministry of Intelligence and Security. DEV-1084, which claims to be a financially motivated cybercriminal group operating under the DarkBit persona, is connected to MuddyWater, if not a subgroup of the APT. Microsoft stated that DEV-1084 was seen using an IP address and a VPN provider historically associated with MuddyWater, using tools previously used by the APT and using a domain believed to be controlled by MuddyWater. Microsoft found that Mercury gains access to the targets through remote exploitation of an unpatched internet-facing device. Mercury then hands off access to DEV-1084. It is unclear if DEV-1084 operates independently of Mercury and works with other Iranian actors or if DEV-1084 is an "effects based" sub-team of Mercury that only surfaces when Mercury operators are instructed to carry out a destructive attack. Microsoft noted that following the initial compromise, the adversary deploys web shells, creates administrative user accounts, installs legitimate tools for remote access (including eHorus, Ligolo, and RPort), installs a PowerShell script backdoor, and steals credentials. After establishing persistence, the threat actor performs reconnaissance and lateral movement, using remote scheduled tasks to launch the backdoor, Windows Management Instrumentation (WMI) to execute commands, and remote services to run PowerShell commands. The attackers were also caught abusing compromised Azure Active Directory (Azure AD) accounts that had "global administrator" privileges to perform destructive actions, deleting within a few hours server farms, virtual machines, storage accounts, and virtual networks. Microsoft stated that the attacker's goal was to cause data loss and a denial of service (DoS) of the target's services. In some cases, the hackers were seen deploying tunneling tools such as Ligolo and OpenSSH to hide command-and-control (C&C) communication. Microsoft also observed the attackers using high-privileged credentials and domain controller access to carry out on-premises destructive operations and prepare for large-scale encryption.

SecurityWeek reports: "Microsoft: Iranian Gov Hackers Caught in Azure Wiper Attacks"

Internal documents, including meeting notes and source code, were shared by Samsung employees with the popular Artificial Intelligence (AI)-driven chatbot ChatGPT. ChatGPT trains itself and build its experience based on user-provided data, with the risk of this data becoming accessible to other users who query the popular chatbot. Engineers at Samsung used ChatGPT to examine the company's source code, and they asked the chatbot to optimize test sequences for detecting flaws in the chips they were designing. In less than a month, the company experienced three data breaches due to employees leaking sensitive information through ChatGPT. This article continues to discuss Samsung employees leaking secret data through the use of the popular chatbot service ChatGPT.

Security Affairs reports "Samsung Employees Unwittingly Leaked Company Secret Data by Using ChatGPT"

After MSI disclosed a recent cyberattack, owners of MSI motherboards, GPUs, notebooks, PCs, and other devices should exercise caution when updating the firmware or BIOS of their devices. MSI urged users to obtain firmware/BIOS updates exclusively from its official website and to refrain from using files from other sources. Although this may seem obvious, it's not uncommon to discover custom BIOS firmware for PC hardware, especially for GPUs, on enthusiast forums. However, MSI's warning may have been prompted by the types of data stolen during the attack. A group of malicious actors known as Money Message posted screenshots of MSI's CTMS and ERP databases, as well as source code, private keys, and BIOS firmware, on their dark website. This information should not fall into the wrong hands, as it could be used to create malicious firmware clones that people could be tricked into installing. This article continues to discuss the cyberattack faced by MSI and the potential impact of this attack.

The Register reports "MSI Hit in Cyberattack, Warns Against Installing Knock-off Firmware"

The Dutch government will enhance the security of its Internet routing by using the Resource Public Key Infrastructure (RPKI) standard before the end of 2024. RPKI, or Resource Certification, protects against malicious or accidental rerouting of Internet traffic through cryptographic verification of the routes. The standard uses digital certificates to secure the Border Gateway Protocol (BGP) used to exchange routing information and to ensure that traffic is routed through the legitimate network operator controlling the IP addresses along the destination path. Standardization Forum in the Netherlands, a research and advisory organization serving the public sector on the use of open standards, has announced that by 2024, all communication devices (ICT) managed by the Dutch government must comply with the RPKI standard. This article continues to discuss the Dutch government upgrading the security of its Internet routing by adopting the RPKI standard.

Bleeping Computer reports "All Dutch Govt Networks to Use RPKI to Prevent BGP Hijacking"

Experts in automotive security have discovered a novel method for hijacking automobiles by hacking into their control systems via the headlight. The controller area network (CAN) bus, the Internet of Things (IoT) protocol by which devices and microcontrollers in a vehicle communicate with one another, is the determining factor. Cyberattackers can essentially subvert the vehicle's onboard, local communications network in order to potentially halt and start the vehicle, open doors and windows, and manipulate the radio. While car hacking is nothing new, Ken Tindell, CTO of Canis Automotive Labs, described how attackers exploited an electronic control unit (ECU) in the headlight of a Toyota RAV4 to get access to the vehicle's CAN bus and ultimately steal it. This is an approach that has never been observed before. Once connected via the headlamp, they hacked their way into the CAN bus, which controls functions such as the parking brakes, headlights, and smart key, and then into the powertrain panel, where the engine control is located. This article continues to discuss the IoT hack.

Dark Reading reports "Cybercriminals 'CAN' Steal Your Car, Using Novel IoT Hack"