Technology
The US government says a vulnerability in the Chirp Systems app allows anyone to remotely control smart home locks
A flaw in a smart access control system used in hundreds of U.S. rental homes allows anyone to remotely control any lock in the affected home. However, Chirp Systems, which produces the system, ignored requests to fix the fault.
The US cybersecurity agency CISA followed a safety advisory was made publicly available last week claiming that Chirp-developed phone apps that residents use as an alternative of a key to access their homes “improperly store” hard-coded credentials that might be used to remotely control any Chirp-compatible smart lock.
Applications that use passwords stored in the source code, called hardcoded credentials, pose a security risk because anyone can extract these credentials and use them to perform actions that impersonate the application. In this case, the credentials allowed anyone to remotely lock or unlock a door lock connected to Chirp over the Internet.
In its advisory, CISA said that a successful exploitation of the vulnerability “could allow an attacker to gain control and gain unrestricted physical access” to smart locks connected to the Chirp smart home system. The Cybersecurity Agency gave the vulnerability a severity rating of 9.1 out of a maximum of 10 for its “low attack complexity” and distant exploitability.
The cybersecurity agency said Chirp Systems didn’t respond to either CISA or the researcher who discovered the vulnerability.
said security researcher Matt Brown veteran security journalist Brian Krebs that it notified Chirp of a security issue in March 2021, but the vulnerability stays unpatched.
Chirp Systems is one among a growing variety of real estate technology firms providing rental giants with keyless access control that integrates with smart home technologies. Rental firms are increasingly forcing tenants to allow the installation of smart home equipment in accordance with their lease agreements, nevertheless it is at best unclear who takes responsibility or is held accountable when security issues arise.
Property and rental giant Camden Property Trust signed a deal to introduce Chirp-connected smart locks in 2020 over 50,000 premises in over a hundred facilities. It is unclear whether affected facilities, equivalent to Camden, are aware of the vulnerability or have taken motion. Kim Callahan, a spokesman for Camden, didn’t respond to a request for comment.
Chirp was acquired by property management software giant RealPage in 2020, and RealPage was acquired by private equity giant Thoma Bravo later that 12 months in a deal valued at $10.2 billion. RealPage stands several legal challenges following the allegations, rent-setting software uses secret and proprietary algorithms to help landlords raise the highest possible rents for tenants.
Neither RealPage nor Thoma Bravo have yet confirmed vulnerabilities in the acquired software or said whether or not they plan to notify affected residents of the security risk.
Jennifer Bowcock, a spokeswoman for RealPage, didn’t respond to requests for comment from TechCrunch. Megan Frank, a spokeswoman for Thoma Bravo, also didn’t respond to requests for comment.
Technology
US medical device giant Artivion says hackers stole files during a cybersecurity incident
Artivion, a medical device company that produces implantable tissue for heart and vascular transplants, says its services have been “disrupted” resulting from a cybersecurity incident.
In 8-K filing In an interview with the SEC on Monday, Georgia-based Artivion, formerly CryoLife, said it became aware of a “cybersecurity incident” that involved the “compromise and encryption” of information on November 21. This suggests that the corporate was attacked by ransomware, but Artivion has not yet confirmed the character of the incident and didn’t immediately reply to TechCrunch’s questions. No major ransomware group has yet claimed responsibility for the attack.
Artivion said it took some systems offline in response to the cyberattack, which the corporate said caused “disruptions to certain ordering and shipping processes.”
Artivion, which reported third-quarter revenue of $95.8 million, said it didn’t expect the incident to have a material impact on the corporate’s funds.
Manufacturer of single-board computers Raspberry Pi is updating its cute little computer keyboard device with higher specs. Named Raspberry Pi500This successor to the Raspberry Pi 400 is just as powerful as the present Raspberry Pi flagship, the Raspberry Pi 5. It is on the market for purchase now from Raspberry Pi resellers.
The Raspberry Pi 500 is the simplest method to start with the Raspberry Pi because it’s not as intimidating because the Raspberry Pi 5. When you take a look at the Raspberry Pi 500, you do not see any chipsets or PCBs (printed circuit boards). The Raspberry Pi is totally hidden in the familiar housing, the keyboard.
The idea with the Raspberry Pi 500 is you could connect a mouse and a display and you are able to go. If, for instance, you’ve got a relative who uses a very outdated computer with an outdated version of Windows, the Raspberry Pi 500 can easily replace the old PC tower for many computing tasks.
More importantly, this device brings us back to the roots of the Raspberry Pi. Raspberry Pi computers were originally intended for educational applications. Over time, technology enthusiasts and industrial customers began using single-board computers all over the place. (For example, when you’ve ever been to London Heathrow Airport, all of the departures and arrivals boards are there powered by Raspberry Pi.)
Raspberry Pi 500 draws inspiration from the roots of the Raspberry Pi Foundation, a non-profit organization. It’s the right first computer for college. In some ways, it’s a lot better than a Chromebook or iPad because it’s low cost and highly customizable, which inspires creative pondering.
The Raspberry Pi 500 comes with a 32GB SD card that comes pre-installed with Raspberry Pi OS, a Debian-based Linux distribution. It costs $90, which is a slight ($20) price increase over the Raspberry Pi 400.
Only UK and US keyboard variants will probably be available at launch. But versions with French, German, Italian, Japanese, Nordic and Spanish keyboard layouts will probably be available soon. And when you’re in search of a bundle that features all the things you would like, Raspberry Pi also offers a $120 desktop kit that features the Raspberry Pi 500, a mouse, a 27W USB-C power adapter, and a micro-HDMI to HDMI cable.
In other news, Raspberry Pi has announced one other recent thing: the Raspberry Pi monitor. It is a 15.6-inch 1080p monitor that’s priced at $100. Since there are quite a few 1080p portable monitors available on the market, this launch is not as noteworthy because the Pi 500. However, for die-hard Pi fans, there’s now also a Raspberry Pi-branded monitor option available.
According to Apple, Apple desires to make its Vision Pro mixed reality device more attractive for gamers and game developers latest report from Bloomberg’s Mark Gurman.
The Vision Pro was presented more as a productivity and media consumption device than a tool geared toward gamers, due partly to its reliance on visual and hand controls moderately than a separate controller.
However, Apple may need gamers if it desires to expand the Vision Pro’s audience, especially since Gurman reports that lower than half one million units have been sold to this point. As such, the corporate has reportedly been in talks with Sony about adding support for PlayStation VR2 handheld controllers, and has also talked to developers about whether they may support the controllers of their games.
Offering more precise control, Apple may also make other forms of software available in Vision Pro, reminiscent of Final Cut Pro or Adobe Photoshop.
An attempt to save the image of Jeff Bezos’ future wife backfired after weeks of outrage and ridicule over her skimpy outfit
Literacy materials being withdrawn from many schools are facing new pressure from parents of children with reading difficulties
At the beginning of the war, I interviewed Syrian militias – they will listen if other countries get involved in their activities
Luigi Mangione, 26, in police custody in connection with the shooting of UnitedHealthcare CEO
Secret Level: Kotaku review
CEO of 360WiSE Launches Mentorship Program in Overtown Miami FL
U.S.-Africa Chamber of Commerce Appoints Robert Alexander of 360WiseMedia as Board Director
The Importance of Owning Your Distribution Media Platform
360Wise Media and McDonald’s NY Tri-State Owner Operators Celebrate Success of “Faces of Black History” Campaign with Over 2 Million Event Visits
Another lawsuit accuses Google of bias against Black minority employees
Byron Allen on the Truths of Black America | theGrio Awards 2023
Attorney General Eric Holder Takes on Voter ID Laws
Amanda Seales joins The Grio Live to talk comedy, Insecure and her controversial statements
Kamala Harris – Speak Truth to Inspire Trust
Jonshel Alexander Child Actor in ‘Beasts of the Southern Wild’ Killed at 22 | Grio (*22*) 3
-
Press Release8 months agoCEO of 360WiSE Launches Mentorship Program in Overtown Miami FL
-
Press Release8 months agoU.S.-Africa Chamber of Commerce Appoints Robert Alexander of 360WiseMedia as Board Director
-
Business and Finance6 months agoThe Importance of Owning Your Distribution Media Platform
-
Business and Finance9 months ago360Wise Media and McDonald’s NY Tri-State Owner Operators Celebrate Success of “Faces of Black History” Campaign with Over 2 Million Event Visits
-
Ben Crump8 months agoAnother lawsuit accuses Google of bias against Black minority employees
-
Theater9 months agoTelling the story of the Apollo Theater
-
Ben Crump9 months agoHenrietta Lacks’ family members reach an agreement after her cells undergo advanced medical tests
-
Ben Crump9 months agoThe families of George Floyd and Daunte Wright hold an emotional press conference in Minneapolis