Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IoT device security. Show all posts
UDP flood
CloudFlare Cyber Attacks DDOS Attack FastNetMon IoT device security MikroTik routers packet-rate floods UDP flood

FastNetMon Mitigates 1.5 Billion PPS DDoS Attack Leveraging IoT Devices and MikroTik Routers

 

A massive distributed denial-of-service (DDoS) attack has been detected and mitigated by FastNetMon, targeting a DDoS protection vendor in Western Europe. According to the company, the attack surged to an astonishing 1.5 billion packets per second (pps), ranking among the largest packet-rate floods ever recorded.

FastNetMon revealed that the malicious traffic primarily consisted of UDP floods generated from hijacked customer-premises equipment (CPE), including IoT devices and MikroTik routers. The attack leveraged resources from over 11,000 networks worldwide. While the victim company wasn’t disclosed, FastNetMon confirmed it was a DDoS scrubbing provider, a service that filters malicious traffic during such cyberattacks.

“This event is part of a dangerous trend,” said Pavel Odintsov, founder of FastNetMon. “When tens of thousands of CPE devices can be hijacked and used in coordinated packet floods of this magnitude, the risks for network operators grow exponentially. The industry must act to implement detection logic at the ISP level to stop outgoing attacks before they scale.”

The incident was identified and mitigated in real time, with FastNetMon’s automated systems flagging the abnormal traffic within seconds. Defense measures included scrubbing technologies at the customer’s facility and deploying access control lists (ACLs) on routers vulnerable to amplification abuse.

FastNetMon highlighted that its platform, powered by optimized C++ algorithms, is specifically built to handle traffic events at such a scale. Thanks to these defenses, the targeted provider reportedly suffered no visible downtime or service disruption.

The news comes shortly after Cloudflare reported a record-breaking volumetric attack reaching 11.5 Tbps and 5.1 billion pps, underscoring the growing severity of both packet-rate floods and bandwidth-driven DDoS attacks.

“Taken together, the two incidents underline a rise in both packet-rate and bandwidth-driven floods, a trend that is pressuring the capacity of mitigation platforms worldwide,” FastNetMon said.

“What makes this case remarkable is the sheer number of distributed sources and the abuse of everyday networking devices. Without proactive ISP-level filtering, compromised consumer hardware can be weaponized at a massive scale,” the company added.
Read more »
IoT device security
Bluetooth exploits Cyber Security ESP32 vulnerability Espressif security risk IoT device security

Undocumented ESP32 Commands Pose Security Risks, Researchers Warn

 

The widely used ESP32 microchip, manufactured by Chinese company Espressif and embedded in over a billion devices as of 2023, has been found to contain undocumented commands that could be exploited for cyberattacks.

These hidden commands enable threat actors to spoof trusted devices, gain unauthorized access to sensitive data, pivot within a network, and establish persistent control over affected systems.

Spanish cybersecurity experts Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic Security uncovered these vulnerabilities and presented their findings at RootedCON in Madrid.

"Tarlogic Security has detected a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present in millions of mass-market IoT devices," the company stated in an announcement shared with BleepingComputer.

"Exploitation of this backdoor would allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks, or medical equipment by bypassing code audit controls."

The researchers highlighted that ESP32 is one of the most commonly used chips for Wi-Fi and Bluetooth connectivity in IoT devices, making the potential impact significant. They noted that while interest in Bluetooth security research has declined, this is not due to increased security but rather the lack of effective tools and updated research methodologies.

To address this gap, Tarlogic developed a C-based, cross-platform USB Bluetooth driver that bypasses OS-specific APIs, providing direct hardware access. Using this tool, they discovered 29 undocumented vendor-specific commands (Opcode 0x3F) embedded in the ESP32 Bluetooth firmware. These commands facilitate low-level control over Bluetooth functionality, including RAM and Flash memory manipulation, MAC address spoofing, and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, raising concerns about whether they were intentionally left accessible or unintentionally exposed. The vulnerability has now been assigned CVE-2025-27840.

Potential risks include supply chain attacks and unauthorized firmware modifications at the OEM level. Depending on how Bluetooth stacks handle HCI commands, remote exploitation could be possible through malicious firmware or rogue Bluetooth connections. However, the most realistic attack scenario would involve an attacker gaining physical access to a device via its USB or UART interface.

"In a context where you can compromise an IoT device with an ESP32, you will be able to hide an APT inside the ESP memory and perform Bluetooth (or Wi-Fi) attacks against other devices while controlling the device over Wi-Fi/Bluetooth," the researchers told BleepingComputer.

"Our findings would allow for complete control over ESP32 chips and the ability to establish persistence via commands that modify RAM and Flash."

"Also, with persistence in the chip, it may be possible to spread to other devices because the ESP32 allows for the execution of advanced Bluetooth attacks."

BleepingComputer reached out to Espressif for a statement, and while an immediate response was unavailable, the company later issued a clarification on March 10, 2025.

Espressif acknowledged the existence of the undocumented commands, stating they were intended as debug tools for internal testing.

"The functionality found are debug commands included for testing purposes," reads Espressif’s statement.

"These debug commands are part of Espressif’s implementation of the HCI (Host Controller Interface) protocol used in Bluetooth technology. This protocol is used internally in a product to communicate between Bluetooth layers."

Despite downplaying the security risks, Espressif assured that the debug commands would be removed in an upcoming software update.

"While these debug commands exist, they cannot, by themselves, pose a security risk to ESP32 chips. Espressif will still provide a software fix to remove these undocumented commands," the statement concluded.
Read more »
Subscribe to: Comments (Atom)