Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible.
Shodan is a search engine for the Internet of Things, scanning the public Internet for devices communicating on ports and over protocols that are commonly used by IoT devices. By feeding it the right parameters -- Real Time Streaming Protocol (RTSP, port 554) -- you can find innumerable publicly shared webcams, ranging from CCTVs that oversee marijuana grow-ops and many, many baby-monitors.
"The consumers are saying 'we're not supposed to know anything about this stuff [cybersecurity]," he said. "The vendors don't want to lift a finger to help users because it costs them money."
If consumers were making an informed decision and that informed decision affected no one but themselves, perhaps we could let the matter rest. But neither of those conditions are true. Most consumers fail to appreciate the consequences of purchasing insecure IoT devices. Worse, such a quantity of insecure devices makes the Internet less secure for everyone. What botnet will use vulnerable webcams to launch DDoS attacks? What malware will use insecure webcams to infect smart homes? When 2008-era malware like Conficker.B affects police body cams in 2015, it threatens not just the reliability of recorded police activity but also serves as a transmission vector to attack other devices.
"The bigger picture here is not just personal privacy, but the security of IoT devices," security researcher Scott Erven told Ars Technica UK. "As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby's crib."
Internet of Things security is so bad, there’s a search engine for sleeping kids
[J.M. Porup/Ars Technica]
1Password has taken Maciej Cegłowski’s demand for a “travel mode” for our technology to heart, introducing a new feature that locks you out of your own accounts when you’re in situations where you might lose control of your devices or be compelled to log into your accounts without your consent.
Whoever created the Wcry ransomware worm — which uses a leaked NSA cyberweapon to spread like wildfire — included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation.
A UK weapons company called Drone Defence has sold an anti-drone product to Les Nicolles prison on Guernsey that will use 20 nonspecific “disruptors” to do something to drones that will stop them from overflying the prison and smuggling in contraband.
Loot Crate is a subscription service that delivers a box of curated pop culture goods to your doorstep. To sample their geeky wares, you can order a single mystery box exclusively from the Boing Boing Store.Each month Loot Crate sends you 6-7 unique items and apparel, including collectibles, books, and t-shirts. Pulling inspiration from all […]
Yes, yes there is. The ultraportable Twisty Glass Mini boasts all of the simplicity of its forebear, while fitting just a little bit better in your pocket.The Mini is perfect for casual smokers, and anyone who doesn’t have the patience or fine motor skill for rolling papers. This piece keeps the convenient design of its older […]
Learning to code is a perfect way to grow your technical sophistication, and open up a host of new career options. But since most “learn to code” initiatives focus heavily on web development, it can be tough to find good resources for general-purpose computer science outside of a 4-year degree program. To get a broad […]