Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

5159177886_1276e96f54_b
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.

GM's Dieselgate: mechanics privately admit software update removes crimeware from Opel cars

General Motors Warren Transmission Operations Plant in Warren, Michigan, 2015. REUTERS

Luc Pauwels from Belgium's VRT News took his Vauxhall (GM) Opel Astra in for service, and a mechanic there disclosed that Vauxhall had asked him to flash the firmware of any diesel Opel Zafira to remove a defeat-device that caused it to emit 500% of the legal NOx limit -- an order that came down right after the Dieselgate scandal broke.

Read the rest

The Internet of Things in Your Butt: smart rectal thermometer

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x918

Ha-ha-yes, it's true, there's an IoT rectal thermometer, which is about as irrationally exuberant as you can get about a technology bubble, bu(t)t... Read the rest

3D Systems abandons its Cube printers, but DRM means you can't buy filament from anyone else

tumblr_inline_o0rdvevaAT1rl4bdh_500

3D printing giant 3D Systems has experienced a terrible year and a change in leadership, and seems to be backing away from consumer products, meaning that it's orphaned its Cube home 3D printers. Read the rest

Will the W3C strike a bargain to save the Web from DRM?

256px-HAL9000.svg

The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM -- technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it. Read the rest

Vtech, having leaked 6.3m kids' data, now wants to run your home security

animation

Remember the Hong Kong-based crapgadgeteer Vtech, who breached 6.3 million kids' data from a database whose security was jaw-droppingly poor (no salted hashes, no code-injection countermeasures, no SSL), who then lied and stalled after they were outed? They want to make home security devices that will know everything you say and do in your house. Read the rest

Breaking the DRM on the 1982 Apple ][+ port of Burger Time

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x914

4AM is a prolific computer historian whose practice involves cracking the copy protection on neglected Apple ][+ floppy disks, producing not just games, but voluminous logs that reveal the secret history of the cat-and-mouse between crackers and publishers. Read the rest

The DMCA poisoned the Internet of Things in its cradle

IMG_0724

Bruce Schneier explains the short, terrible history of the Internet of Things, in which companies were lured to create proprietary lock-ins for their products because the DMCA, a stupid 1998 copyright law, gave them the power to sue anyone who made a product that connected to theirs without permission. Read the rest

If you think self-driving cars have a Trolley Problem, you're asking the wrong questions

train

In my latest Guardian column, The problem with self-driving cars: who controls the code?, I take issue with the "Trolley Problem" as applied to autonomous vehicles, which asks, if your car has to choose between a maneuver that kills you and one that kills other people, which one should it be programmed to do? Read the rest

Israeli company's product can (allegedly) pwn any nearby mobile phone

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x909

The Interapp from Tel Aviv's Rayzone Group is an intrusion appliance that uses a cache of zero-day exploits against common mobile phone OSes and is marketed as having the capability to infect and take over any nearby phone whose wifi is turned on. Read the rest

Unevenly distributed futures: an interview with @internetofshit

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x918

The @internetofshit account posts sardonic observations about the Internet of Things, which is filled with the most depressing array of useless, dangerously insecure, exploitative junk imaginable. Read the rest

Philips pushes lightbulb firmware update that locks out third-party bulbs

philips-hue-BR30

Philips makes a line of "smart" LED lightbulbs and controllers called Hue, that run the Zigbee networking protocol, allowing third-party devices to control their brightness and color. Read the rest

Ecuador's draft copyright law: legal to break DRM to achieve fair use

1-yZnqTYP9_2wWUGvXC6rE_A

All over the world, laws promulgated by the US Trade Representative ban breaking digital locks -- the "Digital Rights Management" technologies that lock up our TVs, tablets, phones, games consoles, cars, insulin pumps, tractors, coffee makers, etc -- even if you're breaking them to do something legal, for example, making "fair use" (like parodies, critiques, and new, transformative works like mashups). Read the rest

I Can't Let You Do That, Dave: why computer scientists should care about DRM

HAL-9000

I have an editorial in the current issue of Communications of the Association of Computing Machinery, a scholarly journal for computer scientists, in which I describe the way that laws that protect digital locks (like America's DMCA) compromise the fundamentals of computer security. Read the rest

Mesopotamian boundary stones: the DRM of pre-history

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x881

Sarah Jeong had me standing up and cheering with her comparison of kudurrus -- the ancient Mesopotamian boundary stones used to mark out territorial land-grants -- and the way that laws like the US DMCA protect digital rights management systems. Read the rest

Ifixit is the new Justice League of America and Kyle Wiens is its Superman

144832698039081

Motherboard's Jason Koebler follows Kyle Wiens around the Electronics Reuse Conference -- Burning Man for the service-people who fix your phones, laptops, and other devices -- in New Orleans. Wiens is founder and CEO of Ifixit, whose mission is to tear down every single thing you own, write a repair manual for it, and source or manufacture the parts you need to fix it yourself. Read the rest

Caterpillar's heavy vehicles are killswitched subprime computers on wheels

800px-Giant_Caterpillar_p2

In an earnings call in which Caterpillar execs explained their dismal takings to investors, Cat execs explained their plan to grow by leasing tractors to Chinese companies with crummy track-records for payment. Read the rest

More posts