An IoT botnet is trying to nuke Wcry's killswitch

Whoever created the Wcry ransomware worm -- which uses a leaked NSA cyberweapon to spread like wildfire -- included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation. Read the rest

Apple's control-freakery is making the Internet of Shit shittier

The anonymous individual behind the must-follow Internet of Shit Twitter account now has a column in The Verge, and has devoted 1,500 words to documenting all the ways in which Apple's signature walled-garden approach to technology has created an Apple Home IoT platform that is not only manifestly totally broken, but also can't be fixed until Apple decides to do something about it -- and once you opt for Apple, you can forget about plugging in anything Apple hasn't greenlit, meaning that your choice of smartphone will determine what kind of toaster and lightswitch you're allowed to connect to your smarthome. Read the rest

185,000+ IoT security cameras are vulnerable to a new worm

Persirai is a new strain of Internet of Things malware that infects more than 1,250 models of security camera, all manufactured by an unnamed Chinese manufacturer that has sold at least 185,000 units worldwide. Read the rest

A modern nixie tube clock of great ambition, regrettably IoTed

The Nixie Machine 2 is a huge (1.2m long!), expensive ($30,000!) nixie clock whose tubes are modern Nixies, scratchbuilt by Czech engineer Dalibor Farny. Read the rest

The "anti-patterns" that turned the IoT into the Internet of Shit

Cloudflare presents a primer on "anti-patterns" that have transformed IoT devices into ghastly security nightmares. Read the rest

Brickerbot is mysterious antimalware that nukes badly secured Internet of Shit gadgets

The Mirai Worm is a seemingly unstoppable piece of malware that targets the garbage-security Internet of Things gadgets that have proliferated through the world; these gadgets then used to deliver equally unstoppable floods of traffic that endanger whole countries. Read the rest

Lawsuit alleges Bose's headphone app exfiltrates your listening habits to creepy data-miners

Bose's $350 wireless headphones need an app to "get the most" out of them, and this app monitors everything you listen to -- the names of the podcasts, the music, videos, etc -- and sends them to Bose without your permission, according to a lawsuit filed this week in Chicago by Kyle Zak. Read the rest

Your squeezing hands outperform this $400 IoT juicer

Juicero is a self-parodying high-tech juicing machine that raised millions in venture capital on the promise of delivering a highly calibrated squeeze to a pack of mulch sold in expensive, DRM-locked pouches, for a mere $400. Read the rest

Aga added networking to their super-high-end cookers, integrating them into the Internet of Shit

Aga is an iconic European over-maker famous for a longstanding, ostentatious design that required the owner to burn fuel around the clock to maintain temperature across the cooker's titanic thermal mass, so much so that owners of British country homes integrated them into their household heating systems. Read the rest

Prison inmates built working PCs out of ewaste, networked them, and hid them in a closet ceiling

Inmates in Ohio's Marion Correctional Institution smuggled computer parts out of an ewaste recycling workshop and built two working computers out of them, hiding them in the ceiling of a training room closet ceiling and covertly patching them into the prison's network. Read the rest

Securing driverless taxis is going to be really, really hard

Charlie Miller made headlines in 2015 as part of the team that showed it was possible to remote-drive a Jeep Cherokee over the internet, triggering a 1.4 million vehicle recall; now, he's just quit a job at Uber where he was working on security for future self-driving taxis, and he's not optimistic about the future of this important task. Read the rest

Floods of WordPress attacks traced to easily hackable, ISP-supplied routers

Wordfence, a security research company, discovered that the reason Algeria is the country most often seen in attacks on WordPress blogs is that the country's largest ISP distributes home routers that are locked in an insecure state, with an open port that lets attackers seize control of them and use them to stage attacks on higher-value targets. Read the rest

The Internet of Things will host devastating, unstoppable botnets

Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design. Read the rest

Dallas's 156 tornado sirens hacked and repeatedly set off in the middle of Saturday night

If you've ever witnessed an emergency siren test, you know how terrifying these things are: engineered to be bowel-looseningly urgent, to pierce through any sense that it's probably just a misfire, to motivate you to drop everything and rush for the emergency shelters, equally useful for tornadoes and incoming ICBMs. Read the rest

A year later, no action from Chinese company whose insecure PVRs threaten all internet users

It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them. Read the rest

IoT vendor objects to "rude" review, renders complainer's device inoperable

R Martin bought a Garadget -- a device that lets you verify whether your garage door is closed using a mobile app -- and couldn't get it to work and left an intemperate 1-star Amazon review for the product. Read the rest

Samsung's created a new IoT OS, and it's a dumpster fire

Tizen is Samsung's long-touted OS to replace Android and Israeli security researcher Amihai Neiderman just delivered a talk on it at Kapersky Lab's Security Analyst Summit where he revealed 40 new 0-day flaws in the OS, and showed that he could trivially send malicious code updates to any Tizen device, from TVs to phones, thanks to amateurish mistakes of the sort not seen in real production environments for decades. Read the rest

More posts