Smart radiator covers let New Yorkers keep their windows closed

animation (1)

Becky Stern writes, "I recently investigated my building's new smart radiator cover installation and found a company bringing steam heat into the 21st century and allowing residents to keep their windows closed when the heat is on!" Read the rest

UL has a new, opaque certification process for cybersecurity

UL_Mark.svg.png

The idea of a "Cyber-Underwriters Laboratories mark" is really in the air; in the past six months, I've had it proposed to me by spooks, regulators, activists, consumer protection advocates, and security experts. But the devil is in the details. Read the rest

Google reaches into customers' homes and bricks their gadgets

1-st0n65XhOKDsjcd_fPvbTg

Revolv is a home automation hub that Google acquired 17 months ago; yesterday, Google announced that as of May 15, it will killswitch all the Revolvs in the field and render them inert. Section 1201 of the DMCA -- the law that prohibits breaking DRM -- means that anyone who tries to make a third-party OS for Revolv faces felony charges and up to 5 years in prison. Read the rest

The Car Hacker's Handbook: a Guide for Penetration Testers

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x980

The 2016 Car Hacker's Handbook expands on the hugely successful 2014 edition, in which the Open Garages movement boiled down all they'd learned running makerspaces for people interested in understanding, improving, penetration testing and security-hardening modern cars, which are computers encrusted in tons of metal that you strap your body into.

No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.

Author Craig Smith founded Open Garages and now has years of experience with community development of tools and practices for investigating how manufacturers are adding computers to cars, the mistakes they're making, and the opportunities they're creating.

The Handbook is an excellent mix of general background on how to do threat-modelling, penetration testing, reverse engineering, etc, and highly specific code examples, model numbers, recipes and advice on how to put a car up on a bench, figure out how it works, figure out how to make it do cool things the manufacturer never intended, and figure out how to understand the risks you face from people doing the same thing without your best interests at heart.

A lot of the advice is theoretical, but there are a bunch of highly practical projects, from improving and customizing your in-car satnav and entertainment system to tuning your engine performance. Read the rest

Hotel's Android-based lightswitches are predictably, horribly insecure

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x982

Matthew Garrett checked into a London hotel and discovered that the proprietors had decided that "light switches are unfashionable and replaced them with a series of Android tablets." Read the rest

If the FBI can force decryption backdoors, why not backdoors to turn on your phone's camera?

HAL9000.svg

Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest

Crapgadget apocalypse: the IoT devices that punch through your firewall and expose your network

FI9286P.png

Cheap Internet of Things devices like Foscam's home CCTVs are designed to covertly tunnel out of your home network, bypassing your firewall, so they can join a huge P2P network of 7 million other devices that is maintained and surveilled by their Chinese manufacturer. Read the rest

Hollywood hospital ransoms itself back from hackers for a mere $17,000

OLYMPUS DIGITAL CAMERA

Last week, hackers bricked Hollywood Presbyterian Medical Center, encrypting all the data on its devices and demanding 9,000 Bitcoin (~$3.6m) to give the hospital's IT staff the keys needed to reboot it. Read the rest

Listen: podcast about the alleged "data" collected by wearable devices

15659135172_0f9916871e_b

Rachel "Datapunk" Kalmar is a brilliant data scientist with a background in neuroscience, connected devices, sensors, and wearables. Read the rest

The Eleventh HOPE: NYC, Jul 22-24 (I'm keynoting!)

cropped-hope_black

After literally decades of trying to make it to one of 2600 Magazine's legendary HOPE (Hackers on Planet Earth) events, held every two years in NYC, I will be coming to town this year for it -- and giving one of the keynotes. Read the rest

Hackers steal a hospital in Hollywood

OLYMPUS DIGITAL CAMERA

A hospital is a computer we put sick people into, so when ransomware creeps infected the hospital's IT systems and encrypted all their data, they asked for a whopping $3.6m to turn the data loose again. Read the rest

Kickstarting Fabulous Beasts, a tabletop game that uses smartblocks

animation (2)

Fabulous Beasts is a new game from indie studio Sensible Object, which combines stacking/balancing (think Jenga) with smart, sensor-enabled blocks that talk to your mobile device as you play the game, creating fun and complex challenges. Read the rest

Call for submissions: SHARE electronic art festival, curated by Bruce Sterling

banner-head-site-04b-04-04

The ninth Share Festival, held in Turin, Italy in May 2016, awards a "Share Prize" for best electronic art on the festival's theme of "House Guests," which raises a series of questions about everyday living and the Internet of Things, inspired by Casa Jasmina, a human-centered model IoT home: Read the rest

Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

5159177886_1276e96f54_b
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.

A search-engine for insecure cameras, from baby-monitors to grow-ops

IoTSearchEngineShodanLaunchesNewWebcamImageFeed-1-640x361

Hackers have been compromising wireless baby-monitors since 2013, but the more popular they've become, the more vulnerable they've become, and the attacks just keep getting more terrible. Read the rest

Just look at this password-dispensing banana

animation

Just look at it. Read the rest

GM's Dieselgate: mechanics privately admit software update removes crimeware from Opel cars

General Motors Warren Transmission Operations Plant in Warren, Michigan, 2015. REUTERS

Luc Pauwels from Belgium's VRT News took his Vauxhall (GM) Opel Astra in for service, and a mechanic there disclosed that Vauxhall had asked him to flash the firmware of any diesel Opel Zafira to remove a defeat-device that caused it to emit 500% of the legal NOx limit -- an order that came down right after the Dieselgate scandal broke.

Read the rest

More posts