What's inside a "Hello Barbie" surveillance toy?


Mattel's Hello Barbie has a microphone and a wifi interface, and it transmits the phrases it hears to a central server in order to parse them and formulate a response. Mattel claims that the data isn't being retained or harvested for marketing purposes, and assures parents that they can make Barbie stopping eavesdropping on them at will. But does it work? Read the rest

Caterpillar's heavy vehicles are killswitched subprime computers on wheels


In an earnings call in which Caterpillar execs explained their dismal takings to investors, Cat execs explained their plan to grow by leasing tractors to Chinese companies with crummy track-records for payment. Read the rest

Librarian of Congress grants limited DRM-breaking rights for cars, games, phones, tablets, and remixers

Every three years, the Librarian of Congress allows the public to request exemptions to a law that makes it a felony to break a digital lock, even on on a device that you own, and which you are breaking for a lawful purpose. For the past year, public interest groups have been spending their scarce money and resources writing petitions to the Copyright Office, arguing that people who own devices with computers in them should have the same property rights as they do in their non-computerized devices: the right to open, change, and improve the things they own in lawful ways.

Near-future Ikea catalog: the Internet of Things' flat-pack as a service


Julian Bleecker and his Near Future Laboratory have followed up on their amazing Skymall-of-the-future catalog with an imaginary near-future Ikea catalog that jam an insane amount of witty futuristic speculation into elegantly presented, arresting images.

Read the rest

Botnets running on CCTVs and NASs


Researchers at Incapsula have discovered a botnet that runs on compromised CCTV cameras. There are hundreds of millions, if not billions, of these in the field, and like many Internet of Things devices, their security is an afterthought and not fit for purpose. Read the rest

Putting your kettle on the Internet of Things makes your wifi passwords an open secret


The $150 Smarter Ikettle lets you start your water boiling from anywhere in the world over the Internet -- and it also contains long-term serious security vulnerabilities that allow attackers to extract your wifi passwords from it. Read the rest

Son of Dieselgate: second line of VWs may have used "defeat devices"

Poster - Son of Frankenstein_16

It's not just the 11 million VW diesels that the company admits to having converted to secret mobile gas-chambers; VW is now probing whether earlier models also used the "defeat devices" that detected when they were being evaluated by regulators, lowering emissions temporarily, then ramping them up to forty times the legal limit later. Read the rest

Exploiting smartphone cables as antennae that receive silent, pwning voice commands


In IEMI Threats for Information Security: Remote Command Injection on Modern Smartphones, French government infosec researchers José Lopes Esteves and Chaouki Kasmi demonstrated a clever attack on smartphones that sent silent voice commands to OK Google and Siri by converting them to radio-waves and tricking headphone cables into acting as antennas. Read the rest

TPP requires countries to destroy security-testing tools (and your laptop)


Under TPP, signatories are required to give their judges the power to "order the destruction of devices and products found to be involved in" breaking digital locks, such as those detailed in this year's US Copyright Office Triennial DMCA Hearing docket, which were used to identify critical vulnerabilities in vehicles, surveillance devices, voting machines, medical implants, and many other devices in our world. Read the rest

Landmark patent case will determine whether you can ever truly own a device again


Former IBM division Lexmark (which, a decade ago, lost a key copyright case that tried to ban ink-toner refilling) is headed to court in a patent case called Lexmark v. Impression, where it argues that patent law gives it the right to restrict your use of your property after you buy it. Read the rest

VW con produced as much extra air pollution as all UK power generation, industry, ag & vehicles


Volkswagen's intentional fraud resulted in an extra 1,000,000 metric tons of air pollution being spewed into the skies over America; if they'd extended the con to Europe (where there are far more diesels), it would have been orders of magnitude worse. Read the rest

Dear Internet of Things: human beings are not things

My new Locus column is What If People Were Sensors, Not Things to be Sensed? Read the rest

Your baby monitor is an Internet-connected spycam vulnerable to voyeurs and crooks

Researchers revealed ten major vulnerabilities in Internet-of-Things babycams from a variety of vendors ranging from spunky startups like Ibaby Labs to rock-ribbed (and deep-pocketed -- attention, class actioneers!) giants like Philips. Read the rest

Samsung fridges can leak your Gmail logins

Researchers at Pen Test Partners took up the challenge to hack a smart fridge at Defcon's IoT Village, and discovered that they could man-in-the-middle your Google login credentials from Samsung fridges. Read the rest

Insurance monitoring dashboard devices used by Uber let hackers "cut your brakes" over wireless

UCSD computer scientist Stefan Savage and colleagues will present their work at Usenix Security: they were able to disable the brakes on a 2013 Corvette by breaking into a Mobile Devices/Metromile Pulse dongle, used by insurance companies to monitor driving in exchange for discounts on coverage. Read the rest

After a rush, aviation stopped "progressing" -- the Web might be next

Maciej Cegłowski's "Web Design: The First 100 Years" is a characteristically provocative riff on the past and future of "progress" that asks the question, if aviation stopped producing faster, more powerful aircraft in the 1970s, will the IT industry do the same? Read the rest

Internet-connected hospital drug pumps vulnerable to remote lethal-dose attacks

Researcher Billy Rios (previously) has extended his work on vulnerabilities in hospital drug pumps, discovering a means by which their firmware can be remotely overwritten with new code that can result in lethal overdoses for patients. Read the rest

More posts