Class action suit: smart sex toys spy on their owners and transmit their masturbation habits

WeVibe_homepage-3-22307735413

An anonymous woman has filed a class action suit against Standard Innovation, a company that makes We-Vibe "smart" sex toys that record exactly how their owners masturbate and transmit detailed dossiers, along with personally identifying information, back to the company. Read the rest

IoT malware exploits DVRs, home cameras via default passwords

2003

The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect. Read the rest

The privacy wars have been a disaster and they're about to get a LOT worse

17389515381_6c68678603_b

In my latest Locus column, The Privacy Wars Are About to Get A Whole Lot Worse, I describe the history of the privacy wars to date, and the way that the fiction of "notice and consent" has provided cover for a reckless, deadly form of viral surveillance capitalism. Read the rest

Help wanted: Director of Technology Policy for Consumer Reports

050056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1177

This is a pretty amazing vacancy: "You will lead Consumer Reports in our effort to realize a market where consumer safety is protected through strong encryption; consumers’ rights to test, repair, and modify their devices are supported by copyright, security, and consumer protection laws; and consumers are empowered to make informed choices about IoT products while being protected by privacy policies regulating the collection, use, and storage of their data. This is a chance to build something big, meaningful, and new." Read the rest

Proof-of-concept ransomware for smart thermostats demoed at Defcon

1470580434407450

Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin. Read the rest

Bruce Schneier on the coming IoT security dumpster-fire

Brain-Controlled_Prosthetic_Arm_2

Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. Read the rest

For 90 years, lightbulbs were designed to burn out. Now that's coming to LED bulbs.

E27_with_38_LCD

In 1924, representatives of the world's leading lightbulb manufacturers formed Phoebus, a cartel that fixed the average life of an incandescent bulb at 1,000 hours, ensuring that people would have to regularly buy bulbs and keep the manufacturers in business. Read the rest

Paper: an upright printer/scanner that uses a continuous roll of paper

animation (1)

Stuttgart-based industrial designer created "Paper," a novel concept for a printer/scanner/copier, as part of diploma thesis in UX- and Interaction-Design at the State Academy of Arts and Design. Read the rest

Tenant farmers: how "smart" agricultural equipment siphons off farmers' crop and soil data

800px-StateLibQld_1_123166_German_farming_family_and_farm_in_Fassifern,_ca._1890

The agricultural sector is increasingly a data-driven business, where the "internet of farming" holds out the promise of highly optimized plowing, fertilizing, sowing, pest-management and harvesting -- a development that is supercharging the worst practices of the ag-business monopolies that have been squeezing farmers for most of a century. Read the rest

Rebate for IoT thermostat requires that you give permission to your utility to read "all data"

ecobee31_B1.png

Aaron writes, "While filling out this seemingly great rebate for $100 for a recently purchased wifi-enabled thermostat, I happened to read the Terms and Conditions, which includes the fact that I must unwittingly agree to share all my thermostat data with my electric and gas companies (It was odd that they asked for my thermostat's MAC address). Because I have an ecobee3, this includes information on how often I'm in my bedroom, or when I'm home or out!" Read the rest

Eye-Fi orphans 14 products, which will therefore cease to function

eye-fi-kills-support-768x329

Eye-Fi makes clever wifi hotspots in the shape of SD cards; your camera sees them as SD cards but you can mount them on your network and automatically feed the images captured by your camera to a nearby laptop. But to make all this work with some models, you need an account on "Eye-Fi Center," a cloud service run by the company that sends configuration data to your card. Read the rest

Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet

CCTV_Cameras

When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest

One million machines, including routers, used to attack banks

ZyXEL_Prestige_600_series_20070304

Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

Watch: Fascinating panel on legal and privacy concerns for Big Data and the Internet of Things

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1104

In "It's a brave new world: Avoiding legal, privacy, and security snafus with big data and the IoT" -- a panel from last week's Strata+Hadoop World conference in San Jose, Alysa Z. Hutnik, a lawyer who specializes in consumer protection in privacy, data security, and advertising and Kristi Wolff, whose legal practice is on liability in food, dietary supplements, medical devices, and emerging health/wearable technology and privacy issues, present an extremely digestable and fascinating look into the lay of the regulatory land for data-collection and user privacy. Read the rest

EFF fights order to remove public records documents detailing Seattle's smart-meters

animation (3)

Earlier this week, I wrote about the legal threats from Landis and Gyr against the Freedom of Information service Muckrock, which had received documents from the City of Seattle detailing the workings of Landis and Gyr's smart-meter system, which Seattle has purchased from them at public expense. Read the rest

Smart-meter vendor says that if we know how their system works, the terrorists will win

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1073

Phil Mocek filed a public records request to find out how Seattle's new smart meters -- supplied by Landis and Gyr -- will work. As Mocek writes, these meters are based on "unspecified and unverifiable sensors that monitor activity inside of private property and can communicate collected information in real-time to unspecified machines in remote locations, the workings of which are obscured from ratepayers, with interfaces used by [the city] that require specialized equipment and are thus completely unavailable to ratepayers for personal use or monitoring and verification of information communicated, is already shrouded in secrecy and seemingly proceeding despite repeated voicing of public concern and complete lack of public justification of expense." Read the rest

US Gov't survey: Half of Americans reluctant to shop online due to privacy & security fears

download (2)

A study by the Department of Commerce's National Telecommunications and Information Administration found that half of American Internet users are "deterred" from engaging in online transactions because of fears over privacy and security breaches. Read the rest

More posts