China electronics maker will recall some devices sold in U.S. after massive IoT hack


A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive "Internet of Things" malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.

Read the rest

St. Jude heart implant devices can be hacked, security researchers say

download (20)
Security experts hired by the short-selling firm Muddy Waters said in a legal brief filed today that cardiac implants made by St. Jude Medical can be hacked. If hackers can pwn your heart device, the researchers say, they can kill you--from as far away as 100 feet.

Read the rest

Internet-destroying outages were caused by "amateurish" IoT malware


Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

In which an English technologist livetweets 11 hours of trying to make tea with a "smart" kettle


Mark Rittman is a "BI, DW & Big Data specialist, Oracle ACE Director" who dabbles in home automation and smart appliances: he spent 11 hilarious hours locked in an epic struggle with a wifi-equipped smart kettle, trying to get it to heat water for a cup of tea, livetweeting the battle. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries


Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish


Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

Google: if you support Amazon's Echo, you're cut off from Google Home and Chromecast


A closed-door unveiling of the forthcoming Google Home smart speaker platform included the nakedly anticompetitive news that vendors whose products support Amazon's Echo will be blocked from integrating with Google's own, rival platform. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT


The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

Demand that HP make amends for its self-destructing printers [SIGN AND SHARE!]


I've written an open letter to HP CEO Dion Weisler on behalf of the Electronic Frontier Foundation, asking him to make amends for his company's bizarre decision to hide a self-destruct sequence in a printer update that went off earlier this month, breaking them so that they would no longer use third-party ink cartridges. Read the rest

How free software stayed free


I did an interview with the Changelog podcast (MP3) about my upcoming talk at the O'Reilly Open Source conference in London, explaining how it is that the free and open web became so closed and unfree, but free and open software stayed so very free, and came to dominate the software landscape. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can


On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

Class action suit: smart sex toys spy on their owners and transmit their masturbation habits


An anonymous woman has filed a class action suit against Standard Innovation, a company that makes We-Vibe "smart" sex toys that record exactly how their owners masturbate and transmit detailed dossiers, along with personally identifying information, back to the company. Read the rest

IoT malware exploits DVRs, home cameras via default passwords


The Internet of Things business model dictates that devices be designed with the minimum viable security to keep the products from blowing up before the company is bought or runs out of money, so we're filling our homes with net-connected devices that have crummy default passwords, and the ability to probe our phones and laptops, and to crawl the whole internet for other vulnerable systems to infect. Read the rest

The privacy wars have been a disaster and they're about to get a LOT worse


In my latest Locus column, The Privacy Wars Are About to Get A Whole Lot Worse, I describe the history of the privacy wars to date, and the way that the fiction of "notice and consent" has provided cover for a reckless, deadly form of viral surveillance capitalism. Read the rest

Help wanted: Director of Technology Policy for Consumer Reports


This is a pretty amazing vacancy: "You will lead Consumer Reports in our effort to realize a market where consumer safety is protected through strong encryption; consumers’ rights to test, repair, and modify their devices are supported by copyright, security, and consumer protection laws; and consumers are empowered to make informed choices about IoT products while being protected by privacy policies regulating the collection, use, and storage of their data. This is a chance to build something big, meaningful, and new." Read the rest

Proof-of-concept ransomware for smart thermostats demoed at Defcon


Last week, Andrew Tierney and Ken Munro from Pen Test Partners demoed their proof-of-concept ransomware for smart thermostats, which relies on users being tricked into downloading malware that then roots the device and locks the user out while displaying a demand for one bitcoin. Read the rest

Bruce Schneier on the coming IoT security dumpster-fire


Bruce Schneier warns us that the Internet of Things security dumpster-fire isn't just bad laptop security for thermostats: rather, that "software control" (of an ever-widening pool of technologies); interconnections; and autonomy (systems designed to act without human intervention, often responding faster than humans possibly could) creates an urgency over security questions that presents an urgent threat the like of which we've never seen. Read the rest

More posts