Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

5159177886_1276e96f54_b
Nitesh Dhanjani's 2015 O'Reilly book Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts is a very practical existence-proof of the inadequacy and urgency of Internet of Things security.

GM's Dieselgate: mechanics privately admit software update removes crimeware from Opel cars

General Motors Warren Transmission Operations Plant in Warren, Michigan, 2015. REUTERS

Luc Pauwels from Belgium's VRT News took his Vauxhall (GM) Opel Astra in for service, and a mechanic there disclosed that Vauxhall had asked him to flash the firmware of any diesel Opel Zafira to remove a defeat-device that caused it to emit 500% of the legal NOx limit -- an order that came down right after the Dieselgate scandal broke.

Read the rest

Will the W3C strike a bargain to save the Web from DRM?

256px-HAL9000.svg

The World Wide Web Consortium, which makes the standards the Web runs on, continues to pursue work on DRM -- technology that you can't connect to without explicit permission, and whose bugs can't be reported without legal jeopardy lest you weaken it. Read the rest

The DMCA poisoned the Internet of Things in its cradle

IMG_0724

Bruce Schneier explains the short, terrible history of the Internet of Things, in which companies were lured to create proprietary lock-ins for their products because the DMCA, a stupid 1998 copyright law, gave them the power to sue anyone who made a product that connected to theirs without permission. Read the rest

Israeli company's product can (allegedly) pwn any nearby mobile phone

056c026d-1c66-4d42-9fae-a8e96df290c5-1020x909

The Interapp from Tel Aviv's Rayzone Group is an intrusion appliance that uses a cache of zero-day exploits against common mobile phone OSes and is marketed as having the capability to infect and take over any nearby phone whose wifi is turned on. Read the rest

Ifixit is the new Justice League of America and Kyle Wiens is its Superman

144832698039081

Motherboard's Jason Koebler follows Kyle Wiens around the Electronics Reuse Conference -- Burning Man for the service-people who fix your phones, laptops, and other devices -- in New Orleans. Wiens is founder and CEO of Ifixit, whose mission is to tear down every single thing you own, write a repair manual for it, and source or manufacture the parts you need to fix it yourself. Read the rest

Caterpillar's heavy vehicles are killswitched subprime computers on wheels

800px-Giant_Caterpillar_p2

In an earnings call in which Caterpillar execs explained their dismal takings to investors, Cat execs explained their plan to grow by leasing tractors to Chinese companies with crummy track-records for payment. Read the rest

Startup uses ultrasound chirps to covertly link and track all your devices

animation (2)

Silverpush, a startup that's just received $1.25M in venture capital, uses ultrasonic chirps that are emitted by apps, websites, and TV commercials to combine the identities associated with different devices (tablets, phones, computers, etc), so that your activity on all of them can be aggregated and sold to marketers. Read the rest

EPA finds more toxic VW emissions fraud in Audis and Porsches

17789538565_ba7cb2504f_b

The EPA, the California Air Resources Board and Environment Canada have detected more fraudulent firmware in VW products; this time in 2014-2016 cars from the super-profitable Audii and Porsche lines. Read the rest

EPA finds more Dieselgate emissions fraud in VW's Audis and Porsches

The EPA, the California Air Resources Board and Environment Canada have detected more fraudulent firmware in VW products; this time in 2014-2016 cars from the super-profitable Audii and Porsche lines. Read the rest

Librarian of Congress grants limited DRM-breaking rights for cars, games, phones, tablets, and remixers

lockdown
Every three years, the Librarian of Congress allows the public to request exemptions to a law that makes it a felony to break a digital lock, even on on a device that you own, and which you are breaking for a lawful purpose. For the past year, public interest groups have been spending their scarce money and resources writing petitions to the Copyright Office, arguing that people who own devices with computers in them should have the same property rights as they do in their non-computerized devices: the right to open, change, and improve the things they own in lawful ways.

Near-future Ikea catalog: the Internet of Things' flat-pack as a service

IkeaCatalog_1024x1024

Julian Bleecker and his Near Future Laboratory have followed up on their amazing Skymall-of-the-future catalog with an imaginary near-future Ikea catalog that jam an insane amount of witty futuristic speculation into elegantly presented, arresting images.

Read the rest

Putting your kettle on the Internet of Things makes your wifi passwords an open secret

ikettle_2_7962a3df-6887-47bc-b430-33e8ad963e2e_grande

The $150 Smarter Ikettle lets you start your water boiling from anywhere in the world over the Internet -- and it also contains long-term serious security vulnerabilities that allow attackers to extract your wifi passwords from it. Read the rest

SRSLY, they want to put DRM in JPEGs

jpegdrm

The Joint Photographic Expert Group, which oversees the JPEG format, met in Brussels today to discuss adding DRM to its format, so that there would be images that would be able to force your computer to stop you from uploading pictures to Pintrest or social media. Read the rest

Algorithmic guilt: defendants must be able to inspect source code in forensic devices

Witchsmeller_Pursuivant

Some day, you may be the defendant in a criminal trial that turns on whether the software in a forensic device reached a reliable conclusion about a DNA test or other piece of evidence. Wouldn't you like to have your own experts check the source code on that device? Read the rest

Internet of Things That Lie: the future of regulation is demonology

thumb64

Volkswagen's cars didn't have a fault in their diesel motors -- they were designed to lie to regulators, and that matters, because regulation is based on the idea that people lie, but things tell the truth. Read the rest

VW con produced as much extra air pollution as all UK power generation, industry, ag & vehicles

London_MMB_»0I6_Canary_Wharf

Volkswagen's intentional fraud resulted in an extra 1,000,000 metric tons of air pollution being spewed into the skies over America; if they'd extended the con to Europe (where there are far more diesels), it would have been orders of magnitude worse. Read the rest

More posts