FBI chief demands an end to cellphone security

If your phone is designed to be secure against thieves, voyeurs, and hackers, it'll also stop spies and cops. So the FBI has demanded that device makers redesign their products so that they -- and anyone who can impersonate them -- can break into them at will.

Read the rest

Animation explains the dangers of Computercop, the malware that US police agencies distribute to the public

Dave from EFF writes, "Here's a funny, easy-to-understand animation explaining why ComputerCOP parental monitoring software is actually dangerous to kids. More than 245 local law enforcement agencies have purchased this software in bulk and handed it out to families for free."

Using an imaginary kid named Timmy, who gets "pantsed" by ComputerCOP, the animation by Fusion also ties ComputerCOP to the unnecessary equipment locals cops have obtained, like mine-resistant trucks. Fusion's cartoon is based on an EFF investigation published on Wednesday.

Who needs the NSA? Anyone could spy on your kids thanks to ComputerCop

(Thanks, Dave!)

Mobile malware infections race through Hong Kong's Umbrella Revolution


The protesters are dependent on mobile apps to coordinate their huge, seemingly unstoppable uprising, and someone -- maybe the Politburo, maybe a contractor -- has released virulent Ios and Android malware into their cohort, and the pathogens are blazing through their electronic ecosystem.

Read the rest

Keurig sued for anti-competitive K-cup tactics

Chris sez, "Club Coffee, maker of K-Cup compatible pods, has taken Keurig to court in Ontario, alleging anti-competitive behaviour, including telling retailers that they can't even talk to Club Coffee, let alone carry its products."

Read the rest

Hundreds of US police forces have distributed malware as "Internet safety software"

Law enforcement agencies have been buying and distributing Computercop, advising citizens that the software is the "first step" for protecting their kids; one sheriff bought copies for every family in the county.

Read the rest

Class war meets the War on General Purpose Computers


The subprime auto-lending business -- writing car-loans to people who can't afford them -- is fuelled by GPS-enabled immobilizers that let lenders track and shut down cars whose drivers violate terms of service, from missing payments to fleeing the tri-county area in order to move into a shelter for abused women.

Read the rest

Smart thermostat makes dumb security mistakes

Andrew Tierney had a close look at Heatmiser's popular wifi-enabled thermostat and found it to be riddled with security vulnerabilities.

Read the rest

Bruce Sterling's "The Epic Struggle of the Internet of Things"

It's a new long-form essay in the tradition of Sterling's must-read, groundbreaking 2005 book Shaping Things, a critical perspective on what it means to have a house full of "smart" stuff that answers to giant corporations and the states that exert leverage over them.

Read the rest

When law-enforcement depends on cyber-insecurity, we're all at risk


It's not enough to pass rules limiting use of "stingray" mobile-phone surveillance devices by civilians: for so long as cops depend on these devices, the vulnerabilities they exploit will not be fixed, leaving us all at risk.

Read the rest

Adversarial Compatibility: hidden escape hatch rescues us from imprisonment through our stuff


My latest Guardian column, Adapting gadgets to our needs is the secret pivot on which technology turns, explains the hidden economics of stuff, and how different rules can trap you in your own past, or give you a better future.

Read the rest

Tesla's "car-as-service" versus your right to see your data

Espen got a parking ticket for his Tesla, and he's pretty sure he can exonerate himself, if only the company would give him access to his car's data, but they won't.

Read the rest

The coming Compuserve of Things

What happens when individual companies are allowed to own and control the way your "smart" stuff talks to you and other smart stuff? It's walled garden time, all over again.

Read the rest

US inches towards decriminalizing phone unlocking


America's legal prohibition on phone unlocking has inched almost imperceptibly closer to reform, as a watered-down House bill approaches some kind of Senate compromise, that might, in a couple years, decriminalize changing the configuration of a pocket-computer that you own.

Read the rest

Researchers publish secret details of cops' phone-surveillance malware


Kaspersky Labs (Russia) and Citizen Lab (University of Toronto) have independently published details of phone-hacking tools sold to police departments worldwide by the Italian firm Hacking Team (here's Kaspersky's report and Citizen Lab's). The tools can be used to attack Android, Ios, Windows Mobile and Blackberry devices, with the most sophisticated attacks reserved for Android and Ios.

The spyware can covertly record sound, images and keystrokes, capture screenshots, and access the phones' storage and GPS. The tools are designed to detect attempts to search for them and to delete themselves without a trace if they sense that they are under attack.

Hacking Team insists that its tools are only sold to "democratic" police forces, but Citizen Lab's report suggests that the tool was used by the Saudi government to target dissidents.

The means of infection is device-specific. If police have physical access, it's simple. Android devices can be attacked by infecting a PC with a virus that installs the police malware when the device is connected to it. This attack also works on jailbroken Iphones.

Read the rest

California's cell-phone kill switch is a solution that's worse than the problem


As the California legislature moves to mandate "kill switches" that will allow owners of stolen phones to shut them down, the Electronic Frontier Foundation sounds an important alarm: if it's possible for someone to remotely switch off your phone such that you can't switch it back on again, even if you're physically in possession of it, that facility could be abused in lots of ways. This is a classic War on General Purpose Computation moment: the only way to make a kill-switch work is to design phones that treat their possessors as less trustworthy than a remote party sending instructions over the Internet, and as soon as the device that knows all your secrets and watches and listens to your most private moments is designed to do things that the person holding it can't override, the results won't be pretty.

There are other models for mitigating the harm from stolen phones. For example, the Cyanogen remote wipe asks the first user of the phone to initialize a password. When it is online, the device checks in with a service to see whether anyone using that password has signed a "erase yourself" command. When that happens, the phone deletes all the user-data. A thief can still wipe and sell the phone, but the user's data is safe.

Obviously, this isn't the same thing as stolen phones going dead and never working again, and won't have the same impact on theft. But the alternative is a system that allows any bad guy who can impersonate, bribe or order a cop to activate the kill-switch to do all kinds of terrible things to you, from deactivating the phones of people recording police misconduct to stalking or stealing the identities of mobile phone owners, with near-undetectable and unstoppable stealth.

Read the rest