Sarah Jeong continues her excellent series of critical perspectives on technology with a piece on the way that technology is being used to let computers control their users, on behalf of the corporations who make and sell these tools. Read the rest
Senators Richard Burr [R-NC] and Dianne Feinstein [D-CA] finally introduced their long-rumored anti-crypto bill, which will ban US companies from making products with working cryptography, mandating that US-made products have some way to decrypt information without the user's permission. Read the rest
The idea of a "Cyber-Underwriters Laboratories mark" is really in the air; in the past six months, I've had it proposed to me by spooks, regulators, activists, consumer protection advocates, and security experts. But the devil is in the details. Read the rest
The World Wide Web Consortium, once the world's most trusted source of open standards, is helping Comcast make a DRM standard designed to give studios a veto over the legal use of their programming -- something that would have prevented the cable industry from ever coming into being. Read the rest
Revolv is a home automation hub that Google acquired 17 months ago; yesterday, Google announced that as of May 15, it will killswitch all the Revolvs in the field and render them inert. Section 1201 of the DMCA -- the law that prohibits breaking DRM -- means that anyone who tries to make a third-party OS for Revolv faces felony charges and up to 5 years in prison. Read the rest
Unlike the Hollywood hospital shutdown in Feb and the Kentucky shutdown in March which got in by phishing attacks on employees, the two hospitals in Baltimore that were taken offline by ransomware were targeted by server-based attacks that got in through vulnerabilities in public-facing hospital services. Read the rest
The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities. Read the rest
With the Electronic Frontier Foundation, I've been lobbying the World Wide Web Consortium (W3C), which sets the open standards that the Web runs on, to take measures to protect security researchers (and the users they help) from their own bad decision to standarize Digital Rights Management as part of HTML5. Read the rest
More proof that all devices in the modern world are just computers in fancy cases: the FBI's joint warning issued with the DoT and the National Highway Traffic and Safety Administration tells drivers that they're at risk of local and remote hack-attacks against their cars, and tells them they have to keep their cars' patch-levels current or they'll be in serious danger. Read the rest
The 2016 Car Hacker's Handbook expands on the hugely successful 2014 edition, in which the Open Garages movement boiled down all they'd learned running makerspaces for people interested in understanding, improving, penetration testing and security-hardening modern cars, which are computers encrusted in tons of metal that you strap your body into.
No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.
Author Craig Smith founded Open Garages and now has years of experience with community development of tools and practices for investigating how manufacturers are adding computers to cars, the mistakes they're making, and the opportunities they're creating.
The Handbook is an excellent mix of general background on how to do threat-modelling, penetration testing, reverse engineering, etc, and highly specific code examples, model numbers, recipes and advice on how to put a car up on a bench, figure out how it works, figure out how to make it do cool things the manufacturer never intended, and figure out how to understand the risks you face from people doing the same thing without your best interests at heart.
A lot of the advice is theoretical, but there are a bunch of highly practical projects, from improving and customizing your in-car satnav and entertainment system to tuning your engine performance. Read the rest
Matthew Garrett checked into a London hotel and discovered that the proprietors had decided that "light switches are unfashionable and replaced them with a series of Android tablets." Read the rest
Eddy Cue, Apple's head of services, has warned that if the FBI wins its case and can force Apple to produce custom software to help break into locked phones, there's nothing in principle that would stop it from seeking similar orders for custom firmware to remotely spy on users through their phones' cameras and microphones. Read the rest