Longstanding, unpatched Bluetooth vulnerability lets burglars shut down Google security cameras

A security researcher has published a vulnerability and proof-of-concept exploits in Google's Internet of Things security cameras, marketed as Nest Dropcam, Nest Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor; these vulnerabilities were disclosed to Google last fall, but Google/Nest have not patched them despite the gravity of the vulnerability and the long months since the disclosure. Read the rest

UC Berkeley nuked 20,000 Creative Commons lectures, but they're not going away

A ruling about a DC university held that posting course videos to the open web without subtitling them violated the Americans With Disabilities Act (while keeping them private to students did not) (I know: weird), and this prompted UC Berkeley to announce the impending removal of 20,000 open courseware videos from Youtube. Read the rest

Smart meters can overbill by 582%

A team from the University of Twente and the Amsterdam University of Applied Sciences have published a paper demonstrating gross overbillings by smart energy meters, ranging from -32% to +582% of actual power consumption. Read the rest

Testing products for data privacy and security

It’s an exciting and treacherous time to be a consumer. The benefits of new digital products and services are well documented, but the new risks they introduce are not. Basic security precautions are ignored to hasten time to market. Biased algorithms govern access to fair pricing. And four of the five most valuable companies in the world earn their revenue through products that mine vast quantities of consumer data, creating an unprecedented concentration of corporate power. A recent survey at Consumer Reports showed that 65% of Americans lack confidence their data is private or secure, with most consumers feeling powerless to do anything about it.

Landmark ruling shows Canada has one of the world's worst DRM laws

When the Canadian Parliament passed Bill C-11 -- Canada's answer to America's notorious Digital Millennium Copyright Act -- it was in the teeth of fierce opposition from scholars, activists and technologists, who said that making it a crime to modify your own property so you could do something legal (that the manufacturer disapproved of) had been proven to be a terrible idea in practice in the USA, and that Canada should learn from its neighbour's mistake. Read the rest

We are one RFID away from a dishwasher that rejects third-party dishes on pain of a 5-year prison sentence

Two years ago, I wrote If dishwashers were iPhones, a column in the Guardian that took the form of an open letter from the CEO of a dishwasher company that had deployed DRM to make sure you only used dishes it sold you in "their" dishwashers. Read the rest

Reply All covers DRM and the W3C

In the latest episode of Reply All, a fantastic tech podcast, the hosts and producers discuss the situation with DRM, the future of the web, and the W3C -- a piece I've been working on them with for a year now. Read the rest

Coming to DC on March 6: a panel on right to repair, DRM, and property rights in the digital age

On Monday, March 6 at 10AM, I'll be participating in a non-partisan R-Street event on "Property Rights in the Digital Age," with participants from the Heritage Foundation, R-Street, the Open Technology Institute, and Freedomworks: "As we enter an age near total connectivity, we must ask ourselves, are our laws keeping up with technology? Do we need to rewrite the rules to preserve our traditional notions of property, or embrace the brave new world of licensing everything?" (RSVP) Read the rest

Collapsing "connected toy" company did nothing while hackers stole millions of voice recordings of kids and parents

Spiral Toys -- a division of Mready, a Romanian electronics company that lost more than 99% of its market-cap in 2015 -- makes a line of toys called "Cloudpets," that use an app to allow parents and children to exchange voice-messages with one another. They exposed a database of millions of these messages, along with sensitive private information about children and parents, for years, without even the most basic password protections -- and as the company imploded, they ignored both security researchers and blackmailers who repeatedly contacted them to let them know that all this data was being stolen. Read the rest

A Clinton-era tech law has quietly, profoundly redefined the very nature of property in the IoT age

An excellent excerpt from Aaron Perzanowski and Jason Schultz's The End of Ownership: Personal Property in the Digital Economy on Motherboard explains how Section 1201 of the 1998 Digital Millennium Copyright Act -- which bans tampering with or bypassing DRM, even for legal reasons -- has allowed corporations to design their products so that using them in unapproved ways is an actual felony. Read the rest

Bad Android security makes it easy to break into and steal millions of "smart" cars

Securelist's report on the security vulnerabilities in Android-based "connected cars" describes how custom Android apps could be used to find out where the car is, follow it around, unlock its doors, start its engine, and drive it away. Read the rest

Source tells Motherboard that Apple will testify against Nebraska's "Right to Repair" law

Motherboard says a source told them that "an Apple representative, staffer, or lobbyist will testify" against the state's Right to Repair bill, which requires companies to make it easy for their customers to choose from a variety of repair options, from official channels to third parties to DIY. Read the rest

The W3C, DRM, and future of the open web

JM Porup's long, thoughtful article on the W3C's entry into the DRM standardization game gives a sense of the different forces that are pushing one of the open web's staunchest allies into a disastrous compromise: the competition that siloed apps present to open-web browsers, the debts of the W3C, the relentless pressure from the entertainment industry to redesign browsers to do a corporation's bidding, rather than the user's. Read the rest

The World Wide Web Consortium wants to give companies a veto over warnings about browser defects

Since 2013, when the W3C decided to standardize DRM for web videos, activists, security researchers and disabled rights advocates have been asking the organization what it plans on doing about the laws that make it illegal to bypass DRM, even to add features to help blind people, or to improve on browsers, or just to point out the defects in browsers that put billions of web users at risk. Read the rest

Congress reintroduces YODA, a bipartisan bill that protects your right to treat devices as your property

The You Own Devices Act (YODA) was first introduced by Reps Blake Farenthold (R-TX) and Jared "Happy Mutant" Polis (D-CO) in 2014: it's a bill that limits the enforceability of abusive EULA terms, preserving your right to sell, lease, donate, and access security fixes on devices you buy, even when they have copyrighted software within them. Read the rest

This dump of Iphone-cracking tools shows how keeping software defects secret makes everyone less secure

Last month, a hacker took 900GB of data from Cellebrite, an Israeli cyber-arms dealer that was revealed to be selling surveillance and hacking tools to Russia, the UAE, and Turkey. Read the rest

Suspecting arson, cops subpoena homeowner's pacemaker logs, then charge him with multiple felonies

Ross Compton, a 59-year-old homeowner in Middletown, Ohio called 911 in September 2016 to say that his house was on fire; there were many irregularities to the blaze that investigators found suspicious, such as contradictory statements from Compton and the way that the fire had started. Read the rest

More posts