Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open.
It's also seemingly made out of steel tempered with papier mache: Pentest Partners were able to snip through it easily with a 12-inch boltcutter.
It makes that lock that Mark wrote about -- described by its manufacturer as "invincible to people who do not have a screwdriver" -- look pretty good by comparison!
YouTuber JerryRigEverything proved that he could pull the lock apart using just a sticky GoPro mount, while cybersecurity company PenTest Partners found that the actual code and digital authentication methods for the lock were basically nonexistent. All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts. Essentially, the lock doesn’t encrypt any of its data, leaving anyone who’s looking for it all the information they’d need to gain access to the lock and open it up. PenTest Partners also snapped the lock with a pair of 12-inch bolt cutters. So, really, maybe don’t buy a smart lock?
This fingerprint-verified padlock is extremely easy to hack [Ashley Carman/The Verge]
MG has built a proof-of-concept malicious USB cable with a tiny wifi radio hidden inside of it, able to wirelessly exfilatrate stolen; he calls it the O. MG, and while the prototype cost him $4k and took 300 hours, he's working with a team on a small production run for other security researchers to play […]
Writing on Techcrunch, Zack Whittaker (previously) calls out the timeworn phrase "we take your privacy and security seriously," pointing out that this phrase appears routinely in company responses to horrific data-breaches, and it generally accompanied by conduct that directly contradicts it, such as stonewalling and minimizing responsibility for breaches and denying their seriousness. "We take […]
The Internet of Dongs is Brad Haines's term for the world of internet-connected, "teledildonic" sex toys, and Haines, along with Sarah Jamie Lewis, have exhaustively documented all the ways in which internet-connected sex toys can screw you, from leaking private data to physically attacking your junk.
What do Facebook, Twitter, YouTube and Google all have in common? Somewhere in their framework, they all use MySQL, that most versatile (and free!) of database management systems. And they’re not alone. If your company or the one you’d like to work for wrangles data (and who doesn’t?), they’re going to need someone with a […]
There’s a reason you’re hearing about the gig economy in every other business story these days. More than ever, people are finding income from more than one source. And if you find the right one, a side hustle can do more than just pad your pockets – it can allow you to finally get paid […]
High-def cameras are available to anyone and for much less than they were just a decade ago. Even the phones in our pockets can be used to shoot and edit short films. It’s never been easier to be a filmmaker, providing you have the technique. Enter the Film & Cinematography Mastery Bundle, an online boot […]