China mandates radio-tracking beacons in all cars

As of July 1, registering a car in China will involve registering an RFID radio-beacon that will be planted on the car in order to track its movements. Read the rest

Machine learning may be most useful in tiny, embedded, offline processors

The tiny embedded processors in smart gadgets -- including much of the Internet of Shit -- are able to do a lot of sensing without exhausting their batteries, because sensing is cheap in terms of power consumption. Read the rest

How do we fix IoT security without blocking interoperability and creating monopolies?

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest

UK consumer review magazine Which?: your smart home is spying on you, from your TV to your toothbrush

The UK consumer review magazine Which? (equivalent to America's Consumer Reports) has published a special investigation into the ways that Internet of Things smart devices are spying on Britons at farcical levels, with the recommendation that people avoid smart devices where possible, to feed false data to smart devices you do own, and to turn off data-collection settings in devices' confusing, deeply hidden control panels. Read the rest

An analysis of all those Internet of Things manifestos sparked by the slow-motion IoT catastrophe

The Internet of Things morphed from a ridiculous answer in search of a problem ("why do I want my fridge connected to the internet?") to a source of Black Mirror-style modern absurdities ("someone pushed a load of internet porn to my fridge") to an existential threat ("my fridge just joined a world-killing botnet"). Read the rest

Working replica of Snake Plissken's Lifeclock countdown timer watch from Escape From New York

The Lifeclock One: Snake Edition is a $300 licensed replica of the countdown timer watch worn by Snake Plissken in Escape From New York: it's very cool looking and faithful to the original prop, but regrettably, the designers have added in a bunch of "smart-watch" features (Bluetooth, an app, text-message and app notifications from your phone) that raise the price, create needless attack surface, and add complexity. Read the rest

A new strain of IoT malware can survive a reboot

As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest

Security researchers can turn Alexa into a transcribing, always-on listening device

Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest

ISO rejects the NSA's IoT crypto standard, believing it to be backdoored

For three years, International Standards Organization has been wrangling over which cryptographic algorithms will be incorporated into a standard for interoperability in "Internet of Things" gadgets; at issue has been the NSA's insistence that "Simon" and "Speck" would be the standard block cipher algorithms in these devices. Read the rest

IoT Inspector: Princeton releases a tool to snoop on home IoT devices and figure out what they're doing

IoT Inspector is a new tool from Princeton's computer science department; it snoops on the traffic from home IoT devices and performs analysis to determine who they phone home to, whether they use encryption, and what kinds of data they may be leaking. Read the rest

Security expert says she helped a casino whose high-roller database was stolen through an Internet of Shit fish-tank thermometer

Darktrace CEO Nicole Eagan's presentation to last week's WSJ CEO Council Conference in London included an anaecdote about an unnamed casino for whom her firm had done work; they uncovered a data-breach in which an insecure Internet of Things thermometer in the casino's lobby was used to gain access to the internal network, from which vantage the attackers were able to extract and steal a database of high rollers. Read the rest

When your dental insurer sends you a "free" Internet of Shit toothbrush

Wolf Richter's dental insurer sent his family a free "smart" toothbrush that records how often and how well you brush, using a set of proprietary consumables to clean your teeth. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Under Armour: hackers stole the data of 150,000,000 Myfitnesspal users because of course they did

Myfitnesspal was a startup that offered Internet of Shit-based fitness and diet tracking; they were purchased by Under Armour for $475,000,000 in 2015; three years later, Under Armour has admitted that hackers stole the personal data of 150,000,000 Myfitnesspal users. Read the rest

The business-logic of Silicon Valley means that it can only make creepy, surveillant, pointless "smart" sex toys

People who buy sex toys generally want "high-quality, ergonomically designed toys that are intuitive to use," but Silicon Valley keeps delivering "innovative" and commercially unsuccessful sex toys whose selling-points are their "flashy apps and connectivity." Read the rest

Your smart TV is trivial to hack and leaks your personal information like crazy unless you disable all its useful features

Consumer Reports dragged a bunch of its top-rated smart TVs back into its labs to re-evaluate them, this time checking them for hard-to-evaluate information security risks and defects, which are not normally factored into its ratings. Read the rest

The latest IoT botnet displays evidence of a halfway clever botmaster

The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket. Read the rest

More posts