Security expert says she helped a casino whose high-roller database was stolen through an Internet of Shit fish-tank thermometer

Darktrace CEO Nicole Eagan's presentation to last week's WSJ CEO Council Conference in London included an anaecdote about an unnamed casino for whom her firm had done work; they uncovered a data-breach in which an insecure Internet of Things thermometer in the casino's lobby was used to gain access to the internal network, from which vantage the attackers were able to extract and steal a database of high rollers. Read the rest

When your dental insurer sends you a "free" Internet of Shit toothbrush

Wolf Richter's dental insurer sent his family a free "smart" toothbrush that records how often and how well you brush, using a set of proprietary consumables to clean your teeth. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Under Armour: hackers stole the data of 150,000,000 Myfitnesspal users because of course they did

Myfitnesspal was a startup that offered Internet of Shit-based fitness and diet tracking; they were purchased by Under Armour for $475,000,000 in 2015; three years later, Under Armour has admitted that hackers stole the personal data of 150,000,000 Myfitnesspal users. Read the rest

The business-logic of Silicon Valley means that it can only make creepy, surveillant, pointless "smart" sex toys

People who buy sex toys generally want "high-quality, ergonomically designed toys that are intuitive to use," but Silicon Valley keeps delivering "innovative" and commercially unsuccessful sex toys whose selling-points are their "flashy apps and connectivity." Read the rest

Your smart TV is trivial to hack and leaks your personal information like crazy unless you disable all its useful features

Consumer Reports dragged a bunch of its top-rated smart TVs back into its labs to re-evaluate them, this time checking them for hard-to-evaluate information security risks and defects, which are not normally factored into its ratings. Read the rest

The latest IoT botnet displays evidence of a halfway clever botmaster

The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket. Read the rest

Demolition of derelict robotic parking garages reveals entombed vehicles, trapped for 15 years

When the £5m Autosafe Skypark opened in Edinburgh, it was heralded as the UK's most technologically advanced car park, but in 2003, the owners went bankrupt and turned off the computers that controlled the lifts that raised and lowered cars into their bays. Read the rest

Vtech covered up a leak of data on 6.3m children and their families, then tried to force us not to sue - the FTC just fined them $0.09/kid

Vtech is the Taiwanese kids' crapgadget vendor that breached sensitive data on 6.3 million children and their families, lied about it and covered it up, then added a dirty EULA to its products that made us promise not to sue them if they did it again. Read the rest

Armstrong Zoom ISP to 1,000,000 internet subscribers: if you are accused of piracy, you may lose the ability to control your smart thermostat

Armstrong Zoom, a northeastern US ISP with about a million subscribers, has sent its customers warnings that they have been accused of copyright infringement, and that subsequent accusations would lead to having their network connections slowed to the point of uselessness, which could impair their ability to control their internet-connected thermostats. Read the rest

The FBI and the New York Times warn that smart toys are emissaries from the Internet of Shit

One by one, the New York Times warns of the dangers of every hot smart toy your kids are begging for this Xmas: Furbies, Cayla, kids' smart watches, the ubiquitous Vtech toys (they omit the catastrophic Cloudpets, presumably because that company is out of business now). Read the rest

New Consumers Union report catalogs the potential collateral damage from the crypto wars

In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the "consumer stake in the encryption debate": they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy. Read the rest

"Friendly" apps are good at maximizing engagement, but their context-blindness is a cesspit of algorithmic cruelty

Designers use metrics and a/b splitting experiments to maximize engagement with their products, seeking out the phrases that trigger emotional responses in users -- like a smart scale that congratulates you on losing weight -- but these systems are context-blind, so they are unable to distinguish between people who might be traumatized by their messages (say, a woman who's just miscarried late in her pregnancy, being congratulated on her "weight loss"). Read the rest

Mirai's creators plead guilty, reveal that they created a DDoS superweapon to get a competitive edge in the Minecraft server industry

Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business. Read the rest

Talking Casa Jasmina, a house of the future designed for people, not corporations, with Jasmina Tesanovic and Bruce Sterling

The Casa Jasmina project (previously) is an automated smart house designed to be made of open source hardware, with the needs of the people who live there -- not the corporations who extract rent from them -- in mind. Read the rest

One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September. Read the rest

Reverse-engineering a connected Furby toy, revealing its disturbing security defects

When Context Labs teamed up with UK consumer group Which? to produce an outstanding report on the surveillance, privacy and security risks of kids' "connected toys," it undertook the reverse-engineering of Hasbro's new Furby Connect, a device that works with a mobile app to listen and watch the people around it and interact with them. Read the rest

More posts