A woman's stalker compromised her car's app, giving him the ability to track and immobilize it

An Australian woman's creepy, violent ex-boyfriend hacked her phone using stalkerware, then used that, along with her car's VIN number, to hack the remote control app for her car (possibly Landrover's Incontrol app), which allowed him to track her location, stop and start her car, and adjust the car's temperature. Read the rest

My review of Sandworm: an essential guide to the new, reckless world of "cyberwarfare"

For years, I've followed Andy Greenberg's excellent reporting on "Sandworm," a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world. Read the rest

Griefer terrorizes baby by taking over their Nest babycam...again

Nest is a home automation company that Google bought in 2014, turned into an independent unit of Alphabet, then re-merged with Google again in 2018 (demonstrating that the "whole independent companies under Alphabet" thing was just a flag of convenience for tax purposes); the company has always focused on "ease of use" over security and internecine warfare between different dukes and lords of Google meant that it was never properly integrated with Google's security team, which is why, over and over again, people who own Nest cameras discover strangers staring at them from their unblinking camera eyes, sometimes shouting obscenities. Read the rest

Assessing the security of devices by measuring how many difficult things the programmers tried to do

The Cyber Independent Testing Lab is a security measurement company founded by Mudge Zadko (previously), late of the Cult of the Dead Cow and l0pht Heavy Industries and the NSA's Tailored Access Operations Group; it has a unique method for assessing the security of devices derived from methods developed by Mudge at the NSA. Read the rest

Surveillance camera hallucinates face in the snow, won't shut up about it

A beauty from last February: Kyle McDonald tweeted redacted social media screenshots from a surveillance camera owner that emitted a steady stream of alerts because it saw a face in the garden -- a face that was just a random assortment of grime and snow that only vaguely resembled a face, but still triggered the facial recognition algorithm. In the end, the only way to shut up the camera was to stomp around in the snow until the "face" was erased. Read the rest

Bruce Sterling on Boris Johnson's bizarre, cyberpunk dystopia address to the UN

This week's bizarre speech to the UN by the UK's clownish, authoritarian Prime Minister pro tem Boris Johnson has sparked a lot of talk, especially among science fiction readers who recognise the difference between cautionary tales about hi-tech dystopias and suggestions for public technology policy (unlike PM Johnson). Read the rest

Guy returns his "smart" light bulbs, discovers he can still control them after someone else buys them

You know what's great about putting wifi-enabled, Turing-complete computers into things like lightbulbs? Not. A. Single. Fucking. Thing. Read the rest

Ring: "We don't use facial recognition"; also Ring: "We have a head of facial recognition research"

One of the most obvious facts I've learned in covering the unfolding scandal of the secret deals between Amazon's Ring surveillance doorbell group and hundreds of US police departments is that Amazon loooooves to play word-games. Read the rest

Penetration tester releases proof-of-concept code for hijacking smart buttplugs

Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities. Read the rest

Grounded teen evades device confiscation by tweeting from the smart-fridge

Dorothy is an (alleged) 15-year-old who has attained Twitter fame by hopping from device to device as her mother finds and confiscates her tools: first her phone, then her Nintendo, then her Wii U, and finally, her family smart fridge. Read the rest

Prior to Amazon acquisition, Ring offered "swag" to customers who snitched on their neighbors

Amazon is under fire over revelations that it did secret deals with local police departments to buzz-market its Internet of Things "Ring" brand surveillance doorbells, but Ring's shady history predates its acquisition by Amazon in 2017. Read the rest

Amazon's surveillance doorbell marketers help cops get warrantless access to video footage from peoples' homes

Every time I write about the unfolding scandal of Amazon's secret partnerships with hundreds of US police departments who get free merch and access to Ring surveillance doorbell footage in exchange for acting as a guerrilla marketing street-team for Ring, I get an affronted email from Amazon PR, implying that I got it all wrong, but unwilling to enter into detailed discussions of what's actually going on (the PR flacks also usually ask to be quoted officially but anonymously, something I never agree to). Read the rest

Amazon's secret deals with local cops give them access to realtime 911 data for use in scary alerts sent to Ring owners

Mining the results of public records requests relating to Amazon's secret deals with local law enforcement to promote its Ring surveillance doorbells (more than 200 agencies!) continue to bear fruit. Read the rest

Amazon's secret deals with cops gave corporate PR a veto over everything the cops said about their products

Last week, Motherboard broke a story revealing that Amazon had entered into secret agreements with local law enforcement agencies that had the cops pushing Ring surveillance doorbells to the people they were sworn to protect, in exchange for freebies and access to a system that let them request access to footage recorded by the Amazon's industry-leading internet-of-shit home surveillance tools. Read the rest

Cisco's failure to heed whistleblower's warning about security defects in video surveillance software costs the company $8.6m in fines

In 2008, a security researcher named James Glenn warned Cisco that its video surveillance software had a defect that made it vulnerable to a trivial-to-exploit attack; for four years afterward, the company continued to sell this software to schools, airports, hospitals, state/local governments, the US military, FEMA, the Secret Service and police departments without mitigating the defect or warning their customers that internet-connected randos could undetectably peer through their security cameras, unlock their doors, disable their alarms, and delete footage. Read the rest

Cop says Amazon told him they had "partnered" with 200 US police forces to sell and tap into Ring surveillance doorbells

Last week, Motherboard reported on a public record request that revealed that Amazon had struck confidential deals with local police forces to get them to promote the company's Internet of Things "Ring" doorbells, and the accompanying "Neighbors" app that produces a kind of private surveillance mesh overlooking nearby public spaces -- under the terms of the deal, cops would be able to see a map noting locations of Ring surveillance cams and request footage from their owners. Read the rest

Amazon struck secret deals with local cops to get them to push surveillance-camera doorbells

Amazon quietly struck deals with dozens of local law enforcement agencies across America that gave the police access to a distributed surveillance feed from its Ring "smart doorbell" products in exchange for the cops providing free advertising for the products without revealing their contractual requirement to do so. Read the rest

More posts