A Trustmark for IoT: separating the Internet of Shit from the Internet of Things

Peter writes, "ThingsCon, our Berlin-based non-profit for a more responsible IoT, launches a trustmark for IoT - the Trustable Technology Mark. Cory gave some input to it a while back already, and finally it's launch day: We want to highlight the best work in IoT, the best/most respectful of users' rights, privacy and security. It's an entirely non-profit effort to elevate the debate in this odd space that's full of crap; I think you might like it." Read the rest

Insurance companies gouge on CPAP machines and consumables, use wireless modems to spy on your usage

Sleep apnea is a fast-growing health complaint among Americans, and that has triggered a set of deceptive and unethical measures by US health insurers to shift the cost of using CPAP machines (the forced air machines that sleep apnea patients rely on to stay healthy) to the people who use them, with the effect that it's often much cheaper to pay cash for your machine and its consumables than it is to get them through insurance. Read the rest

One year later: kids smart-watches are still a privacy and security dumpster fire

A year ago, the Norwegian Consumer Council commissioned a study into kids' smart watches, finding that they were incredibly negligent when it came to security and incredible greedy when it came to surveillance: a deadly combination that meant that these devices were sucking up tons of sensitive data on kids' lives and then leaving it lying around for anyone to take. Read the rest

Consumer Reports finds that D-Link's home camera sends unencrypted video without unique passwords

As part of its ongoing commitment to evaluate information security and privacy when reviewing IoT devices (previously), Consumer Reports has published a scathing review of D-Link's home security camera. Read the rest

"Smart home" companies refuse to say whether law enforcement is using your gadgets to spy on you

Transparency reports are standard practice across the tech industry, disclosing the nature, quantity and scope of all the law enforcement requests each company receives in a given year. Read the rest

A year later, giant Chinese security camera company's products are still a security dumpster-fire

A year ago, Chinese white-label CCTV/DVR vendor Xiongmai announced a recall and security update for its devices, whose weak security meant that they had been conscripted into a massive, unstoppable botnet. Read the rest

Internet of Shit watch: Honeywell server outage means "smart" thermostats are inaccessible

For weeks, Honeywell Home customers have been complaining about outages with their Honeywell "Total Connect Comfort" apps, which allow them to remote control their smart thermostats; several days ago, customers started complaining that the app had stopped working altogether. Read the rest

Internet of Things security camera sends customers' video feed to someone else

Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed. Read the rest

Vulnerabilities in smart electric plugs give attackers a staging point for scanning and attacking your whole network

If an attacker takes control of a device inside your network -- by exploiting a defect in it or a mistake you made in configuring it or by tricking you somehow -- then they can do all kinds of bad things, like scanning your local network for other vulnerable devices, attacking them and taking control over them. Read the rest

All versions of Openssh share a critical vulnerability, including embedded code that will never be updated

Every version of the popular Openssh program -- a critical, widely used tool for secure communications -- share a critical vulnerability that was present in the program's initial 1999 release. Read the rest

Insecure medical equipment protocols let attackers spoof diagnostic information

Douglas McKee of McAffee presented his research into the security of medical diagnostic equipment at last week's Defcon conference in Las Vegas. Read the rest

The eminently hackable police bodycam

Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible, though the Digital Ally models are the least bad of the batch, as Wired's Lily Hay Newman reports. Read the rest

What should go in an IoT safety-rating sticker?

Now that Consumer Reports is explicitly factoring privacy and security into its tech reviews, we're making some progress to calling out the terrible state of affairs that turned the strange dream of an Internet of Things into a nightmare we call the Internet of Shit. Read the rest

Karaoke casemod: it's surprisingly easy to hook up a karaoke machine's CRT to a Raspberry Pi

Brett writes, "As a critique of the IoT buzz, I hacked a portable karaoke machine, stuffed a Raspberry Pi in it, connected it to the internet, and installed Docker on it." (tl;dr: he needed a portable CRT for an installation, found one embedded in a thrift-store karaoke machine, and got it wired up to the Raspi on the first try and discovered it made a perfect and delightful casemod). Read the rest

Half a billion IoT devices inside of businesses can be hacked through decade-old DNS rebinding attacks

In 2008, a presentation at the RSA conference revealed the existence of "DNS rebinding attacks," that used relatively simple tactics to compromise browsers; a decade later, Berkeley and Princeton researchers announced a paper on DNS rebinding attacks against consumer devices (to be presented at August's ACM SIGCOMM 2018 Workshop on IoT Security and Privacy), while independent researcher Brannon Dorsey published similar work. Read the rest

Self-hacking Internet of Shit camera automatically sends randos the feed from inside your house

Last week, I wrote about Shenzhen Gwelltimes Technology Co's ubiquitous "home security" cameras that can be hacked with ease by voyeurs and criminals, seemingly the last word in dangerously lax security -- but here comes scrappy underdog Swann Security, with a hold-my-beer turning point in shitty technology designs: a self-hacking camera that nonconsensually sends the video feed from inside your home to strangers who didn't even try to hack you. Read the rest

The Internet of Shit: a godsend for abusers and stalkers

People who help domestic abuse survivors say that they are facing an epidemic of women whose abusers are torturing them by breaking into their home smart devices, gaslighting them by changing their thermostat settings, locking them out of their homes, spying on them through their cameras. Read the rest

More posts