Amazon unveils a new Echo Dot surveillance device for children

The latest addition to Amazon's line of always-on, ever-listening, networked, insecure (1, 2, 3, 4, 5, 6, 7) snitchy smart speakers is the new rev of the Echo Dot Kids Edition, whose "kid-friendly" Alexa is like surveillance Barbie without the pretense of being a toy. Read the rest

Amazon's facial recognition fear crusade ramps up: now they're paying Facebook to show you pictures of suspected criminals to scare you into getting a surveillance doorbell

Amazon's Ring doorbells are surveillance devices that conduct round-the-clock video surveillance of your neighborhood, automatically flagging "suspicious" faces and bombarding you and your neighbors with alerts using an app called "Neighbors"; it's a marriage of Amazon's Internet of Things platform with its "Rekognition" facial recognition tool, which it has marketed aggressively to cities, law enforcement, ICE, businesses and everyday customers as a security measure that can help ID bad guys, despite the absence of a database identifying which faces belong to good people and which faces belong to bad people. Read the rest

After elderly tenant was locked in his apartment by his landlord's stupid "smart lock," tenants win right to use actual keys to enter their homes

Tenants in New York City have reached a settlement with their landlord requiring the landlord to install actual locks with actual keys on demand, rather than insisting that all tenants use locks from Latch, the leading Internet of Things "smart lock" vendor, whose products conduct fine-grained surviellance on their users, which the company reserves the right to share with third parties. Read the rest

Amazon's staffing up a news vertical full of crime stories designed to scare you into buying a spying, snitching "smart" doorbell

Ring is a "smart" doorbell that Amazon bought for $1B in 2018, and proceeded to turn into an insecure, networked surveillance device, (possibly wired into Amazon's facial recognition system) and connected to law enforcement so that the company could advertise that owning a Ring made you a good citizen of your neighborhood, part of a mesh of relentless eyes-on-the-street that identified suspicious strangers and sicced the law on them, frontended by an app named with pitch-perfect creepiness: "Neighbors." Read the rest

"Smart" doorlocks have policies that let landlords and third parties spy on you

Latch is a leading vendor of internet-of-things "smart" doorlocks that are in increasing use in rental housing (the company claims 10% of all new multiunit construction incorporates their product); they allow entry by keycode, keycard, and Bluetooth. Read the rest

Vulnerabilities in GPS fleet-tracking tools let attackers track and immobilize cars en masse

Itrack and Protrack are commercial devices for tracking fleets of commercial vehicles; they can be configured to allow for remote killswitching of the cars' engines, presumably as a theft-prevention measure. Read the rest

Nest's "ease of use" imperative plus poor integration with Google security has turned it into a hacker's playground

40 years ago, antitrust law put strict limits on mergers and acquisitions, but since the Reagan era, these firewalls have been dismantled, and now the biggest companies grow primarily by snapping up nascent competitors and merging with rivals; Google is a poster-child for this, having only ever created two successful products in-house (search and Gmail), with all other growth coming from acquisitions and mergers. Read the rest

Security researchers reveal defects that allow wireless hijacking of giant construction cranes, scrapers and excavators

Using software-defined radios, researchers from Trend Micro were able to reverse-engineer the commands used to control massive industrial machines, including cranes, excavators and scrapers; most of these commands were unencrypted, but even the encrypted systems were vulnerable to "replay attacks" that allowed the researchers to bypass the encryption. Read the rest

Jibo the social robot announces that its VC overlords have remote-killswitched it, makes pathetic farewell address and dances a final step

Jibo was a "social robot" startup that burned through $76m in venture capital and crowdfunding before having its assets sold to SQN Venture Partners late last year. Read the rest

Alias: a smart-speaker "parasite" that blocks your speaker's sensors until you activate it

Alias is an open source hardware/free-open firmware "parasite" that fits over your smart speaker's sensors and fills them with white noise; the Alias has its own (non-networked, user-controlled) mic and speaker and when you speak a magic phrase, the Alias temporarily stops the white noise and transmits your commands to the speaker; Alias also lets you specify strings of commands and other useful utilities that restore control over your smart-speaker to you. Read the rest

Bad security design made it easy to spy on video from Ring doorbells and insert fake video into their feeds

Researchers from Dojo/Bullguard investigated the security model of the Ring smart doorbell -- made by Amazon -- and discovered that the video was sent "in the clear" (without encryption) meaning that people on the same network as the doorbell, or on the same network as one of its owners, can easily tap into its feeds. Read the rest

As sports company abandons support for "smart" basketball, Nike pushes a software update that bricks its self-tying shoes

Wilson X was the sports manufacturer's entry into the market for smart basketballs, but maintaining the app that made sense of the telemetry from your sensor-equipped roundball was expensive and stupid and so the Wilson X app is no more, and the "B" in "B-ball" stands for "bricked." Read the rest

Google admits Nest security product has a secret mic, insists it wasn't supposed to be a secret

Nest is the Internet of Shit company Google bought and steadily expanded from "smart" thermostats to the current home security product, "Nest Secure," which has an undisclosed microphone -- but don't worry, it wasn't intended to be a secret, Google just forgot to mention it, and "the microphone has never been on and is only activated when users specifically enable the option." Read the rest

The Internet of Dongs remains a security dumpster-fire -- UPDATED

The Internet of Dongs is Brad Haines's term for the world of internet-connected, "teledildonic" sex toys, and Haines, along with Sarah Jamie Lewis, have exhaustively documented all the ways in which internet-connected sex toys can screw you, from leaking private data to physically attacking your junk. Read the rest

18 months on, kids' smart watches are STILL a privacy & security dumpster-fire, and a gift to stalkers everywhere

In late 2017, the Norwegian Consumer Council published its audit of kids' smart-watches, reporting that the leading brands allowed strangers to follow your kids around and listen in on their conversations; a year later, Pen Test Partners followed up to see if anything had changed (it hadn't). Read the rest

Discarded smart lightbulbs reveal your wifi passwords, stored in the clear

Your internet-of-shit smart lightbulb is probably storing your wifi password in the clear, ready to be recovered by wily dumpster-divers; Limited Results discovered the security worst-practice during a teardown of a Lifx bulb; and that's just for starters: the bulbs also store their RSA private key and root passwords in the clear and have no security measures to prevent malicious reflashings of their ROMs with exploits, network probes and other nasties. (Thanks, John!) Read the rest

Vizio exec: we'd have to charge a premium on "dumb" TVs to make up for the money we'll lose by not spying on you

At CES, the Verge's Nilay Patel interviewed Vizio CTO Bill Baxter, who told her that when it comes to the surveillance features of his company's "smart" TVs, "it’s not just about data collection. It’s about post-purchase monetization of the TV...[When it comes to 'dumb' TVs,] we’d collect a little bit more margin at retail to offset it." Read the rest

More posts