The latest IoT botnet displays evidence of a halfway clever botmaster

The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket. Read the rest

Demolition of derelict robotic parking garages reveals entombed vehicles, trapped for 15 years

When the £5m Autosafe Skypark opened in Edinburgh, it was heralded as the UK's most technologically advanced car park, but in 2003, the owners went bankrupt and turned off the computers that controlled the lifts that raised and lowered cars into their bays. Read the rest

Internet of things nightlight notifies you of tweets

When you lie in the dark of night, a faint neural echo of human connection urging you to reach for your phone, do you fight it? The Aumum Mini, a compact nightlight that lets you know when someone retweets you, etc, will help you fail even better!

It's a USB-powered nightlight that connects to your Wi-Fi, and includes IFTTT support for getting into all sorts of automated shenanigans. The exact sort internet events you'd like a nightlight to inform you of is, of course, entirely up to you. A few examples offered by Aumi include weather alerts, Wi-Fi-is-down notifications, and and smart home integration. Personally I'd like to use one to keep track of my unread emails.
No. Go to sleep! Read the rest

Vtech covered up a leak of data on 6.3m children and their families, then tried to force us not to sue - the FTC just fined them $0.09/kid

Vtech is the Taiwanese kids' crapgadget vendor that breached sensitive data on 6.3 million children and their families, lied about it and covered it up, then added a dirty EULA to its products that made us promise not to sue them if they did it again. Read the rest

Armstrong Zoom ISP to 1,000,000 internet subscribers: if you are accused of piracy, you may lose the ability to control your smart thermostat

Armstrong Zoom, a northeastern US ISP with about a million subscribers, has sent its customers warnings that they have been accused of copyright infringement, and that subsequent accusations would lead to having their network connections slowed to the point of uselessness, which could impair their ability to control their internet-connected thermostats. Read the rest

Sonos and Bose speakers can be remotely taken over by hackers

Sonos and Bose speakers assume that any device on the same network segment can be trusted to send them audio without any further authentication; if these speakers are on a network whose owner has opened a hole in their firewalls (to run a game-server, say, or because another device on the network has been compromised), they can have data sent to them by anyone on the internet. Read the rest

The FBI and the New York Times warn that smart toys are emissaries from the Internet of Shit

One by one, the New York Times warns of the dangers of every hot smart toy your kids are begging for this Xmas: Furbies, Cayla, kids' smart watches, the ubiquitous Vtech toys (they omit the catastrophic Cloudpets, presumably because that company is out of business now). Read the rest

New Consumers Union report catalogs the potential collateral damage from the crypto wars

In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the "consumer stake in the encryption debate": they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy. Read the rest

Mirai's creators plead guilty, reveal that they created a DDoS superweapon to get a competitive edge in the Minecraft server industry

Last year, the Mirai botnet harnessed a legion of badly secured internet of things devices and turned them into a denial of service superweapon that brought down critical pieces of internet infrastructure (and even a country), and now its creators have entered guilty pleas to a Computer Fraud and Abuse Act federal case, and explained that they created the whole thing to knock down Minecraft servers that competed with their nascent Minecraft hosting business. Read the rest

Talking Casa Jasmina, a house of the future designed for people, not corporations, with Jasmina Tesanovic and Bruce Sterling

The Casa Jasmina project (previously) is an automated smart house designed to be made of open source hardware, with the needs of the people who live there -- not the corporations who extract rent from them -- in mind. Read the rest

One of the net's most important freedom canaries died the day the W3C greenlit web-wide DRM; what can we learn from the fight?

EFF's long, hard-fought campaign at the World Wide Web Consortium over its plan to standardize a universal DRM for the web was always a longshot, but we got farther than anyone dared hope before we lost the web to corporate interests and cynical indifference in September. Read the rest

Reverse-engineering a connected Furby toy, revealing its disturbing security defects

When Context Labs teamed up with UK consumer group Which? to produce an outstanding report on the surveillance, privacy and security risks of kids' "connected toys," it undertook the reverse-engineering of Hasbro's new Furby Connect, a device that works with a mobile app to listen and watch the people around it and interact with them. Read the rest

Connected sex-toy allows for code-injection attacks on a robot you wrap around your genitals

Anonymity and privacy researcher Sarah Jamie Lewis realized that a connected sex toy's "email a blowjob" feature had significant security vulnerabilities and has produced an entertaining and delightful Twitter thread explaining how she was able to both fingerprint electronic blowjob description files and disrupt them with code-injection attacks. Read the rest

Review: Airmega 400S Air Purifier

The Airmega 400S (Airmega.com) is a luxury air filter, a sci-fi lounge monolith with touch-sensitive controls and a ring of colored light that turns with the air quality. High-end in fit, finish and capacity, it's also very online, with Internet-of-Things features and a stat-tracking app. Do I really need to remote-manage it with a mobile app? Have a username and login for a HEPA filter?

No (see below), but the air quality tracking app did tell me two interesting things. First, it assured me that the air quality in my house is already pretty good, curing a certain degree of paranoia. So it mostly stays in sleep mode, silent, wasting no electricity -- unlike the permanently-whirring Honeywell it replaced. Secondly, it told me that air quality goes to hell when anything is cooked. At last! Confirmation of what we suspected all along about the wisdom of burning wet slabs of carbon in our well-insulated houses.

I'm intrigued, then, by Airmega's air metrics, yet torn on its long-term value. This is an expensive gadget, after all, going for $650 or so on the street.

(UPDATE: A non-IoT version, the Airmega 400 without an S, is available for about $100 less. — Thanks, Tim!) It's about the size of a desktop mini-fridge, significantly larger than most consumer air filters, with three HEPA filters and the promise of full-house coverage. 1,560 square feet, they claim, which would make it competitive on a price-per-square-foot basis with less expensive models. There's a smaller model, the Airmega 300, that claims to cover 1,256 feet and is about $100 cheaper. Read the rest

Hackers can freeze the camera that lets you know whether your "Amazon Key" equipped door is locked and who is using it

Security researchers from Rhino Security Labs have shown that it is trivial to disable the Amazon Cloud Cam that is a crucial component of the Amazon Key product -- a connected home door-lock that allows delivery personnel to open your locked front door and leave your purchases inside -- and have demonstrated attacks that would allow thieves to exploit this weakness to rob your home. Read the rest

The Internet of Shit is so manifestly insecure that people are staying away from it in droves

In Deloitte's new 2017 Global Mobile Consumer Survey, the company notes that "connected home systems—a category that includes home security, thermostats, and lighting—continue to lag behind other connected devices such as entertainment systems and connected vehicles," which the report attributes to "concerns about security and privacy." Read the rest

Consumer groups' labs advise parents not to buy connected toys, claim risk of strangers listening and talking to kids over the internet

Two leading European consumer groups -- the UK's Which? and Germany's Stiftung Warentest -- have published an advisory with the results of their lab tests on the security of kids' connected toys, warning that these toys are insecure and could allow strangers to listen in and talk to your kids over the internet. Read the rest

More posts