The Internet of Shit: a godsend for abusers and stalkers

People who help domestic abuse survivors say that they are facing an epidemic of women whose abusers are torturing them by breaking into their home smart devices, gaslighting them by changing their thermostat settings, locking them out of their homes, spying on them through their cameras. Read the rest

Insecure internet security cameras and nannycams are actively exploited by voyeurs to spy on owners

Shenzhen Gwelltimes Technology Co., Ltd is the white-label vendor behind a whole constellation of Internet of Things networked home cameras sold as security cameras, baby monitors, pet monitors, and similar technologies; these cameras are designed to be monitored by their owners using an app, and because of farcically bad default passwords ("123") and other foolish security practices (such as sequentially numbering each camera, allowing attackers to enumerate vulnerable devices), the devices are trivial to locate and hijack over the internet. Read the rest

Screwdriver optional: fingerprint lock broadcasts its unlock code over Bluetooth (and the steel is garbage)

Fingerprint locks are catastrophically awful, part LXVII: the software security on the crowdfunded Tapplock "is basically nonexistent" -- the lock broadcasts its own unlock code over Bluetooth, and if you send it back to the lock, it pops open. Read the rest

China mandates radio-tracking beacons in all cars

As of July 1, registering a car in China will involve registering an RFID radio-beacon that will be planted on the car in order to track its movements. Read the rest

Machine learning may be most useful in tiny, embedded, offline processors

The tiny embedded processors in smart gadgets -- including much of the Internet of Shit -- are able to do a lot of sensing without exhausting their batteries, because sensing is cheap in terms of power consumption. Read the rest

How do we fix IoT security without blocking interoperability and creating monopolies?

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest

UK consumer review magazine Which?: your smart home is spying on you, from your TV to your toothbrush

The UK consumer review magazine Which? (equivalent to America's Consumer Reports) has published a special investigation into the ways that Internet of Things smart devices are spying on Britons at farcical levels, with the recommendation that people avoid smart devices where possible, to feed false data to smart devices you do own, and to turn off data-collection settings in devices' confusing, deeply hidden control panels. Read the rest

An analysis of all those Internet of Things manifestos sparked by the slow-motion IoT catastrophe

The Internet of Things morphed from a ridiculous answer in search of a problem ("why do I want my fridge connected to the internet?") to a source of Black Mirror-style modern absurdities ("someone pushed a load of internet porn to my fridge") to an existential threat ("my fridge just joined a world-killing botnet"). Read the rest

A new strain of IoT malware can survive a reboot

As scary as the epidemics of malware for Internet of Things devices have been, they had one saving grace: because they only lived in RAM (where they were hard to detect!), they could be flushed just by rebooting the infected gadget. Read the rest

Security researchers can turn Alexa into a transcribing, always-on listening device

Checkmarx researchers including Erez Yalon have created a "rogue Alexa skill" that bypasses Amazon's security checks: it lurks silently and unkillably in the background of your Alexa, listening to all speech in range of it and transcribing it, then exfiltrating the text and audio of your speech to the attacker. Read the rest

ISO rejects the NSA's IoT crypto standard, believing it to be backdoored

For three years, International Standards Organization has been wrangling over which cryptographic algorithms will be incorporated into a standard for interoperability in "Internet of Things" gadgets; at issue has been the NSA's insistence that "Simon" and "Speck" would be the standard block cipher algorithms in these devices. Read the rest

IoT Inspector: Princeton releases a tool to snoop on home IoT devices and figure out what they're doing

IoT Inspector is a new tool from Princeton's computer science department; it snoops on the traffic from home IoT devices and performs analysis to determine who they phone home to, whether they use encryption, and what kinds of data they may be leaking. Read the rest

When your dental insurer sends you a "free" Internet of Shit toothbrush

Wolf Richter's dental insurer sent his family a free "smart" toothbrush that records how often and how well you brush, using a set of proprietary consumables to clean your teeth. Read the rest

Internet of Battle Things: a militarized IoT where "cognitive bandwidth constraints" require "autonomous cyber agents"

Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years' worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an "Internet of Battle Things" will look like. Read the rest

Under Armour: hackers stole the data of 150,000,000 Myfitnesspal users because of course they did

Myfitnesspal was a startup that offered Internet of Shit-based fitness and diet tracking; they were purchased by Under Armour for $475,000,000 in 2015; three years later, Under Armour has admitted that hackers stole the personal data of 150,000,000 Myfitnesspal users. Read the rest

The business-logic of Silicon Valley means that it can only make creepy, surveillant, pointless "smart" sex toys

People who buy sex toys generally want "high-quality, ergonomically designed toys that are intuitive to use," but Silicon Valley keeps delivering "innovative" and commercially unsuccessful sex toys whose selling-points are their "flashy apps and connectivity." Read the rest

A detailed, cross-disciplinary syllabus for a "Cybersecurity Law and Policy" graduate course

University of Texas law professor Bobby Chesney has developed a detailed syllabus for a course in "Cybersecurity Foundations: Law, Policy, and Institutions" that is aimed at grad students from law, business, engineering, and computer science. Read the rest

More posts