Penetration tester releases proof-of-concept code for hijacking smart buttplugs

Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities. Read the rest

Grounded teen evades device confiscation by tweeting from the smart-fridge

Dorothy is an (alleged) 15-year-old who has attained Twitter fame by hopping from device to device as her mother finds and confiscates her tools: first her phone, then her Nintendo, then her Wii U, and finally, her family smart fridge. Read the rest

Prior to Amazon acquisition, Ring offered "swag" to customers who snitched on their neighbors

Amazon is under fire over revelations that it did secret deals with local police departments to buzz-market its Internet of Things "Ring" brand surveillance doorbells, but Ring's shady history predates its acquisition by Amazon in 2017. Read the rest

Extremely cheap microwave oven has Alexa, listening

Behold the AmazonBasics Alexa-Equipped Microwave, a $40 item whose low price is belied by the fact everything you say to it is held in contingent perpetuity in an Amazon datacenter. [via]

AmazonBasics Microwave simplifies cooking by letting you microwave using your voice and an Echo device. Just say, “Alexa, reheat one cup of coffee,” and Alexa will start reheating with the appropriate power and time settings. Quick-cook presets mean there’s no need to guess cook times or heat levels when you’re defrosting vegetables or microwaving a potato. Plus, Alexa is always getting smarter and adding new presets.

If you want a cheap 700w mini-microwave from Amazon, this retro Daewoo model is adorable. Read the rest

Amazon's surveillance doorbell marketers help cops get warrantless access to video footage from peoples' homes

Every time I write about the unfolding scandal of Amazon's secret partnerships with hundreds of US police departments who get free merch and access to Ring surveillance doorbell footage in exchange for acting as a guerrilla marketing street-team for Ring, I get an affronted email from Amazon PR, implying that I got it all wrong, but unwilling to enter into detailed discussions of what's actually going on (the PR flacks also usually ask to be quoted officially but anonymously, something I never agree to). Read the rest

Amazon's secret deals with local cops give them access to realtime 911 data for use in scary alerts sent to Ring owners

Mining the results of public records requests relating to Amazon's secret deals with local law enforcement to promote its Ring surveillance doorbells (more than 200 agencies!) continue to bear fruit. Read the rest

Amazon's secret deals with cops gave corporate PR a veto over everything the cops said about their products

Last week, Motherboard broke a story revealing that Amazon had entered into secret agreements with local law enforcement agencies that had the cops pushing Ring surveillance doorbells to the people they were sworn to protect, in exchange for freebies and access to a system that let them request access to footage recorded by the Amazon's industry-leading internet-of-shit home surveillance tools. Read the rest

Cop says Amazon told him they had "partnered" with 200 US police forces to sell and tap into Ring surveillance doorbells

Last week, Motherboard reported on a public record request that revealed that Amazon had struck confidential deals with local police forces to get them to promote the company's Internet of Things "Ring" doorbells, and the accompanying "Neighbors" app that produces a kind of private surveillance mesh overlooking nearby public spaces -- under the terms of the deal, cops would be able to see a map noting locations of Ring surveillance cams and request footage from their owners. Read the rest

Amazon struck secret deals with local cops to get them to push surveillance-camera doorbells

Amazon quietly struck deals with dozens of local law enforcement agencies across America that gave the police access to a distributed surveillance feed from its Ring "smart doorbell" products in exchange for the cops providing free advertising for the products without revealing their contractual requirement to do so. Read the rest

An 14-year-old's Internet-of-Things worm is bricking shitty devices by the thousands

A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes the devices' firewall rules and removes its network config and triggers a restart -- this effectively bricks the device, rendering it useless until someone performs the complex dance needed to download and reinstall the device's firmware. Read the rest

Amazon unveils a new Echo Dot surveillance device for children

The latest addition to Amazon's line of always-on, ever-listening, networked, insecure (1, 2, 3, 4, 5, 6, 7) snitchy smart speakers is the new rev of the Echo Dot Kids Edition, whose "kid-friendly" Alexa is like surveillance Barbie without the pretense of being a toy. Read the rest

Amazon's facial recognition fear crusade ramps up: now they're paying Facebook to show you pictures of suspected criminals to scare you into getting a surveillance doorbell

Amazon's Ring doorbells are surveillance devices that conduct round-the-clock video surveillance of your neighborhood, automatically flagging "suspicious" faces and bombarding you and your neighbors with alerts using an app called "Neighbors"; it's a marriage of Amazon's Internet of Things platform with its "Rekognition" facial recognition tool, which it has marketed aggressively to cities, law enforcement, ICE, businesses and everyday customers as a security measure that can help ID bad guys, despite the absence of a database identifying which faces belong to good people and which faces belong to bad people. Read the rest

After elderly tenant was locked in his apartment by his landlord's stupid "smart lock," tenants win right to use actual keys to enter their homes

Tenants in New York City have reached a settlement with their landlord requiring the landlord to install actual locks with actual keys on demand, rather than insisting that all tenants use locks from Latch, the leading Internet of Things "smart lock" vendor, whose products conduct fine-grained surviellance on their users, which the company reserves the right to share with third parties. Read the rest

Amazon's staffing up a news vertical full of crime stories designed to scare you into buying a spying, snitching "smart" doorbell

Ring is a "smart" doorbell that Amazon bought for $1B in 2018, and proceeded to turn into an insecure, networked surveillance device, (possibly wired into Amazon's facial recognition system) and connected to law enforcement so that the company could advertise that owning a Ring made you a good citizen of your neighborhood, part of a mesh of relentless eyes-on-the-street that identified suspicious strangers and sicced the law on them, frontended by an app named with pitch-perfect creepiness: "Neighbors." Read the rest

"Smart" doorlocks have policies that let landlords and third parties spy on you

Latch is a leading vendor of internet-of-things "smart" doorlocks that are in increasing use in rental housing (the company claims 10% of all new multiunit construction incorporates their product); they allow entry by keycode, keycard, and Bluetooth. Read the rest

Vulnerabilities in GPS fleet-tracking tools let attackers track and immobilize cars en masse

Itrack and Protrack are commercial devices for tracking fleets of commercial vehicles; they can be configured to allow for remote killswitching of the cars' engines, presumably as a theft-prevention measure. Read the rest

Nest's "ease of use" imperative plus poor integration with Google security has turned it into a hacker's playground

40 years ago, antitrust law put strict limits on mergers and acquisitions, but since the Reagan era, these firewalls have been dismantled, and now the biggest companies grow primarily by snapping up nascent competitors and merging with rivals; Google is a poster-child for this, having only ever created two successful products in-house (search and Gmail), with all other growth coming from acquisitions and mergers. Read the rest

More posts