Techdirt: House Passes Bill To Address The Internet Of Broken Things

Techdirt: House Passes Bill To Address The Internet Of Broken Things. “Cory Gardner, Mark Warner, and other lawmakers note the bill creates some baseline standards for security and privacy that must be consistently updated (what a novel idea), while prohibiting government agencies from using gear that doesn’t pass muster. It also includes some transparency requirements mandating that any vulnerabilities in IOT hardware are disseminated among agencies and the public quickly.”

Techdirt: Carnegie Mellon Researchers Design ‘Nutrition Label’ For The Internet Of Broken Things

Techdirt: Carnegie Mellon Researchers Design ‘Nutrition Label’ For The Internet Of Broken Things. “Researchers say the labels will provide 47 different pieces of information about a device’s security and privacy practices, including the type of user and activity data the device collects, with whom the data is shared, how long the device retains data, and how frequently this data is shared. The goal is to take something incredibly confusing to the average user and simplify it in a way that’s more easily understandable.”

The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes (The Register)

The Register: The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes. “No less than 98 per cent of traffic sent by internet-of-things (IoT) devices is unencrypted, exposing huge quantities of personal and confidential data to potential attackers, fresh analysis has revealed.”

Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices

Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices. “It’s getting easier to control what your smart home devices share, but what about the connected devices beyond your home? Researchers at Carnegie Mellon’s CyLab think they can give you more control. They’ve developed an infrastructure and matching mobile app (for Android and iOS) that not only informs you about the data nearby Internet of Things devices are collecting, but lets you opt in or out. If you’re not comfortable that a device in the hallway is tracking your presence, you can tell it to forget you.”

BBC: Keeping rats out of kitchens and bedbugs out of hotels

BBC: Keeping rats out of kitchens and bedbugs out of hotels. “When construction work disturbed a pack of rats near his commercial kitchen business in County Wicklow, Ireland, Shane Bonner knew he needed a savvier approach to pest control…. So he opted for a more hi-tech approach. Pest Pulse traps use pressure sensor technology to identify a catch and alert the company straight away over the internet.”

ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices. “A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) ‘smart’ devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.”

Wired: An Open Source Effort to Encrypt the Internet of Things

Wired: An Open Source Effort to Encrypt the Internet of Things. “End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?”

Techdirt: UL Pushes Security Standards For The Internet Of Broken Things

Techdirt: UL Pushes Security Standards For The Internet Of Broken Things. “f you hadn’t noticed yet, the internet of things is a security and privacy shit show. Millions of poorly-secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids’ Barbie doll can now be used as a surveillance tool, and your ‘smart’ tea kettle can now open your wireless network to attack.”

Techdirt: Whirlpool Left Appliance Data, User Emails Exposed Online

Techdirt: Whirlpool Left Appliance Data, User Emails Exposed Online. “Another day, another shining example of why connecting everything from your Barbie dolls to tea kettles to the internet was a bad idea. This week it’s Whirlpool that’s under fire after a researcher discovered that the company had failed to secure a database containing 28 million records collected from the company’s ‘smart’ appliances. The database contained user email addresses, model names and numbers, unique appliance identifiers, and data collected from routine analysis of the appliances’ condition, including how often the appliance is used, when its off or on, and whether it had any issues.”

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app (The Register)

The Register: Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app. “The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers’ personal information.” The article also notes that the issues are “more embarrassing than life-threatening.”

Mashable: The ‘Internet of Things’ can’t stop killing my gadgets

Mashable: The ‘Internet of Things’ can’t stop killing my gadgets. “The internet of things is more than just Alexa, and its weak point is more than just privacy. We’re talking about hundreds of devices performing every conceivable labor-saving function. Now, at the end of what was supposed to be the IoT decade, these gadgets are already starting to do what was always more likely, the mundane thing that technology has pretty much always done: either break down and leave us stranded, or effectively extort more money from us, after we’ve been foolish enough to start relying on them.”

Mashable: The Vatican wants you to pray with this smart rosary

Mashable: The Vatican wants you to pray with this smart rosary. “The Catholic Church is taking a page out of Silicon Valley’s playbook: inventing gadgets in hopes of attracting devoted followers. The Click to Pray eRosary is a smart wearable device from the Pope’s Worldwide Prayer Network, a Vatican organization that mobilizes Catholics to ‘address the challenges facing humanity’ through prayer. “

The Conversation: Truly smart homes could help dementia patients live independently

The Conversation: Truly smart homes could help dementia patients live independently. “The growing number of people with dementia is encouraging care providers to look to technology as a way of supporting human carers and improving patients’ quality of life. In particular, we want to use technology to help people with dementia live more independently for as long as possible.”

Ars Technica: Protocol found in webcams and DVRs is fueling a new round of big DDoSes

Ars Technica: Protocol found in webcams and DVRs is fueling a new round of big DDoSes. “Hackers have found a new way to amplify the crippling effects of denial-of-service techniques by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.”