The Register: UK.gov emits draft IoT and smartphone security law for Parliamentary scrutiny

The Register: UK.gov emits draft IoT and smartphone security law for Parliamentary scrutiny. “A new British IoT product security law is racing through the House of Commons, with the government boasting it will outlaw default admin passwords and more. The Product Security and Telecommunications Infrastructure (PSTI) Bill was introduced yesterday and is intended to drive up security standards in consumer tech gadgetry, ranging from IoT devices to phones, fondleslabs, smart TVs, and so on.” I got the meaning from context but I still looked up fondleslab.

Techdirt: House Passes Bill To Address The Internet Of Broken Things

Techdirt: House Passes Bill To Address The Internet Of Broken Things. “Cory Gardner, Mark Warner, and other lawmakers note the bill creates some baseline standards for security and privacy that must be consistently updated (what a novel idea), while prohibiting government agencies from using gear that doesn’t pass muster. It also includes some transparency requirements mandating that any vulnerabilities in IOT hardware are disseminated among agencies and the public quickly.”

The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes (The Register)

The Register: The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes. “No less than 98 per cent of traffic sent by internet-of-things (IoT) devices is unencrypted, exposing huge quantities of personal and confidential data to potential attackers, fresh analysis has revealed.”

Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices

Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices. “It’s getting easier to control what your smart home devices share, but what about the connected devices beyond your home? Researchers at Carnegie Mellon’s CyLab think they can give you more control. They’ve developed an infrastructure and matching mobile app (for Android and iOS) that not only informs you about the data nearby Internet of Things devices are collecting, but lets you opt in or out. If you’re not comfortable that a device in the hallway is tracking your presence, you can tell it to forget you.”

BBC: Keeping rats out of kitchens and bedbugs out of hotels

BBC: Keeping rats out of kitchens and bedbugs out of hotels. “When construction work disturbed a pack of rats near his commercial kitchen business in County Wicklow, Ireland, Shane Bonner knew he needed a savvier approach to pest control…. So he opted for a more hi-tech approach. Pest Pulse traps use pressure sensor technology to identify a catch and alert the company straight away over the internet.”

ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices. “A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) ‘smart’ devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.”

Wired: An Open Source Effort to Encrypt the Internet of Things

Wired: An Open Source Effort to Encrypt the Internet of Things. “End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?”

Techdirt: UL Pushes Security Standards For The Internet Of Broken Things

Techdirt: UL Pushes Security Standards For The Internet Of Broken Things. “f you hadn’t noticed yet, the internet of things is a security and privacy shit show. Millions of poorly-secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids’ Barbie doll can now be used as a surveillance tool, and your ‘smart’ tea kettle can now open your wireless network to attack.”

Techdirt: Whirlpool Left Appliance Data, User Emails Exposed Online

Techdirt: Whirlpool Left Appliance Data, User Emails Exposed Online. “Another day, another shining example of why connecting everything from your Barbie dolls to tea kettles to the internet was a bad idea. This week it’s Whirlpool that’s under fire after a researcher discovered that the company had failed to secure a database containing 28 million records collected from the company’s ‘smart’ appliances. The database contained user email addresses, model names and numbers, unique appliance identifiers, and data collected from routine analysis of the appliances’ condition, including how often the appliance is used, when its off or on, and whether it had any issues.”

Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app (The Register)

The Register: Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app. “The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers’ personal information.” The article also notes that the issues are “more embarrassing than life-threatening.”

Mashable: The ‘Internet of Things’ can’t stop killing my gadgets

Mashable: The ‘Internet of Things’ can’t stop killing my gadgets. “The internet of things is more than just Alexa, and its weak point is more than just privacy. We’re talking about hundreds of devices performing every conceivable labor-saving function. Now, at the end of what was supposed to be the IoT decade, these gadgets are already starting to do what was always more likely, the mundane thing that technology has pretty much always done: either break down and leave us stranded, or effectively extort more money from us, after we’ve been foolish enough to start relying on them.”