Techdirt: House Passes Bill To Address The Internet Of Broken Things. “Cory Gardner, Mark Warner, and other lawmakers note the bill creates some baseline standards for security and privacy that must be consistently updated (what a novel idea), while prohibiting government agencies from using gear that doesn’t pass muster. It also includes some transparency requirements mandating that any vulnerabilities in IOT hardware are disseminated among agencies and the public quickly.”
IoT
The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes (The Register)
The Register: The Internet of Things is a security nightmare reveals latest real-world analysis: unencrypted traffic, network crossover, vulnerable OSes. “No less than 98 per cent of traffic sent by internet-of-things (IoT) devices is unencrypted, exposing huge quantities of personal and confidential data to potential attackers, fresh analysis has revealed.”
Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices
Engadget: Carnegie Mellon built an ‘opt-out’ system for nearby tracking devices. “It’s getting easier to control what your smart home devices share, but what about the connected devices beyond your home? Researchers at Carnegie Mellon’s CyLab think they can give you more control. They’ve developed an infrastructure and matching mobile app (for Android and iOS) that not only informs you about the data nearby Internet of Things devices are collecting, but lets you opt in or out. If you’re not comfortable that a device in the hallway is tracking your presence, you can tell it to forget you.”
BBC: Keeping rats out of kitchens and bedbugs out of hotels
BBC: Keeping rats out of kitchens and bedbugs out of hotels. “When construction work disturbed a pack of rats near his commercial kitchen business in County Wicklow, Ireland, Shane Bonner knew he needed a savvier approach to pest control…. So he opted for a more hi-tech approach. Pest Pulse traps use pressure sensor technology to identify a catch and alert the company straight away over the internet.”
BBC: Government plans new laws for smart gadgets sold in UK
BBC: Government plans new laws for smart gadgets sold in UK. “The government is developing laws that would require manufacturers to ensure their smart gadgets cannot be hacked and exploited via the internet.”
ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices. “A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) ‘smart’ devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.”
Wired: An Open Source Effort to Encrypt the Internet of Things
Wired: An Open Source Effort to Encrypt the Internet of Things. “End-to-end encryption is a staple of secure messaging apps like WhatsApp and Signal. It ensures that no one—even the app developer—can access your data as it traverses the web. But what if you could bring some version of that protection to increasingly ubiquitous—and notoriously insecure—Internet of Things devices?”
Techdirt: UL Pushes Security Standards For The Internet Of Broken Things
Techdirt: UL Pushes Security Standards For The Internet Of Broken Things. “f you hadn’t noticed yet, the internet of things is a security and privacy shit show. Millions of poorly-secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids’ Barbie doll can now be used as a surveillance tool, and your ‘smart’ tea kettle can now open your wireless network to attack.”
Techdirt: Whirlpool Left Appliance Data, User Emails Exposed Online
Techdirt: Whirlpool Left Appliance Data, User Emails Exposed Online. “Another day, another shining example of why connecting everything from your Barbie dolls to tea kettles to the internet was a bad idea. This week it’s Whirlpool that’s under fire after a researcher discovered that the company had failed to secure a database containing 28 million records collected from the company’s ‘smart’ appliances. The database contained user email addresses, model names and numbers, unique appliance identifiers, and data collected from routine analysis of the appliances’ condition, including how often the appliance is used, when its off or on, and whether it had any issues.”
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app (The Register)
The Register: Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app. “The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers’ personal information.” The article also notes that the issues are “more embarrassing than life-threatening.”
Mashable: The ‘Internet of Things’ can’t stop killing my gadgets
Mashable: The ‘Internet of Things’ can’t stop killing my gadgets. “The internet of things is more than just Alexa, and its weak point is more than just privacy. We’re talking about hundreds of devices performing every conceivable labor-saving function. Now, at the end of what was supposed to be the IoT decade, these gadgets are already starting to do what was always more likely, the mundane thing that technology has pretty much always done: either break down and leave us stranded, or effectively extort more money from us, after we’ve been foolish enough to start relying on them.”
Ars Technica: Protocol found in webcams and DVRs is fueling a new round of big DDoSes
Ars Technica: Protocol found in webcams and DVRs is fueling a new round of big DDoSes. “Hackers have found a new way to amplify the crippling effects of denial-of-service techniques by abusing an improperly implemented tool found in almost 1 million network-connected cameras, DVRs, and other Internet-of-things devices.”
CNET: Google’s smart home ecosystem is a complete mess
CNET: Google’s smart home ecosystem is a complete mess. “If Google’s own smart home products act like embarrassed step-siblings, many erstwhile Works with Nest gadgets seem like they won’t even visit for the holidays anymore. And it’s not their fault: It turns out Google is a terrible parent.”
Ars Technica: IoT botnet creator cops plea to hacking more than 800,000 devices
Ars Technica: IoT botnet creator cops plea to hacking more than 800,000 devices. “A 21-year-old Washington man has pleaded guilty to creating botnets that converted hundreds of thousands of routers, cameras, and other Internet-facing devices into money-making denial-of-service fleets that could knock out entire Web hosting companies.”
Newswise: Website Rates Security of Internet-Connected Devices
Newswise: Website Rates Security of Internet-Connected Devices. “Consumer-grade internet of things (IoT) devices aren’t exactly known for having tight security practices. To save purchasers from finding that out the hard way, researchers from the Georgia Institute of Technology and the University of North Carolina at Chapel Hill have done security assessments of representative devices, awarding scores ranging from 28 (an F) up to 100.”