07/17/2017 01:37 PM EDT Original release date: July 17, 2017
The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children’s toys. FBI warns that Internet-connected toys may contain “sensors, microphones, cameras, data storage components, and other multimedia capabilities – including speech recognition and GPS options” that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy’s data may be used.
I am going to plug this excellent monthly newsletter. Free, and no advertising. If you are interested in the technical underpinning of the Internet, this might be for you. Subscribe, and while you are at it, make a donation.
07/14/2017 09:39 PM EDT Original release date: July 14, 2017
The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).
Latest dump of stolen CIA documents includes user manual for HighRise app, used to eavesdrop on text messages.
07/19/2017 03:12 PM EDT Original release date: July 19, 2017
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system. (That’s right, Apple fans, you are at risk for having your computer and email account hijacked too!)
US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:
Myspace is still there, and so’s your old account
– From Naked Security
Security researchers have discovered that Segway’s Ninebot MiniPRO, a so-called “hover board” can be hacked and controlled remotely.
The attack is made possible by two major oversights: every Ninebot MiniPRO has the same PIN code and none bothers to check the authenticity of its firmware. According to IOActive, the company who discovered the vulnerability:
Even though the rider could set a PIN, the hoverboard did not actually change its default pin … This allowed me to connect over Bluetooth while bypassing the security controls. I could also document the communications between the app and the hoverboard, since they were not encrypted.
Researchers were able to use these flaws to install their own firmware and then make merry with the hacked non-hovering not-boards: shutting them down, changing the colours of their lights, disabling safety mechanisms or just driving (not flying) them off.
It’s been understood for many years that hard-coded or default passcodes are a bad idea but discovering that something as shiny and new as a Ninebot MiniPRO has one isn’t the surprise it should be. The ‘PRO is part of the IoT (Internet of Things) and the IoT has recently given giving hard-coded passwords, and many other bad old ideas, a new lease of life.Share