Laura Lyons was preparing food in her kitchen Sunday when the lazy afternoon took a turn for the absurd. A loud squawking — similar to the beginning of an emergency broadcast alert — blasted from the living room, the Orinda mother said, followed by a detailed warning of three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago and Ohio.
“It warned that the United States had retaliated against Pyongyang and that people in the affected areas had three hours to evacuate,” Lyons said Monday. “It sounded completely legit, and it was loud and got our attention right off the bat. … It was five minutes of sheer terror and another 30 minutes trying to figure out what was going on.”...
...After many panicked minutes and phone calls to 911 and to Nest, the couple learned they likely were the victims of a hacker. And that panic turned to anger when they found out that Nest knew that there had been a number of such incidents — none involving nuclear strike scenarios — but failed to alert customers. Lyons said a Nest supervisor told them Sunday they likely were the victims of a “third party hack” that gained access to their camera and its speakers.
A Google spokesperson — the search engine owns Nest — said Nest was not breached in this incident...
...Adwait Nadkarni, an assistant professor of computer science at the College of William & Mary, was a lead investigator in a December study on the vulnerability of Nest and similiar technology.
“Our recent study of the Nest platform shows that it is reasonably secure, in comparison with other similar platforms,” Nadkarni said. “In such cases, the problem most often lies in how the devices are configured and used in the smart home, especially in terms of setting the account password.”
What is "reasonably secure" in your home? While this is an extreme incident, there are huge issues with these always connected devices in the home, especially if they are initially made by startups.
Black Lives definitely Matter Lorini!
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
So far I've managed to avoid always-connected tech other than computers/phones/pads themselves.
If I get an ALERT ALERT ALERT from my devices, my first instinct will be to go to the three or four NPR radio stations I have in range to see what they're saying.
(I assume hackers think of radio as a prehistoric waste of time.)
Internet of Things devices have a deserved reputation for being insecure, and Japan wants to do something about it. The country has just passed a new law amendment that will allow its government to hack into citizens’ IoT devices and compile a list of those that are at risk.
The official hacking campaign is part of a survey that will be conducted by employees of the National Institute of Information and Communications Technology (NICT) and overseen by the Ministry of Internal Affairs and Communications.
As is the case with many IoT hacks, the government agency will use default passwords to try and break into the devices. It will also use password dictionaries to see if users have picked easily guessed credentials.
Once the list of insecure devices has been compiled, it will be passed on to the authorities and internet service providers so customers can be alerted and change their passwords, reports ZDNet.
Testing of over 200 million IoT devices will begin next month, starting with routers and web cameras. Both the general public and enterprise users will have their devices probed.
The campaign arrives ahead of the 2020 Summer Games, which is being held in Tokyo. With concerns over hackers using IoT devices to launch an attack on the Games’ IT infrastructure,
Black Lives definitely Matter Lorini!
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
A proof-of-concept attack developed by the researchers was able to take control of the implanted devices in a manner previously unseen in most exploits affecting lifesaving medical devices. With physical access to either a MyCareLink or CareLink console, the researchers could make modifications that would pull patient names, physician names, and relevant phone numbers out of the device and make unauthorized and potentially fatal changes to the shocks the devices delivered. Even more stunning, the attack was able to read and rewrite all the firmware used to operate the implant.
With additional work, the researchers told Ars, they could have developed a custom hardware device that, when within range of an implanted defibrillator, could carry out the entire range of attacks performed by the modified MyCareLink and CareLink consoles. The researchers said the changes Medtronic has made to the consoles are designed to make it harder for them to wirelessly read and rewrite defibrillator firmware. They warned, however, that until wireless connections are encrypted and authenticated, the researchers don't believe there is any way to fully prevent attacks from either the consoles or custom hardware.
Black Lives definitely Matter Lorini!
Also: There are three ways to not tell the truth: lies, damned lies, and statistics.
This shit scares me. My kids' insulin pumps may one day transmit data over the internet. A hack could overdose and kill them.
"If the facts don't fit the theory, change the facts." - Albert Einstein "I don't stand by anything." - Trump “Bad men need nothing more to compass their ends, than that good men should look on and do nothing.” - John Stuart Mill, Inaugural Address Delivered to the University of St Andrews, 2/1/1867 “It is the impractical things in this tumultuous hell-scape of a world that matter most. A book, a name, chicken soup. They help us remember that, even in our darkest hour, life is still to be savored.” - Poe, Altered Carbon
