JorgeA Posted March 5, 2016 Share Posted March 5, 2016 The tech law podcast This Week in Law recently discussed an Internet-connected refrigerator. The brief discussion begins at 1:33:54: Quote I mentioned a while ago that I had purchased a new Samsung refrigerator and talked about it in the context of the Internet of Things, as it has a video display on the refrigerator that's actually Internet-connected and it delivers you things like recipes and news and weather. And -- importantly for what I'm about to let you know -- it delivers your e-mail and a calendar, if you put your Google credentials into it. So, over at Techdirt, they've written up the fact that some security researchers (at Samsung's urging actually), trying to find vulnerabilities in the system -- Samsung invited them to try and find things that might be wrong. And lo and behold, they did find that at least the Google integration part of it was vulnerable to man-in-the-middle attack, that if someone could get on your network they could potentially steal your Gmail login information -- from your refrigerator! So our Tip of the Week is: beware of fridges with superflouous tiny speakers, which this particular one has. In addition to integrating with Gmail, it also integrates with Pandora and plays music through its ridiculously small speakers next to the water and ice dispenser. So the good news is that Samsung is aware of this, that they invited folks to kick around on their system and find vulnerabilities, and having found them, presumably they will patch and fix them. But for anyone who is rushing out to join me in the ranks of owners of a refrigerator that is actually connected to the Web and this particular brand of refrigerator, just know that it is subject to this vulnerability Here's the article referenced in the podcast. The writer's conclusion there: Quote These endless IOT security issues may have the opposite effect of that intended: actively marketing the need for many devices to be dumber. And those dumb devices are getting harder to find. Many of the latest and greatest 4K television sets, for example, simply can't be purchased without intelligent internals that integrate functionality the user may not want. So while Wired magazine's endless 1990's obsession with intelligent refrigerators may have finally come to fruition, they may be unwitting pitchmen for how sometimes it's better for things to simply remain utterly analog -- and beautifully, simply stupid. --JorgeA Link to comment Share on other sites More sharing options...
jaclaz Posted March 13, 2016 Author Share Posted March 13, 2016 Not really IOT related, still : http://jacquesmattheij.com/trackers Trackers jaclaz Link to comment Share on other sites More sharing options...
JorgeA Posted March 15, 2016 Share Posted March 15, 2016 ^^ Fantastic writeup of the issues involved. He carries the analogy very well. --JorgeA Link to comment Share on other sites More sharing options...
JorgeA Posted March 15, 2016 Share Posted March 15, 2016 Scotts Miracle-Gro unveils open 'Gro' Internet of Things platform for the connected smart yard Apparently, this is not a joke! Quote Yes, many homeowners have yards -- grass, gardens, ponds, and more -- where they can enjoy the outdoors and spend time with family. If the inside of your home can be "smart", why can't your yard? Well, good news, folks -- Scotts Miracle-Gro is launching an open IoT platform, called 'Gro', that focuses on the outdoors. Yes, the connected smart yard is here. --JorgeA Link to comment Share on other sites More sharing options...
JorgeA Posted March 15, 2016 Share Posted March 15, 2016 (edited) And this one -- be mindful of where you are located when you view this: Spoiler How to hack a sex toy: tech firms warn public on growing cyber-risks Quote HANOVER, Germany (Reuters) - It's not just computers and mobile phones that are vulnerable to cyber attack, according to software firm Trend Micro. As more devices are hooked up to the Internet, it could be anything from medical equipment to industrial machinery - and even sex toys. To illustrate the point, Trend Micro spokesman Udo Schneider surprised journalists at a news conference this week by placing a large, neon-pink vibrator on the desk in front of him and then bringing it to life by typing out a few lines of code on his laptop. --JorgeA Edited March 16, 2016 by JorgeA add spoiler Link to comment Share on other sites More sharing options...
jaclaz Posted March 19, 2016 Author Share Posted March 19, 2016 It's official, PSA here: http://www.ic3.gov/media/2016/160317.aspx many, many pearls of wisdom in it. Particularly in the context of a risk of a Wi-Fi or however radio carried intrusion, I would like to cite/highlight: Quote 4. Be aware of who has physical access to your vehicle In much the same way as you would not leave your personal computer or smartphone unlocked, in an unsecure location, or with someone you don’t trust, it is important that you maintain awareness of those who may have access to your vehicle. jaclaz Link to comment Share on other sites More sharing options...
jaclaz Posted March 24, 2016 Author Share Posted March 24, 2016 And now, radio amplifier attack: http://www.telegraph.co.uk/technology/2016/03/23/hackers-can-unlock-and-start-dozens-of-high-end-cars-through-the/ Models that can be hacked Audi: A3, A4, A6 BMW: 730d Citroen: DS4 CrossBack Ford: Galaxy, Eco-Sport Honda: HR-V Hyundai: Santa Fe CRDi Kia: Optima Lexus: RX 450h Mazda: CX-5 Mini: Clubman Mistubishi: Outlander Nissan: Qashqai, Leaf Opel: Ampera Range Rover: Evoque Renault: Traffic Ssangyong: Tivoli XDi Subaru: Levorg Toyota: Rav4 Volkswagen: Golf GTD, Touran 5T https://www.adac.de/infotestrat/adac-im-einsatz/motorwelt/test_keyless.aspx jaclaz Link to comment Share on other sites More sharing options...
jaclaz Posted March 28, 2016 Author Share Posted March 28, 2016 And, it had to happen, before or later:https://cve.mitre.org/ Quote The recent explosion of Internet-enabled devices—known as the Internet of Things—as well as the propagation of software-based functionality in systems has led to a huge increase in the number of CVE requests we have been receiving on a daily basis. We did not anticipate this rate of growth, and, as a result, were not as prepared for the latest surge in requests over the past 12 months as we had hoped. The result has been some of the delay in CVE assignments that the software security community has recently witnessed. We recognize the inconvenience that has resulted, and are working hard to come up with a solution. Last week, we proposed a possible option to our CVE Editorial Board, but some members raised concerns about the approach, and we have withdrawn it from consideration. We are working diligently to come up with a solution that will meet the needs of all the various use cases of CVE. more or less "there are too many bugs in the wild and we cannot even list them in a timely fashion anymore". jaclaz Link to comment Share on other sites More sharing options...
jaclaz Posted March 30, 2016 Author Share Posted March 30, 2016 I just understood how this thread and overall this "consolidating" or "mono-themed" approach is considered not welcome/advised on MSFN, see: I apologize for any inconvenience, sorry . A moderator/Admin will hopefully soon close this thread in order to minimize possible further disruption or disturbance to the intended way of working of the board. jaclaz Link to comment Share on other sites More sharing options...
Tripredacus Posted March 30, 2016 Share Posted March 30, 2016 This thread is fine for now. Link to comment Share on other sites More sharing options...
jaclaz Posted March 30, 2016 Author Share Posted March 30, 2016 Just now, Tripredacus said: This thread is fine for now. And it will remain fine, at least - with this one time exception - personally I am not going to make it longer. jaclaz Link to comment Share on other sites More sharing options...
Mcinwwl Posted February 19, 2017 Share Posted February 19, 2017 Necroposting, but worth it 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now