Yay for Internet connected [strike]spy devices[/strike] digital assistants. You can retrieve conversations to replay [u]someone else's recordings[/u].

[url]https://venturebeat.com/2018/12/20/alexa-glitch-let-a-user-eavesdrop-on-another-home/[/url] [quote]The customer had asked to listen back to recordings of his own activities made by Alexa but he was also able to access 1,700 audio files from a stranger when Amazon sent him a link, German trade publication c’t reported.

...

The first customer had initially got no reply when he told Amazon about the access to the other recordings, the report said. The files were then deleted from the link provided by Amazon but he had already downloaded them on to his computer, added the report from c’t, part of German tech publisher Heise.

...

On the recordings, a man and a female companion could be overheard in his home and the magazine was able to identify and contact him through the recorded information, according to the report.[/quote]

--------------------------------------------------------------------------------------------------------------------------------------------

And still more. Use your neighbours (or anyone's) Christmas lights to hack into their local network.

[url]https://labs.mwrinfosecurity.com/blog/twinkly-twinkly-little-star[/url] [quote]... it is also possible to perform malicious firmware updates which could allow an attacker to pivot onto the targets network via the lights or create a festive IoT bot net.[/quote]

[QUOTE=retina;503549]Totally bonkers IMO. Lettings some external thrid party control, and disable, your stuff.[/quote]
Agreed but when you can be sued for any stupid reason, you have to demonstrate you at least try to make things "right".



[quote][URL]https://arstechnica.com/gadgets/2018/12/logitech-firmware-update-breaks-locally-controlled-harmony-hub-systems/[/URL] Paraphrasing Logitech's response: We don't like people using [I]our[/I] stuff in ways we don't allow, so FU we're enforcing our will on the things we control.[/QUOTE]

They backpedaled which is a good thing.


[url]https://mobile.slashdot.org/story/18/12/22/0028237/logitech-will-restore-third-party-harmony-home-automation[/url]

An Internet connected oven with a camera. I'm sure there are no issues there, right? It's only food. People already know you eat, and most people usually don't care if others know [i]what[/i] they eat, or [i]when[/i] they eat. So it's all good, right?[quote]Sync your friends and family to your June so they can watch you cook! (Make sure they aren't jokers who will preheat your oven for no reason or cancel your cook before it's done.)[/quote]Aha. Found the problem. Others (aka hackers) can control your oven. Do you really want that thing on at full power overnight while you are sleeping?

I forget the link to the article above so here it is:
[url]https://arstechnica.com/gadgets/2018/12/how-a-toaster-oven-helped-me-learn-to-stop-worrying-and-love-the-internet-of-things/[/url]


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[url]https://techcrunch.com/2018/12/27/guardzilla-security-camera-flaws/[/url] [quote]A popular smart security system maker has ignored warnings from security researchers that its flagship device has several serious vulnerabilities, including allowing anyone access to the company’s central store of customer-uploaded video recordings.[/quote]Quite normal for these types of things, unfortunately. Your data is not safe in the hands of other people. Stop giving it to them.

But the article does end with some really good advice:[quote]For now, you’re safest bet is to unplug your Guardzilla from the wall and stop using it.[/quote]

I'm not sure this is [i]exactly[/i] on-topic, but...

[url=https://www.apnews.com/805d53859aef46cdb705a7b1a8e37b3d]Grocery robots detect spills - with some far-off human help[/url]

I'll post these four links without too much comment. Basically the same old :poop:. The companies that sell this crap don't care about your privacy or your security. They have ultimate control over your "smart" stuff. And occasionally the "smart" crap has ultimate control over [i]you[/i] (see the first link).

[url]https://www.scmp.com/news/china/society/article/2184526/nio-chinas-answer-tesla-faces-online-heat-after-car-jam-beijing[/url]

[url]https://www.cbsnews.com/news/nest-camera-hacked-hacker-spoke-to-baby-hurled-obscenities-at-couple-using-nest-camera-dad-says/[/url]

[url]https://www.androidauthority.com/nest-secure-google-assistant-mic-950134/[/url]

[url]https://www.zdnet.com/article/eu-orders-recall-of-childrens-smartwatch-over-severe-privacy-concerns/[/url]

And this link below is quite a reasonably written article about someone who's apartment block is installing "smart" locks for everyone. Say goodbye to your privacy, security and safety.

[url]https://tisiphone.net/2019/01/28/security-things-to-consider-when-your-apartment-goes-smart/[/url]

A case of built-in obsolescence...
 

I now have a "smart" device! OK, it's not internet-connected, but it [i]is[/i] externally controlled. That [i]is[/i] the hallmark of smart devices, isn't it?

It's an old clock a neighbor gave me. It has an internal antenna that picks up the 60 Khz time signals from the NIST Time-and-frequency radio station WWVB in Fort Collins, CO.

For the record, I do not believe it will spy on me or turn my computer into a twonky(*).

I cleaned out the battery compartment (some time in the past, installed batteries had leaked), read the manual, installed fresh batteries, heard the tone the manual said it would emit, and watched. The icon appeared that indicated it was picking up the radio signals. The numbers on the display started to change as indicated. I then waited, keeping a lazy eye on it, and within 10 minutes it was set to the correct time (in the default time zone) and date. Seeing a clock (appear to) set [i]itself[/i] was the [i]darndest[/i] thing!

But the manual said something that piqued my interest. Its Moon Phase Alarm is programmed with "all moon phases and corresponding dates from the year 2000 until 2019." Since the moon phase has changed since I started it (and is correct), the moon phase alarm is still working, so I reckon they meant "through 2019." I'm not sure what will happen when 2020 arrives. Presumably the moon phase display will go blank or into whatever state uses the least power, or perhaps do something to indicate it's not working. I'm checking with the company.

The display shows 8 moon phases -- new/full, first/last quarter, waxing/waning crescent, waxing/waning gibbous. Any of you tech wizards know how they program this sort of thing into a clock? Because, although it wouldn't affect other devices, it did occur to me that the thing might be hackable in such a way as to extend its life
:grin:

(*)I refer to the device described in [url=https://www.prosperosisle.org/spip.php?article870]this story[/url].

[QUOTE=Dr Sardonicus;508234]... how they program this sort of thing into a clock?[/QUOTE]It could be anything really. But most probably it is just a simple table lookup. So it might wrap around back to the beginning and show phases from 20 years ago. It might continue on through the internal memory space and show nonsense results. Or if the programmer had more time it might have an algorithm to compute the phases and it was [i]verified[/i] up to 2019 but might still give reasonable approximations for the future.

[QUOTE=Dr Sardonicus;508234]It's an old clock a neighbor gave me. It has an internal antenna that picks up the 60 Khz time signals from the NIST Time-and-frequency radio station WWVB in Fort Collins, CO.[/QUOTE]

Have fun while it lasts. There were some news last year about NIST having to shut down their radio stations (among other things) because of a radically reduced budget for FY2019. Radically, as in chopping a third off the previous budget. So, probably this didn't happen yet, as I heard there's been some, ahem, trouble getting that federal budget approved? :bangheadonwall:

[URL="https://spectrum.ieee.org/tech-talk/telecom/wireless/longrunning-us-federal-radio-stations-beloved-by-hams-are-in-danger-of-shutdown"]IEEE Spectrum: Long-Running U.S. Federal Radio Stations, Beloved by Hams, in Danger of Shutdown[/URL]

Ahh, shut down the time signal service. Now that's what I call a [i]definitive[/i] solution to the problem!

[i]Il Duce[/i] & Co keep doing things that are dumber and more destructive than I am capable of envisioning.

It's not just radio-controlled clocks and watches. There's all sorts of equipment that uses those radio signals to maintain accurate time.

I am reminded of a cartoon feature I saw when I was a kid. It involved a malefactor who had decided to wreck his whole society (I forget to what purpose). The society was intimately regulated by schedules, so depended on knowing what time it was. The bad guy shut down the master clock, and [i]all[/i] the clocks stopped. People were running around frantically asking (in song) "What time is it? What time is it? Is it time to work or stop?" Alas, my efforts to identify the feature have so far been unsuccessful.

[url=https://www.technologyreview.com/s/612874/the-real-reason-america-is-scared-of-huawei-internet-connected-everything/]The real reason America is scared of Huawei: internet-connected everything[/url] - MIT Technology Review

After describing the dramatically larger "attack surface" for hacking and surveillance attendant to 5G, MIT Tech Review attempts to assuage our worries with "oh, brother"-worthy "perfectly safe if used perfectly correctly" verbiage:
[quote][b]4. Can 5G be made secure?[/b]

These security worries paint a bleak picture—but there are technical solutions to all of them.

Careful use of cryptography can help secure communications in a way that protects data as it flows across different systems and through virtual networks—even guarding it from the companies that own and run the hardware. Such coding schemes can help guard against jamming, snooping, and hacking.

Two research papers offer a good overview of the risks and potential solutions: 5G Security: Analysis of Threats and Solutions (pdf); Security for 5G Mobile Wireless Networks (pdf).

“If you do it correctly, you will actually have a more robust network,” says Muriel Médard, a professor who leads the Network Coding and Reliable Communications Group at MIT.[/quote]
So it's the same old story - the technology is great in theory, the problem lies in the praxis. Just like every modern-ish crypto tech, starting at least with the German Enigma. We *know* that frequently incompetent, often-lazy and occasionally corrupt humans are going to be implementing the technology and ever-busy malicious actors will be working to undermine and "vulnerablize" it at every step of the way. So given what we know from long and all-too-frequently-dismal experience with previous crypto-tech, it is 100% certain that "larger attack surface" *will* translate into "less secure". If you ask me, that is darn good reason to be "scared of Huawei", or more generally, of the SmartEverything ubiquitously-connected-world paradigm the TechBros and the surveillance-addicted governments which support them are trying to ram down our throats for fun and profit.