Your coffeemaker been hacked [yet]?

With the name Smarter, you might expect a network-connected kitchen appliance maker to be, well, smarter than companies selling conventional appliances. But in the case of the Smarter’s Internet-of-things coffee maker, you’d be wrong…

Security problems with Smarter products first came to light in 2015, when researchers at London-based security firm Pen Test partners found that they could recover a Wi-Fi encryption key used in the first version of the Smarter iKettle. The same researchers found that version 2 of the iKettle and the then-current version of the Smarter coffee maker had additional problems, including no firmware signing and no trusted enclave inside the ESP8266, the chipset that formed the brains of the devices. The result: the researchers showed a hacker could probably replace the factory firmware with a malicious one. The researcher EvilSocket also performed a complete reverse engineering of the device protocol, allowing reomote control of the device.

As a thought experiment, Martin Hron, a researcher at security company Avast, reverse engineered one of the older coffee makers to see what kinds of hacks he could do with it. After just a week of effort, the unqualified answer was: quite a lot. Specifically, he could trigger the coffee maker to turn on the burner, dispense water, spin the bean grinder, and display a ransom message, all while beeping repeatedly. Oh, and by the way, the only way to stop the chaos was to unplug the power cord…

The cautionary tale moves on and offers humor, corrective suggestions…and not a boatload of hope for up-to-date standards. Generally, firmware updates stop in a few years…even though beaucoup electronic products work for many more. As they should.

“Fawkes” can protect you from facial recognition online


Jason Hargrove/Flickr

Software called Fawkes “cloaks” photos to trick the deep learning computer models that power facial recognition…

The rapid rise of facial recognition systems has placed the technology into many facets of our daily lives, whether we know it or not…But thus far, people have had few protections against this use of their images—apart from not sharing photos publicly at all.

The Fawkes project provides a powerful new protection mechanism.

With enough cloaked photos in circulation, a computer observer will be unable to identify a person from even an unaltered image, protecting individual privacy from unauthorized and malicious intrusions.

Math and science wins, again.

Keeping Sources Secure


Birgit Püve for The New York Times

How do you keep communications with sources secure?

❝ Before moving to Europe this summer, I spent about a decade covering national security and intelligence in cities like Washington, so I’m pretty security conscious. Before I left, a friend who works in intelligence offered a gentle reminder that most countries would probably consider me fair game for intelligence collection.

So I use a cheap Chromebook when traveling to places where curious eyes might be tempted to sneak a peek. I set it up with a burner account, and I never connect it to any personal or business accounts.

And all those note-taking apps? If I’m working on something particularly sensitive or talking to someone who is sticking his neck out by meeting with me, those notes often don’t get saved digitally. When the story is done, the notebook gets tossed and that’s the end of it.

RTFA and check out what Matt uses/does when he’s not in Total Invasive Security Fear Mode.

Apple Watch sales beats entire Swiss watch industry in Q4

More Apple Watches shipped in the fourth quarter of 2017 than the entire Swiss watch industry, a report claims, showing the Apple-produced wearable device is still growing in popularity, though analysis also indicates the Apple Watch still has some way to go before it can outpace Swiss watches on an annual basis…

❝ The chart reveals the Apple Watch shipped an estimated 8 million units during the fourth quarter of 2017, more than the 6.8 million Swiss watch shipments over the same period. It is also noted that the Apple Watch saw a year-on-year increase of 2 million shipments, representing growth of 33 percent, while Swiss shipments slightly contracted from 7 million in Q4 2016.

Across the entire year, Swiss watches continue to outsell the Apple Watch by a wide margin.

Guess the Swiss really aren’t supposed to worry, eh?

Plunging battery costs will bring the greatest change in automotive history

❝ Plunging battery costs will drive the auto industry’s biggest change in more than a century, enabling a boom by 2030 in technologies from self-driving electric cars to ride-sharing applications.

The price of lithium-ion battery packs for electric cars has fallen 65 percent since 2010 and is likely to keep declining, according to a report by Bloomberg New Energy Finance and McKinsey & Co. Consumers may appreciate the biggest impact in the form of cheaper costs for taxis, including substantial reductions for ones run by machines.

Driving the trend are cheaper batteries, which are the biggest cost in electric cars, along with rapidly improving computer technology that will make self-driving cars a reality on roads within the next decade. Changes already are starting to feed through in the form of an investment boom in ride-hailing applications such as Uber Technologies…and the mushrooming of software developers that will link electric cars to utilities and payment systems.

Those trends will reduce the cost of running a taxi driven by a human by 3.1 percent to $2.76 a mile driven by 2025, according to the report. Self-driving taxis may be as cheap as 67 cents a mile to operate. The study counted in the total cost of owning the vehicle, driver’s pay and allowances for overhead and returns for investors…

❝ The changes will reshape the auto industry, tilting the need for investment away from developing engines and toward perfecting software that drives cars and links them to the web for managing payment and navigation, McKinsey said. Power companies could benefit from a 3 percent increase in electricity demand in the next 15 years…

❝ Battery and hybrid vehicles on the world’s roads may displace as many as 13 million barrels of oil a day by 2040, BNEF forecast this year in a separate report. The costs of lithium-ion batteries, which typically make up about 40 percent of an electric car’s value, may fall by 16 percent to 20 percent with each cumulative doubling of the vehicles’ manufacture…

The only cornball advice I have to offer is – it’s better to invest in rapidly growing tech too soon rather than too late. But, I welcome the changes coming in safety and environment with open arms.

Retailers who don’t want Apple Pay have already been hacked

MCX hacked

You can’t make this stuff up.

MCX, the retailer consortium behind Apple Pay competitor CurrentC, has already been hacked, according to an email sent out to those people who have signed up for, or downloaded, the CurrentC app…

A spokeswoman confirmed that the email is real.

MCX, which is a consortium of dozens of retailers including Walmart, Best Buy, Target, Kohl’s and CVS, say that no other information has been taken but that the investigation is continuing. The “unauthorized third parties” were able to access email addresses of people who were part of the app’s private beta testing program as well as email addresses of people who simply signed up to access the app when it launches publicly…

MCX confirmed this morning that its member companies have promised to only support CurrentC. MCX was formed in large part to create a mobile app that would persuade shoppers to pay through their phone with their checking account or store-branded plastic. The retailers’ goal here was to cut down on the transaction fees it has to pay banks and credit card networks on traditional credit card purchases. That is likely a big reason why it opposes Apple Pay, which supports those traditional cards.

But the hack now raises big questions about whether shoppers will trust CurrentC app with their sensitive financial information when it launches; the app asks for users’ social security number and driver’s license information if they want to link their bank account with the app. The app does not currently let users pay with their traditional credit card accounts, though an MCX blog post published this morning said it would eventually support credit cards, though it didn’t provide details on which kinds. Until CurrentC launches, customers shopping at MCX stores will be left with the choice of using cash or traditional magstripe cards which have proved to be easy to clone.

By banning Apple Pay, which is built into the new line of iPhones, merchants are choosing to ban a more secure payment method. Apple Pay customers can use a wide range of credit and debit card accounts to make purchases. Users have to authorize a transaction by pressing their finger against the phone’s fingerprint sensor. The phone then sends payment information to a store’s checkout equipment, though it comes in the form of a stand-in string of characters known as a token and does not include an actual credit or debit card number.

Our household has already switched over to ApplePay. More than anything, we love the anonymity and security. No one gets to see our credit card number. Not even our name.

ComputerCOP: lousy “Internet Safety Software” coppers are giving to families

For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online…

As official as it looks, ComputerCOP is actually just spyware, generally bought in bulk from a New York company that appears to do nothing but market this software to local government agencies.

The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. As security software goes, we observed a product with a keystroke-capturing function, also called a “keylogger,” that could place a family’s personal information at extreme risk by transmitting what a user types over the Internet to third-party servers without encryption. That means many versions of ComputerCOP leave children (and their parents, guests, friends, and anyone using the affected computer) exposed to the same predators, identity thieves, and bullies that police claim the software protects against.

Furthermore, by providing a free keylogging program—especially one that operates without even the most basic security safeguards—law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers.

Producers of many versions of this crap software include bald-faced lies about capabilities, safety and legality as FAQs. Often, of course, coppers distributing this crap are disingenuous enough to think they’re providing a real public service.

They ain’t.

This is a long well-researched article about law enforcement being hustled, mostly by outsiders. Misconceptions and incompetence about what is legal and ethical also play a role within policing agencies. RTFA and, perhaps, consider checking out the local heat and updating them – if they’ve been suckered.

Thanks, Mike

Technology University error removes all students, staff

A German university apologized for any distress caused its 37,000 students when they all received emails saying they had been unenrolled.

Kim-Astrid Magister, spokeswoman for the Dresden University of Technology, said the school’s entire student body and all of its staff — 48,000 people — were mistakenly sent emails Sunday telling them they had been unenrolled from the university…

“Your logins will be locked in 12 days. This is happening because you have been unenrolled as a student, your contract is up or your guest logins are no longer valid. Please ensure you have saved any information that may be contained within these logins,” the email read.

Many students said they panicked on receiving the communication, but were comforted when fellow students told them they had also received it.

Magister said the email was the result of human error while working on a software program designed to organize staff and student data. She apologized for any confusion or distress caused by the mistake.

The spokeswoman said the software error had been corrected.

Same as it ever was: Garbage in is garbage out.

X-48C aircraft flight testing campaign comes to an end

The flight testing campaign of the X-48C Blended Wing Body (BWB, aka Hybrid Wing Body) research aircraft kicked off on August 7, 2012, at NASA’s Dryden Flight Research Center. Eight months later the campaign has come to a close with the 30th and final flight carried out on April 12. NASA plans to use the data gathered over the campaign to aid in the design of future “green” airliners that are quieter and more fuel-efficient than conventional aircraft, while Boeing is touting the design’s potential military applications.

Unlike flying wing designs such the Stealth Bomber that lack a definitive fuselage, BWB designs have separate wing structures that are smoothly blended into a flattened and airfoil-shaped body. The purpose of the recently-completed flight testing campaign was to establish base data relating to the lift, stall and spin characteristics of the BWB design that promises increased fuel economy and range due to the entire aircraft contributing to lift generation…

In an effort to reduce the X-48B’s noise profile and study its low speed stability its wingtip winglets were moved inboard on either side of the engines – effectively turning them into twin tails – its fuselage was extended at the rear by about two feet (0.6 m), and its three 50-pound thrust jet engines were replaced with two 89-pound thrust engines. The result was the X-48C, which boasts the same 21-foot (6.4 m) wingspan and approximate 500 lb (227 kg) weight as the X-48B that made 92 flights between 2007 and 2010.

In the evolution from X-48B to X-48C, the aircraft’s flight control system software was also modified to account for the different handling qualities of the two models. The team says this enabled a stronger and safer prototype flight control system that is suitable for future full-scale commercial blended wing aircraft…

“We have accomplished our goals of establishing a ground-to-flight database, and proving the low speed controllability of the concept throughout the flight envelope,” said Fay Collier, manager of NASA’s Environmentally Responsible Aviation project. “Very quiet and efficient, the hybrid wing body has shown promise for meeting all of NASA’s environmental goals for future aircraft designs.”

We probably won’t see anything looking like this in passenger/cargo/civilian aircraft for a couple of decades. And Boeing admits their first probable customers will be Uncle Sugar’s Air Force.

Which means you and I get to pay for them instead of some airline. Still – it is an interesting looking critter and hopefully produced research which will aid all aircraft construction.

Flying robot quadrocopters cooperate to play catch

Swiss researchers have published a new video showcasing the impressive aerial cooperation capabilities of robotic quadrocopters. In the demonstration, a trio of quadrocopters tethered to a net fly in formation to catch balls tossed at them. Once they’ve caught the ball in the net, they are able to launch it upwards by stretching the net at each end.

“To toss the ball, the quadrocopters accelerate rapidly outward to stretch the net tight between them and launch the ball up. Notice in the video that the quadrocopters are then pulled forcefully inward by the tension in the elastic net, and must rapidly stabilize in order to avoid a collision. Once recovered, the quadrotors cooperatively position the net below the ball in order to catch it.” explained Robin Ritz, Lead Researcher at ETH Zurich’s Flying Machine Arena.

“Because they are coupled to each other by the net, the quadrocopters experience complex forces that push the vehicles to the limits of their dynamic capabilities. To exploit the full potential of the vehicles under these circumstances requires several novel algorithms…

Click the link in the first sentence to see notes about algorithms, etc. Beyond me. 🙂