In Stores, Secret Bluetooth Surveillance Tracks Your Every Move (ht...
▻https://diasp.eu/p/9209638
In Stores, Secret Bluetooth Surveillance Tracks Your Every Move | #beacon #bluetooth #privacy #retail #surveillance #tracking
In Stores, Secret Bluetooth Surveillance Tracks Your Every Move (ht...
▻https://diasp.eu/p/9209638
In Stores, Secret Bluetooth Surveillance Tracks Your Every Move | #beacon #bluetooth #privacy #retail #surveillance #tracking
The Terrifying Potential of the 5G Network | The New Yorker
▻https://www.newyorker.com/news/annals-of-communications/the-terrifying-potential-of-the-5g-network
Two words explain the difference between our current wireless networks and 5G: speed and latency. 5G—if you believe the hype—is expected to be up to a hundred times faster. (A two-hour movie could be downloaded in less than four seconds.) That speed will reduce, and possibly eliminate, the delay—the latency—between instructing a computer to perform a command and its execution. This, again, if you believe the hype, will lead to a whole new Internet of Things, where everything from toasters to dog collars to dialysis pumps to running shoes will be connected. Remote robotic surgery will be routine, the military will develop hypersonic weapons, and autonomous vehicles will cruise safely along smart highways. The claims are extravagant, and the stakes are high. One estimate projects that 5G will pump twelve trillion dollars into the global economy by 2035, and add twenty-two million new jobs in the United States alone. This 5G world, we are told, will usher in a fourth industrial revolution.
A totally connected world will also be especially susceptible to cyberattacks. Even before the introduction of 5G networks, hackers have breached the control center of a municipal dam system, stopped an Internet-connected car as it travelled down an interstate, and sabotaged home appliances. Ransomware, malware, crypto-jacking, identity theft, and data breaches have become so common that more Americans are afraid of cybercrime than they are of becoming a victim of violent crime. Adding more devices to the online universe is destined to create more opportunities for disruption. “5G is not just for refrigerators,” Spalding said. “It’s farm implements, it’s airplanes, it’s all kinds of different things that can actually kill people or that allow someone to reach into the network and direct those things to do what they want them to do. It’s a completely different threat that we’ve never experienced before.”
Spalding’s solution, he told me, was to build the 5G network from scratch, incorporating cyber defenses into its design.
There are very good reasons to keep a company that appears to be beholden to a government with a documented history of industrial cyber espionage, international data theft, and domestic spying out of global digital networks. But banning Huawei hardware will not secure those networks. Even in the absence of Huawei equipment, systems still may rely on software developed in China, and software can be reprogrammed remotely by malicious actors. And every device connected to the fifth-generation Internet will likely remain susceptible to hacking. According to James Baker, the former F.B.I. general counsel who runs the national-security program at the R Street Institute, “There’s a concern that those devices that are connected to the 5G network are not going to be very secure from a cyber perspective. That presents a huge vulnerability for the system, because those devices can be turned into bots, for example, and you can have a massive botnet that can be used to attack different parts of the network.”
This past January, Tom Wheeler, who was the F.C.C. chairman during the Obama Administration, published an Op-Ed in the New York Times titled “If 5G Is So Important, Why Isn’t It Secure?” The Trump Administration had walked away from security efforts begun during Wheeler’s tenure at the F.C.C.; most notably, in recent negotiations over international standards, the U.S. eliminated a requirement that the technical specifications of 5G include cyber defense. “For the first time in history,” Wheeler wrote, “cybersecurity was being required as a forethought in the design of a new network standard—until the Trump F.C.C. repealed it.” The agency also rejected the notion that companies building and running American digital networks were responsible for overseeing their security. This might have been expected, but the current F.C.C. does not consider cybersecurity to be a part of its domain, either. “I certainly did when we were in office,” Wheeler told me. “But the Republicans who were on the commission at that point in time, and are still there, one being the chairman, opposed those activities as being overly regulatory.”
Opening up new spectrum is crucial to achieving the super-fast speeds promised by 5G. Most American carriers are planning to migrate their services to a higher part of the spectrum, where the bands are big and broad and allow for colossal rivers of data to flow through them. (Some carriers are also working with lower-spectrum frequencies, where the speeds will not be as fast but likely more reliable.) Until recently, these high-frequency bands, which are called millimetre waves, were not available for Internet transmission, but advances in antenna technology have made it possible, at least in theory. In practice, millimetre waves are finicky: they can only travel short distances—about a thousand feet—and are impeded by walls, foliage, human bodies, and, apparently, rain.
Deploying millions of wireless relays so close to one another and, therefore, to our bodies has elicited its own concerns. Two years ago, a hundred and eighty scientists and doctors from thirty-six countries appealed to the European Union for a moratorium on 5G adoption until the effects of the expected increase in low-level radiation were studied. In February, Senator Richard Blumenthal, a Democrat from Connecticut, took both the F.C.C. and F.D.A. to task for pushing ahead with 5G without assessing its health risks. “We’re kind of flying blind here,” he concluded. A system built on millions of cell relays, antennas, and sensors also offers previously unthinkable surveillance potential. Telecom companies already sell location data to marketers, and law enforcement has used similar data to track protesters. 5G will catalogue exactly where someone has come from, where they are going, and what they are doing. “To give one made-up example,” Steve Bellovin, a computer-science professor at Columbia University, told the Wall Street Journal, “might a pollution sensor detect cigarette smoke or vaping, while a Bluetooth receiver picks up the identities of nearby phones? Insurance companies might be interested.” Paired with facial recognition and artificial intelligence, the data streams and location capabilities of 5G will make anonymity a historical artifact.
To accommodate these limitations, 5G cellular relays will have to be installed inside buildings and on every city block, at least. Cell relays mounted on thirteen million utility poles, for example, will deliver 5G speeds to just over half of the American population, and cost around four hundred billion dollars to install. Rural communities will be out of luck—too many trees, too few people—despite the F.C.C.’s recently announced Rural Digital Opportunity Fund.
Deploying millions of wireless relays so close to one another and, therefore, to our bodies has elicited its own concerns. Two years ago, a hundred and eighty scientists and doctors from thirty-six countries appealed to the European Union for a moratorium on 5G adoption until the effects of the expected increase in low-level radiation were studied. In February, Senator Richard Blumenthal, a Democrat from Connecticut, took both the F.C.C. and F.D.A. to task for pushing ahead with 5G without assessing its health risks. “We’re kind of flying blind here,” he concluded. A system built on millions of cell relays, antennas, and sensors also offers previously unthinkable surveillance potential. Telecom companies already sell location data to marketers, and law enforcement has used similar data to track protesters. 5G will catalogue exactly where someone has come from, where they are going, and what they are doing. “To give one made-up example,” Steve Bellovin, a computer-science professor at Columbia University, told the Wall Street Journal, “might a pollution sensor detect cigarette smoke or vaping, while a Bluetooth receiver picks up the identities of nearby phones? Insurance companies might be interested.” Paired with facial recognition and artificial intelligence, the data streams and location capabilities of 5G will make anonymity a historical artifact.
Cloning Zwift on #ios Part 2: Reverse Engineering a Workout
▻https://hackernoon.com/cloning-zwift-on-ios-part-2-reverse-engineering-a-workout-9d4ffabc29e8?s
Last time, on “Making an iOS Zwift Clone to Save $15 a Month” I wrote about learning Core Bluetooth to connect to my exercise bike and get…Continue reading on Hacker Noon »
Making an #ios #zwift Clone to Save $15 a Month! Part 1: Core #bluetooth
▻https://hackernoon.com/making-an-ios-zwift-clone-to-save-15-a-month-part-1-core-bluetooth-9925b
It’s been a while since I’ve worked on a personal project, but I’ve been having an itch to make some new iOS apps and yesterday morning I decided to go ahead and hack something together.I recently purchased an exercise bike called the BikeErg (I think the name has something to do with the rowing machines that the manufacturer also makes). The bike has a built-in computer that keeps track of things like watts (apparently #cycling is a sport that has really good analytics since it’s easy to track raw power), calories burned, cadence and other stuff. You can view the data on the monitor or use an app like Zwift to do workouts.The BikeErg comes with the PM5: the most advanced PM thing ever.I’ve been using the BikeErg to exercise pretty regularly now, and I tried a bunch of different apps that (...)
Nodle App launches on the #htc Exodus #blockchain phone
▻https://hackernoon.com/nodle-app-launches-on-the-htc-exodus-blockchain-phone-8e1544c62fe8?sourc
Nodle Network Overview | February 21st 2019Smartphone Exodus users can now be rewarded for participating in the Nodle NetworkNodle, a connectivity provider for the Internet of Things just announced the launch of its mobile application, Nodle, made exclusively available now for HTC Exodus users. Once users launch the app, they will be directly rewarded for participating in the Nodle Network.The Nodle app connects and collects data from #iot devices like environmental sensors, BLE tags, cars, bikes and scooters. The company has built a robust Bluetooth Low Energy-powered network to help companies and cities connect and collect data from their devices, sensors and tags.Micha Benoliel, Nodle co-founder, mentions that “Any individual can be directly rewarded for the work performed using their (...)
Découverte d’une faille touchant les connexions Bluetooth de nombreux objets connectés
▻https://www.lemonde.fr/pixels/article/2018/08/11/decouverte-d-une-faille-touchant-les-connexions-bluetooth-de-nombreux-objets
Un défaut dans un protocole Bluetooth, qui équipe de nombreux appareils connectés – y compris médicaux – peut permettre une prise de contrôle à distance. Il est possible de prendre à distance le contrôle de certains appareils connectés en Bluetooth, y compris des objets sensibles, à l’insu de leurs utilisateurs. C’est ce qu’a découvert Damien Cauquil, un chercheur de l’entreprise française Digital Security, qui présente les résultats de ses travaux à la conférence spécialisée en sécurité informatique (...)
Le contenu de #Defcon est bloqué chez certains providers :
You’d better secure your BLE devices or we’ll kick your butts !
Saturday 2018-08-11 at 12:00 in Track 2
45 minutes | Demo, Tool, Exploit
Damien “virtualabs” Cauquil Head of Research & Development, Digital Security
Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections.
Furthermore, as vendors do not seem inclined to improve the security of their devices by following the best practices, we decided to create a tool to lower the ticket: BtleJack. BtleJack not only provides an affordable and reliable way to sniff and analyze Bluetooth Low Energy devices and their protocol stacks, but also implements a brand new attack dubbed “BtleJacking” that provides a way to take control of any already connected BLE device.
We will demonstrate how this attack works on various devices, how to protect them and avoid hijacking and of course release the source code of the tool.
Vendors, be warned: BLE hijacking is real and should be considered in your threat model.
Damien “virtualabs” Cauquil
Damien is a senior security researcher who joined Digital Security in 2015 as the head of research and development. He discovered how wireless protocols can be fun to hack and quickly developed BtleJuice, one of the first Bluetooth Low Energy MitM framework.
Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, and a dozen times at Nuit du Hack, one of the oldest security conference.
▻https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20program.pdf
Boy unearths legendary Danish king’s trove in Germany | News24
▻https://www.news24.com/World/News/boy-unearths-legendary-danish-kings-trove-in-germany-20180416
A 13-year-old boy and an amateur archaeologist have unearthed a “significant” treasure trove in Germany which may have belonged to the legendary Danish king #Harald_Bluetooth who brought Christianity to Denmark.
Rene Schoen and his student Luca Malaschnitschenko were looking for treasure using metal detectors in January on the northern island of Ruegen [Rügen] when they chanced upon what they initially thought was a worthless piece of aluminium.
But upon closer inspection, they realised that it was a shimmering piece of silver, German media reported.
A dig covering 400 square metres (4,300 square feet) that was finally started at the weekend by the regional archaeology service has uncovered a trove believed to be linked to the Danish king, a member of the Jelling dynasty, who reigned from around 958 to 986.
Braided necklaces, pearls, brooches, a Thor’s hammer, rings and up to 600 chipped coins were found, including more than 100 that date to Bluetooth’s era.
“This trove is the biggest single discovery of Bluetooth coins in the southern Baltic sea region and is therefore of great significance,” lead archaeologist Michael Schirren told national news agency DPA.
The oldest coin found in the trove is a Damascus dirham dating to 714 while the most recent is a penny dating to 983.
The find suggests that the treasure may have been buried in the late 980s - also the period when Bluetooth was known to have fled to Pomerania, where he died in 987.
New Raspberry Pi 3 Model Has Faster CPU, Better Networking
▻https://www.omgubuntu.co.uk/2018/03/raspberry-pi-3-model-b-plus-specs-price
Delicious news for all you makers out there: a brand new Raspberry Pi is available to buy. The new Raspberry Pi 3 Model B+ is an improved version of the Raspberry Pi 3 Model B. It features a faster ARM A53 processor and improved networking capabilities through the addition of Gigabit Ethernet, Bluetooth 4.2 LS BLE […] This post, New Raspberry Pi 3 Model Has Faster CPU, Better Networking, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
Hedy Lamarr: The Hollywood bombshell whose genius the world tried to ignore
▻https://www.independent.co.uk/arts-entertainment/films/features/hedy-lamarr-bombshell-documentary-inventor-movies-biography-a8246371.
She made her name timeless, but the silver screen projected a mere phantom of Lamarr’s true self, a creation so that she could survive in this world and flourish. Behind closed doors, was the second life of inventor, the co-creator of a frequency hopping system which has gone on to become one of the most significant communications developments of the 20th century. Her work later formed the basis for Bluetooth and WiFi.
bleno
▻https://github.com/noble/bleno
“A Node.js module for implementing BLE (Bluetooth Low Energy) peripherals”
noble
▻https://github.com/noble/noble
„A Node.js BLE (Bluetooth Low Energy) central module”
Colgate Smart Electronic Toothbrush E1 with Artificial Intelligence uses ResearchKit, is Apple store exclusive
▻http://appleinsider.com/articles/18/01/09/colgate-smart-electronic-toothbrush-e1-with-artificial-intelligence-us
Designed with the help of dentists, the Colgate Smart Electronic Toothbrush E1 features real-time sensors and artificial intelligence algorithms to detect brushing effectiveness in 16 zones of the mouth.
The Colgate Connect app is integrated with Apple ResearchKit, and connects to an iPhone or iPad with Bluetooth. It features a 3D brushing coach to create a custom oral care routine for the user while encouraging better brushing habits.
“Connected health devices like the new Colgate Smart Electronic Toothbrush provide a valuable opportunity to enable people to monitor their health and wellness,” said Colgate-Palmolive Chief Technology Officer Dr. Patricia Verduin. “Using Apple ResearchKit to expand the boundaries of oral care is a testament to Colgate’s drive to create innovative solutions that help people take better care of themselves.”
The Colgate Smart Electronic Toothbrush will be available for Recommended Retail Price $99.95 USD beginning January 9 in the US exclusively at Apple.com and in select Apple Stores.
The toothbrush itself was designed by Kolibree, the same company that debuted the Magic Toothbrush on Monday that uses augmented reality to gamify children’s oral hygiene.
A Cute Toy Just Brought a Hacker Into Your Home - The New York Times
▻https://www.nytimes.com/2017/12/21/technology/connected-toys-hacking.html?emc=edit_th_20171222&nl=todaysheadlines&nlid=25
SAN FRANCISCO — My Friend Cayla, a doll with nearly waist-length golden hair that talks and responds to children’s questions, was designed to bring delight to households. But there’s something else that Cayla might bring into homes as well: hackers and identity thieves.
Earlier this year, Germany’s Federal Network Agency, the country’s regulatory office, labeled Cayla “an illegal espionage apparatus” and recommended that parents destroy it. Retailers there were told they could sell the doll only if they disconnected its ability to connect to the internet, the feature that also allows in hackers. And the Norwegian Consumer Council called Cayla a “failed toy.”
The doll is not alone. As the holiday shopping season enters its frantic last days, many manufacturers are promoting “connected” toys to keep children engaged. There’s also a smart watch for kids, a droid from the recent “Star Wars” movies and a furry little Furby. These gadgets can all connect with the internet to interact — a Cayla doll can whisper to children in several languages that she’s great at keeping secrets, while a plush Furby Connect doll can smile back and laugh when tickled.
But once anything is online, it is potentially exposed to hackers, who look for weaknesses to gain access to digitally connected devices. Then once hackers are in, they can use the toys’ cameras and microphones to potentially see and hear whatever the toy sees and hears. As a result, according to cybersecurity experts, the toys can be turned to spy on little ones or to track their location.
“Parents need to be aware of what they are buying and bringing home to their children,” said Javvad Malik, a researcher with cybersecurity company AlienVault. “Many of these internet-connected devices have trivial ways to bypass security, so people have to be aware of what they’re buying and how secure it is.”
Un paragraphe spécial pour celles et ceux qui ont lu « Maman a tort » de Michel Bussi :
Consider the Furby Connect doll made by Hasbro, a furry egg-shaped gadget that comes in teal, pink and purple. Researchers from Which?, a British charity, and the German consumer group Stiftung Warentest recently found that the Bluetooth feature of the Furby Connect could enable anyone within 100 feet of the doll to hijack the connection and use it to turn on the microphone and speak to children.
Mais foutez-donc la paix aux enfants !!!!
Toy manufacturers have long searched for ways to bring toys alive for children. While microphones and cameras introduced some level of responsiveness, those interactions were generally limited to a canned response preset by a manufacturer. Internet connections opened up a new wealth of possibilities; now the toys can be paired with a computer or cellphone to allow children to constantly update their toys with new features.
“That’s so scary, I had no idea that was possible,” she said. “What’s the worst hackers can do? Wait, no, don’t tell me. I’d just rather get my kids an old-fashioned doll.”
Turning Off Wi-Fi and Bluetooth in iOS 11’s Control Center Doesn’t Actually Turn Off Wi-Fi or Bluetooth - Motherboard
▻https://motherboard.vice.com/en_us/article/evpz7a/turn-off-wi-fi-and-bluetooth-apple-ios-11
To be clear, and to be fair, this behavior is exactly what Apple wants. In its own documentation, the company says that “in iOS 11 and later, when you toggle the Wi-Fi or Bluetooth buttons in Control Center, your device will immediately disconnect from Wi-Fi and Bluetooth accessories. Both Wi-Fi and Bluetooth will continue to be available.” That is because Apple wants the iPhone to be able to continue using AirDrop, AirPlay, Apple Pencil, Apple Watch, Location Services, and other features, according to the documentation.
Il faudra bien un jour que j’écrive ce papier sur l’imossibilité d’éteindre la nouvelle collection d’outls électronique dont nous disposons. Sur la plupart des appareils, il n’y a plus de bouton de marche/arrêt.
Les machines ont décidé de fonctionner toujours, et nous devons les suivre. Devenons-nous les jouets des machines ?
et qu’est ce qu’on a comme possibilité d’installation de système libre, plutôt que ios et android ?
Sur un téléphone à plus de 1000 balles ?
Il y a des alternatives plus réalistes et moins couteuses.
ha bin non, plutôt sur un milieu de gamme à 200-300 brouzoufs qui tourne sur de l’android... c’était une question de curieux qui ne fera jamais l’effort de se lancer là-dedans...
BlueBorne Information from the Research Team - Armis Labs
▻https://www.armis.com/blueborne
A new attack vector exposes almost every connected device. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via #bluetooth... To Android users: To check if your device is at risk or is the devices around you are at risk, download the Armis BlueBorne Scanner App on Google Play. — Permalink
#Dumbo : le gadget de la #CIA pour déjouer la #vidéosurveillance des domiciles
▻https://www.mediapart.fr/journal/international/030817/dumbo-le-gadget-de-la-cia-pour-dejouer-la-videosurveillance-des-domiciles
WikiLeaks publie une série de documents dévoilant le fonctionnement d’un outil de la CIA utilisé lors d’une intrusion physique et permettant de désactiver tout système de surveillance domestique, vidéo ou audio, connecté à un ordinateur fonctionnant sous Windows.
Dumbo User Guide — SECRET//NOFORN
▻https://wikileaks.org/vault7/document/Dumbo-v3_0-User_Guide/Dumbo-v3_0-User_Guide.pdf
1.0 (U) Introduction
(S) Dumbo runs on a target to which we have physical access, mutes all microphones, disables all network adapters, suspends any processes using a camera recording device, and notifies the operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.
[…]
2.0 (U) System Overview
(U) The tool is meant to be executed on a target machine directly from a USB thumb drive. The application requires being run as SYSTEM. Dumbo will log all actions taken either automatically, or manually by the operator, in a file called “log.txt” located in the same folder as the tool’s execution. Dumbo will also log all processes running at the start of its execution in a file called “proclist.txt” located in the same folder as the tool’s execution.
• GUI.exe: Main executable for Dumbo v3.0. Requires being run as SYSTEM. If run as Administrator, the tool will attempt to restart itself as SYSTEM. This file can be renamed as desired.
GUI.exe Command-Line Options:
-n : do not automatically disable network or Bluetooth adapters
• scanner.sys: Driver necessary for tool to run correctly on 32 bit Windows XP. Driver will automatically be installed and removed, if necessary. Driver must be named “scanner.sys” and be located in the same folder as the main executable. The driver is not needed, and will not be installed, on any operating system other than 32 bit Windows XP.
• wscupd.exe: Executable used to create a blue screen on 32 bit operating systems. This file must be named “wscupd.exe” and be in the same folder as the main executable.
• wermgr.exe: Executable used to create a blue screen on 64 bit operating systems. This file must be named “wermgr.exe” and be in the same folder as the main executable.
Ubuntu 17.10 Makes It Easier to Use Bluetooth Speakers
▻http://www.omgubuntu.co.uk/2017/07/ubuntu-automatically-switch-sound-bluetooth
Ubuntu will automatically switch sound output to Bluetooth when you connect a Bluetooth speaker or headset in Ubuntu 17.10, as this video demonstrates. This post, Ubuntu 17.10 Makes It Easier to Use Bluetooth Speakers, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
A KDE Connect Bluetooth Backend Is In Development
▻http://www.omgubuntu.co.uk/2017/06/kde-connect-bluetooth-backend-development
A KDE Connect Bluetooth backend is now in development, meaning you can soon pair your Android phone with your Ubuntu PC without the use of wifi. This post, A KDE Connect Bluetooth Backend Is In Development, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
Guide to Bluetooth Security rev 2
NIST Special Publication 800-121
May 2017
▻http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-121r2.pdf
Intel Wireless-AC 9560 : première carte M.2 compatible Bluetooth 5
▻http://www.tomshardware.fr/articles/wireless-ac-9560-intel-bluetooth-5-reseau-intel,1-63818.html#xtor=RSS-1
Le Bluetooth 5 arrive.
Raspberry Pi Zero W, a $10 Raspberry Pi Zero with Wi-Fi and Bluetooth
▻http://www.omgubuntu.co.uk/2017/03/raspberry-pi-zero-w-wifi
The Raspberry Pi foundation has launched an updated version of its Raspberry Pi Zero to mark its 5th birthday. The new Raspberry Pi Zero W features onboard Wi-Fi and Bluetooth connectivity and serves as an alternative to its $5 Raspberry Pi Zero which launched back in 2015. Raspberry Pi Zero W Specs Fans of the Pi Zero maker board will be pleased to hear that […] This post, Raspberry Pi Zero W, a $10 Raspberry Pi Zero with Wi-Fi and Bluetooth, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
Stuffed toys leak children’s voice messages
▻https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults
US company CloudPets compromised, leaking information including email addresses, passwords and voice recordings The personal information of more than half a million people who bought internet-connected fluffy animals has been compromised. The details, which include email addresses and passwords, were leaked along with access to profile pictures and more than 2m voice recordings of children and adults who had used the CloudPets stuffed toys. The US company’s toys can connect over Bluetooth (...)
"Minding the gap, blind" - Leading vulnerable populations into a data-fostered power disbalance (yet again)?
An interesting piece caught my eye today: a feature published at Ars Technica UK quite sympathetically describes how Bluetooth beacons guide visually impaired (blind and partially sighted) people in the London metro.
The idea is great, no doubt. The author tested the technology and acknowledged how seamless it is to navigate the busy tunnels of the tube with its assistance.
▻https://arstechnica.co.uk/business/2016/10/london-underground-blind-beacons
However, further down I was reading, more upset I felt. The piece names the two companies — WayFindr and UsTwo — developing the technology and links to their respective websites. Then, it goes on interviewing London Underground’s director for operational support who praises the technology and explains that Google.org, Google’s charity arm, has co-funded the project. I went on to check out the two startups, and what I found concerns me.
Or, it’d be more appropriate to say, what I did not find, concerns me. Indeed:
– I found no trace whatsoever of technical specification for an alleged “open standard” developed by WayFindr: ▻https://www.wayfindr.net Amongst the few social networks featured (footer of the website), no GitHub or similar is listed. Moreover, there is no mention whatsoever about how the data WayFindr collects are managed.
– The situation is similar with UsTwo. They have a page labelled ’Legal’ (▻https://ustwo.com/legal), but it contains nothing related to data management, data collection, etc. UsTwo has a GitHub account (▻https://github.com/ustwo), but it is the regular front-end/Ansible/etc. stuff. Correct me if I am wrong, but it does not contain anything related to data collection, data management or data security.
I am not familiar with this project. However, the very one-sided and sympathetic feature that Ars UK ran rings a bell: is this a sponsored content that does not have the appropriate label? Or, worse, is it a piece that praises a program with no publicly available privacy and data management programs? As a reminder, the data producers here, as well as the clients, are visually impaired people: these are vulnerable people. The power disbalance is truly striking and utterly concerning.
Vulnerable vibrator : Security researchers find flaw in connected toy
▻http://www.cnet.com/news/vulnerable-vibrator-security-researchers-find-flaws-in-connected-toy
When it comes to internet-connected devices, I dare you to find something more intimate than a vibrator controlled by a smartphone app. That’s what Standard Innovation offers in its We Vibe 4 Plus, which pairs with a smartphone via Bluetooth and can be controlled by a partner, near or far. What could go wrong ? Well, two security researchers who go by the names followr and g0ldfisk found flaws in the software that controls the device. It could potentially let a hacker take over the (...)
Your ’intimate personal massager’ - cough - is spying on you
▻http://www.theregister.co.uk/2016/08/07/your_sec_toy_is_spying_on_you_hackers_crack_our_plastic_pals
Bluetooth hack lets Australian researchers reveal your deepest desires DEF CON has a lot of odd talks, but the successful hacking of a vibrator by two Australian researchers drew a big crowd. The two-person team of Goldfisk and Follower got hold of the schematics for the We Vibe 4 Plus, a U-shaped vibrator that can be controlled via Bluetooth using a remote control or a smartphone app. The wireless functions mean the device’s makers had to report its details with the United States the (...)