Haunted A Complete Stranger’s House Via The Internet

Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.

via When ‘Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet – Forbes.

Hacking RFID Tags Is Easier Than You Think

The RFID output that the Arduino gets is a 10-digit hexadecimal. With that in hand, Brown said it’s simple to replicate the remotely stolen information using a Proxmark device.

The unfortunate reality, according to Brown, is that with most of the building security badges that are running at 125KHz, there is no secure authentication mechanism.

via Hacking RFID Tags Is Easier Than You Think: Black Hat.

iPhone Hacked in Under 60 Seconds Using Malicious Charger

Once the charger is plugged in and the user inputs their PIN code, the charger silently and invisibly removes the target app, in this case the official Facebook app. It then replaces it – in exactly the same position on your iPhone/iPad homescreen – with what looks like a perfect replacement.

In actual fact this is malware and once you launch it, your phone/tablet has been compromised. This malware could be used to capture passwords, take screenshots, access your contacts, messages and phone calls, or even make premium rate calls.

via iPhone Hacked in Under 60 Seconds Using Malicious Charger – IBTimes UK.

Rotolight uses DMCA to claim ”Infringement” on Review it didn’t like

While spending some time on my Facebook feed I came across a post I missed earlier by a friend of mine Den Lennie talking about censorship from a test he did on some lights.  It would seem that the company Rotolight didn’t fare as well as they would have liked and decided to file a DMCA notice with Vimeo.  This is a disturbing trend that companies are trying to use to remove tests that they don’t like, and even bigger brands are trying to use it as GoPro tried to do with a review it didn’t like.  Though GoPro upper management realized it stepped in it and backtracked a bit saying it was just the images they were filing on not the review content.

via Rotolight uses DMCA to claim ”Infringement” on Review it didn’t like – Dave Lawlor {Dot} Com.

Scientists Demonstrate Ultra-Fast Magnetite Electrical Switch

However, there’s a slight hitch to be overcome before fabbing magnetite computer chips is possible. To lock an electrical charge in place in the material, it has to be chilled to minus 190 degrees Celsius.

Kukreja said the next objective for the team will be to try out electrical switching with “more complex materials and room-temperature applications” through new experiments which “aim to identify exotic compounds and test new techniques to induce the switching and tap into other properties that are superior to modern-day silicon transistors.”

via Scientists Demonstrate Ultra-Fast Magnetite Electrical Switch | News & Opinion | PCMag.com.

College students hijack $80 million yacht with GPS signal spoofing

A group of students at the University of Texas at Austin built and successfully tested a GPS spoofing device to remotely redirect an $80 million yacht onto a different route, the Houston Chronicle reports. The project, which was completed with the permission of the yacht’s owners in the Mediterranean Sea this past June, is explained in the video below.

via College students hijack $80 million yacht with GPS signal spoofing.

Court blocks the publication of a scientific paper

The English High Court (the highest civil court) has blocked the publication of a scientific paper that would have revealed the full details of a zero day vulnerability in Volkswagen’s immobiliser mechanisms – the temporary injunction against publication has been granted to stop the publication of “Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer” – due to be presented at a Usenix security conference.

via Court blocks the publication of a scientific paper | cartesian product.

NSA Award for Best Scientific Cybersecurity Paper

In accepting the award I don’t condone the NSA’s surveillance. Simply put, I don’t think a free society is compatible with an organisation like the NSA in its current form. Yet I’m glad I got the rare opportunity to visit with the NSA and I’m grateful for my hosts’ genuine hospitality. A large group of engineers turned up to hear my presentation, asked sharp questions, understood and cared about the privacy implications of studying password data. It affirmed my feeling that America’s core problems are in Washington and not in Fort Meade. Our focus must remain on winning the public debate around surveillance and developing privacy-enhancing technology. But I hope that this award program, established to increase engagement with academic researchers, can be a small but positive step.

via Light Blue Touchpaper » Blog Archive » NSA Award for Best Scientific Cybersecurity Paper.