TL;DR: An undocumented API in Google home devices is easily exploitable. This command will reboot any on your local network: nmap –open -p 8008 192.168.1.0/24 | awk ‘/is up/ {print up};…

Clorox is using data from so-called smart thermometers to target ads to areas where people are sick. It’s the latest example of internet-connected devices being used for advertising.

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

Failles corrigées et accès physique nécessaire

WASHINGTON: Hey! Take off that Fitbit and turn it off. Hand in that Apple Watch. Make sure you’ve turned off the geolocation capabilities of your Garmin. That was the word today from Deputy Defense Secretary Patrick Shanahan. For years, cell phones have been banned from many offices in the Pentagon, not to mention any Secure Compartmentalized Information Facility (SCIF). The reason was simple: anything that can transmit and has a microphone can be used to record and send information. If it’s got a camera, then photographs or video can be taken as well. Today, the threat is less obvious. It comes from those Apple Watches, Garmins, Fitbits, custom smartwatches and other remote sensors that track your location and share it with remote databases. “These geolocation capabilities can expose personal information, locations, routines, and numbers of DoD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” says Shanahan’s memo, which was released by the Pentagon press office too ensure everyone sees it. This was all sparked when reports surfaced earlier this year of a fitness-tracking company, Strava, publishing maps showing where users jog, bike and exercise. Since many of its users are members of the military, their jogging routes and other exercises showed exactly where the US has service members around the world, as well as showing their running routes. In Pentagon-speak, here’s the broad problem: “The rapidly evolving market of devices, applications, and services with geolocation capabilities (e.g., fitness trackers, smartphones, tablets, smartwatches, and related software applications) presents significant risk to Department of Defense (DoD) personnel both on and off duty, and to our military operations globally.” Strava apparently intended no harm but, you can guess how uneasy this made service members and senior Pentagon officials. A review of Pentagon policies about the devices that made this possible was ordered and that’s what this memo is all about. Note the requirement for the Chief lnformation Officer (CIO) and the Undersecretary of Defense for Intelligence (USDI) to “jointly develop” guidance and training for commanders and others.  

The people who called into the help hotlines and domestic violence shelters said they felt as if they were going crazy.

One woman had turned on her air-conditioner, but said it then switched off without her touching it. Another said the code numbers of the digital lock at her front door changed every day and she could not figure out why. Still another told an abuse help line that she kept hearing the doorbell ring, but no one was there.

Their stories are part of a new pattern of behavior in domestic abuse cases tied to the rise of smart home technology. Internet-connected locks, speakers, thermostats, lights and cameras that have been marketed as the newest conveniences are now also being used as a means for harassment, monitoring, revenge and control.

Researchers found 20 flaws in Samsung’s SmartThings Hub controller - opening up supported third-party smart home devices to attack.

Just found out the car I drive from @Ford has an app that enables the car’s location to be tracked. There are good reasons I might not want someone else who drives the car to know my location. Dealership laughed at my privacy concerns. This just seems wrong to me.

It can be tempting to hook up everything you love to the internet. But take a moment to appreciate some of the objects that can remain unplugged.

This time, we’ve chosen a smart hub designed to control sensors and devices installed at home. It can be used for different purposes, such as energy and water management, monitoring and even security systems.

Even some devices with patches available are connected to the naked Internet.

I have some news: the Internet of Things is a mess. A hacked refrigerator sounds slightly scary, but a vibrator-controlling app that records all your sex sounds and stores them on your phone...

Désormais bardé de capteurs, le robot-aspirateur d’iRobot dresse une cartographie des lieux où il opère. A la base destinées à ses déplacements, ces données pourraient prochainement être vendues par le fabricant aux Amazon, Apple et autres Google.

A couple of years ago, I was heavily involved in analysing and reporting on the massive VTech hack, the one where millions of records were exposed including kids' names, genders, ages, photos and the relationship to parents' records which included their home address. Part of this data was collected via

White hat hackers have made the first proof of concept for malware that locks a smart thermostat and demands a ransom.