Security, Privacy and IoT: The Week of March 12th, 2017

Security

Google has launched several new tools for Google Cloud Platform and G Suite (formerly Google Apps):

https://blog.google/topics/google-cloud/bolstering-security-across-google-cloud/

Got a Nintendo Switch? Then you also have a vulnerable version of WebKit. The Switch shipped with an old version of WebKit with known vulnerabilities.

https://arstechnica.com/gaming/2017/03/nintendo-switch-ships-with-unpatched-6-month-old-webkit-vulnerabilities/

Researchers at a security conference found several new Safari and macOS exploits which could allow root access.

https://www.macrumors.com/2017/03/16/researchers-macos-safari-exploits-pwn2own-2017/

It’s bad enough that so many databases have been compromised that pretty much everyone’s name and social security numbers are out there… no wait, traffic cameras being exploited to bring down the Domain Name System is awful. Actually, connected teddy bears are spying on children are definitely the worst. But wait. Robots. Robots that can reach out and touch someone. Yeah. That’ll be pretty bad.

Fortunately, MIT is on it.

http://news.mit.edu/2017/security-multirobot-systems-hackers-0317

Ubiquiti makes some very nice networking gear - I use their Unifi line and will write up a review on them at some point. Unfortunately, many of their devices (not the Unifi line) had an antique PHP exploit that could allow attackers to take control of equipment. Ubiquiti is pushing out updates for the affected devices.

https://www.theregister.co.uk/2017/03/16/ubiquiti_networking_php_hole/

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt

Privacy

The results of a recent Mozilla poll on privacy are informative.

https://medium.com/@mozilla/hackers-trackers-and-snoops-our-privacy-survey-results-1bfa0a728bd5#.i9pwdcc7n

ISPs are lobbying Congress and the FCC to allow them to sell information about your web browsing habits and how you use apps. Because obviously there’s nothing private or sensitive there. You might want to let your Congress-people and your ISP know how you feel about that.

https://arstechnica.com/tech-policy/2017/03/isps-say-your-web-browsing-and-app-usage-history-isnt-sensitive/

TechCrunch has a nice writeup about issues around smart homes and privacy.

https://techcrunch.com/2017/03/12/alexa-privacy/

Let’s talk about sex. So… you got this new vibrator. And it’s connected to the Internet? What could possibly go wrong??

http://boingboing.net/2017/03/14/maker-of-internet-connected-vi.html

It should surprise exactly no one that you’re being tracked as much as possible wherever you go. If you don’t know the tech well, some of the ways which you can be tracked may be a surprise.

https://consumerist.com/2017/03/14/the-mall-is-following-you-while-you-shop/

IoT

Philips has announced E14 (“candle”) Hue bulbs in both white and color. They’ll be available in the US later in the year and will of course still be quite pricey (maybe $37/bulb)

https://9to5mac.com/2017/03/17/philips-hue-e14-b39-candle-bulbs/

Remember that fundamentally Google is an advertising company. Then decide whether or not you want to throw your Google Home in the trash (please, recycle it responsibly if you do).

http://www.theverge.com/circuitbreaker/2017/3/16/14948696/google-home-assistant-advertising-beauty-and-the-beast