IoT home security camera allows hackers to listen in over HTTP
Security researchers have recently discovered a flaw which allows attackers to get access to the audio stream without needing to authenticate. Anyone can connect to the /videotalk HTTP endpoint, and then listen to whatever sounds the camera is capturing. The good news is that Amcrest, the camera maker, has already released a patch that fixes the problem. Sadly, very few people take the time to update their devices.
5G security flaw allows targeted man-in-the-middle cyberattacks
Many cell phone carriers reuse some of their 4G software, or at least some of its algorithms and protocols, for their new 5G networks. Ravishankar Borgaonkar of SINTEF Digital has recently revealed that the device capability information is sent to the base station in plain text, without being encrypted by a security mechanism. By running a MiTM attack, the device info data can be extracted, and then altered.
How much do companies understand the risk exposure of IoT devices?
The current IoT environment poses serious security risks. To begin with, very few companies have a security and privacy program in place. Security isn't always incorporated into the design of products, making it time consuming and costly to retroactively fix security issues. Engineers and software architects aren't fully aware of all the potential security risks; security systems aren't always monitored.
Newly unearthed patent for a solar-powered smartphone from Xiaomi
Our phones need more power than ever, because they incorporate lightning-fast CPUs and huge screens. Xiaomi has recently filed a patent for a device that incorporates a sheet of photovoltaic solar cells on its back. While the panel isn't huge, so my guess is that it couldn't power the phone on its own, I'd certainly appreciate the option of giving the battery a boost by flipping the back of the phone toward sunlight.
Forecasters fear 5G wireless tech will muck up weather predictions
Specialists fear that 5G will threaten accurate weather forecasts, because the next generation of cellular networks utilizes frequencies that are close to the ones used by the satellites which gather critical water vapor data. Carriers want to use ultra high frequencies such as 24 GHz, because they can transport much more data. Still, weather forecasters use the 23.8 GHz frequency to track water vapor molecules.
A UC Berkeley application is making seismometers out of smartphones
Did you know that the MyShake app can turn anyone's smartphone into a seismometer? As people download and install the application, this science project grows, creating an early earthquake warning network. The app has gotten over 300,000 downloads, being installed by people who live in more than 80 countries. It shows recent and historic earthquakes, sends out notifications and provides basic safety guidelines.
Use your phone to turn a photo into an Excel spreadsheet in a snap
Microsoft has recently added a very powerful feature to its spreadsheet application: the ability to convert words and numbers that are written on a piece of paper into a perfectly formatted table. The "Insert Data from Picture" tool uses Excel's cloud-based image recognition system and works with dozens of different languages. Users can take several pictures and/or get the option to fix any errors, if needed.
KNOB attack lets hackers insert themselves into your Bluetooth calls
Researchers have discovered a flaw in the Bluetooth authentication protocols. By making use of the "Key Negotiation of Bluetooth" vulnerability, cybercriminals can listen to conversations that are conducted by making use of Bluetooth devices, and even alter the content of the files that are sent back and forth. KNOB is undetectable and forces the participants to use a weak encryption key, which can be brute forced easily.