4809 stories
·
0 followers

MiSafes' Child-Tracking Smartwatches Are 'Easy To Hack'

1 Share
The location-tracking "MiSafe" smartwatch may not be as safe as the name proclaims. According to security researchers from Pen Test Partners, the watches are easy to hack as they do not encrypt the data they use or secure each child's account. The researchers found that they could track children's movements, surreptitiously listen in to their activities and make spoof calls to the watches that appeared to be from parents. The BBC reports: The MiSafes watch was first released in 2015. It uses a global positioning system (GPS) sensor and a 2G mobile data connection to let parents see where their child is, via a smartphone app. In addition, parents can create a "safe zone" and receive an alert if the child leaves the area. The adult can also listen in to what their offspring is doing at any time and trigger two-way calls. Pen Test Partner's Ken Munro and Alan Monie learned of the product's existence when a friend bought one for his son earlier this year. Out of curiosity, they probed its security measures and found that easy-to-find PC software could be used to mimic the app's communications. This software could be used to change the assigned ID number, which was all it took to get access to others' accounts. This made it possible to see personal information used to register the product, including: a photo of the child; their name, gender and date of birth; their height and weight; the parents' phone numbers; and the phone number assigned to the watch's Sim card.

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

Why Sleep Apnea Patients Rely On a Lone, DRM-Breaking CPAP Machine Hacker

1 Share
Jason Koebler writes: "SleepyHead" is a free, open-source, and definitely not FDA-approved piece of software for sleep apnea patients that is the product of thousands of hours of hacking and development by a lone Australian developer named Mark Watkins, who has helped thousands of sleep apnea patients take back control of their treatment from overburdened and underinvested doctors. The software gives patients access to the sleep data that is already being generated by their CPAP machines but generally remains inaccessible, hidden by DRM and proprietary data formats that can only be read by authorized users (doctors) on proprietary pieces of software that patients often can't buy or download. SleepyHead and community-run forums like CPAPtalk.com and ApneaBoard.com have allowed patients to circumvent medical device manufacturers, who would prefer that the software not exist at all. Medical device manufacturers fought in 2015 to prevent an exemption to the Digital Millennium Copyright Act to legalize hacking by patients who wanted to access their own data, but an exemption was granted, legalizing SleepyHead and software like it.

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

Senators Ask Four Major Carriers About Video Slowdowns

1 Share
An anonymous reader quotes a report from Ars Technica: Three U.S. Senate Democrats today asked the four major wireless carriers about allegations they've been throttling video services and -- in the case of Sprint -- the senators asked about alleged throttling of Skype video calls. Sens. Edward Markey (D-Mass.), Richard Blumenthal (D-Conn.), and Ron Wyden (D-Ore.) sent the letters to AT&T, Verizon, Sprint, and T-Mobile, noting that recent research using the Wehe testing platform found indications of throttling by all four carriers. "All online traffic should be treated equally, and Internet service providers should not discriminate against particular content or applications for competitive advantage purposes or otherwise," the senators wrote. Specifically, the Wehe tests "indicated throttling on AT&T for YouTube, Netflix, and NBC Sports... throttling on Verizon for Amazon Prime, YouTube, and Netflix... throttling on Sprint for YouTube, Netflix, Amazon Prime, and Skype Video calls... [and] delayed throttling, or boosting, on T-Mobile for Netflix, NBC Sports, and Amazon Prime by providing un-throttled streaming at the beginning of the connection, and then subsequently throttling the connection," the senators' letters said.

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked.

1 Share
schwit1 shares a report: Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation's Central Point of Entry, which then passes it on to Lockheed's central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations. Another networking system is the Joint Reprogramming Enterprise, or JRE. The JRE maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet. For example, the JRE will seek out and share information on enemy radar and electronic warfare signals so that individual air forces will not have to track down the information themselves. This allows countries with the F-35 to tailor the mission around anticipated threats -- and fly one step ahead of them. Although the networks have serious cybersecurity protections, they will undoubtedly be targets for hackers in times of peace, and war. Hackers might try to bring down the networks entirely, snarling the worldwide logistics system and even endangering the ability of individual aircraft to get much-needed spare parts. Alternately, it might be possible to compromise the integrity of the ALIS data -- by, say, reporting a worldwide shortage of F-35 engines. Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not. Even the F-35 simulators that train pilots could conceivably leak data to an adversary. Flight simulators are programmed to mirror flying a real aircraft as much as possible, so data retrieved from a simulator will closely follow the data from a real F-35.

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete

NATO To ‘Integrate’ Offensive Cyber By Members

1 Share

NATO photo

“NATO is clear that we will not perform offensive cyberspace operations,” said Maj. Gen. Wolfgang Renner. “However, we will integrate sovereign cyberspace effects from the allies who are willing to volunteer.”

Read the whole story
tain
1 day ago
reply
Share this story
Delete

Trump Signs Bill That Creates the Cybersecurity and Infrastructure Security Agency

1 Share
An anonymous reader quotes a report from ZDNet: U.S. President Donald Trump signed today a bill into law, approving the creation of the Cybersecurity and Infrastructure Security Agency (CISA). The bill, known as the CISA Act, reorganizes and rebrands the National Protection and Programs Directorate (NPPD), a program inside the Department of Homeland Security (DHS), as CISA, a standalone federal agency in charge of overseeing civilian and federal cybersecurity programs. The NPPD, which was first established in 2007, has already been handling almost all of the DHS' cyber-related issues and projects. As part of the DHS, the NPPD was the government entity in charge of physical and cyber-security of federal networks and critical infrastructure, and oversaw the Federal Protective Service (FPS), the Office of Biometric Identity Management (OBIM), the Office of Cyber and Infrastructure Analysis (OCIA), the Office of Cybersecurity & Communications (OC&C), and the Office of Infrastructure Protection (OIP). As CISA, the agency's prerogatives will remain the same, and nothing is expected to change in day-to-day operations, but as a federal agency, CISA will now benefit from an increased budget and more authority in imposing its directives. "Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation's critical infrastructure and cyber platforms," said NPPD Under Secretary Christopher Krebs. "The changes will also improve the Department's ability to engage with industry and government stakeholders and recruit top cybersecurity talent."

Read more of this story at Slashdot.

Read the whole story
tain
1 day ago
reply
Share this story
Delete
Next Page of Stories