Advanced Search
Content Type: Examples
A woman was killed by a spear to the chest at her home in Hallandale Beache, Florida, north of Miami, in July. Witness "Alexa" has been called yet another time to give evidence and solve the mystery. The police is hoping that the smart assistance Amazon Echo, known as Alexa, was accidentally activated and recorded key moments of the murder. “It is believed that evidence of crimes, audio recordings capturing the attack on victim Silvia Crespo that occurred in the main bedroom … may be found on…
Content Type: Examples
Denmark released 32 prisoners as part of an ongoing review of 10,700 criminal cases, after serious questions arose regarding the reliability of geolocation data obtained from mobile phone operators. Among the various problems with the software used to convert the phone data into usable evidence, it was found that the system connected the phones to several towers at once, sometimes hundreds of kilometres apart, recorded the origins of text messages incorrectly and got the location of specific…
Content Type: Examples
The Lumi by Pampers nappies will track a child's urine (not bowel movements) and comes with an app that helps you "Track just about everything". The activity sensor that is placed on the nappy also tracks a baby's sleep.
Concerns over security and privacy have been raised, given baby monitors can be susceptible to hackers and any app that holds personal information could potentially expose that information.
Experts say the concept could be helpful to some parents but that there…
Content Type: Examples
A 19-year-old medical student was raped and drowned in the River Dresiam in October 2016. The police identified the accused by a hair found at the scene of the crime. The data recorded by the health app on his phone helped identify his location and recorded his activities throughout the day. A portion of his activity was recorded as “climbing stairs”, which authorities were able to correlate with the time he would have dragged his victim down the river embankment, and then climbed…
Content Type: Examples
The body of a 57-year-old was found in the laundry room of her home in Valley View, Adelaide, in September 2016. Her daughter-in-law who was in the house at the time of the murder claimed that she was tied up by a group of men who entered the house and managed to escape when they left. However, the data from the victim's smartwatch did not corroborate her story.The prosecution alleged that the watch had recorded data consistent with a person going into shock and losing consciousness. "The…
Content Type: Examples
The 90-year old suspect when to his stepdaughter's house at San Jose, California for a brief visit. Five days later, his stepdaugter's body, Karen was discovered by a co-worker in her house with fatal lacerations on her head and neck. The police used the data recorded by the victim's Fitbit fitness tracker to determine the time of the murder. It was been reported that the Fitbit data showed that her heart rate had spiked significantly around 3:20 p.m. on September 8, when her stepfather was…
Content Type: Examples
On 14 May 2018, the husband of the victim, a pharmacist living in Linthorpe in Middlesbrough, subdued his wife with insulin injection before straggling her. He then ransacked the house to make it appear as a burglary. The data recorded by the health app on the murder’s phone, showed him racing around the house as he staged the burglary, running up and down the stairs. The victim’s app showed that she remained still after her death apart from a movement of 14 paces when her husband moved her…
Content Type: Examples
A man from Middletown, Ohio, was indicted in January 2017 for aggravated arson and insurance fraud for allegedly setting fire to his home in September 2016. Ohio authorities decided and succeeded to obtain a search warrant for the data recorded on the pacemaker after identifying inconsistencies in the suspect’s account of facts. Ohio authorities alleged that the data showed that the accused was awake when he claimed to be sleeping. It has been reported that a cardiologist, examining data from…
Content Type: Explainer
We look at the recently published report on forensic science in the UK, highlight concerns about police not understanding new tech used to extract data from mobile phones; the risk of making incorrect inferences and the general lack of understanding about the capabilities of these tools.
The delivery of justice depends on the integrity and accuracy of evidence and trust that society has in it. So starts the damning report of the House of Lords Science and Technology Select…
Content Type: Examples
As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey, who will be supervised by the Ministry of Internal Affairs and Communications, are required to follow strict rules in attempting to hack into these devices: they are only allowed to use default…
Content Type: Examples
The miniature security camera maker Ring, which was acquired by Amazon in 2017 for a reported $1 billion, has a history of inadequate oversight of the data collected by those cameras on behalf of its customers. In 2016, it reportedly granted virtually unlimited access to its Ukraine-based research and development team to a folder on Amazon's S3 cloud service that held, unencrypted, every video Ring cameras around the world had recorded in order to compensate for weaknesses in its facial and…
Content Type: Examples
In 2016, Jamie Siminoff, the CEO of the miniature security camera company Ring, emailed his employees information them that the company would adopt a new mission to fight crime by using consumer electronics. The company, which Amazon acquired in 2018, sells its cameras with a social app, "Neighbors", which allows customers to watch their own property and share information about alleged criminality and suspicious individuals with the rest of the people on their block. Ring's hyper-connected…
Content Type: Examples
In February 2019, a faulty firmware update meant that Nike's latest $350 Adapt BB self-lacing shoes could not pair with the app that allows owners to adjust their tightness, customise the lights, and check remaining battery life. Because the shoes have no physical laces, the error effectively made the shoes unwearable.
https://arstechnica.com/gadgets/2019/02/my-left-shoe-wont-even-reboot-faulty-app-bricks-nike-smart-sneakers/
Writer: Ron Amadeo
Publication: Ars Technica
Content Type: Examples
In yet another murder case, a New Hampshire judge ordered Amazon to turn over two days of Amazon Echo recordings in a double murder case in November 2018.
Prosecutors believe that recordings from an Amazon Echo in the Farmington home where two women were murdered in January 2017 may yield further clues as to who their killer might be. Though the Echo was seized when police secured the crime scene, the recordings are stored on Amazon servers.
Timothy Verrill, of Dover, New Hampshire, was…
Content Type: Examples
In 2015, James Bates (of Arkansas, United States) was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015, police said. Amazon Echo entered the murder case because someone present on the night of Collins’ death recalled hearing music streaming through the device. It was widely reported that Amazon fought the prosecution’s request to hand over data recorded by the device that night. Eventually, the argument…
Content Type: Examples
In August 2018, domestic abuse victims, their lawyers, shelter workers, and emergency responders began finding that the Internet of Things was becoming an alarming new tool for harassment, monitoring, revenge, and control. Smartphone apps enable abusers to remotely control everyday objects inside their targets homes and use them to watch, listen, scare, or intimidate. Lack of knowledge about how the technology works and uncertainty about how much control the abusive partner has add a…
Content Type: Examples
In June 2018, security researchers found that Google's smart speaker and home assistant, Google Home, and its Chromecast streaming device could be made to leak highly accurate location information because they failed to require authentication from other machines on their local network. The attack worked by requesting a list of nearby wireless networks from the Google device and sending that list on to Google's geolocation lookup service, whose map of wireless network names around the world is…
Content Type: Examples
In 2018, documents filed in a court case showed that a few days before the 2017 inauguration of US president Donald Trump - timing that may have been a coincidence - two Romanian hackers took over 123 of the police department's 187 surveillance cameras in Washington, DC with the intention of using police computers to email ransomware to more than 179,000 accounts. The prosecution also said the alleged hackers had stolen banking credentials and passwords and could have used police computers to…
Content Type: Examples
In a talk at the 2018 Wall Street Journal CEO Council Conference, Darktrace CEO Nicole Eagan gave as an example of the new opportunities afforded by the Internet of Things a case in which attackers used a thermometer in a lobby aquarium to gain a foothold in a casino's network and exfiltrate the high-roller database. Regulation will be required to set minimum security standards.
https://www.businessinsider.de/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4…
Content Type: Examples
In 2018, a South Carolina woman realised her FREDI video baby monitor had been hacked when the camera began panning across the room to the spot where she breastfed her son. A 2015 study conducted by Rapid7 found that baby monitors have a number of vulnerabilities that are both easily exploited and long-ago solved for modern computers. Consumers eager to avoid these problems should either avoid buying monitors with internet connections or look for manufacturers that are known to fix security…
Content Type: Examples
In June 2018, after privacy activists found security flaws in toys such as My Friend Cayla and others and the US Consumer Product Safety Commission opened an investigation into the problems of connected gadgets, Amazon, Walmart, and Target announced they would stop selling CloudPets. Made by Spiral Toys, CloudPets uses voice recordings, an internet connection, and a Bluetooth-connected app. In 2017, a hackers were able to access and hold for ransom CloudPets' database, including email addresses…
Content Type: Examples
In May 2018, researchers in the US and China demonstrated that they could send commands that activate Apple's Siri, Amazon's Alexa, and Google Assistant but that are inaudible to the human ear. The researchers were able to make smartphones and smart speakers dial phone numbers and open websites; the potential is there to make them operate Internet of Things devices, wire money, or execute retail transactions by hiding commands in music or other audio.
https://www.nytimes.com/2018/05/10/…
Content Type: Examples
In October 2018, a transparency report from the smart home company Nest, which Google acquired for $3.2 billion in 2014, found that between 2015 and 2018 Nest had been told to hand over data on 300 separate occasions relating to up to 525 Nest account holders. Nest turned over data in fewer than 20% of the cases in the first half of 2018, down from the second half of 2015, when the company complied nearly 60% of the time. Nest is best known for its smart thermostats, but it also makes…
Content Type: Examples
Reporter Kashmir Hill tested life in a smart home by adding numerous connected devices. The self-heating bed gave her daily reports on whether she'd reached her "sleep goal". She liked the convenience of the voice-activated lights, coffee maker, and music, the ability to convey a message to a toddler through a toy, and the robot vacuum cleaner. Meanwhile, colleague Surya Mattu built a Raspberry Pi router to monitor these devices to find out what data they collected and where they wanted to send…
Content Type: Examples
Police investigating the 2016 rape and murder of a 19-year-old medical student were unable to search the iPhone of suspect Hussein Khavari, an Afghan refugee who declined to give them his password. The investigators gained access to the phone via a private company in Munich, and went through Apple's health app data to discern what kinds of activities Khavari participated in on the day of the murder. The app identified the bulk of his activity as "climbing stairs". An investigator of similar…
Content Type: Examples
The French data protection regulator, the Commission Nationale de l'Informatique et des Libertés (CNIL), has issued a formal notice to Genesis Industries Limited, the maker of the connected toys My Friend Cayla and I-QUE. Genesis has two months to bring the toys into compliance with data protection law. CNIL says that based on the security flaws found by a consumer association (presumably the Norwegian Consumer Council, which did this work in 2016) its chair decided to perform online…
Content Type: Examples
Recognising that many parents will be considering purchasing connected toys and other devices for their children, for Christmas 2017 the UK's Information Commissioner's Office issued a list of 12 guidelines for assessing products before purchasing. These include: research the product's security before buying; watch out for online shopping fraud; plan ahead to study the product's security and privacy options; change default user names and passwords; ensure your home router is security; use two-…
Content Type: Examples
Owners of the Hong Kong-based sex toy company Lovense's vibrators who installed the company's remote control app were surprised to discover that the app was recording user sessions without their knowledge. They had authorised the app to use the phone's built-in microphone and camera, but only for use within the app's built-in chat function and to send voice clips on command. Lovense says that no data was sent to its servers, and that the audio files users have found stored on their phones are…
Content Type: Examples
The UK consumer watchdog Which? has called on retailers to stop selling popular connected toys it says have proven security issues. These include Hasbro's Furby Connect, Vivid Imagination's I-Que robot, and Spiral Toys' Cloudpets and Toy-fi Teddy. In its report, Which? found that these toys do not require authentication to link to other devices via Bluetooth, meaning that any device within range could connect to the toys and take control of them or send messages. Spiral Toys did not comment.…
Content Type: Examples
Privacy and child advocacy groups in the US, Denmark, Belgium, the Netherlands, Sweden, Germany, and the UK are filing complaints with regulators after a study by the Norwegian Consumer Council found critical security flaws and missing privacy protection in children's smartwatches. The watches, which are functionally essentially wearable smartphones, are intended to help parents keep an eye on their children. However, the NCC's research found that they can be easily taken over by strangers and…