Search
Content type: Examples
The rush to incorporate greater safety from the coronavirus is bringing with it a new wave of workplace surveillance as companies install tracking software to determine who may have been exposed and which areas need deep cleaning if an employee gets infected; monitor social distancing; and use Bluetooth beacons embedded in badges to locate employees.
Companies are also installing thermal cameras to take employees' temperature as they enter the workplace or public area. Companies are also…
Content type: Examples
Academics have disclosed today a new vulnerability in the Bluetooth wireless protocol, broadly used to interconnect modern devices, such as smartphones, tablets, laptops, and smart IoT devices.
The vulnerability, codenamed BIAS (Bluetooth Impersonation AttackS), impacts the classic version of the Bluetooth protocol, also known as Basic Rate / Enhanced Data Rate, Bluetooth BR/EDR, or just Bluetooth Classic.
The BIAS attack
The BIAS security flaw resides in how devices handle the link key,…
Content type: Examples
Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted…
Content type: Examples
An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking.
Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers, are vulnerable when they communicate with their associated apps on the owner’s mobile phone.
"There is a fundamental…
Content type: Case Study
In 2015, James Bates was charged with first-degree murder in the death of Victor Collins. Collins was found floating face down in Bates’ hot tub in November 2015. Bentonville police served two search warrants ordering Amazon to turn over the “electronic data in the form of audio recordings, transcribed records, text records and other data contained on the Amazon Echo device” in Bates’ home.
The reason for the warrants? According to the police, just because the device was in the house that…
Content type: Report
When you rent a car at the airport, use a car-share for a family day trip, one of the first things you are likely to do before setting off on your journey, is to connect your phone to the car. You switch on the Bluetooth and see a list of other people’s phones that were previously connected - Mike’s iPhone, Samsung Galaxy, Bikerboy_Troi, Dee Dee. You input your journey into the navigation, perhaps noticing stored locations of previous drivers.
Seems fairly innocuous? Wrong. Your name and…
Content type: Examples
For a period between the end of October and November 3 2016 the heating and hot water systems in two buildings in the city of Lappeenranta, Finland were knocked out by a distributed denial of service attack designed to make the systems fail. The systems responded by repeatedly rebooting the main control circuit, which meant that the heating was never working - at a time when temperatures had already dropped below freezing. Specialists in building maintenance noted that companies often skimp on…
Content type: Examples
In 2017, when user Robert Martin posted a frustrated, disparaging review of the remote garage door opening kit Garadget on Amazon, the peeved owner briefly locked him out of the company's server and told him to send the kit back. After complaints on social media and from the company's board members, CEO Denis Grisak reinstated Martin's service. The incident highlighted the capricious and fine-grained control Internet of Things manufacturers can apply and the power they retain over devices…
Content type: Examples
Connecticut police have used the data collected by a murder victim's Fitbit to question her husband's alibi. Richard Dabate, accused of killing his wife in 2015, claimed a masked assailant came into the couple's home and used pressure points to subdue him before shooting his wife, Connie. However, her Fitbit's data acts as a "digital footprint", showing she continued to move around for more than an hour after the shooting took place. A 2015 report from the National Institute of…
Content type: Examples
A 2017 lawsuit filed by Chicagoan Kyle Zak against Bose Corp alleges that the company uses the Bose Connect app associated with its high-end Q35 wireless headphones to spy on its customers, tracking the music, podcasts, and other audio they listen to and then violates their privacy rights by selling the information without permission. The case reflects many of the concerns associated with Internet of Things devices, which frequently arrive with shoddy security or dubious data…
Content type: Case Study
Invisible and insecure infrastructure is facilitating data exploitation
Many technologies, including those that are critical to our day-to-day lives do not protect our privacy or security. One reason for this is that the standards which govern our modern internet infrastructure do not prioritise security which is imperative to protect privacy.
What happened?
An example of this is Wi-Fi, which is now on its sixth major revision (802.11ad). Wi-Fi was always designed to be a verbose in…
Content type: Report
The smart city market is booming. National and local governments all over the world expect their cities to become more efficient, more sustainable, cleaner and safer by integrating technology, increasing data generation and centralising data to provide better services. From large multinationals to small start-ups, companies want their slice of the multi-billion dollars per year pie of municipal budgets and long-term government contracts.
But do smart cities even exist? And are our cities…
Content type: Case Study
Our connected devices carry and communicate vast amounts of personal information, both visible and invisible.
What three things would you grab if your house was on fire? It’s a sure bet your mobile is going to rank pretty high. It’s our identity, saying more about us than we perhaps realise. It contains our photos, calendar, internet browsing, locations of where we go, where we’ve been, our emails, social media. It holds our online banking, notes with half written poems, shopping lists, shows…
Content type: Case Study
As society heads toward an ever more connected world, the ability for individuals to protect and manage the invisible data that companies and third parties hold about them, becomes increasingly difficult. This is further complicated by events like data breaches, hacks, and covert information gathering techniques, which are hard, if not impossible, to consent to. One area where this most pressing is in transportation, and by extension the so-called ‘connected car’.
When discussing connected…
Content type: News & Analysis
For as long as automobiles have been around, manufacturers have been trying to find ways of putting more technology inside of cars, oftentimes sold as value-added services for their customers, whether that be 8-tracks of the 1960s and 1970s, the enhancement to security of central locking of the 1980s and 1990s, or the introduction of satellite navigation in the 2000s.
Today, as our technologies become ‘smarter’, so do the risks to our personal privacy. This especially true as society is on the…