New South Wales is implementing a camera system that automatically detects when a driver is using a mobile phone.
Powered by WPeMatico
December 2, 2019 australia, cameras, cars, phones, Security technology Read more >
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera.
It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app:
This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.
On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.
Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.
Zoom didn’t take the vulnerability seriously:
This vulnerability was originally responsibly disclosed on March 26, 2019. This initial report included a proposed description of a ‘quick fix’ Zoom could have implemented by simply changing their server logic. It took Zoom 10 days to confirm the vulnerability. The first actual meeting about how the vulnerability would be patched occurred on June 11th, 2019, only 18 days before the end of the 90-day public disclosure deadline. During this meeting, the details of the vulnerability were confirmed and Zoom’s planned solution was discussed. However, I was very easily able to spot and describe bypasses in their planned fix. At this point, Zoom was left with 18 days to resolve the vulnerability. On June 24th after 90 days of waiting, the last day before the public disclosure deadline, I discovered that Zoom had only implemented the ‘quick fix’ solution originally suggested.
This is why we disclose vulnerabilities. Now, finally, Zoom is taking this seriously and fixing it for real.
Powered by WPeMatico
July 16, 2019 cameras, disclosure, exploits, patching, Security technology, vulnerabilities Read more >
“Hey Siri; I’m getting pulled over” can be a shortcut:
Once the shortcut is installed and configured, you just have to say, for example, “Hey Siri, I’m getting pulled over.” Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on “do not disturb” mode.
It also sends a quick text to a predetermined contact to tell them you’ve been pulled over, and it starts recording using the iPhone’s front-facing camera. Once you’ve stopped recording, it can text or email the video to a different predetermined contact and save it to Dropbox.
Powered by WPeMatico
June 7, 2019 cameras, iphone, police, Security technology Read more >
The New York Times is reporting on the security measures people are using to protect nativity displays.
Powered by WPeMatico
December 27, 2018 cameras, Security technology, securitymonitoring, theft Read more >
Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.
According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since June 2018 for “video recording and reproducing equipment.” ICE paid out about $28,000 to Cowboy Streetlight Concealments over the same period of time.
It’s unclear where the DEA and ICE streetlight cameras have been installed, or where the next deployments will take place. ICE offices in Dallas, Houston, and San Antonio have provided funding for recent acquisitions from Cowboy Streetlight Concealments; the DEA’s most recent purchases were funded by the agency’s Office of Investigative Technology, which is located in Lorton, Virginia.
Fifty thousand dollars doesn’t buy a lot of streetlight surveillance cameras, so either this is a pilot program or there are a lot more procurements elsewhere that we don’t know about.
Powered by WPeMatico
November 16, 2018 cameras, camouflage, concealment, Security technology Read more >
Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it’s reviewing wireless home-security cameras.
It found significant security vulnerabilities in D-Link cameras:
In contrast, D-Link doesn’t store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the user in different ways.
Users can view the video using an app, mydlink Lite. The video is encrypted, and it travels from the camera through D-Link’s corporate servers, and ultimately to the user’s phone. Users can also access the same encrypted video feed through a company web page, mydlink.com. Those are both secure methods of accessing the video.
But the D-Link camera also lets you bypass the D-Link corporate servers and access the video directly through a web browser on a laptop or other device. If you do this, the web server on the camera doesn’t encrypt the video.
If you set up this kind of remote access, the camera and unencrypted video is open to the web. They could be discovered by anyone who finds or guesses the camera’s IP address — and if you haven’t set a strong password, a hacker might find it easy to gain access.
The real news is that Consumer Reports is able to put pressure on device manufacturers:
In response to a Consumer Reports query, D-Link said that security would be tightened through updates this fall. Consumer Reports will evaluate those updates once they are available.
This is the sort of sustained pressure we need on IoT device manufacturers.
Boing Boing link.
Powered by WPeMatico
November 7, 2018 cameras, internetofthings, Security technology, securityengineering, vulnerabilities Read more >
Police in the UK were able to read a fingerprint from a photo of a hand:
Staff from the unit’s specialist imaging team were able to enhance a picture of a hand holding a number of tablets, which was taken from a mobile phone, before fingerprint experts were able to positively identify that the hand was that of Elliott Morris.
[…]
Speaking about the pioneering techniques used in the case, Dave Thomas, forensic operations manager at the Scientific Support Unit, added: “Specialist staff within the JSIU fully utilised their expert image-enhancing skills which enabled them to provide something that the unit’s fingerprint identification experts could work. Despite being provided with only a very small section of the fingerprint which was visible in the photograph, the team were able to successfully identify the individual.”
Powered by WPeMatico
April 19, 2018 cameras, drugtrade, fingerprints, identification, Security technology Read more >
Reka makes a “decorative Santa cam,” meaning that it’s not a real camera. Instead, it just gets children used to being under constant surveillance.
Our Santa Cam has a cute Father Christmas and mistletoe design, and a red, flashing LED light which will make the most logical kids suspend their disbelief and start to believe!
Powered by WPeMatico
January 2, 2018 cameras, children, privacy, Security technology, surveillance Read more >
Shonin is a personal bodycam up on Kickstarter.
There are a lot of complicated issues surrounding bodycams — for example, it’s obvious that police bodycams reduce violence — but the one thing everyone is certain about is that they will proliferate. I’m not sure society is fully ready for the ramifications of this level of recording.
Powered by WPeMatico
August 23, 2017 cameras, privacy, Security technology, surveillance Read more >
The website key.me will make a duplicate key from a digital photo.
If a friend or coworker leaves their keys unattended for a few seconds, you know what to do.
Powered by WPeMatico
July 6, 2017 cameras, keys, Security technology, theft Read more >