Connect with us

Gadgets

Cheap Internet of Things gadgets betray you even after you toss them in the trash – TechCrunch

Published

on

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called Internet of Things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. You may not need to do much, but you still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home or other standards. This may give users a false sense that they are in some way accredited, inspected or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire, or at least a short, waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Make sure that the devices, and of course your router, are password protected, and take common sense measures like changing that password regularly.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Gadgets

Apple boosts employee pay as workers attempt to organize

Published

on

Enlarge / The branding on the front of an Apple Store retail location.

Apple plans to raise the starting pay of its hourly workers, according to a Wall Street Journal report. In the US, employees’ pay will be at least $22 per hour, which could be higher in some markets. That’s 45 percent higher than it was in 2018.

Additionally, Apple plans to increase starting salaries for corporate workers in the United States. It will also move up some employees’ annual reviews by several months to enact pay increases as soon as July.

In a statement, an Apple spokesperson said:

Supporting and retaining the best team members in the world enables us to deliver the best, most innovative, products and services for our customers. This year as part of our annual performance review process, we’re increasing our overall compensation budget.

There are likely several reasons for this move. First, businesses of all sizes are having a harder time attracting and retaining talent in this stage of the COVID-19 pandemic.

Apple could be facing more challenges than other big tech companies because of its efforts to get employees back into physical offices (though that doesn’t apply to hourly retail workers). It has repeatedly attempted to call employees into offices more days per week, but it has delayed those moves several times due to COVID-19 surges and organized employee resistance.

Apple recently lost an AI/machine learning leader who specifically cited the company’s remote work policy as a reason for his departure. Last week, the company postponed an imminent requirement to bring office workers back on-site for three days a week.

Economic factors are at play, too. Inflation has been at its highest in decades, contributing to pay dissatisfaction. The recent volatility of tech stocks could also be a factor. Tech companies like Apple sometimes seek to entice workers with stock options on top of salary and other compensation, but current and prospective employees might feel less enthusiastic about stock benefits right now.

Finally, retail workers at three US Apple Store locations have announced unionization plans. Some union organizers called for Apple to increase its base hourly pay.

Continue Reading

Gadgets

Modular Panasonic Toughbook has 8 replaceable parts, 1,200-nit screen

Published

on

Pansonic’s rugged Toughbook line expanded this week with the Toughbook 40. The new laptop carries many of the hallmarks of its predecessor, including military-grade durability specs and swappable parts, with some upgrades in size and display.

Toughbooks have durable designs meant to withstand long drops (as much as six feet, in this case) and challenging conditions, like rain. But another standout characteristic is their modularity. The Toughbook 40 has eight parts made to be easy to repair or upgrade: the battery, RAM, storage, and keyboard, plus four expansion areas. Various types of expansion packs are available, including an optical drive, fingerprint and barcode readers, and extra I/O ports, batteries, and storage.

Modularity.

In a FAQ (PDF), Panasonic said you can access most of the expansion areas with a screwdriver and some screws, while some only require you to use a slide lever. IT managers can lock down the SSD or expansion areas with a screw. According to Panasonic, there are 6,048 ways to build the Toughbook.

At 7.4 lbs, the 14-inch Touchbook 40 is 1.2 lbs lighter than the preceding laptop, the 13.1-inch Toughbook 31. That’s several pounds heavier than today’s ultralight laptops, but Toughbooks are built for extreme cases, like military and law enforcement use.

At 1,200 nits, the laptop’s 1920×1080 touchscreen is fit to use in a sunny room or outside. Panasonic didn’t specify battery life at that extreme brightness but claims that the PC can last up to 18 hours on the MobileMark 2014 benchmark and 36 hours if you get a second battery.

The laptop’s resistive touchpad has a 60 percent larger area, and it can be used while wearing gloves or during rain.

Inside, the Toughbook 40 has up to an Intel Core i7-1185G7 with Intel Iris Xe integrated graphics (a discrete, unspecified GPU will be coming at some point). The laptop is configurable with up to 2TB of storage, upgradeable via a quick-release latch, and up to 64GB of DDR4 RAM. Additionally, there’s a 5 MP webcam and the option for 4G or 5G connectivity.

The laptop starts with two USB-A ports and a Thunderbolt 4 port.
Enlarge / The laptop starts with two USB-A ports and a Thunderbolt 4 port.

In Panasonic’s announcement, Toughbook GM Craig Jackowski said the Toughbook 40 is the “most rugged” of the series. It meets the MIL-STD-810H and MIL-STD-461H military specifications and is CID2-certified for use in hazardous environments. It is IP66-certified, protecting it against dust and powerful water jets.

On the security side, the laptop has an encrypted OPAL SSD with optional FIPS, TPM 2.0, Intel Hardware Shield, and Microsoft Secure-core PC. The Toughbook 40 also introduces a “Secure Wipe” feature that “wipes the contents on the drive in a matter of seconds,” according to Panasonic.

Aimed at businesses and the public sector, the Toughbook 40 will start at $4,899 when it comes out in late spring, Panasonic’s announcement said. If you’re seeking something with a more digestible price, the 13.5-inch, DIY-friendly Framework laptop just got 12th Gen Intel CPUs.

Continue Reading

Gadgets

The Google Pixel Foldable is reportedly delayed to 2023

Published

on

Enlarge / The Oppo Find N. Google’s Pixel foldable is expected to have a similar aspect ratio.

Oppo

At Google’s recent I/O conference, we heard about a lot of upcoming Google hardware, including the Pixel 6a, Pixel 7, Pixel Watch, and even a Pixel Tablet, which isn’t due out until sometime in 2023. We didn’t hear anything about a Pixel foldable, though.

Still, we know something is in the works since the Google Camera app included the detection flag “isPixel2022Foldable” alongside flags for other Pixel devices. So what’s the deal?

The Elec reports that the Google foldable is delayed until 2023. This would mark the second time the foldable has been delayed, as it was originally due out late last year. It seems that the original plan was to release the product alongside Android 12L, aka 12.1, the tablet-and-foldables-focused Android release. Google often tries to develop Android builds and new hardware simultaneously, but making hardware is difficult.

Google's outline of the Pixel foldable, which was included in Android 12L.
Enlarge / Google’s outline of the Pixel foldable, which was included in Android 12L.

Google and Samsung are partnering up for Wear OS and the Google Tensor SoC, and the Pixel foldable is likewise expected to use a lot of Samsung parts. That means a Samsung Display-made flexible OLED display on the inside, flexible “ultra-thin glass” for added rigidity, and a hinge from Samsung’s hinge supplier.

The display sizes are 7.57 inches inside and 5.78 inches outside. That’s close to the Galaxy Z Fold 3 but not exactly the same. 9to5Google found simplified animations of a Google Foldable in Android 12L, and they suggest that Google’s phone will open to a wider aspect ratio than Samsung’s, which would put it more in line with the Oppo Find N.

You can’t blame Google for not wanting to rush a foldable to market. Users still regularly report cracked displays, even from Samsung’s third-generation foldable; combined with the device’s $1,800 price tag, that makes it a tough sell.

Continue Reading

Trending