Connect with us

Eavesdropping

Are Children Losing Their Childhood to Smart Toys?

Published

on

Smart toys are on the rise, but while they may have the ability to enhance a child’s play, do they also pose a threat by spying on what children are doing?

// -- Discuss and ask questions in our community on Workplace.

In an article from the New Scientist, the issue of privacy is looked into. More specifically, the privacy of children.

Nowadays, it seems it’s no longer a case of simply playing with Ken and Barbie as the imagination of a child takes over. As the article reports, various companies have been looking into how they can capture the imagination of children. One play item, in particular, is the Barbie Hello Dreamhouse and Hello Barbie.

Created by the American toy-company Mattel, Inc., Barbie has been in existence since 1959. Designed by businesswoman Ruth Handler, Barbie has maintained its popularity with children up to the present day for nearly 60 years.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

But, in a bid to keep up with technological advances in the 21st century, Mattel, Inc., has created the Barbie Hello Dreamhouse, a pink-and-white smart house for the world’s most popular doll. Apparently, the Hello Barbie is reported to be able to talk to a child on a number of topics ranging – as the New Scientist states – ‘from fashion and family to dreams and paddleboarding.’

Nothing wrong with that, you might think.

Except for the fact that when a child presses Barbie’s buckle to talk to her, every word the child makes is then transmitted to a Mattel-owned server farm where it is analyzed so that a suitable reply can be sent back to the child.

Sending Details to Third Parties

Shockingly, the information that was being stored was also being sent on to third parties, which, naturally, ensued a backlash.

According to Josh Golin, executive director of the Campaign for a Commercial-Free Childhood (CCFC), who launched a social media campaign #HellNoBarbie, he said that:

It just struck us as such as invasion of children’s privacy.

Open to Hackers

Children, in their innocence, don’t realize that what they are telling their dolls may now be listened to by others. This can also include hackers.

Even though toys may seem above anything else, they can just as easily become a target for hackers too.

In 2015, Chinese company VTech was targeted by hackers. Reports stated that nearly five million parents and more than 200,000 children had their information stolen after a hacker breached the servers of the toy company.

As such privacy activists have objected not only because of the concern from others listening in or the vulnerability that toys can pose, but also because it can take away the nature of a child’s play.

Taking Away the Child’s Imagination

Of course, if you walk into someone’s house, the chances are that you will find a vast array of smart technology around. Consider digital assistants such as Siri, Alexa, and Allo to name a few.

Toys, however, don’t need to be smart, do they?

After all, when it comes to child’s play that’s when a child learns how to figure out skills while playing out a fantasy world that only they see in their eyes. By playing with toys that are already preprogramed with answers seems to only hinder a child’s play rather than broaden it.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Cybersecurity

Israeli Researchers Turn Speakers/Headphones Into Eavesdropping Microphones

Published

on

In the current age, even the most secure software and the best security practices might not be enough to prevent someone from being spied upon. Researchers continue to find novel and inventive ways to gather more data on everyday computer users, and the latest research from Israel’s Ben Gurion University is exceptional in this regard.

// -- Discuss and ask questions in our community on Workplace.

Using software alone, Mordechai Guri, Yosef Solewicz, Andrey Daidakulov, and Yuval Elovici were able to convert a given pair of headphones or speakers into Orwellian microphones beyond the user’s control or ability to patch. Their method [PDF] exploits a flaw in RealTek hardware chips, which are one of the most widely used chips in motherboards around the world. Companies like Dell, HP, and Compaq regularly utilize RealTek’s industry standard audio chips in their products. Beyond that, motherboards sold to consumers wishing to build their own systems often also include the hardware.

A simple patch or firmware upgrade will not fix this flaw, making the exploit particularly delightful to intelligence agencies, profit-motivated hackers (think boardroom conference calls), and others. Basically, anywhere a computer has an audio output, which in the case of laptops is everywhere, audio can now be intercepted and then relayed with roughly the same quality as if a microphone itself had been compromised. The images of people like Mark Zuckerberg covering up their webcam and microphone with electrical tape now seem trivial.

Jack re-tasking – the process of converting an output jack to either an input or a two-way port – has long been a possibility, but few developers make use of it. Most laptops and desktops will have separate ports for each, while smartphones and the like often require hardware that can do both. But the innovation on the part of Ben Gurion’s researchers involves making any regular output hardware capable of doing as much with only software. They write:

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The fact that headphones and earphones are physically built like microphones, coupled with the fact that an audio port’s role in the PC can be altered programmatically from output to input, creates a vulnerability which can be abused by hackers.

The researchers noticed that the design of most audio input and output hardware was basically identical at the metal, drawing the following illustration for clarification:

Source: Ben-Gurion University of the Negev Cyber Security Research Center

Source: Ben-Gurion University of the Negev Cyber Security Research Center

One saving grace is that the audio output device must be “passive,” or unpowered. This means that if your speakers require power to work, they are not currently able to use these to listen to you. However, the vast majority of laptop speakers and earbuds are, by nature and necessity, passive. The researchers note that while they focused on RealTek codec hardware because of their popularity, other manufacturers also have the ability to retask jacks, which is the heart of the exploit.

While this may seem scary at first, it should be noted that, like anything else on your computer, audio input and output are data. They can therefore be encrypted with keys that are local to the machine, and it would seem that this new exploit opens up a new avenue of research for cryptographic researchers to institute audio encryption in the same way that full-disk encryption has become normalized.

Here is a demonstration of the method in action:

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cyberespionage

Apple Watches Banned from UK Cabinet Meetings for Hacking Fears

Published

on

Cabinet ministers have voiced concerns that Apple Watches could be hacked by Russian spies, prompting the devices to be barred from meetings, according to a report from The Telegraph.

// -- Discuss and ask questions in our community on Workplace.

Under the new leadership of Theresa May, U.K cabinet ministers have been barred from wearing the watch during meetings after concerns were raised that the gadgets could be employed as listening devices.

The Apple Watches join the list of banned items alongside mobile phones after these were barred for similar reasons.

According to a survey conducted by research firm IDC, Apple Watches account for seven percent of the market compared to FitBit, which is reported to account for 25.4 percent.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

A Threat from Russian Hackers

This latest news comes amid concerns of a possible threat from Russian hackers who have recently been in the news.

Russian hackers are alleged to have been able to obtain confidential emails from the Democratic National Congress during the U.S. elections despite Russian president, Vladimir Putin, denying this was the case. Surprisingly, congressional leaders are reported to have known about the hacking a year before it was officially announced.

Not only that, but at the recent Rio Olympics, which saw many Russian athletes banned from competing after it was revealed that there was a state-run doping program in the country, Russian hackers have retaliated.

A Russian cyberespionage group known as Fancy Bear recently accessed and leaked data from several high-profile Olympic athletes, by targeting a World Anti-Doping Agency (WADA) database. This is the same agency that placed a recommendation to ban all Russian athletes from the 2016 Rio Olympics.

Unsurprisingly, with the threat of Russian hackers high, and with devices such as mobile phones and watches now being considered as vulnerable gadgets that can be hacked into, it seems as though banning them from important meetings is the only way that will remove any possible threat to state security.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Cybersecurity

In Child Porn Bust, FBI May Have Used Malware on Innocent Users

Published

on

In 2013, the FBI confiscated Freedom Hosting, a service that hosted websites on the dark web, including several child pornography websites and private email service TorMail. When it happened, it was seen as a massive victory, but recently unsealed documents show the FBI may have used malware on innocent users.

// -- Discuss and ask questions in our community on Workplace.

Three years ago, the FBI was given a warrant that allowed them to hack 300 TorMail users who were allegedly linked to child pornography. They went with a piece of malware known as a Network Investigative Technique (NIT), with the goal of acquiring users’ real IP addresses.

The agency did manage to arrest a lot of people for child pornography, but documents unsealed by the American Civil Liberties Union (ACLU) show the NIT was actually used on innocent users.

According to the documents, the FBI was allowed to “investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password”. Yet, the NIT was used on users even before the TorMail login page appeared. WIRED’s coverage at the time claims users were given a “Down for Maintenance” page that carried the malware, on al websites hosted by Freedom Hosting.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Christopher Soghoian, principal technologist at the ACLU told told Motherboard:

While the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade

The malware was quickly discovered by the community, and that forced the Feds to end their operation sooner than expected. Be that as it may, the FBI still arrested a large number of child pornographers.

Christopher Soghoian also noted that it remains unclear whether the court knew the FBI hacked innocent users it shouldn’t have, and whether the agents who did it were punished.

How the Feds Caught the Pedophiles

Although the Feds allegedly hacked innocent users, they still got the job done, as their malware exploited a critical memory management vulnerability in Firefox, which later fixed the problem.

The NIT specifically targeted Tor’s Firefox version, through a hidden Windows executable named “Magneto”. All it did was look up the infected user’s MAC address – a unique hardware identifier – and the Windows hostname. Then it was all sent to a server in Virginia outside of Tor, exposing the user’s real IP address.

Magneto also sent a serial number that tied the victim to her visit to the hacked websites. Those who noticed the hidden iframe tag that loaded the JavaScript code, noticed a lot of work went into simply identifying users, so the Feds became a suspect.

Still, after identifying users’ real IP addresses, their anonymity was broken. Thus, child pornographers were taken down.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

Continue Reading

Trending