Researchers find major security flaw with ZigBee smart home devices

Source: http://www.engadget.com/2015/08/07/zigbee-security-flaw//

Manufacturers of smart home devices using the ZigBee standard are aiming for convenience at the expense of security, according to researchers from the Austrian security firm Cognosec. By making it easier to have smart home devices talk to each other, many companies also open up a major vulnerability with ZigBeee that could allow hackers to control your smart devices. And that could be a problem if you rely on things like smart locks or a connected alarm system for home security. Specifically, Cognosec found that ZigBee's reliance on an insecure key link with smart devices opens the door for hackers to spoof those devices and potentially gain control of your connected home.

"Tests with light bulbs, motion sensors, temperature sensors and even door locks have also shown that the vendors of the tested devices implemented the minimum of the features required to be certified," Cognosec's Tobias Zillner writes. Even worse, he points out that there's no way for consumers to make their smart devices more secure. In the end, he blames the push for ZigBee to be easy to use as the big reason why companies have been lax with security.

For anyone who's had worries about the vulnerability of the connected home, Cognosec's findings basically present the worst case scenario for ZigBee. Since it affects a wide variety of devices, it's unclear how quickly manufacturers will be able to come up with a fix. We've reached out to the ZigBee Alliance, whose members include major companies like Samsung, Sony and ARM, and will report back with their response.

[Photo credit: Tom Raftery/Flickr]

Filed under: Household

Comments

Via: TechCrunch

Source: Cognosec

Tags: hacks, security, smarthome, Zigbee

Read More...

Summary only...

Hackers could take complete control of your computer if you use 'the Netflix for pirated movies'

Source: http://www.businessinsider.com/hacker-proves-popcorn-time-is-not-safe-from-attack-2015-8

Popcorn Time, the Netflix-like website for pirated movie content, may be vulnerable to a hack attack, TorrentFreak reports. This is according to a Greek security researcher named Antonios Chariton who published a blog post this past weekend.

Using a series of techniques, Chariton wrote that he demonstrated how "someone can get complete control of a computer assuming they have a Man In The Middle position in the network."

A 'man-in-the-middle' attack is when a hacker intercepts a data request between two machines. It is then able to swap the intended data for something malicious. So, if an attacker is able to execute one of these intercepting attacks, he or she can wreak havoc on the computer running Popcorn Time.

The attack is based on the clever way Popcorn Time avoids being banned by internet service providers (ISPs). The application is able to connect directly to the CloudFlare network. This, put in the simplest of terms, means that if an ISP wants to block the Popcorn Time program it would have to ban the entire CloudFlare website and not just the pirated content program. This is a smart way to avoid widespread ISP blocks.

The problem, however, is that the connection to CloudFlare is made over the HTTP protocol, and it's been shown that HTTP is just not secure.

Chariton didn't mince his words: "HTTP is insecure. There's nothing you can do to change this. Please, use HTTPS everywhere, especially in applications that don't run inside a web browser."

Because of HTTP's vulnerability, Chariton wrote that he was able to inject malicious code into a victim computer using Popcorn Time.

Popcorn Time penned a blog post responding to these claims. It assured users that they “don’t need to worry.” For one, man-in-the-middle attacks are “very unlikely,” and require a hacker gaining access into a victim’s personal network.

The site does admit that there are some security issues to be dealt with. It says it will release a fix to these shortly, but adds that what Chariton brought to light isn't as dire as it may seem.

SEE ALSO: The malware that's been holding gamers' files hostage for $500 is now even more destructive

Join the conversation about this story »

NOW WATCH: All the incredibly useful things you didn't know your iPhone headphones could do

Read More...

Summary only...

Toshiba's new flash chips hold twice the data

Source: http://www.engadget.com/2015/08/04/toshiba-flash-chips-double-capacity//

Judging by recent announcements, we're about to enter a golden age of fast, nearly unlimited storage for all the high-res selfies you can shoot. Following an announcement by Intel and Micron last week, Toshiba and partner SanDisk revealed their own 256Gb flash chips. Toshiba already has the smallest flash cells in the world at 15 nanometers, which it stacks in 48 layers to maximize density. The new chips add in 3-bit tech (first used by Samsung) to squeeze even more bytes in, helping it double the storage of chips it announced just a few months ago. The result will be faster and more reliable memory for smartphones, SSDs and other devices.

Intel and Micron announced 256Gb chips using different, 32-layer tech earlier this year, so they may beat Toshiba/SanDisk to the manufacturing punch. Consumers will be the main beneficiaries of the rivalry, in any case. Micron said the tech will eventually yield up to 10TB laptop drives at much lower prices per gigabyte than current models. It'll also result in cheaper and faster memory chips for smartphones and other mobile devices. Toshiba's in the process of building its new fab plant in Japan, and said the 256Gb chips will be available sometime in 2016.

Filed under: Storage

Comments

Source: Toshiba

Tags: 256Gb, BiCS, Flash, memory, NAND, SanDisk, SSD, Toshiba

Read More...

Summary only...

Hacks turn Square's reader into a card-stealing machine

Source: http://www.engadget.com/2015/08/03/square-reader-card-skimming-hack//

As helpful as a Square Reader may be for purchases at trendy stores, you'll want to watch out -- in the right circumstances, they can also be used to steal your credit card info. Security researchers have discovered that you can physically disable the encryption the device uses to protect your financial info, turning the Reader into a tiny, portable card skimmer. There's also a way to record the signal created by your card when you swipe its magnetic stripe on an unmodified Reader, which theoretically lets evildoers charge your card without approval.

Square is quick to note that an altered Reader won't work with the official app, and that it's not possible to handle a stored swipe "more than once." However, this assumes that you're paying attention to the apps in use when you're buying goods. An enterprising criminal could develop unofficial software that looks legit, but hides skimming code underneath. While it's not very likely that you'll run into one of these tweaked scanners in the wild, it's worth keeping an eye on your credit card statement if that sketchy shop clerk breaks out a Reader to complete a sale.

Filed under: Cellphones, Peripherals, Tablets, Mobile

Comments

Via: Motherboard

Source: Black Hat, HackerOne

Tags: cardskimmer, mobilepostcross, peripherals, reader, retail, security, shopping, skimmer, skimming, square, squarereader

Read More...

Summary only...

Acer Aspire One Cloudbook gives you a full Windows laptop for $169

Source: http://www.engadget.com/2015/08/04/acer-aspire-one-cloudbook//

Hey, HP: you're far from the only one who can play the ridiculously low-cost Windows laptop game. Acer has unveiled the Aspire One Cloudbook 11 and 14, a pair of thin-and-light Windows 10 portables that promise a 'real' PC experience even if you're on a shoestring budget. They respectively cost a mere $169 and $199 in the US (a good $30 less than HP's Stream 11 and 13), but still manage to pack 1.6GHz Celeron processors, 2GB of RAM, full-size keyboards and expansion that includes USB, HDMI and SD card slots. Neither is going to be a screamer, then, but they may do the job if you're looking for a back to school system that's just good enough to handle your class notes and reports. Slideshow-308844

So how did Acer manage to undermine its biggest rival? By cutting a few corners, apparently. The company tells us that the $169 11-inch model has a very modest 16GB of built-in storage (you need to jump to higher-end versions to get 32GB or 64GB). The two Cloudbooks also have shorter battery life than the Stream series (between 6 to 7 hours), and there's a 480p webcam instead of HP's "HD" unit -- these are not the ideal machines for video calls with your parents. You do get free year-long subscriptions to both Office 365 Personal and 1TB of OneDrive space, though, so you won't have to pay a lot up front to be productive. If you want to give Acer's minimalist PC concept a shot, you can get the Cloudbook 11 in August and the Cloudbook 14 in September.

Filed under: Laptops, Acer

Comments

Source: Acer

Tags: acer, aspireonecloudbook, celeron, cloudbook, computer, laptop, pc, windows, windows10

Read More...

Summary only...

Fujifilm's X-T1 flagship camera gets an infrared edition

Source: http://www.engadget.com/2015/08/03/fujifilm-x-t1-ir//

No, this isn't the next flagship camera you've been waiting on from Fujifilm -- but this doesn't mean some of you won't be interested in it. The company today announced the X-T1 IR, a new edition of its high-end shooter featuring infrared technology, which captures details that aren't normally visible to the human eye. On the outside, Fujifilm's new camera looks identical to the original X-T1, with the two main changes being internal. While the X-T1 IR also features a 16.3-megapixel APS-C X-Trans CMOS II unit, its sensor's Standard IR cut filter was removed and an anti-reflective coating has been applied to it. Other than that, the remaing specs are the same: there's an EXR Processor II, a max ISO range of 25,600 and a weather-resistant shell, to mention a few.

Fujifilm says this would be a useful tool for people who investigate crime scenes, provide healthcare diagnostics or are involved in other similar scientific and technical fields. If that's you, the X-T1 IR can be yours in October for $1,700 (body-only).

Filed under: Cameras, Misc

Comments

Tags: Fujifilm, Fujifilm X-T1, Fujifilm X-T1 IR, Fujifilm X-T1IR, FujifilmX-T1, FujifilmX-T1IR, IR, X-T1 IR

Read More...

Summary only...

Qualcomm's wireless charging tech now works on metal phones

Source: http://www.engadget.com/2015/07/28/qualcomms-wireless-charging-tech-now-works-on-metal-phones/

Until now, you've had a choice: a smartphone with a sleek metal chassis, or one that played nice with wireless charging standards. Those days may be over. Qualcomm just announced that its WiPower charging technology can now power smartphones, tablets and other devices with metal cases. The updated standard is already available to device manufactures and licensees, the company says. Everything else about WiPower seems to be the same: it still charges at the same rate and still meets Rezence standards -- it's just doing the same job better now. Good enough.

Filed under: Cellphones, Mobile

Comments

Source: Qualcomm

Read More...

Summary only...

Nanowires help produce hydrogen fuel using sunlight

Source: http://www.engadget.com/2015/07/20/nanowires-help-produce-hydrogen-fuel-using-sunlight/

You ideally want to produce clean hydrogen fuel using clean sources, and Dutch researchers have taken a big step toward making that a practical reality. They've built a solar cell that uses a grid of gallium phosphide nanowires to make hydrogen gas from water. The approach gets a useful yield of about 2.9 percent in lab tests. That may not sound like much, but it's about 10 times more effective than previous techniques and uses 10,000 times less exotic material.

It's still going to take more refinements before this kind of technology is practical. Even hooking up silicon cells to a battery nets a 15 percent yield, for example. If scientists improve their methods, though, you could be driving hydrogen cars whose fuel is eco-friendly at every step, not just when it's in your vehicle.

[Image credit: AP Photo/Shizuo Kambayashi]

Filed under: Transportation, Science

Comments

Source: TUE, Nature

Read More...

Summary only...

This Sea Sapphire Can Become Transparent in the Blink of an Eye

Source: http://gizmodo.com/this-sea-sapphire-can-become-transparent-in-the-blink-o-1718968498

Now you see it, now you don’t. But the disappearing act performed by this small sea sapphire isn’t magic: it manage to flex its body to reflect frequencies of light that the human eye simply can’t see.

Read more...

Read More...

Summary only...

ASUS' slim and sharp ZenPad S tablet arrives in the US

Source: http://www.engadget.com/2015/07/12/asus-zenpad-s-8-reaches-us/

Looks like you didn't have to wait long for ASUS' ZenPad S 8.0 to show up in the US -- Best Buy is now selling the 8-inch Android 5.1 slate for an easy-to-swallow $200. While this isn't the highest-end version (it's carrying 'just' 2GB of RAM and a slower 1.33GHz Atom chip) it's far from a slouch. You're still getting an iPad mini-rivaling 2,048 x 1,536 display, 5-megapixel rear camera, 2-megapixel front cam and 32GB of storage in a frame that's just 0.27 inches thick. You'll have to like ASUS' custom software for the ZenPad S to float your boat, but it's otherwise a solid deal.

Filed under: Tablets, ASUS

Comments

Via: Android Central

Source: Best Buy

Read More...

Summary only...

Ditching RAM may lead to low-cost supercomputers

Source: http://www.engadget.com/2015/07/12/mit-flash-only-supercomputers/

Many servers, supercomputers and other monster systems thrive on high-speed RAM to keep things running smoothly, but this memory is wildly expensive -- and that limits not just the number of nodes in these clusters, but who can use them. MIT researchers may have a much more affordable approach in the future, though. They've built a server network (not shown here) that drops RAM in favor of cheaper and slower flash storage, yet performs just about as well. The key was to get the flash drives themselves (or specifically, their controllers) to pre-process some of the data, instead of making the CPUs do all the hard work. That doesn't completely close the speed gap, but the differences are virtually negligible. In one test, 20 servers with 20TB of flash were about as fast as 40 servers with 10TB of RAM.

This doesn't mean that flash-centric computing will be useful absolutely everywhere. MIT has only demonstrated its technique helping out with database-heavy tasks like ranking web pages. This wouldn't necessarily help much with tasks that depend more on calculations, and the networked design means it this RAM-less approach wouldn't do much to help your home PC. All the same, this could help a lot if it lets your favorite cloud service run faster, or helps cost-conscious scientists devote money toward other projects.

[Image credit: AP Photo/Jens Meyer]

Filed under: Storage, Science

Comments

Source: MIT News

Read More...

Summary only...

Comcast launches its own cable-free TV with Stream

Source: http://www.engadget.com/2015/07/12/comcast-xfinity-internet-stream/

The latest (and most interesting) entrant to the cord-cutting TV wars is here: Comcast. Tonight the company announced Stream, a service that delivers TV exclusively over the internet (Correction: it is "IP-based managed network" connection, check after the break for why that matters) to phones, tablets and computers -- but now TVs. The big catch? You'll need Comcast internet service to subscribe, and the Stream TV feeds only work while you're at home. It's only available in select areas to start, and will launch in Boston this summer. For $15 a month, subscribers get about a dozen channels, including all broadcast networks and HBO (but not ESPN or any other cable channels, according to the New York Times). It also has access to the usual TV Everywhere cable authenticated-streaming for when you're away from home, plus Comcast's Netflix-like Streampix service for movies.

As for the at-home restriction on TV service, that's because, as a Comcast representative tells Engadget, this is "an IP-based cable service that offers live, on demand and cloud DVR delivered over our managed network in the home." In case you're somehow not familiar with what that means, it translates to this service not using the open internet everyone else uses to reach subscriber's homes, even though it runs through the same wiring and modem over the last mile. Comcast made the same distinction when it launched video on-demand streaming to the Xbox 360 a few years back, and Reed Hastings was not happy with the explanation. Given the current climate around net neutrality, we can't imagine this launch will go over without any controversy, and expect to hear more about that bit soon.

Stream is very much cable TV without the cable box (or TV) -- assuming you have the company's internet service and live in the right area, all you'll need is a phone call to activate it. Unfortunately, it carries a surprisingly long list of restrictions, even for a brand new service. When Sling TV launched, you could get it everywhere, with PlayStation Vue, it came to your TV via consoles. While Stream has a DVR, network TV and HBO, it doesn't have quite enough to make me interested without a hook-up to real TVs or options for popular cable channels, and isn't going available where I live anyway.

Comcast already has an IPTV service it offers through universities, and made earlier efforts to push TV on phones and tablets in-home with its AnyPlay box. With cloud DVR tech in-hand, the company knows what many of us want -- TV service that works anywhere whether at home or away, with recordings, and smaller/cheaper bundles would be nice -- but will continue to play keep-away for now. If you're still interested, you can sign up for more info here.

Filed under: Home Entertainment, HD

Comments

Source: Comcast

Read More...

Summary only...

Amazon's Fling is its version of AirPlay and Google Cast

Source: http://www.engadget.com/2015/07/10/amazon-fling-sdk/

If you've been hoping for an AirPlay or Cast-like tool to beam content to your Amazon streaming gadgets, you'll soon be in luck. The company revealed its Fling feature this week, a tool that will allow developers to include a way to control media from a mobile device on your Fire TV. Right now, the software will let you send video, audio and still images from an Android or iOS device to the set-top box (or dongle, we'd surmise) for viewing. Devs can also employ "two-way communication" between the Fire TV and a phone or tablet to "engaging second screen experiences."

The company released an SDK so eager app makers can get started, and Karaoke Party and Rivet Radio are among the first selections to employ the tech. Rather than building the tool into it's OS like Apple and Google, Amazon is allowing app developers to add in Fling as they wish. Amazon's mobile devices run a version Google's operating system after all, and some folks who own its streaming gear probably also own an iOS or Android device. That being said, it'll be interesting to see if the likes of Netflix, Hulu and others will decide to opt in.

Filed under: Home Entertainment, Software, HD, Mobile, Amazon

Comments

Via: CNET

Source: Amazon

Read More...

Summary only...

Framing Pictures With Fingers Would Be the Best Google Glass 2.0 Feature

Source: http://gizmodo.com/framing-pictures-with-fingers-would-be-the-best-google-1716432783

The first Google Glass might’ve died an ignominious death, but don’t give up on face computers just yet. Google will most likely launch some kind of updated Glass in the future, and when it does, features like framing up pictures with your fingers could make it a whole lot better than version 1.0.

Read more...

Read More...

Summary only...

Google's DeepStereo makes Street View 'tourism' more realistic

Source: http://www.engadget.com/2015/07/08/googles-deepstereo/

Who here uses Street View to do some virtual traveling? It's not a shabby option if you want to look at places you might never visit within your lifetime, but Google thinks there's still a better way to simulate real-world tours. A team of the company's researchers has developed a technique that uses Google's experimental machine vision algorithm called DeepStereo to transform Street View panoramas into seamless virtual tours. See, Street View photos don't usually capture every detail of a location -- there are always a few frames missing in order to construct convincing digital reproductions of places like museums and houses. DeepStereo can synthesize those missing frames based on the ones that go before and after them, giving Google the ability to create realistic virtual tours.

In order to "train" DeepStero, the team had to feed the algorithm with images captured out of a moving vehicle; after that, it was able to start recreating images. It's still not perfect at this point -- some objects like trees or grass are hard to synthesize and details vanish from the recreated frame if the machine lacks pertinent details. In addition, it takes as long as 12 minutes on a powerful workstation to build a single synthetic frame. DeepStereo's obviously still a young technology, but the team believes it could be used not just to create virtual tours, but to generate environments for movies and virtual reality content in the future.

Filed under: Misc, Google

Comments

Via: MIT Technology Review

Source: Google

Read More...

Summary only...