This security camera was infected by malware 98 seconds after it was plugged in

Heres an object lesson on the poor state of the so-called Internet of Things: Robert Stephens plugged a Wi-Fi-connected security camera into his network and it was compromised in 98 seconds.

Stephens, a tech industry veteran, wasnt so naive as to do this without protecting himself. It was walled off from the rest of the network and rate-limited so it couldnt participate in any DDoS attacks.

He monitored its traffic carefully, expecting to see as others have attempts to take over the device. But even the most jaded among us probably wouldnt have guessed it would take less than two minutes.

Ninety-eight seconds after it jumped on the Wi-Fi, the camera was attacked by a Mirai-like worm that knew the default login and password. The worm (its advance agent, really) checked the specs of its new home and then downloaded the rest of itself onto the device and, had Stephens not locked it down beforehand, would then be ready to participate in all manner of online shenanigans.

The camera, a cheap off-brand one from a company that sells smartwatches for $12, isnt exactly best-in-class. This type of thing could be fixed with a firmware update or, in some cases, by simply changing the default password, but not everyone knows to do that, and even the most tech-savvy people might not get that done in two minutes.

Better-quality devices will almost certainly be better protected against this kind of thing, and may for example block all incoming traffic until theyre paired with another device and set up manually. Still, this is a good reminder that it really is a jungle out there.

Read more: https://techcrunch.com/2016/11/18/this-security-camera-was-infected-by-malware-in-98-seconds-after-it-was-plugged-in/

Security researchers can turn headphones into microphones

Security researchers at Israels Ben Gurion University have created a proof-of-concept exploit that lets them turn headphones into microphones to secretly record conversations. The PoC, called Speake(a)r, first turned headphones connected to a PC into microphones and then tested the quality of sound recorded by a microphone vs. headphones on a target PC. In short, the headphones were nearly as good as an unpowered microphone at picking up audio in a room.

The hack is fairly ingenious. It essentially retasks the RealTek audio codec chip output found in many desktop computers into an input channel. This means you can plug your headphones into a seemingly output-only jack and hackers can still listen in. Our experiments demonstrate that intelligible audio can be acquired through earphones and can then be transmitted distances up to several meters away, wrote researcher Mordecai Guri. In addition, we showed that the same setup achieves channel capacity rates close to 1 Kbps in a wide range of frequencies.

Most of todays built-in sound cards are to some degree retaskable, which means that they can be used for more than one thing. the kernel exposes an interface that makes it possible to retask your jacks, but almost no one seems to use it, or even know about it, wrote Linux sound engineer David Henningsson. Thats exactly the exploit Speak(a)r uses.

This isnt a driver fix, either. The embedded chip does not allow users to properly prevent this hack which means your earbuds or nice cans could start picking up conversations instantly. In fact, even if you disable your microphone, a computer with a RealTek chip could still be hacked and exploited without your knowledge. The sound quality, as shown by this chart, is pretty much the same for a dedicated microphone and headphones.

screen-shot-2016-11-23-at-11-15-31-am

Modern PC and laptops motherboards include integrated audio codecs hardware which allow for modification of the audio jacks functionality from output to input within software, said Guri. In this paper we examine this issue in the context of cyber-security. We present SPEAKE(a)R, a software that can render a PC, even once without microphones, into an eavesdropping device.

Luckily this is still a proof-of-concept so you dont have to dunk your headphones in acid yet.

Read more: https://techcrunch.com

Canarys smart security camera now works with Apple TV

Security camera company Canary has today addressed one of the few complaints customers had with its product: there wasnt an easy way to watch your cameras feed on your TVs big screen. That has now changed with the launch of a new version of the Canary app, which adds support for Apple TV. This lets you view the live stream from your camera on your television, as well aswatch the recordings saved to your timeline.

The addition makes Canary far more useful, as it hadbefore focused on bringing its remote viewing capabilities to users smartphones. Of course, thatshelpful for when youre away from the house, or in another room. But many people want to more passively track their cameras feed at times like when youre keeping an eye on the kids playing in the yard, or when youre having a party and you want to see whos parking out front, for example.

canary-image-2

For those with a single Canary device, the new Apple TV app will launch straight to the Dashboard view. Here, you can choose to watch the cameras feed live or access your timeline. For those with multiple devices, the app will allow you use the Location view to move between different locations.

To view a specific event, you just click on the thumbnail image. You can also tap the Apple TV menu button to view a single entry, then bookmark or delete the event from your timeline by selecting the appropriate button.

A Related Videos section underneath each event will take you to the next or previous event in the timeline.

canary-image-3

Canary, for those unfamiliar, makes an affordable $199 security camera for use in the home, and it recently debuted its untethered counterpart for outdoor use, called Canary Flex.After initially getting its start onIndiegogo, the companyraised over $41 million in venture funding. Its devices are now sold byAmazon, Best Buy, Home Depot, Walmart, Apple, and Verizon, in addition to its own website.

The appeal for the device is a combination of price and ease-of-use. Its not difficult to set up, and even easier to use on an everyday basis thanks to its simply designed mobile application.

Along with the launch of its Apple TV app, the new Canary app (v2.0.2) will also support tablets, including both Android and iPad, as well as Android Wear.

canary-image-5

Read more: https://techcrunch.com