Internet of Things (IoT) device security — especially in home security camera systems like Wyze, Aqara, and Ring — have repeatedly been shown to be leaky and insecure at best, with no two-factor authentication or encryption present. This has allowed for a multitude of incidents wherein hackers have gained control of people’s digital lives and threatened them.
The problem still is the passive watching that might be happening. Many of the devices are assembled in China, using Chinese parts. Even if the companies are not explicitly Chinese, this presents a threat. So much so that the U.S. Department of Interior at the end of January instituted a ban on Chinese-made drones and drone parts over fears that the tech might be sending information back to the Chinese government.
With billions of IoT devices coming to market now and over the next few years, it’s critical that each device is embedded with security.
The Dongguan Railway Station in southern China last weekend had bags and other items passed through the X-ray machine, when the operator suddenly noticed the unmistakable shape of a person on the monitor, the BBC reported.
The woman at the center of the incident had first placed her suitcase on the conveyor belt before walking through the scanner carrying her handbag. Security insisted she put her handbag on the conveyor belt, too, but apparently, keen to keep hold of it, she hopped onto the belt and disappeared into the machine. Clutching her bag.
Looking like something out of a sci-fi movie, the woman can be seen in the X-ray image as she trundles along on the conveyor belt.
China’s state-run People’s Daily news outlet obtained a security video taken at the machine. It appears to show the moment a security officer told the woman put her handbag on the belt, and then cuts to footage of her emerging from the machine. The security officer can be seen laughing as she comes out.
The odd incident occurred during the Lunar New Year travel rush last weekend.
It’s not clear if she was carrying something special inside her handbag, or if she was simply curious about what the inside of an X-ray machine looks like. There’s also a chance that she mistook the instructions of the security officer, though again, it’s hard to tell.
Some reports have suggested she may have had a large amount of cash inside the bag and so didn’t want to be separated from it even for a brief moment. Many Chinese who work far from their home cities are known to take some of their earnings back with them on holiday visits. It’s really not a good idea to take a ride on an X-ray machine as the radiation it emits is unlikely to do you any good.
Google rolled out a new program a new program called Advanced Protection intended to provide a much higher account security to users of services like Gmail and Drive who are at a high risk of being targeted by phishers, hackers, and others seeking their personal data. The opt-in program makes Google services much less convenient to use, but it’s built to prevent the sorts of breaches that have been making recent headlines.
Users who could benefit include journalists, politicians, and other public figures who may be running up against hostile actors with considerable resources—and also for private individuals in dangerous situations.
What’s more, the Advanced Protection Program goes beyond digital two-factor authentication by requiring a physical security key in addition to your password to log in. Facebook has offered something similar, and even video game company Blizzard has offered one to gamers who want to protect their World of Warcraft accounts for years. In this case, the security key is a USB stick or wireless Bluetooth device that works with FIDO Universal 2nd Factor (U2F). Google offers OAuth whitelisting and other features to enterprise customers that provide similar kinds of protection with greater control for administrators.
Three billion Yahoo accounts — including email, Tumblr, Fantasy, and Flickr — or three times as many as the company initially reported in 2016 were hacked.
Names, email addresses, and passwords, but not financial information, were breached, Yahoo said last year
The new disclosure comes four months after Verizon (VZ, Tech30) acquired Yahoo’s core internet assets for $4.48 billion. Yahoo is part of Verizon’s digital media company, which is called Oath.
Verizon revised the number of breached accounts to three billion after receiving new information.
“The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Verizon said in a statement.
Verizon would not provide any information about who the outside forensics experts are.
Yahoo will send emails to the additional affected accounts. Following the hacking revelations last year, Yahoo required password changes and invalidated unencrypted security questions to protect user information.
According to experts, it’s not uncommon for forensic investigations to expose a greater number of victims than initial estimates.
Whole Foods said it was alerted to a potential breach after it “receiving information about an unauthorized access of payment card information. It appears that Whole Foods did not detect the compromise itself, but was informed by a third party instead.
Analogic Corporation’s ConneCT system uses computed tomography technology and 3D imaging to give security officers at airport security checkpoints a 360-degree view of each bag, so they can more easily see through clutter and locate prohibited items.
The goal is to allow passengers to keep their personal electronic devices and bottles of liquids in their bags and speed up the screening process.
The motivation behind the technology is to keep “the traveling public moving through airports faster and safer than ever before.”
ConneCT’s first customer, American Airlines, which came on board in June, demonstrated the system at Phoenix Sky Harbour International. It also has been in testing in the U.K. A similar system also was tested at London’s Luton Airport.