Science & Tech
Researcher Reveals Google Home Speakers Could’ve Been Hijacked And Turned Into Wiretaps
Security researcher Matt Kunze revealed a serious vulnerability in Google smart home speakers that could’ve enabled threat actors to gain remote access over the devices.
Kunze was experimenting with his own Google Home speaker in early 2021 when he found a hacker could install a ‘backdoor’ account on the device over the web. He detailed the security flaw at length on his blog, indicating someone could send commands to the speaker remotely, access its microphone, scrape Wi-Fi passwords, and access other devices on the network.
He said the hacker would have to trick the target or victim into installing a malicious Android app, which allowed the attacker’s account to connect with the smart speaker. Once the hacker was in, the microphone in the Google Home speaker would be easily accessible to snoop on conversations.
The victim would be clueless about the hack. Kunze said, “the only thing they might notice is that the device’s LEDs turn solid blue, but they’d probably just assume it’s updating the firmware or something.”
He reported the security flaw to Google in early 2021, and a patch was provided to all devices in April of the same year. The tech giant rewarded him with more than $100,000 for his efforts.
“I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices). These issues have since been fixed,” he wrote on his blog.
“It’s worth noting that Google Home was released in 2016, scheduled routines were added in 2018, and the Local Home SDK was introduced in 2020, so an attacker finding the issue before April 2021 would have had plenty of time to take advantage,” Tech blog Bleeping Computer pointed out.This post was originally published at Zero Hedge
Science & Tech
Musk Demands AP Back Claims Or Retract Article Over ‘Unchecked’ Stolen Election Tweets
Elon Musk has told AP to put up or shut up – after the outlet published an article alleging that “false claims of a stolen election thrive unchecked on Twitter,” refuting Musk’s claims during a CNBC interview that such claims would be fact checked on the platform.
“Either back up your claims @AP with actual source data or retract your story,” Musk tweeted on Friday.
The May 18 article written by Ali Swenson, who previously worked at a Magneto-funded fact checking nonprofit, the Center for Public Integrity, cites the CNBC interview in which Musk said that claims of stolen election on Twitter “will be corrected, 100 percent.”
Musk was responding to host David Faber, who asked about Twitter users claiming that the 2020 election was “rigged” or “stolen” and whether such tweets would be tagged with a community note or face other actions.
“To be clear, I don’t think it was a stolen election,” Musk replied, with the caveat that he believes there was someelection fraud.
“By the same token, if somebody is going to say that there is never any election fraud anywhere, this is obviously false. If 100 million people vote, the probability that the fraud is zero—is zero,” he added, before noting that it’s important to strike a balance in discussions regarding election integrity.
Regardless, people in America are allowed to question the outcome of elections – like Democrats did in 2016 when Hillary Clinton kicked off her self-pity tour – so CNBC and AP and the rest of them can pound sand with that little purity test.
According to the Associated Press article, since former President Donald Trump held a CNN town hall in which he reiterated his claims that the 2020 election was stolen, such claims have spread on Twitter.
“Yet many such claims have thrived on Twitter in the week since former President Donald Trump spent much of a CNN town hall digging in on his lie that the 2020 election was ‘rigged’ against him,” reads Swenson’s article, which provides no evidence. “Twitter posts that amplified those false claims have thousands of shares with no visible enforcement, a review of posts on the platform shows.”
The article cites media intelligence from firm Zignal Labs, which claims without evidence to have identified the 10 most widely shared tweets promoting a “rigged election” narrative following the town hall.
“While Twitter has a system in place for users to add context to misleading tweets, the 10 posts, which collectively amassed more than 43,000 retweets, had no such notes attached,” AP claimed – again without evidence.
More via the Epoch Times,
In his town hall appearance on CNN, Trump reiterated his view that the 2020 election was stolen.
The former president said that he performed “fantastically” in 2020, doing “far better” than in 2016 with 12 million more votes.
“When you look at that result and when you look at what happened during that election, unless you’re a very stupid person, you see what happens,” Trump said before adding that he believes the election was “rigged.”
“That was a rigged election, and it’s a shame that we had to go through it. It’s very bad for our country. All over the world, they looked at it, and they saw exactly what everyone else saw,” Trump said.
He pointed to the Twitter Files disclosures as an indication of apparent collusion between the FBI and Twitter to suppress the Hunter Biden laptop story in the run-up to the election, which Trump said, “made a big difference.”
The seventh installment of the Musk-endorsed Twitter Files claimed that there was an “organized effort” on the part of federal law enforcement to target social media companies that reported on the explosive Hunter Biden laptop story, which was first published by the New York Post.
Hunter Biden Laptop Story
In the run-up to the 2020 election, the New York Post published a story about a laptop abandoned at a computer repair shop that purportedly belonged to Hunter Biden and contained emails suggesting that then-candidate Joe Biden had knowledge of, and was allegedly involved in, his son’s foreign business dealings.
The New York Post’s story titled “Smoking-gun Email Reveals How Hunter Biden Introduced Ukrainian Businessman to VP Dad” was published on Oct. 14, 2020.
Twitter first prevented sharing of the story for 24 hours before reversing the decision. However, the story did not circulate on the platform for weeks because of a policy requiring the original poster to delete and repost the original tweet.
Polling has indicated that if the public had been aware of the suppressed story ahead of the election, it may have cost then presidential candidate Joe Biden several percentage points of voters—possibly enough to thwart his bid for the White House.
“In Twitter Files #7, we present evidence pointing to an organized effort by representatives of the intelligence community (IC), aimed at senior executives at news and social media companies, to discredit leaked information about Hunter Biden before and after it was published,” wrote author Michael Shellenberger, who released screenshots on Dec. 19, 2022, that appeared to show message exchanges between top Twitter officials and the FBI in October 2020.
The FBI told The Epoch Times in an earlier emailed statement that it had only offered general warnings to Twitter about foreign election interference and never pushed for the platform to suppress the Hunter Biden laptop story.
Former Twitter executives have conceded that they made a mistake by blocking the Hunter Biden laptop story but denied that they were pressured to suppress the story by law enforcement.
However, documents filed with the Federal Elections Commission (FEC) show that the FBI warned Twitter explicitly of a “hack-and-leak operation involving Hunter Biden” ahead of the 2020 presidential election.
Twitter’s former head of site integrity Yoel Roth made the remarks in a signed declaration (pdf) attached to a Dec. 21, 2020 letter to the FEC’s Office of Complaints Examination and Legal Administration on behalf of Twitter.
Roth said in the attached declaration that he was told by the FBI at a series of meetings ahead of the 2020 election that the agency warned of the threat of hacked materials being distributed on social media platforms.
“I was told in these meetings that the intelligence community expected that individuals associated with political campaigns would be subject to hacking attacks and that material obtained through those hacking attacks would likely be disseminated over social media platforms, including Twitter,” Roth stated in the declaration.
“I also learned in these meetings that there were rumors that a hack-and-leak operation would involve Hunter Biden,” Roth added.
Roth said that Twitter’s Site Integrity Team determined that the New York Post’s articles about the laptop violated the platform’s policies on hacked materials and Twitter took action to suppress the distribution of posts sharing the articles.
He later acknowledged that it was a mistake for Twitter to suppress the Hunter Biden laptop story.This post was originally published at Zero Hedge
Science & Tech
TSA Pilot-Tests Controversial Facial Recognition Technology At These 16 Airports
The next time you find yourself at airport security, prepare to look directly into a camera. The Transportation Security Administration is quietly testing controversial facial recognition technology at airports nationwide.
AP News said 16 airports, including Baltimore-Washington International Thurgood Marshall and Reagan National near Washington, as well as ones in Atlanta, Boston, Dallas, Denver, Detroit, Las Vegas, Los Angeles, Miami, Orlando, Phoenix, Salt Lake City, San Jose, and Gulfport-Biloxi and Jackson in Mississippi, have installed kiosks with cameras (at some TSA checkpoints) that allow passengers to insert their government-issued ID and look into a camera as facial recognition technology asses if the ID and person match.
Here’s what to expect at airports utilizing this new technology:
Travelers put their driver’s license into a slot that reads the card or place their passport photo against a card reader. Then they look at a camera on a screen about the size of an iPad, which captures their image and compares it to their ID. The technology is both checking to make sure the people at the airport match the ID they present and that the identification is in fact real. A TSA officer is still there and signs off on the screening. -AP
“What we are trying to do with this is aid the officers to actually determine that you are who you say who you are,” said Jason Lim, identity management capabilities manager, during a recent demonstration of the technology to reporters at BWI.
TSA said the pilot test is voluntary, and passengers can opt out. The facial recognition technology has raised concerns among critics, like five senators (four Democrats and an Independent) who sent a letter in February to the TSA requesting the pilot test be halted immediately.
“Increasing biometric surveillance of Americans by the government represents a risk to civil liberties and privacy rights,” the senators said.
The letter continued:
“We are concerned about the safety and security of Americans’ biometric data in the hands of authorized private corporations or unauthorized bad actors.
“As government agencies grow their database of identifying images, increasingly large databases will prove more and more enticing targets for hackers and cybercriminals.”
Meg Foster, a justice fellow at Georgetown University’s Center on Privacy and Technology, is concerned that even though the TSA says it’s not storing biometric data, it collects, “What if that changes in the future?”
Jeramie Scott, with the Electronic Privacy Information Center, said that even though the TSA facial recognition kiosks are being tested, it could be only a matter of time before it becomes a more permanent fixture at checkpoints.
Despite the US being a first-world country, it has third-world protections for its people. There’s an increasing number of government agencies that want your biometric data. Even the IRS wants your face.This post was originally published at Zero Hedge
Science & Tech
Twitter launches encrypted DMs – but Elon Musk warns users NOT to trust the WhatsApp-style feature yet
Elon Musk has warned Twitter users that its new WhatsApp-style feature should not be trusted – after launching it just yesterday.
Encrypted messaging was released on Wednesday as part of Twitter’s goal to become he ‘most trusted platform on the internet’.
But Musk has now stressed the privacy feature is ‘not quite there yet’ despite his initial jokes that he could not view messages even with a ‘gun to [his] head’.
Twitter said: ‘As Elon Musk said, when it comes to Direct Messages, the standard should be, if someone puts a gun to our heads, we still can’t access your messages. We’re not quite there yet, but we’re working on it.’
Encryption converts messages into scrambled text that cannot be read by anyone except the intended recipient.The Daily Mail