I’ve been waiting for the right time to review some old indoor security cameras for the past several months. It’s not about the brand (Blink) or the cameras (which work quite well thus far!). It’s that every time I prepare to write about them, news like the recent Ring ransomware attack or Eufy’s insecure network would emerge, and I would kick my security cam reviews down the road.Why? Because I’ve become increasingly uncomfortable recommending any security camera when knowing whether or not the backend is secure has become something only bug bounty hunters and clairvoyants could safely tell you.

When I review a product, I try to be as nitpicky as possible. Not because I want to give a bad review, but because it’s my job to go past the idealized press releases and spec sheets to see the cracks beneath the surface.

My overall point is simple: Even popular security companies with seemingly impregnable encryption will make decisions that leave your private data or home feeds vulnerable — or hire someone that exploits their power in disturbing ways. And once that company finds out, there is absolutely no guarantee you’ll find out about it unless someone whistleblows or a security expert catches their mistake.

…

Not only do security vulnerabilities lurk within software, but they can also be embedded directly into hardware, leaving technical applications open to widespread attack.Researchers from Ruhr University Bochum, Germany, and the Max Planck Institute for Security and Privacy (MPI-SP) are pioneering innovative detection techniques to combat these hardware Trojans. Their advanced algorithm can identify discrepancies by comparing chip blueprints with electron microscope images of the actual chips. This groundbreaking method successfully detected irregularities in 37 out of 40 cases.

The research team has generously made available all chip images, design data, and analysis algorithms online at no cost, enabling fellow researchers to access and utilize these resources for their own investigations and advancements in the field.

“It’s conceivable that tiny changes might be inserted into the designs in the factories shortly before production that could override the security of the chips,” explains Dr. Steffen Becker and gives an example for the possible consequences: “In extreme cases, such hardware Trojans could allow an attacker to paralyze parts of the telecommunications infrastructure at the push of a button.”

Everything is a subscription these days. And sometimes, those subscriptions are really hard to cancel — intentionally so. Sneaky companies know that the harder it is to stop paying for their services, the more money they’ll get from people who either didn’t know they were signing up for a paid service in the first place or don’t have the time to cancel it.The Federal Trade Commission announced today that it’s proposing a “click to cancel” rule, which would force businesses to make it just as easy to sign off as it was to sign up.

The click to cancel rule, which is just a notice of proposed rulemaking for now, will amend and update the existing negative option rule, which, Khan said, typically applied to businesses that sent consumers products and then charged them if they didn’t send those products back quickly. But these days, the business model has shifted from physical products you get in the mail to ongoing subscriptions for access to products or services. The agency believes its rules should be updated accordingly.

In addition to requiring businesses to make it as easy to cancel as it is to sign up, the rule would also mean new requirements that businesses better inform consumers that they’re signing up for a paid service. They would also have to get users’ express consent to pay for that service and remind them before those services are automatically renewed.

…

Filed: https://www.vox.com/technology

RSS: https://www.vox.com/rss/technology/index.xml