Jul 11
Jul 11
Jul 11
Here’s a thing that should have never been a thing: Bluetooth-connected hair straighteners.
Glamoriser, a U.K. firm that bills itself as the maker of the “world’s first Bluetooth hair straighteners,” allows users to link the device to an app, which lets the owner set certain heat and style settings. The app can also be used to remotely switch off the straighteners within Bluetooth range.
Big problem, though. These straighteners can be hacked.
Security researchers at Pen Test Partners bought a pair and tested them out. They found that it was easy to send malicious Bluetooth commands within range to remotely control an owner’s straighteners.
The researchers demonstrated that they could send one of several commands over Bluetooth, such as the upper and lower temperature limit of the device — 122°F and 455°F respectively — as well as the shut-down time. Because the straighteners have no authentication, an attacker can remotely alter and override the temperature of the straighteners and how long they stay on — up to a limit of 20 minutes.
“As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners,” said Stuart Kennedy in his blog post, shared first with TechCrunch.
There is a caveat, said Kennedy. The straighteners only allow one concurrent connection. If the owner hasn’t connected their phone or they go out of range, only then can an attacker target the device.
Here at TechCrunch we’re all for setting things on fire “for journalism,” but in this case the numbers speak for themselves. If, per the researchers’ findings, the straighteners could be overridden to the maximum temperature of 455°F at the timeout of 20 minutes, that’s setting up a prime condition for a fire — or at very least burn damage.
It’s estimated that as many as 650,000 house fires in the U.K. are caused by hair straighteners and curling irons left on. In some cases it can take more than a half-hour for these heated devices to cool down to safe levels. U.K. fire and rescue services have called on owners to physically pull the plug on their devices to prevent fires and damage.
Glamoriser did not respond to a request for comment prior to publication. The app hasn’t been updated since June 2018, suggesting a fix has yet to be put in place.
Jul 11
It was reported yesterday how contractors hired by Google are listening to recordings of conversations that users have had with the Google Assistant. The report mentions that some of these recordings were captured even when the user hadn’t said the “Hey Google” trigger phrase. Google has now commented on the matter through a post on its official blog.
Google says that it works with language experts across the globe who are tasked with transcribing a small set of queries so that the system can better understand new languages. It acknowledges finding out that one of the language reviewers violated its data security policies by leaking Dutch audio data which was confidential.
“Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again,” it promises.
It also mentions that the assistant only sends audio to Google after the device detects that the user is interacting with it. However, it admits that there may be rare instances in which the Google Assistant experiences a “false accept,” where some noise or words in the background is wrongly interpreted by the software as the “Ok Google’ hotword.
Google says that it also applies a wide range of safeguards to protect user privacy through the entire process. The experts only get to review around 0.2 percent of all audio snippets. The snippets aren’t associated with user accounts and the reviewers are directed not to transcribe background conversations or other noises. They are to transcribe snippets that are directed to the assistant.
Google Responds To Contractors’ Misuse Of Google Assistant Recordings , original content from Ubergizmo. Read our Copyrights and terms of use.
Jul 11
Japan has claimed a world first with its Hayabusa 2 probe which made a “perfect” touchdown today on a distant asteroid. Not only that, but the Hayabusa2 probe also collected samples from beneath the surface of the asteroid. This unprecedented mission may help provide more insight about the origins of the solar system.
Japan Aerospace Exploration Agency project manager Yuichi Tsuda said at a news conference that “We’ve collected a part of the solar system’s history,” as subsurface material has never been gathered before from a celestial body that was further away from the moon. Japan has been able to do it successfully in a world first.
The Hayabusa2 probe is the size of a fridge and it made its second landing on the asteroid earlier today. The confirmation that it had landed actually came when the probe lifted back up from the asteroid and was able to resume communications with the control room in Sagamihara, Kanagawa Prefecture.
The probe’s mission is now complete as it has collected the samples. Hayabusa2 did that by extending a tube to the surface and then firing a small metallic projectile to capture the subsurface debris as it floated up. This was the second time that the Hayabusa2 touched down on the asteroid which is some 300 million kilometers from Earth. It will begin its journey back to Earth by the end of this year.
Japan’s Hayabusa2 Successful In Collecting Samples From Asteroid , original content from Ubergizmo. Read our Copyrights and terms of use.
Jul 11
It seems that violent games like PlayerUnknown’s Battlegrounds will always be at the center of some sort of controversy. Ever since PUBG became the immensely popular force of gaming it is today, various governments around the world have taken aim at it. Jordan is the latest to do so, with the country’s Telecommunications Regulatory Authority announcing that is has made … Continue reading
Jul 11
Both Strava and Relive have made statements on their recent breakup, suggesting that the other was the one that was at fault. According to Relive, they worked with Strava and followed Strava’s recent takedown request – but were blocked from the API nonetheless. Strava said Relive was simply abusing its API. Bicycle rides recorded in Strava will not, from this … Continue reading
Jul 11
Jul 11
It’s been said before, but it bears repeating: The first round of Democratic presidential debates failed the planet. In a combined 240 minutes of discussion—at an event held in city poised to sink into the ocean—the moderators devoted a combined 15 minutes of airtime to the biggest existential threat humanity faces.
Jul 11
Scientists have found evidence of Bronze Age human civilization written into ancient cattle DNA, according to a new study.
Who's in charge here?
This is site is run by Sascha Endlicher, M.A., during ungodly late night hours. Wanna know more about him? Connect via Social Media by jumping to about.me/sascha.endlicher.