Hasta La Gadget!

Jay Freeman, an iOS and Android developer known for his popular Cydia app store accessible by jailbroken iPhones, has discovered a scary security flaw in Google Glass. While toying around with the Explorer edition of Google Glass, Freeman discovered that the device’s lack of a PIN code or any other form of authentication could make it easy for hackers to install surveillance malware onto the device.

Unlike a smartphone, which stays in your pocket most of the time, a hacked Google Glass can give hackers access to everything you see and everything you hear. According to Freeman, “The only thing it doesn’t know are your thoughts.” All a hacker needs to do is grab an unattended Google Glass, hook it up to their computer via USB, and enable root access on the device. Freeman says,

“Once the attacker has root on your Glass, they have much more power than if they had access to your phone or even your computer: They have control over a camera and microphone that are attached to your head.”

Not only will hackers be able to see and hear everything around you, they will be able to upload your files and recordings to remote servers. Freeman says that a hacked Google Glass “knows all your passwords” because it sees you typing them in. With a compromised Google Glass, “Nothing is safe.” However, chances are that Google will take note of these security flaws and issue fixes to them before the devices become available to consumers early next year.

On the bright side, the only way hackers can install surveillance malware onto your Google Glass device is if they have physical access to it, meaning it won’t be too common. But nonetheless, Google needs to step up the security on the device. The user’s privacy and security should always be the top priority for any company. Freeman issued a statement to Forbes regarding the entire situation. He says,

“It’s just kind of sloppy and negligent for Google to release a device to a bunch of early adopters that is missing a basic security function and even has a known bug on it that was disclosed eight months ago. Like someone could be inside of [tech pundit and blogger] Robert Scoble’s glass right now.”

[via Forbes]

Hacker shows how Google Glass could watch its user’s every move is written by Brian Sin & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Last week, we reported on a rather disturbing revelation that the Department of Defense and NSA have been sending out so-called 2511 letters that absolve companies of legal consequences for violating the Wiretap Act by intercepting their users’ communications. While the letters give ISPs and such incentive, they are no good if the company doesn’t want to obey an order to grab data. To remedy this, a government task force is seeking to have companies that don’t cooperate penalized.

The information comes from sources who are said to be both former and current officials who are familiar with the push. The FBI is said to be at the helm of the request, motivated by what it calls the “going dark” problem of not being able to access online-based communications and missing vital evidence or information because of it. For this reason, a government task force is pushing to have companies penalized for failing to comply with a wiretap order, which is usually achieved by claiming that a means of intercepting the communications is not possible.

Under the proposal, a company such as Google would need to establish a means of intercepting communications, with the freedom to do it however it wishes. If the company receives an order to intercept communications, under the proposal, it will need to do so or will face stiff fines, which are said to start out in the tens of thousands and only go up from there. Failing to follow the order will then lead to a hearing, with the fines doubling daily after 90 days.

Says the FBI’s General Counsel Andrew Weissmann: “The importance to us is pretty clear. We don’t have the ability to go to court and say, We need a court order to effectuate the intercept.’ Other countries have that. Most people assume that’s what you’re getting when you go to a court.” Says the sources, the Obama administration has not signed off on the proposal, and all government agencies asked about the leak declined commenting on it.

[via Washington Post]

Government seeks to strong arm companies into spying on users is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Hacked online deals site LivingSocial has temporarily frozen its customer phone support, blaming extremes of call volume from security-worried users. The daily promotions site, in which Amazon is an investor, admitted on Friday that its database had been compromised, with names, email address, some dates of birth, and encrypted passwords of in excess of 50 million users taken. LivingSocial is now working with authorities to investigate the breach, the company said in an email to users, but in the meantime has shut down its telephone support line.

That decision to shift solely to web-based support is one of resources, according to LivingSocial CEO Tim O’Shaughnessy, who argues that a contact-form system will actually result in fewer frustrated customers.

“Because we anticipate a high call volume and may not be able to answer or return all calls in a responsible fashion, we are likely to temporarily suspend consumer phone-based servicing,” O’Shaughnessy told Marketwatch. We will be devoting all available resources to our Web-based servicing.”

Password and payment safety is always a cause of concern after a site is hacked, but LivingSocial moved quickly to reassure users that their data is, for the most part, safe. The passwords taken were hashed and salted – in short, encrypted – according to the company’s FAQ on the data theft, and no credit card information was taken.

Meanwhile, those who signed into LivingSocial using Facebook Connect have not been compromised, with no impact on their Facebook accounts. However, if they ever had cause to create a separate password on the deals site, that must now be changed.

The exact nature of the hack is yet to be detailed, though LivingSocial is actively investigating it. For the moment, the advice is to change your passwords for any other site using the same login credentials as you might have registered on LivingSocial, and keep an eye out for potential spam or phishing attempts that land in your inbox.

Hacked LivingSocial unplugs the phones as call-center support frozen is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

LivingSocial, a website that provides users with deals on a daily basis, has been hacked, it revealed in a memo to employees and later on with a public statement to users. According to a spokesperson, hackers breached the system and pulled quite a bit of user data, including usernames, encrypted passwords, birth dates, and email addresses of potentially 50 million users. Fortunately, financial information was not accessed.

As a result of the breach, LivingSocial has begun resetting users’ passwords, and is also sending off emails to customers advising them of the situation, with the exception of users located in South Korea, Thailand, the Philippines, and Indonesia because those systems weren’t harmed. Fortunately, while the hackers got some information, the passwords were encrypted.

Users will need to create a new password now that their current one has been reset. Said LivingSocial in a memo to its employees: “We recently experienced a cyberattack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue.”

Although the passwords were encrypted, the possibility exists that they could be cracked, and because of this LivingSocial is encouraging its users to create new passwords on their other online accounts, such as banking, social networking, and email accounts, that use the same password or one close to it. In addition, LivingSocial is also advising users that any emails they may receive requesting password information is a phishing attempt and should be deleted.

[via New York]

LivingSocial breach leaves 50 million customers vulnerable is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

It could be said that one day every home will have automation features – it only makes sense given the increasingly wireless and mobile nature of technology and our lives in general. AT&T has gotten into the market, rolling out its Digital Life home management and automation system for the first time. For now, the service is available in 15 markets, with plans to roll it out in 50 markets by the end of the year.

Digital Life offers always-there home monitoring via AT&T centers, which customers have the ability to receive alerts from through a variety of means, including via mobile while away from home. Users can likewise manager their house from their tablet, smartphone, or laptop, locking doors, adjusting lights and thermostats, and more. For now, only customers in Atlanta, Austin, Boulder, Chicago, Dallas, Denver, Houston, Los Angeles, Miami, Philadelphia, Riverside, San Francisco, Seattle, St. Louis, and select parts of New York/New Jersey can subscribe.

The home management service comes in two varities: a $29.99 monthly + $149.99 installation package, and a $39.99 monthly + $249.99 installation pagkage with a few more options over the cheaper rate, such as a glass break detector and carbon monoxide detector. From there, users can add more feature, including a door, energy, camera, water detection, and water control package for smaller additional rates per month.

AT&T Digital Life’s Senior Vice President Kevin Petersen said, “We know how important security is to our customers, and this was our top priority when we set out to build Digital Life. People rely on their mobile devices more than ever, so Digital Life offers an easy and convenient way to secure their homes, protect their families and simplify their lives from virtually anywhere.”

[via AT&T]

AT&T rolls out Digital Life home management system, offers it in 15 markets is written by Brittany Hillen & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.