Clik here to view.
Some simple security advice for computer and smartphone users
After a recent TV show in which I demonstrated how easy it can be to compromise users computers and ‘steal’ very personal video and photos, here’s some really simple advice to help prevent this...
View ArticleClik here to view.
New, easier ways to make My Friend Cayla swear
As you may know we have done a lot of research on My Friend Cayla in a puerile attempt to get her to swear. We looked at her database of questions and “badwords”, we edited them and eventually got her...
View ArticleClik here to view.
VTech Innotab Max vulnerable to trivial data extraction
Just when you thought it couldn’t get much worse for VTech toys after the recent breach, we found two easy ways to pull the data from their kids Innotab tablet. In the case of a lost, stolen or re-sold...
View ArticleClik here to view.
VTech Innotab Max: it’s getting even worse! Apps run in debug mode
After extracting an image from an Innotab last night using the methods we blogged about yesterday, we mounted it and had a look. Here’s the /data directory mounted on a Linux VM Looking at the...
View ArticleClik here to view.
Vtech Innotab Max file extraction: Finding the Superblock
After the VTech hack, we thought we’d have a look at the security of some of their devices, just to see what we could find and whether I would even think about giving one to my kids. So after further...
View ArticleClik here to view.
Why buying a smart toy for a child might be the craziest thing you could do
There are 15 days until Christmas so there’s still plenty of time to be rummaging around looking for presents and having them delivered. Enough time to actually think about what you’re buying for your...
View ArticleClik here to view.
OWASP Birmingham IoT Hackathon
If you came to the OWASP Brum chapter meeting last night, it was great to see you. If you didn’t here’s what you missed… Ken (@TheKenMunroShow) opened with some background on the research we’ve done to...
View ArticleClik here to view.
Star Wars BB-8 IoT toy: awesome fun, but can it be turned to the Dark Side...
Like all Star Wars fans, we are all over the merchandise. Hence, when we saw the amazing BB-8 IoT toy from Sphero, we HAD to have one. It was of course purely for security research, but we had to have...
View ArticleClik here to view.
Steal your Wi-Fi key from your doorbell? IoT WTF!
The Ring is a Wi-Fi doorbell that connects to your home Wi-Fi. It’s a really cool device that allows you to answer callers from your mobile phone, even when you’re not home. It’s one of the few IoT...
View ArticleClik here to view.
Who is tracking your run? Run and bike activity tracking app privacy issues...
(Cowritten with James Mace). Plenty of security vulnerabilities have been found in fitness tracking devices, but we wanted to have a look at the mobile apps that are used for run and bike tracking....
View ArticleWhy I think that U.S. house is hounded by phone trackers
After the BBC contacted us for comment on this story I thought it’d be useful and interesting to share the details that were omitted, as well as the reasoning behind some of my assumptions (none of...
View ArticleClik here to view.
Are your phones listening to you?
Ever had a weird situation where you’ve been talking about something, then shortly after an advert pops up on your phone or web browser relating to something you just said? There’s enough anecdotal...
View ArticleClik here to view.
BLN’s IoT Forum. What went down
We had a great time at the BLN IoT Security Forum yesterday, there was a stunning turnout and the audience made it an absolute pleasure. So many vulnerable gadgets, where to start? Ah, the perennially...
View ArticleClik here to view.
New Chromecast & Chromecast Audio. Have they fixed their hijacking issue?
Written in partnership with Minh-dat Lam. Back in 2013 the first ever Chromecast was released and shortly after in 2014 the first Chromecast was successfully hacked. This vulnerability was discovered...
View ArticleClik here to view.
Apps and Après. Skiing and privacy
Co-written with Chris Pritchard. We were recently researching a job lot of ski and snow sport related hardware and software and discovered one app (of the many we reviewed) that gave us cause for...
View ArticleClik here to view.
How we made the listening-in Android app
You may have seen us on the BBC recently, showing how a mobile device can be used to snoop on you. I created an Android app to surreptitiously listen-in to conversations near the device and send them...
View ArticleClik here to view.
Another (un)smart Smarter app
You might remember we looked at the hardware of the Smarter WiFi Coffee machine and found you could command it without adding it to your network and using the app. Accompanying the device was a new app...
View ArticleClik here to view.
How-to subvert Android backups to export sandboxed app files
During Android security reviews one of the most annoying and troublesome things I come across is getting the data onto my assessment machine for thorough analysis. It’s the copying of sandboxed...
View ArticleClik here to view.
Snooping Sony Bravia TV
You’ll no doubt have seen the snooping Samsung TV we investigated last year. …and the snooping Android mobile app we wrote for the BBC a couple of months back. Since then we’ve been trying to combine...
View ArticleClik here to view.
Argos MyTablet FUBAR
Some time ago, we noticed that Argos was selling a cheap tablet – the Bush MyTablet. It didn’t get great reviews, but our attention was drawn to it because 1. It was clearly running Android 2. It used...
View Article