Skip to content

Category: Culture

Culture

Nest’s “ease of use” imperative plus poor integration with Google security has turned it into a hacker’s playground


40 years ago, antitrust law put strict limits on mergers and acquisitions, but since the Reagan era, these firewalls have been dismantled, and now the biggest companies grow primarily by snapping up nascent competitors and merging with rivals; Google is a poster-child for this, having only ever created two successful products in-house (search and Gmail), with all other growth coming from acquisitions and mergers.


When companies grow this way, they experience “diseconomies of scale” — dysfunctions brought on by their inability to integrate the acquired companies into their culture and technology. Yahoo (more than Google) is the obvious poster-child for these diseconomies, a company that will go down in history as a voracious acquirer and murderer of the best technology startups of a generation (Flickr, Delicious, etc etc etc).


One Google’s most prominent acquisitions is the Internet of Things company Nest, whose “smart thermostats” were a beachhead for the company’s “ecosystem” — a group of surveillance devices and controllers that were bound to the Nest by DRM, meaning that independent security researchers who audited these actuators and sensors faced potential criminal and civil liability.


This limited scrutiny, plus Nest’s inability to integrate with Google’s security systems, has proven to be a uniquely toxic mix. Today, for as little as $20, you can buy “credential stuffing” software that will take the massive dumps of billions of passwords that have accumulated over the years and try them on Nest devices that are discoverable on the internet. Once a working username/password combo is hit, the system is yours: you can listen in and watch the owner, and play audio through the devices’ speakers (terrorizing toddlers with pornography on their baby monitors is an intruder’s favorite), etc. Recall that Nest installed secret, undocumented mics in some of its products.


There are at least two ways Nest could limit these attacks: first, they could implement two-factor authentication, which is becoming a gold standard for securing systems, and, conveniently, a field where Google is a clear leader, with its own 2FA app for mobile platforms. But Nest’s pitch is that it’s a plug-and-play system with no technical expertise necessary, and the company has decided that its target audience will be daunted by a 2FA requirement to set up its products.


Additionally, Nest could make use of Google’s extensive infrastructure for detecting credential-stuffing: the company has so much surveillance and telemetry deployed around the internet that it can detect many fraud attempts, by looking at everything from anomalies in users’ customary locations to IP addresses that have been implicated in earlier attacks.


But Google and Nest — despite being organized as sister companies under Alphabet (the confusingly named holding company whose pretense is that it owns Google and all of Google’s acquisitions) — do not share a security back-end. Rather, Google’s security team (one of the best in the world) offers “advice” to Nest’s security team. Clearly the advice was not sufficient, as can be seen in the mass-scale credential-stuffing attacks on Nest owners.


Tara Thomas thought her daughter was just having nightmares. “There’s a monster in my room,” the almost-3-year-old would say, sometimes pointing to the green light on the Nest Cam installed on the wall above her bed.

Then Thomas realized her daughter’s nightmares were real. In August, she walked into the room and heard pornography playing through the Nest Cam, which she had used for years as a baby monitor in their Novato, Calif., home. Hackers, whose voices could be heard faintly in the background, were playing the recording, using the intercom feature in the software. “I’m really sad I doubted my daughter,” she said.

Though it would be nearly impossible to find out who was behind it, a hack like this one doesn’t require much effort, for two reasons: Software designed to help people break into websites and devices has gotten so easy to use that it’s practically child’s play, and many companies, including Nest, have effectively chosen to let some hackers slip through the cracks rather than impose an array of inconvenient countermeasures that could detract from their users’ experience and ultimately alienate their customers.

How Nest, designed to keep intruders out of people’s homes, effectively allowed hackers to get in [Reed Albergotti/Washington Post]


(via Naked Capitalism)

from Boing Boing https://boingboing.net/2019/04/24/borked-by-m-and-a.html

Culture

Nvidia may be quietly building a transforming Shield Tablet

<em>Nvidia’s last tablet was the Shield K1, released in 2015.</em>

Code found in Nvidia’s Shield Experience software suggests that the company is working on a 2-in-1 hybrid device that’s able to work as both a laptop and a tablet. The code, which was spotted by XDA-Developers, includes a new piece of software that’s capable of switching between three UI modes, including desktop, tablet, and a mysterious third mode called “dynamic.” It includes an option to start desktop mode if a keyboard is attached to the device.

The findings suggest that Nvidia is working on software for a new tablet, referred to by the codename “Mystique,” which can operate as a laptop if you attach a keyboard, similar to last year’s Google Pixel Slate. Nvidia’s last tablet was the Nvidia Shield K1, which was released in 2015. A r…

Continue reading…

from The Verge – All Posts https://www.theverge.com/circuitbreaker/2019/4/24/18514056/nvidia-shield-mystique-transforming-2-in-1-hybrid-tablet

Culture

Audible launches the first Alexa-powered customer support line

Amazon-owned Audible now offers a unique form of access to Alexa: voice-controlled customer support. The audiobook subscription service, which Amazon purchased more than a decade ago, says that starting today, users will be able to say, “Alexa, call Audible,” and be put in touch with a human being from Audible’s customer support team. From there, you’ll be able to ask for help with a technical issue and receive book recommendations, among other standard troubleshooting queries. The service goes live today and Audible says it will run nonstop, every day, from here on out.

To our knowledge, this is the first ever Alexa-powered customer support system. It’s not Alexa supplanting the entire customer support platform, but it is the first…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18513369/audible-amazon-alexa-customer-support-line-book-recommendations

Culture

Ford will build an electric pickup truck using EV startup Rivian’s tech

The Ford Motor Company has announced a $500 million investment in EV startup Rivian, and it will build an electric pickup truck using Rivian’s tech, the companies announced on Wednesday. The truck will not be the electric F-150 that Ford has been developing, but something new instead, Ford CEO Jim Hackett said on a call with reporters.

Just two months ago, Rivian announced a $700 million investment round led by Amazon. Rivian was also in talks with GM, but the startup reportedly backed out of the potential deal.

Rivian came out of stealth mode in 2018, but it has been in existence for about a decade. Unlike some flashier EV startups, Rivian didn’t announce its first vehicles — the R1T electric pickup truck and the R1S SUV, due in late…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18514031/ford-electric-pickup-truck-ev-startup-rivian-tech

Culture

Nintendo’s cheaper Switch model could be out this June

Nintendo may be releasing a cheaper version of the Switch this June, according to a report from Bloomberg, which corroborates earlier rumors that Nintendo is working on a budget model of its popular portable console.

It’s still not clear what changes Nintendo would make to yield a cheaper Switch, although some have speculated that the new console could feature a smaller display or remove the dock capability for a cheaper and more mobile-focused device.

While Nintendo has yet to release its official numbers for the last fiscal year, according to Bloomberg, analysts estimate that Nintendo shipped 17.5 million Switch consoles. That number would beat out Nintendo’s revised estimate of 17…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18514018/nintendo-switch-cheaper-model-release-june

Culture

LG reportedly suspending production of phones in home country of Korea

<em>LG G8 ThinQ.</em>

The fortunes of LG Mobile, the embattled and rather overshadowed rival to Samsung Mobile, have been on a downward trajectory for a long time. As part of its effort to reform and optimize that business, LG is now reportedly taking the step of discontinuing smartphone manufacturing in its home country of Korea. The news comes from the local Yonhap News Agency, via Reuters, which suggests that LG will reallocate its current Korean production to a plant in Vietnam.

LG’s home manufacturing is presently focused on its flagship devices, with Reuters reporting that it accounts for somewhere between a tenth and a fifth of LG’s total phone output. There’s a lot of pride invested in putting the “Made in Korea” label on LG’s best mobile products, so…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18513970/lg-mobile-korea-smartphone-manufacturing-exit

Culture

These hi-fi earplugs cut the sound but keep sound quality

For musicians, clubgoers or anyone in the thick of a loud environment, earplugs aren’t just an option. If you plan on keeping your hearing through sustained exposure to levels over 85 decibels (roughly the sound of a blender), they’re a must.

The good news is, most earplugs will muffle the sound. The bad news is, that’s exactly how it sounds: muffled. If you love music as much as you love your ears, Vibes Hi-Fidelity Earplugs are a high-tech alternative.

Thanks to specially designed tubes in the casing, Vibes can filter sound selectively, lowering the volume by 22 dB across frequencies while keeping (and in some cases enhancing) clarity. They’re made to be discreet, with a nearly invisible profile and three interchangeable, washable tips to fit any ear size. And they’ve got staying power in any environment too, thanks to a detachable cord that clips onto each earplug.

Right now, you can pick up a pair of Vibes Hi-Fidelity Earplugs with Attachable Cord for $19.99 – a full 25% off the list price.

from Boing Boing https://boingboing.net/2019/04/24/these-hi-fi-earplugs-cut-the-s.html

Culture

Samsung prepares $116 billion war chest for mobile chips fight

Samsung has announced a 10-year, $116 billion plan to take over the lead as the world’s foremost processor maker by 2030, as reported by Bloomberg today. The Korean chaebol already enjoys the premier position when it comes to selling mobile memory chips, and Bloomberg notes that its semiconductor division accounted for three quarters of its 2018 operating income. Which is to say that, as much as we focus on Samsung’s consumer products like the Galaxy S10 and flop-of-the-year candidate Galaxy Fold, the company’s money is made chiefly by building the internal chips that feed and power consumer electronics. Even Apple has little choice but to use Samsung’s displays and memory.

What Samsung is looking to do now is to compete with the likes…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18513906/samsung-semiconductor-chips-money-apple-huawei-qualcomm

Culture

The leader of the Time Well Spent movement has a new crusade

Tristan Harris&nbsp;speaking at event in October 2018

Tristan Harris’ first big idea for the tech industry, the Time Well Spent movement, was an outsized success. Today, he unveiled the sequel — a kind of unified theory of how tech platforms are undermining humanity. His idea, which he calls “downgrading,” attempts to explain everything from smartphone addiction to political polarization. Is his diagnosis correct? And, if so, what’s the solution?

First, some relevant context. Six years ago, Harris was a product manager at Google who published a presentation for his fellow employees to read. Observing how often Google services compelled people to check their email and smartphone notifications, Harris called on his fellow employees to build systems that gave people time back. “Change like…

Continue reading…

from The Verge – All Posts https://www.theverge.com/interface/2019/4/24/18513450/tristan-harris-downgrading-center-humane-tech

Culture

iFixit’s Galaxy Fold teardown reveals its biggest design flaw

Though it’s not technically the first time we’ve seen the innards of the now-delayed Samsung Galaxy Fold, iFixit’s teardown of the folding device is absolutely the most informed and detailed we’ve seen. Following up on its post speculating on the possible causes of the various screen breakages we’ve seen on review units, iFixit’s teardown analysis seems to reveal a fundamental design tradeoff Samsung had to make — one that may have doomed the phone.

It seems as though Samsung focused quite a bit on ensuring the mechanics of the hinge would be a sturdy and dependable mechanism for folding and unfolding a screen. Yet for whatever reason, the Galaxy Fold does not have enough protection against the ingress of debris. And because that screen…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18511692/samsung-galaxy-fold-teardown-ifixit-hinge-gaps-dust-dirt-debris-broken-screen

Culture

Tesla now sells electric cars with 370 miles of range

Tesla has increased the range of its latest Model S and Model X cars by 10 percent, now capable of a maximum of 370 and 325 miles respectively. The increase comes as the result of an upgraded drivetrain, and has been achieved without making any changes to the cars’ existing 100 kWh batteries. The cars can also charge faster and have an improved suspension design.

The upgrades extend Tesla’s range lead over much of its competition, who still struggle to reach the 300 mile EPA threshold. The 2019 Nissan Leaf has a maximum EPA range of 226 miles, the Chevy Bolt gets 238 miles, Jaguar’s I-Pace was recently given a 234-mile rating, and the Audi E-tron taps out at 204 miles.

At the other…

Continue reading…

from The Verge – All Posts https://www.theverge.com/2019/4/24/18513899/tesla-model-s-x-range-upgrade-270-325-miles-supercharger-200kw