“NSFW” doesn’t begin to describe Bluetooth security in sex toys

Enlarge (credit: Michael Ochs Archives/Getty Images) Technologies such as Bluetooth Low Energy (BLE) have allowed an increasing number of devices to be controlled by mobile devices. But as Ars has reported in the past, BLE devices also can be a privacy and security risk. And as Alex Lomas of Pentest Partners  found recently, some of these vulnerable devices are of a very personal nature. Lomas discovered that he could relatively easily search for and hijack BLE-enabled sex toys—a pursuit he named "screwdriving" (after the Wi-Fi network finding practice of "wardriving"). Lomas performed a security analysis on a number of BLE-enabled sex toys, including the Lovesense Hush—a BLE-connected butt plug designed to allow control by the owner's smartphone or remotely from a partner's phone via the device's mobile application. Using a Bluetooth "dongle" and antenna, Lomas was able to intercept and capture the BLE transmissions between the devices and their associated applications. As it turns out, reverse-engineering the control messages between apps and a number of devices was not terribly difficult—the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool. They could also be replayed by an attacker, since the devices accepted pairing requests without a PIN code—allowing anyone to take over control of them. Read 2 remaining paragraphs | Comments

Watch The Olympics Opening Ceremony Drone Video Before It Gets Taken Down (Again)

On Saturday I was lucky enough to watch footage of the amazing drone display aired during the Olympics opening ceremony. Coordinated by Intel, 1, 218 drones performed a lightshow--pre-recorded rather than conducted live, due to logistical issues--and it was posted to Vimeo for those who missed the live broadcast. Sadly, the International Olympics Committee ordered the video removed due to copyright infringement. Fair enough--but then why not post the video themselves, so those who missed it could enjoy it? Neither they nor NBC has made the video available. So I poked around and found a pirated copy on YouTube. It's a truncated version somewhat spoiled by commentary provided by Korean news broadcasters, but at least gives you a taste. Watch it here (it's unembeddable) before the IOC orders it removed. It really is a shame they pulled the video, because the team behind it busted their asses to pull this off. You can see some snippets of the footage in the behind-the-scenes video below: I'm hoping the IOC comes to their senses and re-posts the full version. If they do I'll come back to this post and insert it.

Why are these children "sieg heiling" the American flag?

In this 1915 photo, the children appear to be raising their arms in a siege heil salute of the American flag. Actually, this gesture was part of the Pledge of Allegiance ritual for decades. Then, um, Hitler happened. From Smithsonian : Originally known as the Bellamy Salute, the gesture came to be in the 1890s, when the Pledge of Allegiance was written by Francis J. Bellamy. The Christian socialist minister was recruited to write a patriotic pledge to the American flag as part of magazine mogul Daniel Sharp Ford’s quest to get the flag into public schools. At the time... Bellamy and his boss both agreed that the Civil War had divided American loyalties and that the flag might be able to bridge those gaps. His campaign centered around the 400th anniversary of Christopher Columbus’ arrival in the new world. He published his new Pledge as part of a unified Columbus Day ceremony program in September 1892 in the pages of the Youth’s Companion, a popular children’s magazine with a circulation of 500,000. “At a signal from the Principal,” Bellamy wrote, “the pupils, in ordered ranks, hands to the side, face the Flag. Another signal is given; every pupil gives the flag the military salute—right hand lifted, palm downward, to a line with the forehead and close to it. Standing thus, all repeat together, slowly, 'I pledge allegiance to my Flag…'” Then in the 1930s, Hitler reportedly saw Italian Fascists doing a similar gesture, likely based on an ancient Roman custom, and adopted it for the Nazi party.

Unknown Language Discovered in Malaysia

Researchers have cataloged close to 7, 000 distinct human languages on Earth, per Linguistic Society of America's latest count. That may seem like a pretty exhaustive list, but it hasn't stopped anthropologists and linguists from continuing to encounter new languages, like one recently discovered in a village in the northern part of the Malay Peninsula. From a report: According to a press release, researchers from Lund University in Sweden discovered the language during a project called Tongues of the Semang. The documentation effort in villages of the ethnic Semang people was intended to collect data on their languages, which belong to an Austoasiatic language family called Aslian. While researchers were studying a language called Jahai in one village, they came to understand that not everyone there was speaking it. "We realized that a large part of the village spoke a different language. They used words, phonemes and grammatical structures that are not used in Jahai, " says Joanne Yager, lead author of the study, which was published in the journal Linguist Typology. "Some of these words suggested a link with other Aslian languages spoken far away in other parts of the Malay Peninsula." Read more of this story at Slashdot.

Why Paper Jams Persist

A trivial problem reveals the limits of technology. Fascinating story from The New Yorker: Unsurprisingly, the engineers who specialize in paper jams see them differently. Engineers tend to work in narrow subspecialties, but solving a jam requires knowledge of physics, chemistry, mechanical engineering, computer programming, and interface design. "It's the ultimate challenge, " Ruiz said. "I wouldn't characterize it as annoying, " Vicki Warner, who leads a team of printer engineers at Xerox, said of discovering a new kind of paper jam. "I would characterize it as almost exciting." When she graduated from the Rochester Institute of Technology, in 2006, her friends took jobs in trendy fields, such as automotive design. During her interview at Xerox, however, another engineer showed her the inside of a printing press. All Xerox printers look basically the same: a million-dollar printing press is like an office copier, but twenty-four feet long and eight feet high. Warner watched as the heavy, pale-gray double doors swung open to reveal a steampunk wonderland of gears, wheels, conveyor belts, and circuit boards. As in an office copier, green plastic handles offer access to the "paper path" -- the winding route, from "feeder" to "stacker, " along which sheets of paper are shocked and soaked, curled and decurled, vacuumed and superheated. "Printers are essentially paper torture chambers, " Warner said, smiling behind her glasses. "I thought, This is the coolest thing I've ever seen." Read more of this story at Slashdot.

Apple’s iOS 12 strategy: Take more time to squash the bugs

Enlarge / The new 10.5-inch iPad Pro. (credit: Andrew Cunningham) Apple has new features planned for its big, new iOS update—but not as many as you may expect. According to a Bloomberg report , the next sweeping iOS update, codenamed "Peace" and likely to be called iOS 12, will include a number of app redesigns, the expansion of Animoji into Facetime, and other changes but not some of the biggest rumored changes such as redesigned home screens for iPhone and iPad. Instead of filling iOS 12 with a bevy of new features, Apple is reportedly changing strategies to allow developers more time to perfect the new features to ensure reliability. The biggest change planned for iOS 12, slated for release this fall, is a universal app system that would allow one app to work across iPhones, iPads, and Mac computers. Currently, users have to download separate iOS and macOS apps to use the same programs across their mobile devices and desktops or laptops. Along with this change, Apple could bring some mobile-specific apps to macOS, like the Home app that controls HomeKit-enabled smart home devices. Animojis will find another home in Facetime when iOS 12 is released. Apple is reportedly working on increasing the number of AR characters available and allowing users to don them during live Facetime video chats. A new iPad is reportedly in the works that has Apple's FaceID camera, which would allow it to support Animojis as well (Animojis are only currently available on the iPhone X , which has the new FaceID camera). Also planned for the new software update are a revamped stock-trading app and Do Not Disturb feature, an updated search view that leans more heavily on Siri, a new interface for importing photos onto an iPad, and multiplayer augmented reality gameplay. Read 2 remaining paragraphs | Comments

Equifax breach may have exposed more data than first thought

The 2017 Equifax data breach was already extremely serious by itself, but there are hints it was somehow worse. CNN has learned that Equifax told the US Senate Banking Committee that more data may have been exposed than initially determined. The hack may have compromised more driver's license info, such as the issuing data and host state, as well as tax IDs. In theory, it would be that much easier for intruders to commit fraud. The breach compromised about 145.5 million people, although their level of exposure varied wildly. About 10.9 million Americans' driver's licenses were embroiled in the hack, and just a small fraction of the exposed UK licenses (just under 700, 000) had enough info to jeopardize the victims' privacy. Equifax stressed to CNN that the initial list of exposed data was never meant to be the final, definitive account of the scope of the problem. And that's not unheard of -- companies frequently deliver rough assessments of the damage in the immediate aftermath and refine the numbers as they learn more. However, that explanation might not be enough for officials. Senators are already clamoring for a thorough investigation , and want to know the full extent of what happened. This update gives them more of what they want, but it also raises the question of why the company is still determining the scope of the breach nearly half a year after it was made public. Source: CNN Money

Scientists identify hundreds of atomically-thin materials

Enlarge / Molybdenum disulfide, one of the 2D materials we knew about. (credit: NC State ) Graphene may seem like a modern wonder-material, but it's been with us for ages in the form of graphite. Graphene is a sheet of carbon atoms bonded to each other, just one atom thick; graphite is just an agglomeration of these sheets layered on top of each other. To study graphene, however, it took someone clever to devise a way of peeling single layers off from this agglomeration (the secret turned out to be a piece of tape). Since then, we've identified a handful of additional chemicals that form sheets that are a few atoms thick. These have a variety of properties—some are semiconductors and have been combined with graphene to make electronic devices . To expand the range of device we can craft that build on the advantages of these atomically thin materials, a larger catalog of chemicals like this would be handy. Now, a Lithuanian-Swiss team says it's done just that. The team has found materials just like graphite: a bulk material with atomically thin layers hidden inside. Read 8 remaining paragraphs | Comments

‘Sinking’ Pacific Nation Tuvalu Is Actually Getting Bigger

mi shares a report from Phys.Org: The Pacific nation of Tuvalu -- long seen as a prime candidate to disappear as climate change forces up sea levels -- is actually growing in size, new research shows. A University of Auckland study examined changes in the geography of Tuvalu's nine atolls and 101 reef islands between 1971 and 2014, using aerial photographs and satellite imagery. It found eight of the atolls and almost three-quarters of the islands grew during the study period, lifting Tuvalu's total land area by 2.9 percent, even though sea levels in the country rose at twice the global average. Co-author Paul Kench said the research, published Friday in the journal Nature Communications, challenged the assumption that low-lying island nations would be swamped as the sea rose. It found factors such as wave patterns and sediment dumped by storms could offset the erosion caused by rising water levels. Read more of this story at Slashdot.

Hackers Manage To Run Linux On a Nintendo Switch

Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability. Read more of this story at Slashdot.