A company that manufactures video doorbells found by Consumer Reports to contain serious security vulnerabilities has issued a fix, the consumer advocacy group is reporting. Eken Group has issued a firmware update for the affected security products under its own name, as well as those from other brands it has licensing deals with, including Fishbot, Rakeblue, Tuck, and others. All the video doorbells use the Aiwit smartphone app and could be purchased from popular online retailers like Amazon, Shein, Temu, and Walmart.
Technology
England's first convicted 'cyber-flasher' sentenced to 5 years
England’s first convicted cyber-flasher was sentenced Tuesday to 5 1/2 years in prison.
Nicholas Hawkes, 39, a convicted sex offender who sent unsolicited photos of his genitals to a girl and a woman, was the first person in England and Wales convicted of violating the Online Safety Act.
Hawkes admitted at an earlier hearing that in February he sent a photograph or film of genitals with intent to cause alarm, distress, or humiliation.
SCAMMERS ARE USING FAKE NEWS, MALICIOUS LINKS TO TARGET YOU IN AN EMOTIONAL FACEBOOK PHISHING TRAP
The woman who received the photos in February took screenshots and reported him to police.
Hawkes was on the sex offenders register after being convicted last year of exposure and sexual activity with a child under 16. He pleaded guilty Tuesday to breaching both a community order and suspended sentence he had received for the earlier offense.
The cyber-flashing law that went into effect Jan. 31 makes it an offense to send unsolicited sexual images by social media, dating apps, or technologies such as Bluetooth or Airdrop.
Technology
Eken fixes “terrible” video doorbell issue that could let someone spy on you
Back in February, CR reported that it found vulnerabilities in Eken-produced video doorbells that “could allow a dangerous person to take control of the video doorbell on their target’s home.”
Gaining access to the doorbell didn’t even require any level of hacking knowledge: bad actors could simply download the Aiwit app, go to their target’s home, and hold down the doorbell’s button to pair it with their own smartphones, change their Wi-Fi network, and take control of the device.
Additionally, anyone with the doorbell’s serial number could remotely view still images from the video feed — no password or account required, CR security experts found. Doorbell owners didn’t receive a notification of any kind if another user accessed their video feed in this manner.
The doorbells also didn’t encrypt the user’s home IP address or Wi-Fi network, leaving both potentially exposed to criminals.
The doorbells that CR initially rated were sold under the brand names Eken and Tuck and seemed identical, down to them both requiring users to download the Aiwit smartphone app. The group later found 10 other seemingly identical doorbells made by Eken but sold under a number of different brand names.
CR has reviewed Eken’s firmware update and says the problem has been fixed. “While we would prefer that products be safe and secure from their initial launch, the ability of our testing to uncover vulnerabilities results in better products for consumers,” CR’s senior director of product testing, Maria Rerecich, said in its report.
As a result of CR’s reporting, the FCC has asked Amazon, Sears, Shein, Temu, and Walmart for more details about how they vet products sold on their platform. None of the five retailers have responded to CR’s request for comment on the matter.
Eken’s video doorbells also lacked Federal Communications Commission ID labels, which are required by law, CR found. The company has since added the FCC IDs to the electronic manuals for the doorbells.
Since CR published its February report, many of the Eken doorbells have been pulled from online retailers. Notably, a number of the doorbells were selected as Amazon: Overall Picks or with the Amazon’s Choice badge, a label with mysterious criteria that Amazon has refused to explain fully and can be found on many dubious products.
If you own an Eken-produced video doorbell, be sure to check if your firmware is up to date. Your doorbell should receive the update automatically, but it’s smart to double-check. Go to the “Devices” page on the Aiwit app and tap on the doorbell’s name, which should open up the settings. The firmware number should be 2.4.1 or higher, which indicates it’s up to date.
Technology
FTC says Amazon executives destroyed potential evidence by using apps like Signal
Now, The Washington Post (which is owned by Amazon founder and former CEO Jeff Bezos) reports that Amazon is just one of several companies recently accused of turning to encrypted messaging apps like Signal that can permanently erase messages automatically.
This week’s filing includes screenshots of a Signal chat between two Amazon executives who said, “Are you feeling encrypted?” and proceeded to turn on disappearing messages.
The FTC’s lawyers say Bezos, current CEO Andy Jassy, general counsel David Zapolsky, former CEO of worldwide operations Dave Clark, and other execs are all Signal users. Bezos is identified in the document as “a heavy Signal user” who instructed others to use the app, although the 2018 hacking of his personal cellphone may be part of the reason for that.
And because Amazon didn’t instruct employees to preserve messages sent in the app until more than 15 months after it was notified of the investigation, the FTC argues, “It is highly likely that relevant information has been destroyed as a result of Amazon’s actions and inactions.”
The FTC lawyers are pursuing discovery into Amazon’s efforts to preserve documents so they can figure out just how much information might be missing. Despite requests last fall for relevant documents about what advice Amazon gave to employees about ephemeral apps, the FTC claims that Amazon has so far refused to produce much of what was requested. If the judge finds that Amazon was negligent in failing to preserve data tied to the case, it could face sanctions, and things could get worse if the judge finds the failures were intentional.
Technology
Lego is bringing summer vibes with K.K. Slider and new Animal Crossing sets
Good news for those of us who love Animal Crossing and Legos. Starting August 1st, Lego is launching two new Animal Crossing sets and a minifig of one very special canine crooner.
Lego teased the news on its X account, which shows K.K. Slider doing his thing and a brief glimpse of the two new sets. (Amusingly, Lego notes that the K.K. Slider minifigure does not actually move or sing. Bummer.) K.K. Slider is part of a fall-themed Town Hall set, which includes Isabelle and Audie. There’s also a small truck, snack stand, and some foliage to go along with K.K. Slider’s concert setup. The other set is of a Dodo Airlines airport, complete with a control tower, dock, and airplane. Granted, hordes of your turnip-hungry friends won’t be flying through this particular airport… but it does have minifigures of Wilbur and Tangy!
That said, we only have this short teaser to go off of. As of yet, there are no details on prices or the number of pieces yet. Lego and Nintendo first teamed up to offer five other Animal Crossing sets earlier in March, with prices between $14.99 to $74.99 and pieces ranging from 164 to 535.
-
Movie Reviews1 week ago
Movie Review: The American Society of Magical Negroes
-
News1 week ago
GOP senators demand full trial in Mayorkas impeachment
-
World1 week ago
If not Ursula, then who? Seven in the wings for Commission top job
-
World1 week ago
Croatians vote in election pitting the PM against the country’s president
-
World1 week ago
'You are a criminal!' Heckler blasts von der Leyen's stance on Israel
-
Movie Reviews1 week ago
Pon Ondru Kanden Movie Review: This vanilla rom-com wastes a good premise with hasty execution
-
Kentucky1 week ago
Kentucky first lady visits Fort Knox schools in honor of Month of the Military Child
-
Politics1 week ago
Trump trial: Jury selection to resume in New York City for 3rd day in former president's trial