Vote Hacking is Child's Play

An 11 year-old at DEFCON successfully hacks the vote totals on a replica of Florida’s Secretary of State webpage. Lenovo comes out with a thin and light desktop replacement notebook. Samsung updates its SmartThings wireless hub.

Guest

• Lamarr Wilson
  • YouTube Unboxer

Quick Hits

• Spotify runs test in Australia, allowing users to skip ads at any time, potentially boosting targeting and revenues

Spotify is running a test in Australia to see what happens when it lets listeners on its free tier skip ads any time they want. Advertisers don't pay for any ads that are skipped. The idea is to create ads that people don't mind listening to so they perform better, and keep users on Spotify rather than getting put off by ads and leaving.

• Elon Musk confirms his bid to take Tesla private, backed by Saudi Arabia’s sovereign wealth fund

Tesla CEO Elon Musk published a statement saying he has been talking to Saudi Arabia's Public Investment Fund about taking Tesla private since the beginning of last year. He says that is the funding he described as "secured" in a tweet about taking the company private. He also clarified that taking Tesla private would be funded by equity not debt.

• Solar-powered aircraft stays aloft for record-breaking 25 days

Airbus announced its solar-powered Zephyr S HAPS (high altitude pseudo-satellite) flew for 25 straight days, setting a record for any airplane. It beat the previous model Zephyr's mark of 14 days. The Zephyr uses only solar power to fly at 70,000 feet. The UK military has ordered three of the aircraft.

• iOS 12 won't launch with FaceTime group chats

Apple's release notes for iOS 12 and Mojave developer betas list group chats for FaceTime as coming later this fall, meaning it will not arrive with the official OS releases.

Top Stories

• Samsung has a new SmartThings hub and router with Plume’s mesh Wi-Fi tech

Samsung updated its SmartThings product line with a new wireless hub and a new dual-band Wi-Fi router using mesh networking tech licensed from Plume. The router can manage smart home devices like plugs, switches, and lights, that connect over Zigbee and Z-Wave wireless protocols. A three-pack sells for $280 or individually for $120. The new SmartThings hub sells for $70. Samsung also updated its SmartThings’ leak, motion, and “multipurpose” door opening / vibration / temperature sensor, and its programmable button and plug-in smart outlet, all available today for between $15 and $35.

• HoloLens will help a children's hospital perform critical surgeries

Alder Hey children's hospital in Liverpool, England will use the Microsoft HoloLens to let surgeons consult patient's scans while operating. The hospital will also use the Microsoft Surface Hub for reviewing CT scans and other patient info.

It's time for that yearly DTNS tradition, called, DEFCON/BLack Hat scares the bejeesus out of us. Each year these security conferences engage seasoned researchers to present reliable research on vulnerabilities as a way of showing that the good guys are on the case, finding holes and helping them get patched before the bad guys can exploit them. And every year the headlines blare about how horribly insecure everything is because look what these researchers found! So we're going to take a moment and go from frightened to factual with a few of the top headlines from this weekend's fun.

• AP Exclusive: Google tracks your movements, like it or not

What looks like some bad UI (you decide if it was purposeful or not) has led the Associated Press to make some hay out of the fact that turning off something in Google called "Location Tracking" does not in fact turn off all stored locations. Here's why. Google seems to think "Location Tracking" means actively recording your location as you use a device. What the AP found, and had confirmed by Princeton researchers, is that even with Location Tracking off, Google's Website and Apps will still store one-time locations when you use them with an app that needs it like Google Maps or Weather Updates. Since these are not continuously tracking you just recording a location when you fire up the app, Google classes them separately. If you want to stop this kind of location storage you need to go into your Google Account, find activity controls, and turn off "web and app activity." You can also delete any previously saved location data from your Google account as well.

• Dozens of kids hack election site replicas in just minutes

For the second year DEFCON has a "voting village" where hackers can attack decommissioned election equipment to test for vulnerabilities. This is intended to help bring attention to the state of security in voting machines and thus make them more secure. Among the headline-grabbing events was one that set up a replica of the Florida Secretary of State's website and invited children to use SQL injection attacks to change the reported vote totals. 39 children tried to hack into the site replicas and 35 were able to do so in under half an hour. The fastest exploit was completed in under 10 minutes by an 11-year-old boy. The hack would not have changed the actual vote totals, only the web page.

• Elaborate hack turned Amazon Echo speakers into spies

Researchers from Tencent demonstrated a complex hack of Amazon Echo speakers. The team modified an Echo by removing it's flash memory modifying its firmware to gain root access then soldering it back in. The modified Echo was then added to the same WiFi network as other Echos. Flaws in Amazon's whole-home communication protocol and voice interface were exploited to get full control of the targeted speakers. Amazon has patched the exploited vulnerabilities.

• That Fax Machine You Never Use Could Be a Massive Cybersecurity Risk. Here's How.

Researchers from Check Point Research demonstrated how to gain access to every computer connected to an HP all-in-one printer, through its fax capability. A faxed image contained malicious code that was stored on the printer. HP has patched the vulnerability.

Mailbag

Chris wrote in about our story last week on Redfin selling homes to buyers. Chris has a law degree, worked in finance, and worked in construction on private homes, and went with a realtor.

I think she showed us maybe three houses she actually picked. And those homes were generated off her automatic search. The exact same automatic search I set up using Zillow and Trulia. No joke, I got the same results from Zillow as I did from her and Zillow offered more info on the property.

Every other house (more than a dozen others) we looked at we picked from Zillow and trulia searches and then she set up the viewing. Viewings I can set up with a call to the sellers realtor or the seller directly.

She offered no insight into the area (told us she wasn’t allowed to legally) and on several occasions tried to convince us the price on the house was very good for the area when the home was way over priced. Everything was about making the sale. But if we went on trulia or Zillow we could get reports on crime rates, school quality, etc. We were even given more information on when the home was sold last, for how much, and all the work that had been done to the house. Things the realtor never offered.

The bank handled all of the paperwork involved. She just handed over the key. And, again, this was one of the top rated realtors we could find.

So what do realtors really offer now? They aren’t handling paperwork for the sale. They get their houses off auto generated searches, the same as I do. I can set up viewings the same as they can. And they can’t give any insight into the area, but the websites can. But the realtor gets a nice, fat commission check at the end for very little work.

As far as I can see we can do everything the realtor can do and save the commission cost. So if Redfin wants to make it even easier and cut out the realtor that sounds great to me! I don’t mind selling to them and buying my next house without a realtor.

Sent by Chris

YouTube

Links

• This episode on dailytechnewsshow.com
• Support DTNS on Patreon
• DTNS subreddit
• DTNS Facebook Group