Rapid7

Episode 84: Free Alexa! Cory Doctorow on jailbreaking Voice Assistants and hacking diversity with Rapid7’s Corey Thomas

In this week’s Security Ledger Podcast (#84): The 1990s era Digital Millennium Copyright Act made it a crime to subvert copy protections in software and hardware.  We speak with Cory Doctorow of the Electronic Frontier Foundation about his group’s efforts to win an exemption from that law for voice assistants like the Amazon Echo and Google Home. Also: February is Black History Month in the United States. We interview Corey Thomas, the Chief Executive Officer of the firm Rapid 7 about what it means to be a black man in the information security industry and about his path to the field.

Home Automation Hub

Hole in Mobile Apps Leave Home Automation Systems Vulnerable to Hacking

Mobile applications used with two, popular home automation platforms by Wink and Insteon fail to protect user login information, leaving the devices vulnerable to hacking, a researcher at Rapid7 found. 

IoT’s Cloud Risk on Display with Flaws in Fuze Collaboration Platform

In-brief: Rapid7 said it found a number of flaws that leaked data on users of collaboration technology by Fuze. In an increasingly common finding: poorly secured cloud resources, not the handsets, were the problem. 

GPS Tracker Used as Anti-Kidnapping Device Leaks Users Location, Info

In-brief: research into GPS tracking devices used by the government of Columbia to help protect journalists and activists reveal a raft of serious security and privacy holes:  more evidence of endemic insecurity in the connected device space. 

home automate and smart home devices

Targeting Internet of Things: Metasploit Tool Adds Wireless Device Detection

In-brief: The Metasploit Framework has a new extension to test for wireless devices that communicate over radio frequency (RF), Bluetooth and other protocols.