Researchers have discovered flaws in Samsung's Smart Home automation system, which if exploited, allows them to carry a range of remote attacks. These attacks include digitally picking connected door locks from anywhere in the world. The flaws have been documented by researchers from the University of Michigan ahead of the 2016 IEEE Symposium on Security and Privacy. "All of the above attacks expose a household to significant harm -- break-ins, theft, misinformation, and vandalism," the researchers wrote in a paper. "The attack vectors are not specific to a particular device and are broadly applicable." Dan Goodin, reports for Ars Technica: Other attacks included a malicious app that was able to obtain the PIN code to a smart lock and send it in a text message to attackers, disable a preprogrammed vacation mode setting, and issue a fake fire alarm. The one posing the biggest threat was the remote lock-picking attack, which the researchers referred to as a "backdoor pin code injection attack." It exploited vulnerabilities in an existing app in the SmartThings app store that gives an attacker sustained and largely surreptitious access to users' homes. The attack worked by obtaining the OAuth token that the app and SmartThings platform relied on to authenticate legitimate users. The only interaction it required was for targeted users to click on an attacker-supplied HTTPS link that looked much like this one that led to the authentic SmartThings login page. The user would then enter the username and password. A flaw in the app allowed the link to redirect the credentials away from the SmartThings page to an attacker-controlled address. From then on, the attackers had the same remote access over the lock that users had.

An anonymous reader writes: The Office of the United States Trade Representative has published its annual Special 301 Report calling out other nations for failing to live up to U.S. IP enforcement standards. This year European ally Switzerland has been placed on the Watch List for protecting file-sharers and playing host to many pirate sites. "Generally speaking, Switzerland broadly provides high-levels of IPR protection and enforcement in its territory. Switzerland makes important contributions to promoting such protection and enforcement internationally, including in bilateral and multilateral contexts, which are welcomed by the United States," the USTR writes in its assessment.

An anonymous reader writes: The European Commission is listening to suggestions regarding EU laws on privacy and electronic communications (e-Privacy), among which is also the EU Cookie Directive that has made the lives of EU Internet users a living hell. The EU Commission has started an open consultation on this topic and is inviting users and businesses to provide their opinion. From the consultation's text, which is nothing more than a survey, one could argue that the EU isn't intent on removing the directive at all, but only making small adjustments. In its current implementation, most companies ask users if they're OK with storing cookies on their PCs and then collecting their data. One of the questions the Commission asked and is currently looking for an answer is whether companies should be allowed to deny users access to a website if they don't want to accept using cookies. The EU wants Internet companies to build alternative (usable) websites for people that don't want to use cookies at all, and so respect their decision for privacy.

An anonymous reader shares an article on USNews:WhatsApp on Tuesday announced that all types of messages on the latest version of its app are now automatically protected by end-to-end encryption, and the FBI's top attorney is worried some of the platform's more than 1 billion global users will take advantage of the move to hide their crime- or terrorism-related communications. FBI General Counsel James Baker said in Washington on Tuesday that the decision by the Facebook-owned messaging platform to encrypt its global offerings "presents us with a significant problem" because criminals and terrorists could "get ideas." "If the public does nothing, encryption like that will continue to roll out," he said. "It has public safety costs. Folks have to understand that, and figure out how they are going to deal with that. Do they want the public to bear those costs? Do they want the victims of terrorism to bear those costs?"Maybe the government shouldn't have imposed so many surveillance programs on its citizens -- and kept quiet about it for years -- that they now feel the need to use sophisticated security technologies.

An anonymous reader shares an article on The Verge: Christina Aguilera, Katy Perry, deadmau5, and dozens of other musicians are asking the U.S. government to revamp the Digital Millennium Copyright act (DMCA), the piece of law that governs access to copyrighted work on the internet. Musicians, managers, and "creators" from across the industry co-signed petitions sent to the U.S. Copyright Office arguing that tech companies -- think YouTube and Tumblr, sites with vast reserves of content that infringes on some copyright -- have "grown and generated huge profits" on the backs of material that's illegally hosted. "The growth and support of technology companies should not be at the expense of artists and songwriters," reads the letter signed by Aguilera, Perry, and their peers. "The tech companies who benefit from the DMCA today were not the intended protectorate when it was signed into law two decades ago."

An anonymous reader shares an Ars Technica report: U.S. government officials from the FBI director down have said repeatedly that the FBI-Apple legal brouhaha was just about a single phone -- the seized iPhone used by Syed Farook, one of the San Bernardino shooters. And just last week, James Comey, the FBI director, said his fight with Apple wasn't about setting precedent; rather, it was about battling terrorism. But it seems that the storyline has changed. The Justice Department now says it will not hesitate to invoke the precedent it won in its iPhone unlocking case. Having won the court and technological battle a triumphant Department of Justice warned late Monday that its legal battle for what many say amounts to judicially ordered encryption backdoors has only just begun. "It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails," Melanie Newman, a Justice Department spokesman, wrote in an e-mail to Ars. "We will continue to pursue all available options for this mission, including seeking the cooperation of manufacturers and relying upon the creativity of both the public and private sectors."

An anonymous reader writes: LG have released the first smartphone with built-in DAB+ circuitry,allowing users to listen to digital radio without consuming mobile data bandwidth. The LG Stylus 2 will initially be released in the United Kingdom, Australia, Germany, Norway, Belgium, Italy and the Netherlands (perhaps not coincidentally these are among the highest-rate adopters of DAB/DAB+). Patchy coverage and often-poor bitrates have hindered the take-up of DAB/+, which has been in development since the early 1980s, and it's hoped that the shift from the motoring to the smartphone space will alleviate some of the coverage problems that users experienced with the push to DAB-based car radios. No benchmarks on power consumption of the integrated DAB+ circuitry is currently available.

An anonymous reader writes: Two researchers have come up with a new method of hacking smartphones that use fingerprint biometrics to protect and lock the user's data. Their method only needs a regular inkjet printer, three AgIC silver conductive ink cartridges, a normal black ink cartridge, and special AgIC paper. The entire attack takes no more than 15 minutes. Current tests only included a Samsung Galaxy S6 and a Huawei Hornor 7. The researchers said that while the Samsung was easy to crack, the Huawei phone needed more tries.

An anonymous reader writes with a story at Ars Technica, citing a Yahoo News interview, that National Security Agency Director Michael Rogers has explicitly blamed the terrorist attacks which struck Paris last November on communications backed by strong crypto. From the article: Because of encrypted communications, he said, "we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened." Rogers did not explicitly re-launch the campaign waged by FBI director James Comey to force technology companies to provide a "golden key" to encrypted communications. Rogers called encryption "foundational to our future" and added that arguing over encryption backdoors was "a waste of time." But he did say that encryption was making the job of the NSA and law enforcement more difficult. The interview comes shortly after the FBI won an order requiring Apple to provide technical means to bypass the security measures preventing them from unlocking the iPhone 5C belonging to Syed Rizwan Farook. Farook, along with his wife, are responsible for the December mass shooting in San Bernardino, California."

An anonymous reader writes: Adblock Plus has been uninvited to the upcoming IAB Leadership Summit and is having its registration fee refunded. The company was informed of the cancellation in an email with little explanation. A company blog post reads in part: "Unfortunately, the top brass at the US IAB don't want us coming to their Leadership Summit next week in Palm Desert, California. We attended last year, and we signed up again for their 2016 meeting including paying the hefty entrance fee. We were fully confirmed and they even listed us on their website as a participant. Then this week we got one of those sudden emails that land in your inbox innocently, then floor you with something weird, unbelievable or ridiculous when you click on them. This one came from an unfamiliar IAB address, and it informed us that our registration for the summit was canceled and our fee refunded."

DewDude writes: If you thought done registration was bad enough; it just got worse for anyone living in the nation's capital. On Christmas Day (of all days); the FAA put into effect a rule that bans the flying of drones/quadcopters within a 30-mile radius around DC. This more than doubles the initial 15 mile radius no-fly-zone. The ban includes the counties of Arlington, Fairfax, Prince William, and the independent cities in the vicinity on the Virginia side. On the Maryland side; it includes Montgomery, Prince Georges, Howard, Anne Arundel; and parts of Calvert, Baltimore, and the extreme north-western end of St. Marys Counties in Maryland.

An anonymous reader writes: Phoronix's recent 22-Way SteamOS Graphics Card Comparison showed that NVIDIA wins across the board when it comes to closed-source OpenGL driver performance. However, when it comes to the open-source driver performance for Steam Linux gaming, no one is really the winner. A new article, "Are The Open-Source Graphics Drivers Good Enough For Steam Linux Gaming?" answers that question with "heck no" by its author. While AMD is generally regarded as having better open-source support, their newer graphics cards still can't run at their rated clock frequencies due to lack of power management support, the lack of enough OpenGL 4.x support means many AAA Linux games simply cannot run yet, not enough QA means regressions are common, and other issues were noted when it comes to testing a number of modern graphics cards on the open-source drivers.

An anonymous reader writes: AT&T have offered a $250,000 reward to anyone providing information leading to the arrest and conviction of what appears to be a serial disruptor of fiber-optic connections in California. The latest incident has taken place in Livermore in the San Francisco Bay Area, where an individual thought by the FBI to possess expert knowledge and specialist tools severed a critical AT&T cable, gaining access to the enclosure via a manhole. The attack precedes 11 previous ones in California in the preceding twelve months.