Turning Google smart speakers into wiretaps for $100k
This is some very impressive work on reverse engineering a fairly advanced IoT device (the Google Home Mini), discovering and exploiting its security holes.
I was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access its microphone feed, and make arbitrary HTTP requests within the victim’s LAN (which could potentially expose the Wi-Fi password or provide the attacker direct access to the victim’s other devices). These issues have since been fixed.
(tags: security google wiretapping exploits hacking iot reverse-engineering)
-
This was an open question from earlier in the pandemic — does vaccination reduce transmission and infectiousness: ‘In our main analysis, we found that any COVID-19 vaccine reduced infectiousness by 22% (6–36%) and prior infection reduced infectiousness by 23% (3–39%). Hybrid immunity reduced infectiousness by 40% (20–55%).’
(tags: immunity covid-19 infection transmission hybrid-immunity papers)
-
lhl likes Caddy:
Caddy https://caddyserver.com/ came up in conversation earlier today. It’s been my favorite reverse proxy/web server for the past few years because of how simple it is to setup and for it’s automagic LetsEncrypt setup. (This post is actually being pushed through Caddy on my fediverse server, and was basically the easiest part of the setup). For those interested, it performs pretty competitively with nginx: https://blog.tjll.net/reverse-proxy-hot-dog-eating-contest-caddy-vs-nginx/ but IMO the main selling point (why I first installed it) was the automagic HTTPS setup: https://caddyserver.com/docs/automatic-https
(tags: caddy reverse-proxies ops http https lets-encrypt servers)