Researchers at Tenable have discovered command injection flaws in Amazon's Blink XT2 security cameras. They say that the bugs, which Amazon has addressed, could enable an attacker to gain "full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet to perform, for example, distributed denial of service (DDoS) attacks, steal data or send spam."
Policymakers in both the US and the UK are considering the future of encryption, and Facebook has assumed de facto leadership of the pro-encryption side, hanging tough against measures being proposed that would mandate access to encrypted messages. The Telegraph thinks the social network is now in a fight it will find it difficult to win. "Defying the spooks," is how the Telegraph frames the letter Facebook sent to authorities in the UK, the US, and Australia Monday, in which the social network declined to weaken the encryption its platform provides.
It's probably less the spooks than the cops, however: the US Attorney General and the British Home Secretary have emerged as the leading encryption skeptics. One of the bigger names to testify before the Senate Judiciary Committee today is Manhattan District Attorney Cyrus R. Vance, Jr., and according to the Washington Post the line he's taking is one that's being followed by others in the law enforcement community: the encryption in the iPhone is "a gift to sex traffickers."
This is the time of year when people turn their attention to what we'll call the Internet-of-Playthings. The IoP has all the privacy risks the larger IoT presents, and they're all the more disturbing because of stranger danger, the way connected toys can give outsiders access to information about children, or still worse, access to the children themselves. Sky News has a brief and accessible (if slightly breathless) report that might well inform one's holiday shopping.