Dyn, Krebs, and Mirai Botnet – the IoT Pandora’s Box is Open, Now What?

Businesses now risk disruption from attacks by a minion army of “smart” IoT devices through DDoS attacks like those experienced by Dyn last Friday, and Brian Krebs in late September. The Mirai IoT botnet made these attacks possible and, because its source code was recently released into the wild, it will likely be used against other companies. Continue reading “Dyn, Krebs, and Mirai Botnet – the IoT Pandora’s Box is Open, Now What?”

You Could See This One Coming: Vibrator Company Sued for Tracking Usage

flingSETTLEMENT UPDATE: A Canadian sex-toy manufacturer, We-Vibe, has been ordered to pay out almost $3 million to customers who bought a “smart vibrator” that tracked owners’ usage without their knowledge. Each customer who used the associated app will be paid $7,433, and customers who bought the vibrator but never used the app can claim up to $147. READ MORE


For many years this blog has been raising awareness of the intimate nature of vulnerabilities that are created by connected devices on the Internet of Things (IoT) (hacking a toilet, hacking other devices). This latest about the We-Vibe sex toy is no surprise but, as explained below, the concern over shame hacking is no laughing matter.

Today’s Law 360 leads with an article about a recently filed privacy lawsuit: Vibrator Gets Too Intimate By Tracking Usage Info, Suit Says (paywall). According to the article, Continue reading “You Could See This One Coming: Vibrator Company Sued for Tracking Usage”

You should know this > “What do connected cars and toilets have in common?”

What do connected cars and toilets have in common? That is the title to a recent Blog Post about an upcoming presentation at VMWorld 2013, Barcelona and, when I read it, I just had to quiz my readers to see who remembered …

Come on now, you do know the answer to this question, right? I have blogged about hacking cars several times and, if you heard my presentation to the Privacy, Data Security, and eCommerce Committee of the State Bar of Texas back in August then you certainly should remember. [Presentation / hint: see slides 26 & 27 below] Do you remember now?

That is right, we are starting to see both “wired” cars and toilets that (a) have microprocessors and/or store data, and (b) are connected to the Internet, which means (c) under the Computer Fraud and Abuse Act they are considered to be “protected computers” and, (d) therefore, if wrongfully accessed (through the system, not physically) are covered by the CFAA. There you go – have a great day!

Yes, you can even hack a toilet! #IoT

Ahhh yes, hacking toilet now seems to be possible … and you folks thought I was crazy a few years ago for blogging about hacking a car, a home, or even hacking a human … but as you know see, you can even hack a toilet. Can you just imagine the frustration caused by a bidet gone mad? This certainly gives new meaning to a software vulnerability!

Ha! What a way to start a Monday.

So, do you think it would violate the CFAA? How about privacy law? Geez … back to work I go.

Here is the full story, enjoy: BBC News – Luxury toilet users warned of hardware flaw.