uInternet-Connected Video Baby Monitors Are Basically The Most Hackable, Least Secure Thing Everr

4 4 4 9

• 

  (Mr. Seb)

  
  The implacable march of technology has, in many ways, made parents’ lives easier. But in other areas, it’s added a whole new layer of complication. Like the fact that video-enabled baby monitors, designed to let parents have peace of mind while their kids are sleeping in another room, almost universally have completely crap security that any random stranger on the internet can tap into.

  Fusion spoke with a security researcher who tested out nine of the most popular, widely-available brands of video baby monitor, and what he found isn’t pretty.

  The monitor brands researcher Mark Stanislav tested included popular models from Philips, Summer Infant, TRENDnet, iBaby, Lens Laboratory, and Gynoii. He gave eight of the nine an “F” for security. Just one passed, barely, with a D-.

  In this sense, baby monitors are just like every other poorly-secured, wifi-enabled camera. If your device ships with a default password that you don’t change, basically anyone anywhere can have access to it.

  But what makes the baby monitor situation even worse, the research found, is that in many cases, the scary settings are ones that parents don’t have access to. Stanislav told Fusion that of the nine brands his company tested, “Every camera had one hidden account that a consumer can’t change because it’s hard coded or not easily accessible. Whether intended for admin or support, it gives an outsider backdoor access to the camera.”

  In other words, even a tech-savvy, security-minded consumer can’t fix this problem on their own.

  Unlike some other recent hacking research, the baby monitor situation isn’t just academic or theoretical. It’s a known problem out in the wild, with proven harms. There have been many incidents in the past several years of parents reporting hearing intruders on their baby monitor lines, including one disturbing incident just this week when a hacker tapped into one family’s baby monitor and played “Every Breath You Take” while making, as the family told local media, “sexual noises.”

  Watch out, new parents — internet-connected baby monitors are trivial to hack [Fusion]

  
• 
  

ribbi

by Kate Cox via Consumerist

uHome Depot Website Glitch Provides Two Ratings For Some Productsr

4 4 4 9

• 

  (ralph)

  While researching products on a retailer’s website, other customers’ reviews and ratings of those items can be helpful. But a glitch in Home Depot’s rating presentation system has caused a bit of confusion: the product page shows two different ratings for some products.

  Consumerist reader Victor tells us that while perusing garbage disposals on the Home Depot website, he noticed that the drop-down bar that reminds you what you’re looking at and includes the product’s rating doesn’t match the product’s “star” designation on the “your current product” frame near the bottom of the page.

  While the listing for the Insinkerator Select Plus garbage disposal that Victor was viewing has 429 reviews in both views, it has just shy of five stars on the main webpage, but the drop-down bar gives the product just 4 stars.

  

  So we did a little digging to see what the discrepancy was all about and it turns out that Victor was on to something.

  A look at several products that include a portion of a star found that the rating loses that fraction of a star in the drop-down bar. Products with full stars are not affected.

  

  

  We reached out to Home Depot about the issue and a spokesperson says the company is aware of the problem.

  “So this is something that we had seen over the last few weeks,” Stephen Holmes, spokesperson for the company says. “We’re not sure why it’s happening yet, but the system is rounding down in spots. We’re working on it and should have it fixed soon.”

  Holmes says that while the issue might be confusing, the good news is that it isn’t inflating rates, which would be misleading for customers.

  
• 
  

ribbi

by Ashlee Kieler via Consumerist

uTakata Airbag Recall Lowered, Still Largest Auto Recall In Historyr

4 4 4 9

• 

  (Listener42)

  Months after Japanese auto parts maker Takata gave into pressure by federal regulators and recalled more than 30 million vehicles equipped with potentially deadly airbags, the National Highway Traffic Safety Administration revised the number of vehicles, reducing it to 19.2 million.

  NHTSA announced the revision on Tuesday, saying it made the decision based on the most recent and accurate information provided by the 11 affected automakers.

  The agency had previously estimated that  about 30 million U.S. vehicles were equipped with 34 million defective airbags linked to at least eight deaths and hundreds of injuries.

  Officials with the agency say the amended number – which totals 23.4 million inflators – came about in part because of double-counting, but could fluctuate in the future.

  Of the new 23.4 million defective Takata inflators approximately four million vehicles that have already been repaired. Another four million vehicles have been determined to have defective inflators in both driver- and passenger-side airbags.

  In addition to revising the number of affected vehicles, NHTSA announced on Tuesday that it continues to study the possible establishment of a Coordinated Remedy Program to address defective Takata air bag inflators and ensure that all affected vehicles have safe air bags as quickly as possible.

  The agency has consulted with all 11 affected vehicle manufacturers, as well as numerous air bag suppliers, to gather information on inflator supplies, risk factors, and the biggest obstacles to replacing defective inflators.

  This fall, the agency says, it plans to hold an event to allow public discussion of these efforts, and may issue a Coordinated Remedy Program plan that would ensure that the greatest safety risks are addressed first and that every defective inflator is replaced with a safe one as soon as possible.

  Additionally, NHTSA said it has completed its own testing of Takata inflators.

  “Preliminary results are broadly consistent with data from Takata, including Takata’s findings on the risk associated with vehicles from high-humidity geographic areas,” the agency says.

  As for the June rupture of a Takata airbag in a vehicle from the previously unaffected Volkswagen brand, NHTSA says it continues to investigate the issue.

  “NHTSA is assessing information on this issue and will take whatever actions are necessary to protect public safety,” the agency says.

  
• 
  

ribbi

by Ashlee Kieler via Consumerist

uGoogle Won’t Consider Sites Mobile-Friendly If They Use Those Annoying, Full-Screen App Install Adsr

4 4 4 9

• 

  On the left, annoying. On the right, you’re mobile-friendly.

  There you are, searching for the perfect cheese dip recipe on your phone, and you think you’ve finally found the cheesiest of the cheesy. You click on the Google search result, excited, anticipating, ready to gain knowledge — and you’re faced with a plea to install that site’s app that covers your entire screen and forces you to find the tiny “X” to close out of the thing and move on with your life. Hate that? You might see it less often, as Google says sites that use those full-page app install ads will soon not be considered “mobile-friendly” sites.

  In April, some website owners had to figure out how to adjust quickly when Google’s algorithm started favoring sites that opened easily and smoothly on mobile devices — sites with pages that automatically resize to fit the screen, with large text and easily clickable links — and then bestowed higher rankings on those mobile-friendly sites.

  Google has added another requirement for sites that want to rise higher in search results, announcing Tuesday that as of Nov. 1, sites that use those annoying app install overlays or pages will no longer be considered mobile-friendly.

  “…sometimes a user may tap on a search result on a mobile device and see an app install interstitial that hides a significant amount of content and prompts the user to install an app,” a post on Google’s Webmaster Central Blog reads. “Our analysis shows that it is not a good search experience and can be frustrating for users because they are expecting to see the content of the web page.”

  This doesn’t affect other kinds of interstitials, the post explains. Instead of app install interstitials, there are other ways to promote apps that don’t get in the way of what people are searching for, Google notes: Both Safari and Chrome support app install banners, which simply pop up at the top of a page and still allow users to see the page they’re viewing without having to take any action.

  In July, Google made another push for sites to become more mobile-friendly, by adding alerts to mobile search results when sites use Flash, which is not now and never has been supported on iOS devices.

  
• 
  

ribbi

by Mary Beth Quirk via Consumerist

uBurger King Planning Peace Burger With Denny’s, Wayback, Others; Still Not Giving Up On McD’sr

4 4 4 9

• Burger King is quite ready to give up hope that McDonald’s will see the light and agree to squash the beef in the name of peace. But while the King continues to wait, it is moving forward with offers of collaboration from other restaurant chains.

  Burger King announced today on social media that it will gladly accept offers from Denny’s, Wayback Burgers, Krystal, and Giraffas to team-up for National Peace Day on Sept. 21.

  The fast food restaurant proposes that the five companies come together to create a Peace Burger made with one key ingredient from each of their signature sandwiches.

  “We’ve received a significant number of unexpected responses from other restaurants, large and small, each expressing an appetite for peace and enthusiasm to help spread the Peace One Day message,” the company says in a new social media campaign.

  It looks like we’re going to need a bigger table. #PeaceDayBurger http://t.co/g5wGTMgRgz http://pic.twitter.com/UmdjHkibTA

  — Burger King (@BurgerKing) September 1, 2015

  Burger King says that the new burger – whatever it may include – will be sold on Sept. 21 at a pop-up restaurant already under construction.

  In addition to coming together for a unique burger, the King asked each of its would-be collaborators to make a donation to the Peace One Day organization.

  Denny’s – always quick with social media – immediately accepted the offer, suggesting the new creation come with hash browns.

  we’re in! let’s hash it out over some hash browns. https://t.co/tYjlrILUNw

  — Denny's (@DennysDiner) September 1, 2015

  No official word yet from Wayback Burgers, Krystal or Giraffas on what they’ll be pitching in to the collaborative burger.

  We have a #SteamyProposal for @BurgerKing. A new way to #SettleTheBeef for #PeaceDay. Accept, your royal Burger-ness? http://pic.twitter.com/ZhppAGsKqC

  — Krystal (@Krystal) August 26, 2015

  E aí, @BurgerKingBR: BKBrutus ou GiraWhopper? #PeaceDay #McWhopperProposal #AceitaBK http://pic.twitter.com/rGCKYzb1ZA

  — Giraffas Oficial (@redegiraffas) August 28, 2015

  .@BurgerKing, we won't leave you hanging. #McWhopper #WhipleWhiple #SettleTheBeef http://pic.twitter.com/wCFiYuGOPO

  — Wayback Burgers (@waybackburgers) August 26, 2015

  Burger King’s foray into promoting peace began last week when it asked McDonald’s to collaborate on a McWhopper to promote Peace Day.

  The Golden Arches unceremoniously shot down the offer, leading to an onslaught of other chains stepping up.

  
• 
  

ribbi

by Ashlee Kieler via Consumerist

uThe Uber Misclassified Employee Lawsuit Is Now A California Class Actionr

4 4 4 9

• 

  (afagen)

  While class action lawsuits can be an effective consumer remedy, they are not a quick one. Former drivers for ride-hailing service Uber first filed a class action on behalf of all California drivers in 2013, and it has just now been certified as a class action. The original lawsuit alleges that drivers for Uber are misclassified employees, who should have their vehicle expenses covered by their “employer,” Uber.

  Such lawsuits have online startups that depend on the labor of local independent contractors frightened: their business models count on armies of independent contractors. Some companies, notably the delivery service Instacart, have brought part of their workforce on board as employees. Instacart hired only its order-pickers, who only work part-time hours to avoid the requirement to provide health insurance, and notably did not hire delivery drivers, leaving them as independent contractors responsible for their own vehicle costs.

  The judge’s ruling [PDF] in this case certifies the lawsuit as a class action where all current and former Uber drivers in California are theoretically plaintiffs. Hundreds of Uber drivers filed declarations with the court explaining that they prefer to stay as independent contractors, appreciating the freedom to make their own hours and to go off-duty by simply turning off the app.

  The judge didn’t find this convincing, pointing out that Uber never claimed that the drivers who gave declarations were a random sample of all drivers: for all the court new, Uber only solicited statements from drivers who are already vocal about wanting to stay as independent contractors. “Nothing suggests, for instance, that [the drivers] were told that were the Plaintiffs to prevail, they might be entitled to thousands of dollars,” the judge wrote. Without giving drivers that information first, it’s impossible to know.

  Six out of the hundreds of drivers quoted in the document later said that they didn’t understand the practical differences between being a contractor and being an employee, and they submitted updated statements to the court saying that Uber misled them about the benefits that employees receive, such as having their employer pay part of their Social Security taxes, and having vehicle costs reimbursed. The plaintiffs’ attorneys helped clear things up for these drivers, and said that even more would have come forward, but they didn’t want to risk having their accounts deactivated for speaking out against Uber.

  The class action represents as many as 160,000 current and former Uber drivers in California, and seeks back wages and expenses. The jury trial will happen sometime in 2016.

  VIA:
  Uber’s Worker Classification Lawsuit Will Stay a Class Action [Re/Code]
  Uber gets dealt another blow in California suit [CNN]

  
• 
  

ribbi

by Laura Northrup via Consumerist

uKmart Pays $1.4 Million To Settle Accusations Of Illegal Coupon Acceptance, Prescription Incentivesr

4 4 4 9

• 

  (Curtis Perry)

  In most of the country, pharmacies can offer rewards points, coupons, or other inducements to get you to switch prescriptions to them. Not only is this illegal in certain states, it’s also illegal to offer these incentives to customers with health insurance through Medicaid. Kmart has settled allegations from a whistleblower that it did exactly that for customers with Medicaid, and accepted co-pay coupons for brand-name drugs for them.

  Co-payments for drugs exist because insurers, including the government, want to steer customers toward cheaper medications. A new and pricey drug might have a high copay to discourage patients from using it, and so they bear more of the cost if they do. Promotional coupons, which come from drug companies, lower the customer’s copay to decrease their out-of-pocket cost, but the insurer is still stuck paying for a more expensive drug.

  Medicaid doesn’t allow these coupons, and they also don’t allow retailers to offer incentives for patients to switch pharmacies. Kmart is accused of doing both of these things: offering gas discounts to customers who transferred or filled prescriptions at Kmart, and accepting copay coupons from drug manufacturers.

  A report from a Kmart pharmacist who was the whistleblower in this case led to a 2013 lawsuit. Kmart paid $1.4 million to settle the suit, and the whistleblower will receive $248,500 of the total. He no longer works for Kmart.

  The settlement didn’t decide whether Kmart was liable or not, but simply settled the allegations.

  Kmart pays $1.4 million to settle U.S. charges over Medicare inducements [Reuters]

  
• 
  

ribbi

by Laura Northrup via Consumerist