uSecurity Researcher Successfully Steals Home WiFi Passwords By Hacking Into Tea Kettlesr

4 4 4 9

• 
  While it might be super convenient to have everything in your home connected to the Internet, that interconnectivity can also give attackers a chance to sneak in through seemingly innocent devices. Take the humble tea kettle: a security researcher in England has been hacking into smart kettles across the country and gaining access to private WiFi networks.

  The iKettle can be turned on using a smartphone app, so a thirsty person won’t have to get up and start the water boiling to get a nice cuppa. Ken Munro, a researcher with Pen Test Partners, said he’s been able to tap WiFi passwords “easily” from the kettle.

  “If you haven’t configured the kettle, it’s trivially easy for hackers to find your house and take over your kettle,” Munro told The Register. “Attackers will need to setup a malicious network with the same SSID but with a stronger signal that the iKettle connects to before sending a disassociation packet that will cause the device to drop its wireless link.”

  That means he can sit outside someone’s house with a directional antenna pointed at it, boot the kettle of its access point and connect it to him instead. Once that’s done, he can get it to cough up wireless passwords in plain text.

  Some Android app users are more easily hacked since passwords remain on default unless they’re changed — which is a good reminder to always change your password whenever you buy a new smart appliance or other product that connects to the Internet.

  Connected kettles boil over, spill Wi-Fi passwords over London [The Register]

  
• 
  

ribbi

by Mary Beth Quirk via Consumerist

uIn Sale Flyer, ‘Only At Macy’s’ Means ‘Not Necessarily At Macy’s’r

4 4 4 9

• In the latest weekly installment of Mouse Print, Edwin Dworsky found what looked like an amazing deal on shirts at Macy’s, advertised in the weekly flyer. Unfortunately, Macy’s now seems to regard their flyer as a random assortment of product pictures and disclaimers. The item wasn’t available at his local Macy’s, and employees just sort of shrugged.

  The items in question were shirts from the men’s sportswear department on clearance. Now, if you saw this flyer, would you assume that it was advertising an actual sale?

  

  The nature of putting things on clearance means that they may have sold out, and that’s just how the world works. However, here, the employees hadn’t heard of the markdown at all. Dworsky interpreted an item in the flyer advertising men’s sportswear shirts for $5.99 to mean that there were men’s sportswear shirts for $5.99 that existed at some point.

  Yet there it was in the Macy’s circular fine print: items shown in the flyer may not be available at your local Macy’s. It was a national flyer, store employees explained:

  As this is remaining clearance inventory – which varies by store based on sales in each location – we include the notation that the pictured items may not be available at your local Macy’s.

  Savvy consumers may have already cleaned out the clearance department in the men’s department, which would mean there were no items left to mark down to $5.99 for the promotion. Why use a sale that a given store may have never had in the first place to entice customers?

  The Macy’s Columbus Day Sale that Wasn’t [MousePrint]

  
• 
  

ribbi

by Laura Northrup via Consumerist

uIf You Want To Use Amazon Fresh You’ll Have To Pay $299/Year For PrimeFresh Firstr

4 4 4 9

• How much are you willing to pay to have bags of fresh produce, and other grocery items delivered to your door anytime of the year? If you live in Seattle, Philadelphia, or New York, Amazon’s hoping $299/year is the magic number. 

  That’s how much the e-commerce company has priced a yearly subscription for its Amazon Fresh grocery delivery service, GeekWire reports.

  Customers currently using the service say they recently received notice that grocery deliveries would only be available to “Prime Fresh” members. The service provides consumers with same-day (if orders are placed by 10 a.m.) or overnight shipments of groceries and other items.

  Amazon goes on to explain that Prime Fresh is an upgraded version of the company’s $99/year Prime membership. With Prime Fresh, subscribers pay $299/year for “free Amazon Fresh deliveries on grocery orders over $50, plus all the benefits of Prime,” GeekWire reports.

  The subscription is required for anyone wanting to use the Amazon Fresh service. Current Prime members who upgrade to the new service will be “refunded for their Prime membership on a prorated basis,” the company says.

  After delay, AmazonFresh rolls out mandatory $299/year ‘Prime Fresh’ grocery membership [GeekWire]

  
• 
  

ribbi

by Ashlee Kieler via Consumerist

uSmall Number Of 2015 GM Vehicles Added To Massive Airbag Recallr

4 4 4 9

• 

  With some 19 million vehicles already recalled for airbags that could explode and shoot deadly shrapnel at passengers, a few hundred more might seem inconsequential.  But the latest General Motors cars added to the massive ongoing recall of vehicles with Takata airbags are the first from model year 2015.

  GM initiated the recall after testing at Takata’s Mexico plant revealed the vehicles’ side impact airbags contain inflators that could rupture with too much force.

  According to a notice filed [PDF] from the National Highway Traffic Safety Administration, on Oct. 5 a side airbag inflator failed a cold temperature pressure test at the facility.

  “In this test, [some] of the inflator’s components separated from each other during deployment, releasing high pressure gas and propelling the separated components apart.

  The following day, Takata notified GM of the failed test and the company began tracing the inflators from the failed batch to the identified vehicles.

  In all, the recall covers model year 2015 Buick LaCrosse, Cadillac XTS, Chevrolet Camaro, Chevrolet Equinox, Chevrolet Malibu and GMC Terrain vehicles.

  GM’s recall, while small, marks the first new Takata-related recall since NHTSA revised the total number of cars affected by the defect to 19 million, down from about 30 million.

  As previously reported, NHTSA will hold yet another public meeting on Thursday to discuss the ongoing Takata airbag debacle.

  The proceedings are expected to include presentations by regulators, vehicle manufacturers, airbag inflator suppliers and organizations involved in testing the safety devices.

  “NHTSA may issue one or more administrative orders that would coordinate remedy programs,” the agency said of the meeting.

  
• 
  

ribbi

by Ashlee Kieler via Consumerist

uAmazon Sues 1,114 Individual Reviewers For Hirer

4 4 4 9

• 
  Earlier this year, Amazon did something that it had never tried before: it sued four websites peddling reviews to sellers on their site. Today, they’ve filed a new lawsuit against people selling their services as reviewers through the site Fiverr. That means that the suit has 1,114 unnamed defendants.

  Fiverr, if you’re not familiar, is a website where people sell goods and services for $5. One very popular service available on the site is Amazon reviews, and sellers offering them are plentiful. Yet Amazon isn’t suing Fiverr here: they’re going after the individual sellers of reviews.

  To make sure that the services offered were legit, Amazon dispatched investigators to buy reviews. This led to the rather surreal situation where sellers would explain their strategies for evading detection by Amazon to a representative of Amazon.

  What some review-writers were offering for five bucks wasn’t even writing work: one reviewer who was part of the sting operation simply asks clients to supply her with the review they want posted. “Dear Sir,” she wrote, “Please write a review then I will post it.” They’re selling the use of their identities and Amazon accounts, not their services as writers.

  Amazon also alleges that third-party sellers ship empty boxes to paid reviewers, pretending that the item in question was inside.

  After undercover sting, Amazon files suit against 1,000 Fiverr users over fake product reviews [GeekWire]

  
• 
  

ribbi

by Laura Northrup via Consumerist

uAt Least One Burger King Is Trying All-Day Breakfast, Toor

4 4 4 9

• 
  There’s a limited pool of people who want to eat breakfast for every meal of the day, and diners and family restaurants have been preparing for a world where McDonald’s serves its breakfast menu all day. What about other fast-food outlets, though? At least one Burger King in New Jersey has decided to hop on the bandwagon and offer all-day breakfast.

  It probably helps that this restaurant, which is in Garwood, NJ, is across the street from a McDonald’s, according to tipster Matt. We wondered whether this was some kind of chain-wide initiative to compete with McDonald’s, so we contacted Burger King.

  No, they told us, this is a local initiative. It wasn’t so long ago that all-day breakfast was something that McDonald’s franchisees were agitating for: maybe Burger King will follow its competitor into serving disappointing breakfast food all day.

  
• 
  

ribbi

by Laura Northrup via Consumerist

uNYC Taxi Commission Approves Pilot Program That Would Use GPS, Tablets To Calculate Faresr

4 4 4 9

• 

  The taxi you hop in on your next trip around New York City may function a lot more like Uber and other ride-hailing services: the commission tasked with regulating the city’s taxis approved a pilot program that would replace traditional fare meters with those powered by GPS location. 

  The Wall Street Journal reports that the New York Taxi and Limousine Commission voted Thursday to approve a trial program that would reduce the amount of equipment housed in a taxicab to just a GPS-enabled tablet.

  “Ultimately it is to create a more nimble system,” said Meera Joshi, chairwoman of the city’s Taxi and Limousine Commission, said of the trial program.

  Under the test, about 1,000 taxis operating in the city would ditch their current fare display meters, credit card readers, driver monitors, location system and TVs for GPS-enabled meters on tablets with card readers that could be handed to passengers at the end of their trip.

  According to the New York Times, the pilot would run for about a year, and then the Commission would decide on whether to adopt the technology across the board.

  While the new technology would put taxis more on par with ride-hailing rivals, some commission members and industry leaders expressed concern on whether the new system would be more susceptible to overcharging.

  To ensure that the system works properly, the Times reports that officials with the Commission will conduct test runs across the city using both the current meter and the new GPS-based one to confirm they tally the same fares.

  Additionally, some advocates raised unease that the new systems may to be readily used by people who are blind or have limited vision.

  “The concern is if we have a smartphone or tablet in the front driver compartment somebody sitting in the back with the partition wouldn’t be able to hear it,” Lester Marks, the director of government affairs at Lighthouse Guild, an advocacy group for the visually impaired, tells the Times.

  Companies making the new systems – which still have to submit proposals to the Commission – say they haven’t ruled out the possibility of including a passenger-facing device within the system.

  Jason Gross, head of product and marketing for a company that currently makes systems for taxis, said the passenger-facing tablets could display maps, offer payment options or other apps.

  Tech Inside Yellow Cabs Faces an Overhaul [The Wall Street Journal]
  Some New York City Cabs to Lose Taxi TV in Pilot Program [The New York Times]

  
• 
  

ribbi

by Ashlee Kieler via Consumerist