wi-fi

Sonos Bluetooth-enabled, battery-powered speaker leaks ahead of official launch

Posted by | Assistant, Bluetooth, ethernet, Gadgets, Google, hardware, smart speakers, Sonos, Speaker, TC, technology, telecommunications, usb, wi-fi | No Comments

Sonos has an event coming up at the end of the month to reveal something new, but leaks have pretty much given away what’s likely to be the highlight announcement at the event: A new, Bluetooth-enabled speaker that has a built-in battery for portable power.

The speaker originally leaked earlier this month, with Dave Zatz showing off a very official-looking image, and The Verge reporting some additional details, including a toggle switch for moving between Bluetooth and Wi-Fi modes, and a USB-C port for charging, along with rough dimensions that peg it as a little bit bigger than the existing Sonos One.

Screen Shot 2019 08 19 at 9.02.48 AM

Source: Win Future

Now, another leak from Win Future has revealed yet more official-looking images, including a photo of the device with its apparent dock, which provides contact charging. The site also says the new speaker will be called the Sonos Move, which makes a lot of sense, given it’ll be the only one that can actually move around and still maintain functionality while portable.

Sonos Move 1566013610 0 6

Source: Win Future

Here’s the TL;DR of what we know so far, across all the existing leaks:

  • Can stream via Wi-Fi (works with your Sonos network like other Sonos speakers) and Bluetooth (direct pairing with devices), with Bluetooth LE included for easier setup
  • USB-C port for power and Ethernet port for connectivity
  • Similar design to Sonos One, with more rounded corners, but wider and taller (likely to allow room for integrated battery)
  • Built-in handle in the back for easier carrying
  • Contacts on bottom for docked charging (as alternative to USB-C)
  • Supports Alexa and Google Assistant and has integrated mic (neither available via Bluetooth mode, however)
  • Suports AirPlay 2
  • Offer Auto Trueplay, which automatically tunes speaker sound to your place using onboard mic

No word yet on official availability or pricing, but it’s reasonable to expect that it’ll arrive sometime this fall, following that late August announcement.

Powered by WPeMatico

The ClockworkPi GameShell is a super fun DIY spin on portable gaming

Posted by | Bluetooth, computing, electronics, Emulator, Gadgets, Gaming, hardware, linus torvalds, linux, microsoft windows, Nintendo Switch, open source software, operating systems, Reviews, Speaker, TC, vice, wi-fi | No Comments

Portable consoles are hardly new, and thanks to the Switch, they’re basically the most popular gaming devices in the world. But ClockworkPi’s GameShell is something totally unique, and entirely refreshing when it comes to gaming on the go. This clever DIY console kit provides everything you need to assemble your own pocket gaming machine at home, running Linux-based open-source software and using an open-source hardware design that welcomes future customization.

The GameShell is the result of a successful Kickstarter campaign, which began shipping to its backers last year and is now available to buy either direct from the company or from Amazon. The $159.99 ( on sale for $139.99 as of this writing) includes everything you need to build the console, like the ClockworkPi quad-core Cortex A7 motherboard with integrated Wi-Fi, Bluetooth and 1GB of DDR3 RAM — but it comes unassembled.

GameShell Clockwork Pi 3

You won’t have to get out the soldering iron — the circuit boards come with all components attached. But you will be assembling screen, keypad, CPU, battery and speaker modules, connecting them with included cables and installing them in the slick, GameBoy-esque plastic shell. This might seem like an intimidating task, depending on your level of technical expertise: I know I found myself a bit apprehensive when I opened the various boxes and laid out all the parts in front of me.

But the included instructions, which are just illustrations, like those provided by Lego or Ikea, are super easy to follow and break down the task into very manageable tasks for people of all skill levels. All told, I had mine put together in less than an hour, and even though I did get in there with my teeth at one point (to remove a bit of plastic nubbin when assembling the optional Lightkey component, which adds extra function keys to the console), I never once felt overwhelmed or defeated. The time-lapse below chronicles my entire assembly process, start to finish.

What you get when you’re done is a fully functional portable gaming device, which runs Clockwork OS, a Linux-based open-source OS developed by the company. It includes Cave Story, one of the most celebrated indie games of the past couple of decades, and a number of built-in emulators (use of emulators is ethically and legally questionable, but it does provide an easy way to play some of those NES and SNES games you already own with more portability).

There’s a very active community around the GameShell that includes a number of indie games to play on the console, and tips and tricks for modifications and optimal use. It’s also designed to be a STEM educational resource, providing a great way for kids to see what’s actually happening behind the faceplate of the electronics they use everyday, and even getting started coding themselves to build software to run on the console. Loading software is easy, thanks to an included microSD storage card and the ability to easily connect via Wi-Fi to move over software from Windows and Mac computers.

Everything about the GameShell is programmable, and it features micro HDMI out, a built-in music player and Bluetooth support for headphone connection. It’s at once instantly accessible for people with very limited tech chops, and infinitely expandable and hackable for those who do want to go deeper and dig around with what else it has to offer.

Swappable face and backplates, plus open 3D models of each hardware component, mean that community-developed hardware add-ons and modifications are totally possible, too. The modular nature of the device means it can probably get even more powerful in the future too, with higher capacity battery modules and improved development boards.

I’ve definitely seen and used devices like the GameShell before, but few manage to be as accessible, powerful and customizable all at once. The GameShell is also fast, has great sound and an excellent display, and it seems to be very durable, with decent battery life of around three hours or slightly more of continuous use depending on things like whether you’re using Wi-Fi and screen brightness.

Powered by WPeMatico

The PureCam Connected Car Security System is a dashcam with extras

Posted by | automotive, cameras, connected car, dashcam, Gadgets, T-Mobile, technology, wi-fi, wireless data | No Comments

Thanks to a rash of YouTube videos of traffic stops, wild crashes and wacky antics, dashcams are becoming more and more popular with drivers. But does the world need one that shoots at 1080p and beams every minute of your drive back to a central storage device and can work as a Wi-Fi hotspot?

PureGear thinks so.

Their latest camera, the PureCam Connected Car Security System, shown at CES 2019, features front and back-facing cameras and is 4G LTE connected. In the unit we tested, it used T-Mobile for data transfer.

The device connects to your car’s OBD port, a diagnostics port that sends data to the camera and powers it. It has a full 1080p camera in front, a small VGA screen and a 720p rear-facing camera. It mounts to the window via a suction cup. It also can shoot in the dark and will sense when someone is breaking into your vehicle and begin recording.

This last part is critical. Because it is always connected, the PureCam will send footage of crashes and break-ins to the cloud. In this way, you have a video record inside and outside of the car.

The system requires a data plan, so you’ll have to head down to the cellphone shop to pick up a spare SIM card, but it also can record footage to the included 16 GB card.

The kit costs $249.99 and includes three months of wireless data and 7 GB of cloud storage for 12 months. Because it has its data provider, you can connect up to three devices to the PureCam’s hotspot.

This camera is mostly designed for peace of mind. Because the screen is relatively small and automatically dims while driving, you won’t notice the system until you need it. Because it uses the OBD port you don’t have to run cables to a cigarette lighter power port or USB port, thereby freeing things up for phones and the like. Finally, because it wakes up when your car is parked, it adds an extra layer of security.

The PureCam is surprisingly easy to install — you have to find your OBD port — but you do need a modern car and be willing to spend a bit on the data plan. While it’s not a perfect system, it’s one of the cleverest and most useful dashcams we’ve tried.

Powered by WPeMatico

iOS 13: Here are the new security and privacy features you might’ve missed

Posted by | Android, Apple, Apps, Bluetooth, cloud applications, computing, hardware, iOS, iPad, iPhone, privacy, safari, Security, smartphones, social media, tablet computers, technology, webmail, wi-fi | No Comments

In just a few weeks Apple’s new iOS 13, the thirteenth major iteration of its popular iPhone software, will be out — along with new iPhones and a new iPad version, the aptly named iPadOS. We’ve taken iOS 13 for a spin over the past few weeks — with a focus on the new security and privacy features — to see what’s new and how it all works.

Here’s what you need to know.

You’ll start to see reminders about apps that track your location

1 location track

Ever wonder which apps track your location? Wonder no more. iOS 13 will periodically remind you about apps that are tracking your location in the background. Every so often it will tell you how many times an app has tracked where you’ve been in a recent period of time, along with a small map of the location points. From this screen you can “always allow” the app to track your location or have the option to limit the tracking.

You can grant an app your location just once

2 location ask

To give you more control over what data have access to, iOS 13 now lets you give apps access to your location just once. Previously there was “always,” “never” or “while using,” meaning an app could be collecting your real-time location as you’re using it. Now you can grant an app access on a per use basis — particularly helpful for the privacy-minded folks.

And apps wanting access to Bluetooth can be declined access

Screen Shot 2019 07 18 at 12.18.38 PM

Apps wanting to access Bluetooth will also ask for your consent. Although apps can use Bluetooth to connect to gadgets, like fitness bands and watches, Bluetooth-enabled tracking devices known as beacons can be used to monitor your whereabouts. These beacons are found everywhere — from stores to shopping malls. They can grab your device’s unique Bluetooth identifier and track your physical location between places, building up a picture of where you go and what you do — often for targeting you with ads. Blocking Bluetooth connections from apps that clearly don’t need it will help protect your privacy.

Find My gets a new name — and offline tracking

5 find my

Find My, the new app name for locating your friends and lost devices, now comes with offline tracking. If you lost your laptop, you’d rely on its last Wi-Fi connected location. Now it broadcasts its location using Bluetooth, which is securely uploaded to Apple’s servers using nearby cellular-connected iPhones and other Apple devices. The location data is cryptographically scrambled and anonymized to prevent anyone other than the device owner — including Apple — from tracking your lost devices.

Your apps will no longer be able to snoop on your contacts’ notes

8 contact snoop

Another area that Apple is trying to button down is your contacts. Apps have to ask for your permission before they can access to your contacts. But in doing so they were also able to access the personal notes you wrote on each contact, like their home alarm code or a PIN number for phone banking, for example. Now, apps will no longer be able to see what’s in each “notes” field in a user’s contacts.

Sign In With Apple lets you use a fake relay email address

6 sign in

This is one of the cooler features coming soon — Apple’s new sign-in option allows users to sign in to apps and services with one tap, and without having to turn over any sensitive or private information. Any app that requires a sign-in option must use Sign In With Apple as an option. In doing so users can choose to share their email with the app maker, or choose a private “relay” email, which hides a user’s real email address so the app only sees a unique Apple-generated email instead. Apple says it doesn’t collect users’ data, making it a more privacy-minded solution. It works across all devices, including Android devices and websites.

You can silence unknown callers

4 block callers

Here’s one way you can cut down on disruptive spam calls: iOS 13 will let you send unknown callers straight to voicemail. This catches anyone who’s not in your contacts list will be considered an unknown caller.

You can strip location metadata from your photos

7 strip location

Every time you take a photo your iPhone stores the precise location of where the photo was taken as metadata in the photo file. But that can reveal sensitive or private locations — such as your home or office — if you share those photos on social media or other platforms, many of which don’t strip the data when they’re uploaded. Now you can. With a few taps, you can remove the location data from a photo before sharing it.

And Safari gets better anti-tracking features

9 safari improvements

Apple continues to advance its new anti-tracking technologies in its native Safari browser, like preventing cross-site tracking and browser fingerprinting. These features make it far more difficult for ads to track users across the web. iOS 13 has its cross-site tracking technology enabled by default so users are protected from the very beginning.

Read more:

Powered by WPeMatico

Security flaws in a popular smart home hub let hackers unlock front doors

Posted by | Gadgets, Home Automation, Password, privacy, private key, search engine, Security, smart device, smart devices, smart home devices, smart lock, spokesperson, wi-fi | No Comments

When is a smart home not so smart? When it can be hacked.

That’s exactly what security researchers Chase Dardaman and Jason Wheeler did with one of the Zipato smart hubs. In new research published Tuesday and shared with TechCrunch, Dardaman and Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock.

Smart home technology has come under increasing scrutiny in the past year. Although convenient to some, security experts have long warned that adding an internet connection to a device increases the attack surface, making the devices less secure than their traditional counterparts. The smart home hubs that control a home’s smart devices, like water meters and even the front door lock, can be abused to allow landlords entry to a tenant’s home whenever they like.

In January, security expert Lesley Carhart wrote about her landlord’s decision to install smart locks — forcing her to look for a new home. Other renters and tenants have faced similar pressure from their landlords and even sued to retain the right to use a physical key.

Dardaman and Wheeler began looking into the ZipaMicro, a popular smart home hub developed by Croatian firm Zipato, some months ago, but only released their findings once the flaws had been fixed.

The researchers found they could extract the hub’s private SSH key for “root” — the user account with the highest level of access — from the memory card on the device. Anyone with the private key could access a device without needing a password, said Wheeler.

They later discovered that the private SSH key was hardcoded in every hub sold to customers — putting at risk every home with the same hub installed.

Using that private key, the researchers downloaded a file from the device containing scrambled passwords used to access the hub. They found that the smart hub uses a “pass-the-hash” authentication system, which doesn’t require knowing the user’s plaintext password, only the scrambled version. By taking the scrambled password and passing it to the smart hub, the researchers could trick the device into thinking they were the homeowner.

All an attacker had to do was send a command to tell the lock to open or close. With just a few lines of code, the researchers built a script that locked and unlocked a smart lock connected to a vulnerable smart hub.

The proof-of-concept code letting the hackers unlock a smart lock (Image: Chase Dardaman, Jason Wheeler)

Worse, Dardaman said that any apartment building that registered one main account for all the apartments in their building would allow them to “open any door” from that same password hash.

The researchers conceded that their findings weren’t a perfect skeleton key into everyone’s homes. In order to exploit the flaws, an attacker would need to be on the same Wi-Fi network as the vulnerable smart hub. Dardaman said any hub connected directly to the internet would be remotely exploitable. The researchers found five such vulnerable devices using Shodan, a search engine for publicly available devices and databases.

Zipato says it has 112,000 devices in 20,000 households, but the exact number of vulnerable hubs isn’t known.

We asked SmartRent, a Zipato customer and one of the largest smart home automation providers, which said fewer than 5% of its apartment-owning customers were affected by the vulnerable technology. A spokesperson wouldn’t quantify the figure further. SmartRent said it had more than 20,000 installations in mid-February, just weeks before the researchers’ disclosure.

For its part, Zipato fixed the vulnerabilities within a few weeks of receiving the researchers’ disclosure.

Zipato’s chief executive Sebastian Popovic told TechCrunch that each smart hub now comes with a unique private SSH key and other security improvements. Zipato has also since discontinued the ZipaMicro hub in favor of one of its newer products.

Smart home tech isn’t likely to go away any time soon. Figures from research firm IDC estimate more than 832 million smart home devices will be sold in 2019, just as states and countries crack down on poor security in internet-connected devices.

That’s also likely to bring more scrutiny to smart home tech by hackers and security researchers alike.

“We want to show that there is a risk to this kind of tech, and apartment buildings or even individual consumers need to know that these are not necessarily safer than a traditional door lock,” said Dardaman.

Powered by WPeMatico

Netgear adds gigabit routers to its Orbi mesh

Posted by | CES 2019, computing, Gadgets, gigabit, Google WiFi, Netgear, Router, TC, wi-fi, wireless, wireless networking | No Comments

My favorite mesh gear, Netgear’s Orbi, has gotten a considerable speed update. The new router, called the RBK50, supports Wi-Fi 6 802.11ax technology which will send gigabit wireless speeds from router to router in your mesh.

WiFi 6 is still new to the industry and there isn’t much support outside of specific hardware like this.

Performance of the industry leading Orbi Mesh Wi-Fi Systems is improved by adding 1024 QAM with a 4×4 Wi-Fi 6 backhaul, increasing the speeds, coverage and capacity of this dedicated wireless link between the Orbi router and satellites.

With an advanced Wi-Fi 6 networking SoC from Qualcomm Technologies, Inc., Orbi with Wi-Fi 6 will support even higher performance simultaneous Wi-Fi streams, making it possible to deliver gigabit internet to far more devices and enable these gigabit internet homes to take advantage of new Wi-Fi 6 performance, which will be designed into the next generation of mobile and smart home devices.

The new routers will ship in Q3 2019 or later. No pricing is available yet.

Powered by WPeMatico

D-Link thinks 5G will cut your cords forever

Posted by | 5g, Best-Buy, CES 2019, computing, D Link, DSP, Gadgets, Internet of Things, Router, TC, technology, wi-fi, wireless | No Comments

Network gear maker D-Link just announced a 5G router that sends high-speed Wi-Fi through your house without cables. The router, called the DWR-2010, should allow users to get massive speeds over 5G networks without running cable. Don’t expect to pick this up at the local Best Buy, however, as the 5G router will probably ship from wireless service providers.

The DWR-2010 also offers customization options for service providers, making it suitable for deployment on a range of network configurations. The gateway features an embedded 5G NR (New Radio) NSA module and can operate on the sub-6 GHz or mmWave frequencies in 200 MHz (2 x 100 MHz) or 800 MHz (8 x 100 MHz) configurations. Complete with remote management (TR-069) and FOTA, the DWR-2010 provides hassle-free operation and a better customer experience.

D-Link also announced some new Exo mesh routers as well as a cute little mydlink devices including a smart switch and a weird little water sensor that will warn you when your water heater explodes. The Indoor Wi-Fi Smart Plug (DSP-W118) and Outdoor Wi-Fi Smart Plug (DSP-W320) will control your lights and appliances both indoors and out.

Expect these cool tools to hit stores in Q2 2019.

Powered by WPeMatico

Hackers hijack thousands of Chromecasts to warn of latest security bug

Posted by | Amazon, chromecast, computing, echo, Gadgets, Google, Hack, hardware, iPad, media streamer, Security, smart devices, smart home devices, spokesperson, technology, wi-fi | No Comments

Hackers have hijacked thousands of exposed Chromecast streaming devices to warn users of the latest security flaw to affect the device. But other security researchers say that the bug — if left unfixed — could be used for more disruptive attacks.

The culprits, known as Hacker Giraffe and J3ws3r, have become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hackers hijacked forced the affected Chromecasts to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like themselves.

Not one to waste an opportunity, the hackers also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.

As the two say, disabling UPnP should fix the problem.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

That’s true on one hand, but it doesn’t address the underlying issue — that the Chromecast can be tricked into allowing an unauthenticated attacker the ability to hijack a media stream and display whatever they want.

Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)

Bishop Fox, a security consultancy firm, first found a hijack bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.

Two years later, U.K. cybersecurity firm Pen Test Partners discovered that the Chromecast was still vulnerable to “deauth” attacks, making it easy to play content on a neighbor’s Chromecasts in just a few minutes.

Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.

“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch. (Google said in a follow-up email that it’s working to fix the deauth bug.)

He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.

Munro said Google should have fixed its bug in 2014 when it first had the chance.

“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”

But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.

In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)

To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”

Amazon Echos and other smart devices are widely considered to be secure, even if they’re prone to overhearing things they shouldn’t. Often, the weakest link are humans. Second to that, it’s the other devices around smart home assistants that pose the biggest risk, said Munro in his blog post. That was demonstrated recently when Canadian security researcher Render Man showed how using a sound transducer against a window can trick a nearby Amazon Echo into unlocking a network-connected smart lock on the front door of a house.

“Google needs to properly fix the Chromecast deauth bug that allows casting of YouTube traffic,” said Munro.

Updated at 9pm ET: with a new, clearer headline to better reflect the flaws over the years, and added additional comment from Google.

Powered by WPeMatico

Google’s Project Fi gets an improved VPN service

Posted by | Android, Google, Mobile, project fi, Security, virtual private networks, vpn, wi-fi, wireless, wireless service | No Comments

Google’s Project Fi wireless service is getting a major update today that introduces an optional always-on VPN service and a smarter way to switch between Wi-Fi and cellular connections.

By default, Fi already uses a VPN service to protect users when they connect to the roughly two million supported Wi-Fi hotspots. Now, Google is expanding this to cellular connections, as well. “When you enable our enhanced network, all of your mobile and Wi-Fi traffic will be encrypted and securely sent through our virtual private network (VPN) on every network you connect to, so you’ll have the peace of mind of knowing that others can’t see your online activity,” the team writes in today’s announcement.

Google notes that the VPN also shields all of your traffic from Google itself and that it isn’t tied to your Google account or phone number.

The VPN is part of what Google calls its “enhanced network” and the second part of this announcement is that this network now also allows for a faster switch between Wi-Fi and mobile networks. When you enable this — and both of these features are currently in beta and only available on Fi-compatible phones that run Android Pie — your phone will automatically detect when your Wi-Fi connection gets weaker and fill in those gaps with cellular data. The company says that in its testing, this new system reduces a user’s time without a working connection by up to 40 percent.

These new features will start rolling out to Fi users later this week. They are off by default, so you’ll have to head to the Fi Network Tools in the Project Fi app and turn them on to get started. One thing to keep in mind here: Google says your data usage will likely increase by about 10 percent when you use the VPN.

Powered by WPeMatico

BoxLock secures your booty against porch pirates

Posted by | Amazon, containers, Gadgets, Gates, key, lock, package delivery, padlock, TC, transport, UPS, wi-fi | No Comments

This clever – if expensive – product is called the BoxLock and it is a keyless padlock that lets your package delivery person scan and drop off your packages into a locked box. The system essentially watches for a shipping event and then waits for the right barcode before opening. Once the delivery person scans the package, the lock opens, the delivery person sticks the package in a box or shed (not included) and locks it back up. You then go and grab your package at your leisure.

The lock costs $129.

The company appeared on everyone’s favorite show, Shark Tank, where they demonstrated the system with a fake door and fake UPS dude.

The internal battery lasts 30 days on one charge and it connects to your phone and house via Wi-Fi. While the system does require a box – it’s called BoxLock, after all, not LockBox – it’s a clever solution to those pesky porch pirates who endlessly steal my YorkieLoversBox deliveries.

Powered by WPeMatico