Wrest control from a snooping smart speaker with this teachable “parasite”

What do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite'” — an IoT project smart speaker topper made by two designers, Bjørn Karmann and Tore Knudsen.

The Raspberry Pi-powered, fungus-inspired blob’s mission is to whisper sweet nonsense into Alexa’s (or Google Home’s) always-on ear so it can’t accidentally snoop on your home.

Project Alias from Bjørn Karmann on Vimeo.

Alias will only stop feeding noise into its host’s speakers when it hears its own wake command — which can be whatever you like.

The middleman IoT device has its own local neural network, allowing its owner to christen it with a name (or sound) of their choosing via a training interface in a companion app.

The open source TensorFlow library was used for building the name training component.

So instead of having to say “Alexa” or “Ok Google” to talk to a commercial smart speaker — and thus being stuck parroting a big tech brand name in your own home, not to mention being saddled with a device that’s always vulnerable to vocal pranks (and worse: accidental wiretapping) — you get to control what the wake word is, thereby taking back a modicum of control over a natively privacy-hostile technology.

This means you could rename Alexa “Bezosallseeingeye”, or refer to your Google Home as “Carelesswhispers”. Whatever floats your boat.

Once Alias hears its custom wake command it will stop feeding noise into the host speaker — enabling the underlying smart assistant to hear and respond to commands as normal.

“We looked at how cordyceps fungus and viruses can appropriate and control insects to fulfill their own agendas and were inspired to create our own parasite for smart home systems,” explain Karmann and Knudsen in a write up of the project. “Therefore we started Project Alias to demonstrate how maker-culture can be used to redefine our relationship with smart home technologies, by delegating more power from the designers to the end users of the products.”

Alias offers a glimpse of a richly creative custom future for IoT, as the means of producing custom but still powerful connected technology products becomes more affordable and accessible.

And so also perhaps a partial answer to IoT’s privacy problem, for those who don’t want to abstain entirely. (Albeit, on the security front, more custom and controllable IoT does increase the hackable surface area — so that’s another element to bear in mind; more custom controls for greater privacy does not necessarily mesh with robust device security.)

If you’re hankering after your own Alexa disrupting blob-topper, the pair have uploaded a build guide to Instructables and put the source code on GitHub. So fill yer boots.

Project Alias is of course not a solution to the underlying tracking problem of smart assistants — which harvest insights gleaned from voice commands to further flesh out interest profiles of users, including for ad targeting purposes.

That would require either proper privacy regulation or, er, a new kind of software virus that infiltrates the host system and prevents it from accessing user data. And — unlike this creative physical IoT add-on –that kind of tech would not be at all legal.

CERN’s plan for 100-km collider makes the LHC look like a hula hoop

The Large Hadron Collider has produced a great deal of incredible science, most famously the Higgs Boson — but physicists at CERN, the international organization behind the LHC, are already looking forward to the next model. And the proposed Future Circular Collider, at 100 kilometers or 62 miles around, would be quite an upgrade.

The idea isn’t new; CERN has had people looking into it for years. But the conceptual design report issued today shows that all that consulting hasn’t been idle: there’s a relatively cohesive and practical plan — as practical as a particle collider can be — and a decent case for spending the $21 billion or so that would be needed.

“These kind of largest scale efforts and projects are huge starters for networking, connecting institutes across borders, countries,” CERN’s Michael Benedikt, who led the report, told Nature. “All these things together make up a very good argument for pushing such unique science projects.”

On the other hand, while the LHC has been a great success, it hasn’t exactly given physicists an unambiguous signpost as to what they should pursue next. The lack of new cosmic mysteries — for example, a truly anomalous result or mysterious gap where a particle is expected — has convinced some that they must simply turn up the heat, but others that bigger isn’t necessarily better.

The design document provides several possible colliders, of which the 100-km ring is the largest and would produce the highest-energy collisions. Sure, you could smash protons together at 100,000 gigaelectron-volts rather than 16,000 — but what exactly will that help explain? We have left my areas of expertise, such as they are, well behind at this point so I will not speculate, but the question at least is one being raised by those in the know.

It’s worth noting that Chinese physicists are planning something similar, so there’s the aspect of international competition as well. How should that affect plans? Should we just ask China if we can use theirs? The academic world is much less affected by global strife and politics than, say, the tech world, but it’s still not ideal.

There are plenty of options to consider and time is not of the essence; it would take a decade or more to get even the simplest and cheapest of these proposals up and running.

Schneider’s EVLink car charging stations were easily hackable, thanks to a hardcoded password

Schneider has fixed three vulnerabilities in one of its popular electric car charging stations, which security researchers said could have easily allowed an attacker to remotely take over the unit.

At its worst, an attacker can force a plugged-in vehicle to stop charging, rendering it useless in a “denial-of-service state,” an attack favored by some threat actors as it’s an effective way of forcing something to stop working.

The bugs were fixed with a software update that rolled out on September 2 shortly after the bugs were first disclosed, and limited details of the bugs were revealed in a supporting document on December 20. Now, a fuller picture of the vulnerabilities, found by New York-based security firm Positive Technologies, were released today — almost a month later.

Schneider’s EVLink charging stations come in all shapes and sizes — some for the garage wall and some at gas stations. It’s the charging stations at offices, hotels, shopping malls and parking garages that are vulnerable, said Positive.

At the center of Positive’s disclosure is Schneider’s EVLink Parking electric charging stations, one of several charging products that Schneider sells, and primarily marketed to apartment complexes, private parking area, offices and municipalities. These charging stations are, like others, designed for all-electric and plug-in hybrid electric vehicles — including Teslas, which have their own proprietary connector.

Because the EVLink Parking station can be connected to Schneider’s cloud with internet connectivity, either over a cell or a broadband connection, Positive said that the web-based user interface on the charging unit can be remotely accessed by anyone and easily send commands to the charging station — even while it’s in use.

“A hacker can stop the charging process, switch the device to the reservation mode, which would render it inaccessible to any customer until reservation mode is turned off, and even unlock the cable during the charging by manipulating the socket locking hatch, meaning attackers could walk away with the cable,” said Positive.

“For electric car drivers, this means not being able to use their vehicles since they cannot be charged,” it said.

Positive didn’t say what the since-removed password was, but, given the curiosity, we asked and will update when we hear back.

The researchers Vladimir Kononovich and Vyacheslav Moskvin also found two other bugs that gives an attacker full access over a device — a code injection flaw and an SQL injection vulnerability. Both were fixed in the same software update.

Schneider did not respond to a request for comment. If that changes, we’ll update.

Additional reporting: Kirsten Korosec.

Samsung’s new Galaxy M smartphones will launch in India first

Samsung will launch its new lower-priced Galaxy M series in India before the smartphones roll out globally. Asim Warsi, senior vice president of Samsung India’s smartphone business, told Reuters that three devices will be available through its website and Amazon India at the end of January and are intended to help the company double online sales.

Samsung is currently trying to recover its lead in India, the world’s second-largest smartphone market behind China, after losing it to Xiaomi at the end of 2017, when Xiaomi’s sales in India overtook Samsung for the first time, according to data from both Canalys and Counterpoint.

Xiaomi’s budget Redmi series gave it an advantage since Samsung had a dearth of competitors in the same price bracket, but analysts noted the Korean electronics giant maintains an edge in terms of R&D and supply chain expertise. Samsung leaned into those strengths last year, opening what it describes as the world’s largest mobile phone factory in Noida, just outside of New Delhi.

Specs about the three Galaxy M smartphones emerged last month, with details appearing on platform benchmark Geekbench about devices called M10, M20 and M30, the latter of which may be powered by an Exynos 7885 chip with 4GB ram.

Warsi told Reuters that “the M series has been built around and incepted around Indian millennial consumers.” The price range of Indian-first smartphones will be from less than 10,000 rupees (about $142) to 20,000 rupees. TechCrunch has emailed Samsung for more information about the new phones.

The company will debut the latest version of its flagship smartphone, the Galaxy S10, in San Francisco on Feb. 20.

Chamberlain Group acquires Lockitron and Tend for its myQ smart garage hub

Chamberlain Group, which owns several security and access brands including the myQ smart garage hub, has added two new companies to its portfolio: connected door lock maker Lockitron and wi-fi home security camera startup Tend.

In a press statement, Chamberlain Group CEO JoAnna Sohovich said Tend and Lockitron’s produts will be integrated into myQ. “We know families enter and exit their homes through their garage doors multiple times a day. Our myQ technology allows homeowners to monitor and control access from their smartphone,” she said. “Adding video, connected locks, and enhanced artificial intelligence to our access solutions will provide even further peace of mind as homeowners connect to their homes and loved ones.”

(Blogger Dave Zatz first spotted signs of the deal two weeks ago, including updates to Lockitron’s privacy policy).

Lockitron was one of the first smart lock brands, shipping its first connected lock in 2010. Its flagship product is the Bolt, a smart lock that is accessed by smartphone. The Bolt launched in 2015 and was the first smart locks available for under $100. The Chamberlain Group will integrate Lockitron’s technology into myQ so users can control their garage and residential doors with one app.

In an email to TechCrunch, Cameron Robertson, who co-founded Lockitron with Paul Gerhardt, said they began looking for potential buyers in order to have the resources to scale up and meet retail and e-commerce demand. Chamberlain Group was the best fit because it will support existing Lockitron users, and Lockitron’s technology can also be integrated into other products besides myQ. The transaction was an asset sale of the Lockitron product line from its parent company Apigy. Robertson and Gerhardt are now advising Chamberlain on a part-time basis, as well as working on new projects not related to Apigy, which Robertson says will eventually be wound down.

Tend’s video and functionality, including facial recognition, will also be integrated into myQ, so users can add a Tend camera and see video of their garage doors opening and closing through myQ’s app. The company was launched in 2008 and its co-founder and CEO Herman Yau will continue on as Tend general manager, leading its video and AI platform as part of Chamberlain Group.

Chamberlain Group acquires Lockitron and Tend for its myQ smart garage hub

Chamberlain Group, which owns several security and access brands including the myQ smart garage hub, has added two new companies to its portfolio: connected door lock maker Lockitron and wi-fi home security camera startup Tend.

In a press statement, Chamberlain Group CEO JoAnna Sohovich said Tend and Lockitron’s produts will be integrated into myQ. “We know families enter and exit their homes through their garage doors multiple times a day. Our myQ technology allows homeowners to monitor and control access from their smartphone,” she said. “Adding video, connected locks, and enhanced artificial intelligence to our access solutions will provide even further peace of mind as homeowners connect to their homes and loved ones.”

(Blogger Dave Zatz first spotted signs of the deal two weeks ago, including updates to Lockitron’s privacy policy).

Lockitron was one of the first smart lock brands, shipping its first connected lock in 2010. Its flagship product is the Bolt, a smart lock that is accessed by smartphone. The Bolt launched in 2015 and was the first smart locks available for under $100. The Chamberlain Group will integrate Lockitron’s technology into myQ so users can control their garage and residential doors with one app.

In an email to TechCrunch, Cameron Robertson, who co-founded Lockitron with Paul Gerhardt, said they began looking for potential buyers in order to have the resources to scale up and meet retail and e-commerce demand. Chamberlain Group was the best fit because it will support existing Lockitron users, and Lockitron’s technology can also be integrated into other products besides myQ. The transaction was an asset sale of the Lockitron product line from its parent company Apigy. Robertson and Gerhardt are now advising Chamberlain on a part-time basis, as well as working on new projects not related to Apigy, which Robertson says will eventually be wound down.

Tend’s video and functionality, including facial recognition, will also be integrated into myQ, so users can add a Tend camera and see video of their garage doors opening and closing through myQ’s app. The company was launched in 2008 and its co-founder and CEO Herman Yau will continue on as Tend general manager, leading its video and AI platform as part of Chamberlain Group.

The world’s first foldable phone is real

People have been talking about foldable smartphones for years, but it’s finally happening. Chinese company Royole was showing off the FlexPai at CES in Las Vegas, and we got to play with it for a few minutes.

It’s hard to say if it’s a phone or a tablet as you can basically use it as a phone and a small tablet. Arguably, the tablet form factor is the most usable one. It’s a 7.8-inch device that runs Android.

When you fold the AMOLED display, there’s still a small gap between the two halves of the screen. But it’s also much smaller than the unfolded version. It’s a bulky phone, but it’s still much easier to store in a purse compared to a tablet.

You can already buy a developer version of the device if you live in the U.S. for around $1,300. It runs Android with a bunch of custom software features. If you fold the device, all your content moves to one part of the screen. It’s not a fluid experience, but it works.

It’s impressive to see that Royole managed to beat Samsung and other manufacturers to the market with this technology. Now, let’s see if Royole will sell its own devices, partner with other manufacturers or both. We have a video of the device coming up later this week.

The best and worst of CES 2019: Monster displays, VR in cars and crazy personal gadgets

CES 2019 is here and there have been a lot of technology announced at the show. From the latest autonomous vehicle technology to the coolest personal gadgets, here’s a round up of the best from the show so far.

Autos

Smart Home

Personal Gadgets

The Worst

These baby concrete speakers aren’t as heavy as they look

To paraphrase P. T. Barnum, “there’s a Bluetooth speaker born every minute.” At no time of year is that more true than at CES in Las Vegas, where they are bountiful beyond belief. But very few — nay, only one that I found — are made of concrete. And it’s French!

The speakers immediately attracted my attention because of their simplicity and of course material. I’m generally repelled, like water, from the plastic and silicone that most speakers are made out of these days. If it’s going to be visible in my house, shouldn’t it be wood or ceramic or steel? (That’s why I like Joey Roth’s stuff so much).

And why not concrete? It’s hard-wearing, cool-looking, tactile — and like ceramic actually has good qualities as far as using it for audio purposes. So the honest folks at Le Pavé Parisien tell me.

The speaker itself is single-channel, meaning it will mix down your music to mono (like many such speakers), but you can easily daisy chain a couple together for stereo or wire a bunch for a concrete wall of sound like they had on display.

I won’t speculate on the audio quality (it was extremely loud in the hall) but they’re marketing it as a high-end device, so it’s probably not bad. 60-20,000 Hz means you’ll miss out on the low end somewhat, but that’s kind of expected with small speakers.

[gallery ids="1766869,1766870,1766865,1766867,1766868,1766864,1766873,1766866"]

One of the company’s engineers, Aurelien Bertini, explained that concrete is actually also more eco-friendly, since it can be recycled by being pounded into dust and recast. Sounds labor-intensive, but that’s how recycling is.

Bertini noted that concrete also can easily be customized — laser etched, dyed, etc. The magnetic grilles on the front are easily swapped out as well. They’re really not as heavy as they look, either: about 3 pounds. It’s mostly air in there.

More importantly, the device is designed to be repaired; you pop the grille off and there are only four screws holding the guts in; take it out, replace a piece, fit something back in place that fell off, that sort of thing.

You’ll want to repair yours, too, since Le Pavé Parisien is currently selling for $400, rather higher than the average Bluetooth speaker. If you simply must have them, they’re on sale now (following a successful recent crowdfunding campaign) and expected to ship next month.

DJI finally releases a $650 Mavic 2 controller with built-in screen

The DJI Smart Controller lets Mavic 2 owners take to the skies without the need of a mobile device. The $650 controller includes a 5.5-inch screen that can display images streamed from the connected drone in full HD resolution.

DJI says this screen is twice as bright as mobile screens, too, which should make it easier to use in direct sunlight.

The device is a smart, though expensive accessory for drone owners. Right now, for most drones on the market, owners have to connect a mobile phone to a controller in order to access most of the controls of the drone and to view live video images. Often this is a cumbersome process and requires the owner to ensure multiple products are charged and connected. By combining the screen with the controller, it eliminates an extra step. The built-in screen in the cancelled GoPro Karma controller was one of its best features.

The screen itself is an Android device and reportedly supports DJI Go 4, DJI Pilot and other third party apps. The battery lasts 2.5 hours.

Video is streamed to the connected controller over DJI’s OcuSync 2.0 video transmission system. From my experience, it’s the best system available on a consumer drone platform, allowing images to hit a mobile device from an incredible distance.

DJI is going to sell the controller by itself starting today for $650. It will also be available in bundles with the Mavic 2 Pro and the Mavic 2 Zoom.