Cool Dashcam has a security flaw

From Slashdot: Dashcam Flaw Allows Anyone To Track Drivers In Real-Time Across the US

An anonymous reader quotes a report from Motherboard:BlackVue is a dashcam company with its own social network. With a small, internet-connected dashcam installed inside their vehicle, BlackVue users can receive alerts when their camera detects an unusual event such as someone colliding with their parked car. Customers can also allow others to tune into their camera's feed, letting others "vicariously experience the excitement and pleasure of driving all over the world," a message displayed inside the app reads. Users are invited to upload footage of their BlackVue camera spotting people crashing into their cars or other mishaps with the #CaughtOnBlackVue hashtag. But what BlackVue's app doesn't make clear is that it is possible to pull and store users' GPS locations in real-time over days or even weeks. Motherboard was able to track the movements of some of BlackVue's customers in the United States.

Ordinarily, BlackVue lets anyone create an account and then view a map of cameras that are broadcasting their location and live feed. This broadcasting is not enabled by default, and users have to select the option to do so when setting up or configuring their own camera. Motherboard tuned into live feeds from users in Hong Kong, China, Russia, the U.K, Germany, and elsewhere. BlackVue spokesperson Jeremie Sinic told Motherboard in an email that the users on the map only represent a tiny fraction of BlackVue's overall customers. But the actual GPS data that drives the map is available and publicly accessible. By reverse engineering the iOS version of the BlackVue app, Motherboard was able to write scripts that pull the GPS location of BlackVue users over a week long period and store the coordinates and other information like the user's unique identifier. One script could collect the location data of every BlackVue user who had mapping enabled on the eastern half of the United States every two minutes. Motherboard collected data on dozens of customers.Following the report, BlackVue said their developers "have updated the security measures" to prevent this sort of tracking.

Motherboard confirmed that previously provided user data stopped working, and they said they have "deleted all of the data collected to preserve individuals' privacy."

Augmented Reality Contact Lenses are real!

WANT!

[ What does this have to do with info security?  What DOESN'T it have to do with IS?! ]


From Slashdot Augmented Reality In a Contact Lens: It's the Real Deal 

Tekla Perry writes:
Startup Mojo Vision announced a microdisplay mid-2019, with not a lot of talk about applications. Turns out, they had one very specific application in mind -- an AR contact lens. Last week the company let selected media have a look at working prototypes, powered wirelessly, though plans for the next version include a battery on board. The demos included edge detection and enhancement (intended for people with low vision) in a darkened room and text annotations. The lenses are entering clinical trials (company executives have been testing them for some time already).Steve Sinclair, senior vice president of product and marketing, says the first application will likely be for people with low vision -- providing real-time edge detection and dropping crisp lines around objects. Other applications include translating languages in real time, tagging faces, and providing emotional cues.

"People can't tell you are wearing it, so we want the interaction to be subtle, done using just your eyes," Sinclair said. He also noted the experience is different from wearing glasses. "When you close your eyes, you still see the content displayed," he says. Mojo Vision is calling the technology Invisible Computing.