What better way of preparing for 2017 than looking back at the truly weird stuff that happened in 2016?
Kettles giving away Wi-Fi passwords
Demonstrating that you should always be wary of the insider threat, the humble household kettle – inexplicably souped up with a Wi-Fi transmitter – may be passing your secrets to the enemy.
This story first broke at the end of 2015, but in the meantime, well, nothing has changed. As Ken Munro from Pen Test Partners demonstrated to a rapt audience at the SC Congress in February 2016, hacking the kettle was as simple as doing a port scan and reviewing the source code. It was, he said, “like turning the clock back 20 years in terms of security”.
Connect up one of these vulnerable kettles to your home network and it's ‘goodbye, security' unless you take steps to isolate it from other devices on the network.
Or you could simply not buy a Wi-Fi kettle in the first place.
Drones taking out light bulbs
In November 2016, researchers demonstrated a proof-of-concept attack on so-called smart light bulbs that could allow them to take control of a city's entire lighting system.
It's as simple as writing a new operating system to one light bulb which then helpfully passes the new OS onto its neighbours who in turn do the same.
The code can be delivered wirelessly from the ground or even via a drone hovering nearby.
Once in control, the attacker can switch the entire grid of lights on and off or even exploit the devices as a botnet to deliver distributed denial-of-service attacks.
The researchers chose to target Philips Hue smart light bulbs for their research but it appears that other brands that use the Zigbee wireless communications protocol may be vulnerable, too.
Zuckerberg announced dead on Facebook
In a possible case of wishful thinking (only kidding, Mark!), Facebook founder Mark Zuckerberg was, for a brief time in November, mistakenly declared deceased – by his own company.The boyish doyen of social media was apparently dead.
Apart from killing off the boss was the small matter of also adding an 'In Memoriam' page to two million other users' profiles.
But unlike the famous parrot, Zuckerberg hadn't shuffled off this mortal coil nor, indeed, was he resting, and presumably after sending a rocket up the backsides of his technical team, the glitch was quickly sorted.
Not to be outdone, Twitter CEO Jack Dorsey got himself booted off his own social media network several days later – for offences unknown. The hiatus only lasted for 15 minutes and only affected Dorsey's account, but it was enough to unleash a storm of ribald tweets.
Headphones hacked to become ultimate listening device
The humble headphones, as ubiquitous as the laptop and the mobile phone, may be doing more than piping tunes and TV shows into your head – they may also be spying on you.
Cue the shower scene from Psycho.
Researchers from Ben-Gurion University of the Negev in Israel created a proof-of-concept to exploit an option found in Realtek's audio chipsets called jack retasking or remapping. Basically, it allows a user to change the function of an audio port at the software level, turning the speaker into a microphone.
This works because the parts in a speaker are essentially the same as in a microphone, just working in reverse.
According to the researchers, their exploit – which they have cleverly named SPEAKEaR – allows an eavesdropper to record intelligible audio from several metres away.
Google's Brain is missing – uh no, we just couldn't understand it
Google, has ramped up the creep factor once again by developing artificial intelligence systems that can create their own encryption.
Researchers demonstrated how Google Brain could develop its own encryption methods without having been taught cryptographic algorithms.
Three “Brains” – Alice, Bob and Eve – competed in a game whereby Alice and Bob had to communicate with each other without Eve eavesdropping on their conversation.
It is hoped that the research will lead to novel security techniques.
It is also hoped that these computers won't take over the world and make fun of humans while denying us the ability to understand what they are saying.
VTech says it's not responsible for customers' data
While other organisations strive to secure their customers' data against the bad guys, VTech – manufacturer of interactive children's toys – has conceded defeat and issued new terms and conditions that make it clear that if it screws up, it's your fault.
These updated terms and conditions include the statement that if you use VTech products, “you acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorised parties”.
VTech was, of course, responding to a massive hack of its systems in 2015 which resulted in the theft of data relating to millions of adults and children.
Critics accused the company of using laughable security, with security researcher Troy Hunt telling SC that VTech's technology was at least half a decade out of date.
Ken Munro from Pen Test Partners said that rather than hiring lawyers to rewrite its terms and conditions, it should have hired more cyber-security experts.
The company told SC that the new Ts & Cs merely recognised the fact that “perfect” security was simply not achievable.
McAfee offers to hack iPhone
Larger-than-life security pro John McAfee – perhaps in an attempt to repair his reputation with the law enforcement community – offered to help the FBI bypass recalcitrant Apple Inc and hack an iPhone belonging to one of the San Bernardino shooters.
The FBI had been putting pressure on Apple through the courts and in the court of public opinion to disable the security features on the iPhone 5S.
McAfee – who was also at the time running for president of the United States – has had his run-ins with the law and is presumably no friend of the FBI. His motive for offering to hack the iPhone was apparently to take pressure off Apple to install permanent backdoors in the devices.
London's Met police mug man for his phone
Such is the difficulty of hacking into smartphones that the police in London resorted to an unusual tactic to gain access to a suspect's phone – they mugged him in broad daylight.
The suspect was Gabriel Yew who was being investigated by Operation Falcon for fraud and online crime. As he conducted much of his business on his iPhone, the police were keen to gain access to its data.
Legally he could refuse to unlock it but the police could get around this if they seized the phone while he was using it.
Which is what they did – taking it from his hand while he was making a call on the street. The officer who took the phone then continuously swiped and tapped on the screen to prevent it from going into sleep mode.
Yew pleaded guilty in court in November and was sentenced to five-and-a-half years in prison.
President-elect Trump rejects intelligence agency findings
President-elect Trump, who has repeatedly asserted he has “a fine brain” and “the best words”, has rejected the conclusion of 17 US intelligence agencies that the Russian government were involved in online shenanigans during the recent presidential election campaign.
The CIA among others said there was clear evidence the Russian government was involved in the hacking and subsequent leaking of emails from the servers of the Democratic Party. They also hacked the Republican Party but didn't release that data.
The CIA has gone so far as to speculate that Russia's President Putin personally ordered the attacks in a vendetta against Hillary Clinton.
Trump says it's nonsense and his supporters are clinging to the fact that the FBI – which as an arm of the Justice Department require a standard of proof that would stand up in a court of law – has not endorsed the claims.
The Office of the Director of National Intelligence (ODNI), which oversees the intelligence agencies, accepted the CIA's analysis of the data but not its conclusions about the motive because, short of having informants in the room when the decisions were taken, it would be impossible to know this for certain.
Trump, for his part, has dismissed the claims on the basis that Clinton's supporters are simply making excuses for her loss.
NCSC director sets out new agenda in, err, Washington DC
Last time we checked, the NCSC was a UK organisation so why was the new chief executive, Ciaran Martin, so keen to cosy up to the United States?
So keen, in fact, was he to make nice with the Americans that he delivered his first major speech, two weeks prior to the official opening of the centre (30 September), at a conference in Washington, DC on 13 September.
Rather than a UK audience, delegates to the Billington Cyber Security Summit) were the first to hear the thoughts of the man who's been gifted the major part of a £1.9 billion investment in cyber-security.
Six weeks later it was the turn of the NCSC technical lead, Dr Ian Levy, to make nice with a major American corporation, appearing at Microsoft's Future Decoded event on 1 November to unveil yet more news about Britain's investment in the fight against cyber-crime.