Cloud TL; DR: unusual “remote control”, gadget inspection and recommendations for personal information security

We continue to share TL; DR versions of publications from our blog… Here are all the main points of each material, and links to extended texts of publications are easy to find in subheadings.

A photo – Ed robertson – Unsplash.com

---

You can’t just take and monitor employees remotely

---

The corona crisis made telecommuting the unconditional mainstream of this year, but this format of organizing jobs appeared even before the industrial revolution. He went from home-based work of artisans and home workshops to gradual “escape from offices“In the late 90s and the” remote “available today, not only for IT specialists and officials. Its advantages, such as time savings and flexible scheduling, are obvious, but there are difficulties in working outside the office.

At the peak of quarantine, the usual offline methods for assessing the effectiveness of employees fell under a “lockdown”, and attempts to track online personnel who had just left for a remote location drew fierce criticism. The reasons for this were: someone demanded that remote controllers install keyloggers on personal computers and laptops, others – slipped them time-trackers, and still others – went even further and built the assessment process around video communications and webcams.

It was necessary to adapt quickly, and many services did it: Zoom disabled the ability to control the attention of the interlocutor, and in Basecamp – decided refuse any surveillance functionality except for the fact that it helps to voluntarily monitor the workflow (calendar and timer for tasks). But the essence of the matter was sorted out only by those companies that switched their attention from the choice of tools to the people themselves and their problems in a crisis situation.

The fact is that during the “first wave” the risks of burnout of specialists involved in complex and creative tasks increased. Attempts to bind primitive tracking tools to work that defy routine accounting caused a real crisis of confidence. The question of how to resolve it “peacefully” is still open for many companies and is being discussed at all on Habré.

---

Screening of mobile devices – how things are in the world

---

This summer, a Seattle court banned special services and law enforcement officers from unreasonable analysis of the smartphone lock screen. Now this requires a special order, emphasizing the exceptional nature of the situation and the need for such measures. Such regulation affects only the work of United States departments. That is why we decided to make overview about the situation with the inspection of gadgets in other countries.

In British practice, a warrant is not required for these tasks. Also, local legislation allows dumping even from blocked devices using special systems – there are already purchased Scottish police. In Australia, there is still an obligation to obtain a warrant, but a special type of permit is required to search the devices of journalists. On the other hand, Australian special services always may request the ability to decrypt data from developers and device manufacturers – they are entitled to this by the laws of the country.

Such practices are increasingly discussed in the IT community. Basecamp even published thematic recommendations to maintain the proper level of information security on business trips. We also did overview post with inspection statistics and a few comments from tech company representatives.

---

You can’t just take and “reflash” your gadget

---

If you bought a gadget, this does not mean that all its filling is at your disposal. And it’s not about Right to Repair and vendors’ attempts to link clients to authorized workshops. This time it’s about the right to modify software components and hardware in order to expand the capabilities or completely repurpose the devices you have purchased.

So, this spring, an enthusiast shared modification of the well-known calculator model. In the course of reengineering, he replaced the solar battery with an OLED display and added a Wi-Fi module to the device, and published the results on GitHub. After a stormy response in the geek community and the release of materials in the largest thematic publications, its repository was closed at the request of an organization engaged in the fight against counterfeit electronics.

And this is not the first such case. Nine years ago, Activision was in a lawsuit over modifying a gadget to read RFID tags on action figures from the company’s games. Without any reason, the vendor expressed concerns that the changes made would allow opening in-game content and receiving free virtual goods related to toys.

One can only guess how the regulation of such issues will develop, but on Habré and on Hacker News, they have repeatedly expressed criticism and proposals to consolidate sanctions in the legislation for false accusations of enthusiasts and independent engineers who do not seek any mass commercialization of the gadgets they have converted.

---

Cybersecurity Book Selections (the first, second)

---

We looked at what they recommend on Habré, Hacker News and Reddit. This is a kind of “memoir” of a Microsoft top manager; the view of a well-known information security specialist on the fight for cyberspace; expert review of social engineering methods; a pentester’s story about the world of “white hackers”; analytical material about information security for IoT; and a reference for penetration testing.