DIGITAL LIFE

Beware of quishing: fake QR codes steal your money

The gesture has become so natural that we don't even think about it anymore. You sit on a restaurant terrace, take your cell phone out of your pocket, open the camera and point it at the small black and white square stuck to the table. In a couple of seconds, the menu appears on your screen. This extreme convenience, however, is being transformed into a silent weapon. The National Republican Guard (GNR) recently issued a warning about a new wave of scams in Portugal that exploits exactly this blind trust: "quishing".

To understand the dimension of this threat, it is useful to go back in time a little. The QR (Quick Response) code is not a new technology. It was invented in 1994 by the Japanese company Denso Wave for a very specific purpose: to track automotive components during the manufacturing process. Unlike traditional barcodes, which store information only in a horizontal line, the QR code saves data in two dimensions (horizontal and vertical). This allows it to contain a substantial amount of information, such as a complete web address.

The pandemic catapulted this technology into our daily lives, replacing physical menus, paper tickets, and payment terminals. The big technical problem is that a QR code is essentially "blind" and passive; it doesn't have any native security layer or encryption to validate the destination it's sending you to.

The term "quishing" comes from the fusion of "QR" and "phishing" (the classic social engineering technique used in fake emails to fish for your data). However, while a fraudulent email often ends up in the spam folder or has obvious spelling errors, a malicious QR code is visually indistinguishable from a legitimate one.

The attack usually begins in a surprisingly analog way. Criminals generate a code that points to a server they control. Then, they print this code on a high-quality sticker and physically stick it over a real code in a public space. Imagine a municipal parking meter. You park your car, see the signal to conveniently pay with your cell phone, and scan it.

When your camera processes this counterfeit sticker, your screen is immediately redirected to a webpage that perfectly mimics the parking company's official website. Unsuspecting, you enter your credit card details to pay a two-real fee. In reality, you've just given a scammer direct access to your bank account.

Beyond the fake payments, the danger extends to infecting the device itself. Some of these links are programmed to force the download of malicious software. Once installed, this malware operates invisibly on your smartphone's processor, capable of intercepting passwords, reading your messages (including two-factor authentication codes sent by your bank), and monitoring your activity. A simple moment of distraction can cost you your digital identity and your savings.

How to protect your phone and your wallet...The success of this scam doesn't depend on complex flaws in your device's operating system, but on each user's behavior. We've been conditioned to associate these squares with speed and usefulness, lowering our defenses. To navigate this scenario without compromising your safety, you should adopt a more skeptical stance.

Before scanning any code in a public space, apply these basic rules(below):

Physically inspect the surface: Run your finger over the code to check if there is a sticker superimposed on the original material of the poster or machine.

Analyze the link preview: Nowadays, any smartphone camera shows the web address before opening it; read the URL carefully and look for spelling errors or domains that do not match the official brand.

Evaluate the context: If you find an isolated code on a utility pole promising big prizes or free Wi-Fi access, the likelihood of it being a trap is enormous.

Prioritize official apps: For mobility payments, such as scooters or parking meters, directly open the app of the service you already have installed, instead of scanning generic codes posted on the street.

Technology is designed to make our routine easier, but convenience should never outweigh the protection of your personal data. An extra second of attention is all you need to avoid a huge headache.

by mundophone 

TECH

QuWAN Express: QNAP's "VPN" that eliminates the need for routers

QuWAN Express is a lightweight VPN networking solution that enables encrypted connectivity between NAS devices without the need for additional routers. The product expands on the existing QuWAN SD-WAN architecture, focusing on scenarios where simplicity of deployment is prioritized over the complexity of a complete network infrastructure.

Not all organizations have sufficient infrastructure to justify installing dedicated routers at each location. Small branch offices, temporary offices, or environments that only need to connect two or three remote NAS systems were previously beyond the practical reach of QuWAN SD-WAN.

QuWAN Express does not replace the existing architecture—it maintains QHora routers as the basis for larger-scale deployments—but fills a gap that previously required more complex alternative solutions. QNAP positions it as a complement, not as an internal competitor.

The service uses Super Node, a QNAP cloud-based relay system, to establish automatic VPN connections between NAS devices. The solution works even without public IP addresses and traverses multiple firewall layers without manual port configuration or IP addressing conflict management.

Ruby Chan, Product Manager at QNAP, explains the scope of the offering: “With the introduction of QuWAN Express, we are expanding the flexibility of the QuWAN architecture to storage-centric scenarios. This allows organizations to integrate NAS systems into the QuWAN connectivity framework at different stages and scales of deployment, without compromising security or incurring unnecessary network overhead.

As multi-site operations become the norm, businesses increasingly demand reliable data transfer between different locations and external backup resources. However, not all use cases justify the costs and complexity of a complete network infrastructure.” To address this need, QNAP Systems, Inc. today announced the launch of QuWAN Express, a lightweight VPN networking solution that extends QNAP's QuWAN SD-WAN architecture to deliver encrypted point-to-point, NAS-to-NAS connectivity without additional routers, simplifying data transfer between locations and remote backup.

Complementing use cases without recreating the architecture...In existing QuWAN SD-WAN deployments, centralized network backbones based on QHora routers remain the foundation for enterprise-wide network management and security. QuWAN Express is not intended to replace this architecture, but rather to complement it, addressing deployment cases that require more flexibility. This includes temporary locations, smaller branch offices, or environments where NAS systems need to be integrated into the QuWAN ecosystem to provide mutual connectivity and direct access to NAS resources across the organization.

“By launching QuWAN Express, we are expanding the flexibility of the QuWAN architecture for storage-focused scenarios,” said Ruby Chan, product manager at QNAP. “This allows organizations to integrate NAS systems into the QuWAN connectivity framework at different stages and scales of deployment, without compromising security and avoiding additional network complexity.”

By reducing connectivity barriers between NAS in different locations...For organizations that do not use QNAP routers but still need secure data transfer or backup between remote NAS systems, QuWAN Express offers a more straightforward and simple approach. Through QNAP's Super Node cloud relay service, NAS devices can automatically establish secure VPN connections, even without public IP addresses or in environments with multiple layers of firewalls, eliminating the need for manual port forwarding, firewall configuration, or IP address conflict management, and significantly reducing deployment time and operational complexity.

QuWAN Express supports point-to-point connectivity for up to three NAS devices, making it ideal for cross-region data exchange and remote backup. The service includes 15 GB of free data transfer per month, and upon reaching the limit, traffic is reduced to maintain continuity of essential connections. Additional capacity and bandwidth can be flexibly incorporated through the QNAP Software Store.

For companies structuring distributed data architectures or seeking to simplify off-site backup and branch synchronization workflows, QuWAN Express offers a lightweight and rapidly deployable option. By reducing friction in network deployment, it allows NAS connectivity to keep pace with growing operational demands without imposing restrictions on infrastructure planning.

Limits and Costs...QuWAN Express supports point-to-point connections between up to three NAS devices simultaneously. The service includes 15 GB of free monthly data transfer; when this limit is reached, traffic is managed by throttling to ensure the continuity of critical connections, instead of interrupting them. Additional capacity can be purchased from the QNAP Software Store.

For organizations with external backup workflows or cross-region data synchronization, the cost-to-implement ratio is the main selling point. The absence of mandatory additional hardware significantly reduces startup time and cost.

QNAP's QuWAN Express is a software-based point-to-point (P2P) VPN solution that allows you to securely connect QNAP NAS devices in different locations without the need for additional routers. It simplifies the creation of mesh networks for backup and data transfer, offering automatic configuration, ideal for SMBs.

Key features and benefits (below):

Routerless connection: Connects NAS devices directly over the internet, eliminating the need for routers or complex firewalls.

Agile deployment: Simplifies configuration, reducing installation time and the need for IT technical knowledge.

Secure mesh VPN: Creates a secure virtual private network for data interconnection between branch offices or locations.

Ideal for NAS: Focused on storage scenarios, facilitating remote backups and data synchronization between multiple NAS devices.

P2P capability: Supports point-to-point connections for up to three NAS devices, ideal for cross-regional data exchange.

Additional benefits: Offers 15 GB of free data transfer per month.

mundophone

TECH

Plasma and lemon juice: Milder method retrieves nearly 95% of critical minerals in battery waste

Critical minerals such as those used in lithium-ion batteries come in limited supply and are concentrated in specific regions around the world. Securing a reliable supply of these materials is a priority for governments worldwide, yet most spent batteries end up in landfills, leaching toxic chemicals into the environment.

"Recycling waste batteries is the most practical solution for tackling this strained supply chain, but studies show that happens with less than 10% of battery waste," said Gautam Chandrasekhar, a doctoral student in the materials science and nanoengineering department at Rice University who is a first author on a study pioneering a new battery recycling method. The work is published in the journal Advanced Materials.

The researchers used a brief microwave-induced plasma treatment to recover nearly all of the valuable metals in battery waste using room-temperature, comparatively mild solvents, including citric acid. The process also regenerated graphite—the main material in a battery's anode.

"With plasma pretreatment, almost 95% of metals, including lithium, can be recovered from battery black mass using nothing harsher than the acid found in a lemon," said Chandrasekhar, who is part of Pulickel Ajayan's research group at Rice.

Current recycling protocols involve shredding battery waste down to a substance known as black mass, which contains minerals such as lithium, cobalt, nickel, graphite, manganese, aluminum and more. Processing black mass for mineral extraction typically requires energy-intensive industrial processes involving high temperatures and strong acids, and recovery rates are uneven.

"Industrial battery recycling processes in use today have very low metal extraction efficiency and focus mostly on the cathode," said Xiang Zhang, assistant research professor at Rice and a co-first author on the study.

Lithium can be particularly difficult to capture efficiently, and graphite—which makes up roughly 22% of the battery's weight—is rarely returned to batteries because it gets damaged during conventional recycling processes.

"This is one of the most important things to note regarding battery recycling: As the single most voluminous component in lithium-ion batteries, graphite remains almost irreplaceable as anode in widespread commercial battery applications," said Sohini Bhattacharyya, a research scientist in the Ajayan group who is a corresponding author on the study.

Bhattacharyya said the goal of the research was to develop a one-step pretreatment process for battery recycling that could be added to existing industrial processes to improve efficiency and reduce environmental impacts while recovering "all critical materials, including graphite."

"We hypothesized that using microwave-induced plasma to break down the metal oxide particles as a pretreatment step would make their hydrometallurgical recovery in weaker acids easier," Bhattacharyya said.

To test their hypothesis, the team used a custom microwave plasma reactor built by Zhang. After exposing black mass to microwave-induced plasma—an energized gas of charged particles—for 15 minutes, more than 90% of all metals were recovered in a citric acid bath at room temperature, while lithium was selectively recovered in water. Moreover, the treatment was found to remove residues and structural defects that accumulate on graphite during battery use.

"The recovered graphite shows excellent performance as an anode when reintroduced in a battery," Chandrasekhar said.

The technology has been patented, and the team is moving toward commercialization. Early technoeconomic analysis suggests the process could outperform current industrial methods, particularly by recovering graphite in a form suitable for reuse in batteries.

"This is a breakthrough methodology for recovering all critical minerals from battery black mass with minimal chemical and energy usage," said Ajayan, Rice's Benjamin M. and Mary Greenwood Anderson Professor of Engineering and professor of materials science and nanoengineering.

Provided by Rice University

INTEL

Intel releases new graphics card with up to 32 GB VRAM

Intel has released a new graphics card with up to 32 GB of VRAM. Also leveraging up to 32 Xe2 cores, the Arc Pro B70 will soon be joined by the cheaper Arc Pro B65, which Intel claims are 'cost-effective' yet 'high-performance solutions'.

Dell has updated its commercial portfolio with a suite of new devices today. For instance, the company has announced the Core Ultra Series 3 for business PCs with dedicated vPro SKUs. Additionally, it has unveiled new Arc Pro B-series GPUs, which it bills as being 'cost-effective' yet 'high-performance solutions'.

For the time being, Intel is being rather coy about hardware specifications. Currently, the company has confirmed that the Arc Pro B65 and Arc Pro B70 utilise its older Xe2 architecture, just like the Arc B570 and Arc B580 before them (curr. $299 on Amazon).

However, Intel's new Arc Pro discrete GPUs will feature up to 32 GB of VRAM. Also, they will ship with up to 32 Xe2 cores; Intel has not revealed anything else in this regard, though. Intel draws performance comparisons between the Arc Pro B70 and Nvidia RTX Pro 4000, albeit without providing specifics in this regard.

The Arc Pro B70 goes on sale today with a suggested $949 starting price for reference cards. Pricing for Arkn, ASRock, Gunnir, Maxsun, and Sparkle custom cards is unknown at this stage. By contrast, the Arc Pro B65 is set for a mid-April release but without a dedicated reference card. Intel has not yet confirmed how much the Arc Pro B65 will cost.

At its Pro Day 2026, Intel finally unveiled the one GPU that we have all been waiting for. The GPU is the one and only "Big Battlemage", and while we would've loved to see a gaming-oriented variant, Intel's first outing with this GPU is for the rapidly rising AI & Pro segment. These GPUs are designed as a balance for everyday professionals and heavy-duty Pros and are part of the same Arc Pro B-Series, which has seen the likes of the Arc Pro B60 & Arc Pro B50.

The previous entries in the Arc Pro B-series family were based on the Battlemage BMG-G21 GPU with up to 24 GB of memory.

The new cards utilize the brand new BMG-G31 GPU, which is a larger chip, based on the same TSMC N5 process technology, and offering an increased number of cores and memory. Both GPUs are designed for the Pro Workstation segment, a market that is expected to reach $17B by 2029 with a 60% share in mobile and 40% share in desktops. While a small chunk compared to the Local AI inference market, which is expected to reach $250B by 2030, Intel is still catering to its Pro and Workstation markets.

So there are two graphics cards that are based on the Intel Big Battlemage GPU that are launching today. These are the Intel Arc Pro B70 and the Arc Pro B65. Let's start with the specifications of these cards.

Arc B70 Pro	Arc B65 Pro
Nucleos Car	32	20
Ray Tracing Units	32	20
XMX Motors	256	160
VRAM	32 GB GDDR6	32 GB GDDR6
Memory width	608 GB/s	608 GB/s
Memory interface	256 bits	192 bits
Performance (Int8)	367 TOPS	197 TOPS
Consumption	160-290 W	200 W
Systems	Windows e Linux	Windows e Linux
Others	PCIe 5 x16, DisplayPort 2.1 (4)	PCIe 5 x16, DisplayPort 2.1 (4)

The Intel Arc Pro B70 graphics card is the flagship Arc B-Series offering. It features the full BMG-G31 GPU, which packs 32 Xe2-HPG cores, 256 XMX Engines, 32 RT units, and provides 367 INT8 TOPS for AI workloads. The graphics card will feature 32 GB of GDDR6 memory across a 256-bit bus interface. The memory is clocked at 19 Gbps, delivering 608 GB/s of total bandwidth. The GPU itself is clocked at 2800 MHz.

The graphics card will be offered in both AIC and Intel-branded variants. The power rating for the Intel-branded variant is 230W, while the AIC models can scale from 160W up to 290W. Power will be provided through a single 16-pin connector interface for the Intel-branded variant, while AICs have the choice to select the number of connectors based on their designs. Another important thing to remember is that a few AICs made multi-GPU models of the Arc Pro B60 with two BMG-G21 GPUs and up to 48 GB of VRAM. So we can expect some partners to be given the green light to produce such variants with two BMG-G31 GPUs and up to 64 GB of memory.

Some highlights of the graphics card include:

32 GB memory runs large AI models with higher precision & accuracy

256 XMX AI Engines (Intel Xe Matrix eXtensions)

Xe2 architecture for fast content creation & AI applications

Scalable multiple-GPU LLM Linux support

XMX AI Engines for AI-enhanced gaming, content creation & media

Ray tracing hardware acceleration for fast, photo-realistic renders

Pro drivers with ISV software certifications

Windows & Linux OS support

Xe Media Engine - Comprehensive content creation toolkit 

by mundophone

DIGITAL LIFE

New framework addresses privacy, dignity risks posed by modern AI systems

In a new article, researchers introduce the capabilities approach–contextual integrity (CA-CI), a framework that addresses privacy and dignity risks posed by modern artificial intelligence (AI) systems, especially foundation models whose capabilities evolve across contexts and purposes. In a case study, they demonstrate how CA-CI can operationalize the European Union (EU)'s AI Act's fundamental rights impact assessments, harm thresholds, and anticipatory governance. The article, by researchers at Carnegie Mellon University and the University of Michigan, is published in IEEE Security & Privacy.

"By grounding AI oversight in both contextual norms and universal dignity requirements, our framework offers a practical and robust approach to operationalizing ethics in AI governance," explains Kirsten Martin, dean of Carnegie Mellon's Heinz College of Information Systems and Public Policy, who coauthored the study. Kat Roemmich, research associate at the University of Michigan, led the study, and Florian Schaub, associate professor of information as well as electrical engineering and computer science at the University of Michigan, is a co-author.

The widespread use of AI systems carries with it risks to privacy and challenges to governance that correspond with models' complexity, autonomy, and cross-domain integration. Regulators, providers, and users struggle to manage risks within systems that learn and generalize autonomously. As these systems evolve, the once-assumed observability, traceability, and contextual stability of information flows erodes as their potential for breach, misuse, and harms to dignity increases.

Addressing these challenges requires a governance framework that can evaluate the normative appropriateness of AI systems beyond narrow tasks and stable contexts, a challenge the authors addressed by integrating contextual integrity with the capabilities approach. Specifically, CA-CI:

-Extends and strengthens Helen Nissenbaum's contextual integrity (a theory of privacy) by elevating purpose to a constitutive parameter of information flows, enabling better detection of scope creep and cross-context reuse, and

-Incorporates dignity thresholds from Martha Nussbaum's capabilities approach, defining minimum conditions required for a dignified human life; these capability thresholds function as universal standards for assessing when AI systems cause significant harm.

"Uniting contextual integrity and the capabilities approach into a single normative governance framework, CA-CI evaluates privacy and dignity in any socio-technical context by whether it secures the integrity of social life and each human life within it," says Martin, who pointed to Roemmich's dissertation as the foundation of the framework.

The EU's General Data Protection Regulation enshrines a purpose limitation principle, requiring data to be "collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes." It also mandates data protection impact assessments for high-risk data processing that may affect fundamental rights and freedoms.

The EU's AI Act, passed in 2024, extends this logic, prohibiting AI practices deemed to present an unacceptable risk to fundamental rights, health, or safety. It also requires certain users of high-risk systems to conduct fundamental rights impact assessments before use and after relevant system changes, and it requires providers to maintain continuous, purpose-specific risk assessments throughout the system's life cycle.

But the act lacks a clear standard for determining what constitutes a violation of dignity beyond broad reference to fundamental rights, according to the authors. These ambiguities hinder evaluators in determining when a given practice crosses the moral boundary of dignity, and by extension, the derivative human rights it grounds. As a result, the enforceability of dignity as a foundational normative principle becomes increasingly tenuous.

Meeting this challenge requires a normative governance framework for privacy and data protection that can substantively assess dignity risks across evolving socio-technical contexts throughout the AI life cycle. In applying CA-CI to key requirements of the EU's AI Act, the authors show how the framework:

-Enables context-sensitive assessment of dignity risks within fundamental rights impact assessments,

-Defines principled thresholds for what counts as significant harm, and

-Supports anticipatory governance by identifying dignity-based risks that have not yet been recognized or codified.

While the EU's AI Act provides a compelling case study given its rights- and risk-based framework grounded in dignity, CA-CI can be used more broadly to evaluate privacy and dignity in any socio-technical context, regardless of jurisdiction, say the authors.

Provided by Carnegie Mellon University's Heinz College 

SAMSUNG

First Galaxy Z Fold 8 CAD renders show familiar design and an absurd price of US$1,999...marginally thicker than Z Fold 7

Samsung is expected to unveil the next generation of foldables in July and there have been quite a few leaks about the Fold and the Flip phones. Despite Samsung’s efforts to curb leaks, information seems to be getting around. This time, however, renders based on rumored dimensions have surfaced, giving a first look at what the Galaxy Z Fold 8 might look like. To no one’s surprise, no major changes this year.

The renders come from known leaker OnLeaks via Android Headlines and they show a very familiar design for the Galaxy Z Fold 8. The only notable aspect is that the phone could be slightly thicker than the Galaxy Z Fold 7. As per the report, the upcoming device is said to measure 158.4x143.2x4.5 mm when unfolded and 158.4x72.8x9 mm when folded. With the Galaxy Z Fold 7, Samsung managed to bring the thickness down to 4.2 mm when folded and 8.9 mm when unfolded. The rest of the dimensions seem to be the same, indicating that there will be no change to the screen size.

The rest of the design remains the same as well. There is said to be a center hole punch for the selfie camera and three vertically placed cameras at the back. There have been reports of Samsung using new display technology for the folding screen that will ensure better durability. It is referred to as “dual-layer” Ultra Thin Glass (UTG) with a laser-drilled metal support plate, and Apple is said to be using the same with its first foldable.

Leaked CAD renders obtained by the Android Headlines portal reveal that the Samsung Galaxy Z Fold 8 should focus on strategic internal refinements. Maintaining the established aesthetic allows the South Korean company to concentrate efforts on solving long-standing user demands, such as battery life.

This move prepares the ground for a direct clash with the foldable market, which should gain even more traction with new competitors in the summer of 2026. Approximate dimensions indicate that the device may be slightly thicker than its predecessor, reaching about 9 mm when folded.

This subtle change in the chassis suggests the return of S Pen support, a feature that requires the integration of an additional digitizer under the flexible panel. Sacrificing a few millimeters for the sake of productivity seems to be Samsung's bet to differentiate the Fold 8 as a robust and versatile tool.

The battery upgrade is one of the most anticipated new features, with rumors pointing to a 5,000 mAh cell for the first time in the category. Combining this capacity with support for 45W fast charging solves one of the main bottlenecks of the line, offering greater longevity for intensive screen use.

Although the Galaxy S26 Ultra has already advanced to higher marks, the leap to foldables represents a necessary evolution to maintain competitiveness. The camera setup will also receive an important update in the ultrawide sensor, which should now adopt a 50-megapixel component.

This improvement raises the quality of captures at wide angles, bringing the foldable's photographic experience closer to the level of conventional S-series models. Despite the retention of the 10-megapixel telephoto lens, the evolution in post-processing promises to deliver more professional results.

Samsung is expected to officially unveil the Galaxy Z Fold 8 during the next Unpacked event, maintaining the suggested price at around US$1,999. Although the price increased in the previous generation, stability is expected despite the rise in RAM and Flash storage costs.

There is a possibility that the event will be moved to August, bringing the launch window closer to Apple's first foldable iPhone. The Cupertino giant is expected to bet on a wider format, similar to the Pixel Fold, forcing Samsung to accelerate its own design variants for the same period.

mundophone

DIGITAL LIFE

Your smart home can be easily hacked. New safety standards will help, but stay vigilant

On a quiet suburban street, a modern Australian home wakes before its owners do. The lights turn on automatically, the thermostat adjusts to a comfortable temperature, and the coffee machine begins brewing. A doorbell camera watches the front yard, a baby monitor streams live footage to a parent's phone, and a smart speaker waits for its next command.

This is the promise of the smart home: convenience, efficiency, and peace of mind.

But behind this smooth experience is a hidden risk: every connected device can also be a way for cyber attackers to get in.

The Australian government has responded by introducing minimum security standards for smart devices to better protect households in this increasingly connected world.

These standards recently took effect. So what's in them? And are they sufficient to keep people safe?

Starting with manufacturers...From my experience working in cybersecurity, I've seen that security risks start from manufacturers themselves.

Many smart devices are not designed with security as a priority. Manufacturers often focus on keeping costs low, releasing products quickly, and making them easy to use. Security is treated as an afterthought.

For example, many devices arrive with weak default passwords such as "admin" or "1234," which users rarely change. This creates an easy opportunity for attackers to gain access.

The Mirai botnet attack in 2016 clearly demonstrated the risks. In this case, hundreds of thousands of insecure devices such as doorbell cameras were hijacked to launch massive "distributed denial-of-service" (DDoS) attacks. This is a type of cyber attack where many computers or devices are used together to overwhelm a website, server, or network with traffic, so it becomes slow or completely unavailable to legitimate users.

More recent research has shown smart home devices can be exploited not only to disrupt systems but also to spy on households. In some cases, strangers have accessed baby monitors, and poorly secured cameras have exposed private footage online.

Another major issue is the lack of regular software updates.

Many low-cost or older devices don't receive ongoing security patches, which means known software vulnerabilities remain open indefinitely. Attackers actively scan the internet for such devices, exploiting weaknesses at a large scale. Cloud-connected and AI-enabled systems amplify risks.

The consequences of these weaknesses go beyond individual households. Compromised devices can be used as part of larger cyber attacks, forming botnets that target critical infrastructure or businesses.

In effect, an insecure smart lightbulb or camera can become a building block in global cyber crime operations.

What are the new standards? In response to these growing threats, the Australian government has begun introducing mandatory minimum security standards for connected devices.

These standards took effect earlier this month. They aim to establish a baseline level of protection across all products entering the market.

While the details of these standards may evolve, the key ideas are clear.

First, devices must not use universal default passwords. Each device should either require users to create a unique password during setup or be shipped with a unique credential.

Second, manufacturers must provide a clear vulnerability disclosure policy, allowing security researchers to report issues responsibly.

Third, there must be transparency around how long a device will receive security updates, so consumers can make informed decisions.

These changes shift some responsibility from users to manufacturers. Instead of expecting consumers to fix security problems themselves, devices must be designed to be safer from the start.

In practice, this means fewer vulnerabilities and greater accountability across the industry.

Regulation alone isn't enough...However, regulation alone is not enough. Household behavior still plays a critical role in maintaining security. Fortunately, some of the most effective steps are simple.

Changing default passwords to strong, unique ones is one of the most important steps. A strong password should be long, complex, and not reused across multiple devices or accounts.

Enabling multi-factor authentication wherever possible adds a second layer of defense, making it significantly harder for attackers to gain access.

Regularly updating device firmware, also known as "software for hardware," is equally important. Firmware updates often include patches for newly discovered vulnerabilities, and delaying them leaves devices exposed.

Users should also consider their home network design. Placing smart devices on a separate network, such as a guest wifi, can help isolate them from more sensitive information on personal or work devices.

Finally, choosing reputable manufacturers matters. Companies with a strong track record of providing ongoing security updates and transparent policies are generally safer choices than unknown or low-cost alternatives.

Smart homes are becoming an integral part of everyday life, and their benefits continue to grow. But as intelligence and automation expand, convenience must not come at the expense of security and trust.

With stronger standards, better-designed devices, and more informed users, it is possible to enjoy the benefits of smart homes without exposing ourselves to unnecessary cyber risks.

mundophone