Hackers could hijack the systems used to guide planes by compromising and spoofing the radio signals that are used during landing. From a report: That's according to a team of researchers at Northeastern University in Boston, who have detailed their research in a recently published white paper. "Modern aircraft heavily rely on several wireless technologies for communications, control, and navigation. Researchers demonstrated vulnerabilities in many aviation systems," said the academics. "However, the resilience of the aircraft landing systems to adversarial wireless attacks have not yet been studied in the open literature, despite their criticality and the increasing availability of low-cost software-defined radio (SDR) platforms." After analysing the instrument system waveforms, the researchers found that hackers can spoof such radio signals using commercially available tools. With them, attackers are able to cause last-minute go-around decisions and even make the plane miss its landing zone in low-visibility scenarios.

An anonymous reader quotes a report from Ars Technica: A U.S. Navy memo warns that 5G mobile networks are likely to interfere with weather satellites, and senators are urging the Federal Communications Commission to avoid issuing new spectrum licenses to wireless carriers until changes are made to prevent harms to weather forecasting. The FCC has already begun an auction of 24GHz spectrum that would be used in 5G networks. But Sens. Ron Wyden (D-Ore.) and Maria Cantwell (D-Wash.) today wrote a letter to FCC Chairman Ajit Pai, asking him to avoid issuing licenses to winning bidders "until the FCC approves the passive band protection limits that the National Aeronautics and Space Administration (NASA) and the National Oceanic and Atmospheric Administration (NOAA) determine are necessary to protect critical satellite-based measurements of atmospheric water vapor needed to forecast the weather."

The internal Navy memo on the topic, written on March 27 by U.S. Naval Observatory Superintendent Marc Eckardt, was made public by Wyden and Cantwell today. The Navy memo cited NOAA and NASA studies on interference from 24GHz spectrum, which is intended for mobile use and is adjacent to spectrum used for weather operations. "[A]s such, it is expected that interference will result in a partial-to-complete loss of remotely sensed water-vapor measurements," the Navy memo said. "It is also expected that impacts will be concentrated in urban areas of the United States first." The problem could affect Navy and Marine Corps forecasts of tropical cyclones as well as rain, ice, and snow, the memo said. The Navy memo recommends asking the FCC to "tighten out-of-band interference by reducing bleed-over limits to -57dB." The memo also says the Navy should "work with NOAA and NASA to continually assess and quantify actual impacts" and develop mitigations including "limited use of other channels, substitution of lesser-fidelity parameters, and the development of new techniques and algorithms through new research and development."

Chinese smartphone maker OnePlus has revealed two flagship smartphones: the OnePlus 7, and the OnePlus 7 Pro. From a report: The OnePlus 7 Pro's headlining features include a 6.67-inch AMOLED display (resolution: 3120 x 1440 pixels) with a 90Hz refresh rate, upgraded fast charging, and a telephoto lens -- and they don't come cheap. At $669, the 7 Pro's sticker price is far higher than that of previous OnePlus devices. The OnePlus 7 Pro's edge-to-edge waterproof design is very "of the moment," and that's not a knock against it. Much like the displays on Samsung's Galaxy S10 series and Huawei's P30 Pro, the OnePlus 7 Pro's is rounded at each corner along the contours of the frame and slightly tapered at either edge, slightly curving toward the rear cover. Other features of the OnePlus 7 Pro include a Snapdragon 855 SoC; 6GB or 8GB, or 12GB RAM; 128GB or 256GB UFS 3.0 storage; 4,000mAh battery; "Warp charge" fast charging (no wireless charging). For its camera system, the OnePlus 7 Pro has three different cameras on the back, with a 48-megapixel main sensor, a 16-megapixel ultra-wide camera, and an 8-megapixel telephoto camera. There is a 16-megapixel on front in a motorized module that pops up out of the top of the phone -- meaning the display has notch, or any other cut out. The phone runs Android 9 with OxygenOS skin. Now, about the OnePlus 7: So the OnePlus 7 won't hit U.S. stores. It makes do without a retractable selfie cam (it's got a notch instead) and it omits the 7 Pro's curved screen edges in favor of a thicker border between the display's left and right side and the frame. The ultra-wide angle sensor is missing in action, but as something of a consolation, the OnePlus 7 features a slightly larger battery -- 4,150mAh -- that's compatible with Warp Charge. The OnePlus 7's price has yet to be announced, but it's expected to be a good deal cheaper than the OnePlus 7 Pro.

"Many are seduced by the idea that they can listen in silence," complains ZDNet columnist Chris Matyszczyk.

"This doesn't seem to be true," he writes, describing a typical experience with some $279.95 Beats Studio3 wireless over-ear headphones: I could still hear so much of what was going on beyond the soccer match or movie upon which my headphones were supposed to be focused. This wasn't noise-canceling. It was noise-dulling... I did a little research. This noise-canceling thing is a splendid hype. The technology works best on quashing -- somewhat -- low-frequency sounds. The more high-pitched elements of life -- human speech, babies on planes, high-revving engines, the Darkness in concert -- get a little flattening at best, once you don your headphones. Door bells, a glass being dropped on the floor, a dog barking -- all these sounds were slightly dulled by my headphones, but still perfectly audible.

I'm not suggesting Beats is solely responsible for the promise of noise-canceling being overblown. I understand it's the same with all other headphones of the genre. It's like a self-driving car that actually needs you to check it's not about to kill you....

Yes, if I wear my Beats for a couple of hours and then take them off, I feel like I'm returning from some sort of purgatorial netherworld. But these things are supposed to cancel noise. You know, like you cancel a subscription or an air ticket. When I decide to cancel my flight from San Francisco to New York, I don't expect to still have to fly to Boise, Idaho.

Vice's "Future Relics" column asks what people 1,000 years from now will think when they keep discovering abandoned Airpods from 2019: For roughly 18 months, AirPods play music, or podcasts, or make phone calls. Then the lithium-ion batteries will stop holding much of a charge, and the AirPods will slowly become unusable. They can't be repaired because they're glued together. They can't be thrown out, or else the lithium-ion battery may start a fire in the garbage compactor. They can't be easily recycled, because there's no safe way to separate the lithium-ion battery from the plastic shell. Instead, the AirPods sit in your drawer forever...

According to the headphones review team at Rtings.com, AirPods are "below-average" in terms of sound quality. According to people on every social media platform, AirPods are a display of wealth. But more than a pair of headphones, AirPods are an un-erasable product of culture and class. People in working or impoverished economic classes are responsible for the life-threatening, exhaustive, violent work of removing their parts from the ground and assembling them. Meanwhile, people in the global upper class design and purchase AirPods.

Even if you only own AirPods for a few years, the earth owns them forever. When you die, your bones will decompose in less than a century, but the plastic shell of AirPods won't decompose for at least a millennia. Thousands of years in the future, if human life or sentient beings exist on earth, maybe archaeologists will find AirPods in the forgotten corners of homes. They'll probably wonder why they were ever made, and why so many people bought them. But we can also ask ourselves those same questions right now.

Why did we make technology that will live for 18 months, die, and never rot?

An anonymous reader quotes a report from Ars Technica: The four major U.S. wireless carriers are facing proposed class-action lawsuits accusing them of violating federal law by selling their customers' real-time location data to third parties. The complaints seeking class action status and financial damages were filed last week against AT&T, Verizon, T-Mobile, and Sprint in U.S. District Court for the District of Maryland. The four suits, filed on behalf of customers by lawyers from the Z Law firm in Maryland, all begin with text nearly identical to this intro found in the suit against AT&T: "This action arises out of Defendant's collection of geolocation data and the unauthorized dissemination to third-parties of the geolocation data collected from its users' cell phones. AT&T admittedly sells customer geolocation data to third-parties, including but not limited to data aggregators, who in turn, are able to use or resell the geolocation data with little or no oversight by AT&T. This is an action seeking damages for AT&T gross failure to safeguard highly personal and private consumer geolocation data in violation of federal law."

The proposed classes would include all of the four carriers' customers in the U.S. between 2015 and 2019. In all, that would be 300 million or more customers, as the lawsuits say the proposed classes consist of at least 100 million customers each for AT&T and Verizon and at least 50 million each for Sprint and T-Mobile. Each lawsuit seeks damages for consumers "in an amount to be proven at trial." In June 2018, the four major U.S. carriers promised to stop selling their mobile customers' location info to third-party data brokers after a security problem leaked the real-time location of U.S. cellphone users. Despite the carriers' promises, a Motherboard investigation found in January 2019 that they were still selling access to their customers' location data.

"The lawsuits accuse the carriers of violating Section 222 of the U.S. Communications Act, which says that carriers may not use or disclose location information 'without the express prior authorization of the customer,'" reports Ars Technica. "The lawsuits also say that each carrier failed to follow its own privacy policy and 'profited from the sale and unauthorized dissemination of Plaintiff and Class Members' [private data].'"

Apple reportedly considered acquiring parts of Intel's smartphone modem chip business as they looked into ways to speed up their own efforts to build modem chips for smartphones. MacRumors reports: Intel and Apple entered into discussions last summer and the talks continued for months, but ended right around the time Apple settled its legal dispute and reached a supply agreement with Qualcomm. Sources at Intel that spoke to The Wall Street Journal said that Intel is exploring "strategic alternatives" for its smartphone modem chip business, and is still interested in a sale to Apple or another company.

In an interview yesterday, Intel CEO Bob Swan confirmed that Intel is considering alternatives "based on what's best" for Intel's IP and employees: "Selling the modem business would allow Intel to unload a costly operation that was losing about $1 billion annually, according to another person familiar with its performance. Any sale would likely include staff, a portfolio of patents and modem designs related to multiple generations of wireless technology, said Patrick Moorhead, principal at Moor Insights & Strategy, a technology firm."

An anonymous reader quotes a report from Ars Technica: The U.S. mobile industry's top lobbying group is opposing a proposed California state law that would prohibit throttling of fire departments and other public safety agencies during emergencies. As reported yesterday by StateScoop, wireless industry lobby group CTIA last week wrote to lawmakers to oppose the bill as currently written. CTIA said the bill's prohibition on throttling is too vague and that it should apply only when the U.S. president or California governor declares emergencies and not when local governments declare emergencies.

The group's letter also suggested that the industry would sue the state if the bill is passed in its current form, saying the bill would result in "serious unintended consequences, including needless litigation." "[T]he bill's vague mandates, problematic emergency trigger requirement, and failure to include notification requirements could work to impede activities by first responders during disasters," CTIA wrote. The group said that it "must oppose AB 1699 unless it is amended to address the foregoing concerns." CTIA represents Verizon, AT&T, T-Mobile, Sprint, and other carriers. Despite CTIA's opposition, the bill proposed by State Assemblymember Marc Levine (D-Marin County) sailed through an Assembly committee yesterday. The Committee on Communications and Conveyance voted 12-0 to advance the bill, Levine's chief of staff, Terry Schanz, told Ars today. A committee analysis of the bill says that CTIA was the only organization to register opposition. The next stop for the bill is an April 30 hearing with the Assembly Privacy and Consumer Protection Committee. It is in response to Verizon throttling an "unlimited" data plan used by Santa Clara firefighters last year during the state's largest-ever wildfire.

An anonymous reader quotes a report from Bloomberg: Wireless customers are hanging on to their old phones longer than ever. That's the message from Verizon, which said its upgrade rate fell to a record low last quarter -- a harbinger of tough times ahead for the iPhone and other devices. Faced with $1,000 price tags on moderately improved phones, consumers may be waiting to hear more about new 5G networks before committing to new models. The faster, more advanced services won't roll out in earnest until 2020. "Incremental changes from one model the the next, hasn't been that great, and it hasn't been enough of an incentive," Verizon Chief Financial Officer Matt Ellis said in an interview Tuesday after the company reported fewer-than-expected new customers for the first quarter. He expects replacement rates to be down for the year.

A popular hotspot finder app for Android exposed the Wi-Fi network passwords for more than two million networks. From a report: The app, downloaded by thousands of users, allowed anyone to search for Wi-Fi networks in their nearby area. The app allows the user to upload Wi-Fi network passwords from their devices to its database for others to use. That database of more than two million network passwords, however, was left exposed and unprotected, allowing anyone to access and download the contents in bulk. Sanyam Jain, a security researcher and a member of the GDI Foundation, found the database and reported the findings to TechCrunch. We spent more than two weeks trying to contact the developer, believed to be based in China, to no avail. Eventually we contacted the host, DigitalOcean, which took down the database within a day of reaching out. "We notified the user and have taken the [server] hosting the exposed database offline," a spokesperson told TechCrunch.

pgmrdlm shares a report: Calls between T-Mobile users and Comcast's Xfinity Voice home subscribers will now be "verified," the latest move in the ongoing fight against robocalls. The two companies announced Wednesday that they have launched cross-network verification, allowing users to know that the calls they are receiving is from an actual person and not a spammer or robocaller.

They use a handoff system recommended by the FCC where the caller's network verifies that a legitimate call is being made with a "digital signature." The recipient's network then confirms the signature on its side. A number of major wireless and traditional home voice providers have pledged support for the verification method, including Verizon, AT&T, Sprint, Charter, Cox and Vonage, with several announcing plans to roll out or test the feature in 2019.

According to a report by Brad Sams at Thurrott, Microsoft is going to expand its range of audio hardware with the introduction of a set of wireless earbuds. They will accompany the Surface Headphones, a premium-priced pair of wireless headphones that Microsoft released last year. Ars Technica reports: Microsoft has shipped earbuds before: the Zune media player came with earbuds with a feature that sounds simple but is actually ingenious: the earbuds were magnetic and would stick together back to back. The result? Much less cable tangling when you put them in your pocket or bag. Surface Headphones seem to be competitive with other noise-cancelling over-the-ear headphones: their wireless range is great, the noise cancelling is solid, and their volume and noise-cancelling dials are a joy to use, but their battery life and Bluetooth audio standard support are both weak. As such, Microsoft is not totally without experience in this area and has shown that it can engineer thoughtful, compelling designs. How the putative earbuds will stand out from the crowd remains to be seen, of course.

The existing Surface Headphones were codenamed Joplin, raising the question: Janis or Scott? The earbuds make the answer to that question clear; they're apparently codenamed Morrison, as in Jim, meaning that the over-the-ear headphones are clearly named for Janis. Sams says that "Surface Buds" has been mooted as their retail name, with a possible launch in 2019.

On April 6, something known as the GPS rollover, a cousin to the dreaded Y2K bug, mostly came and went, as businesses and government agencies around the world heeded warnings and made software or hardware updates in advance. But in New York, something went wrong -- and city officials seem to not want anyone to know. [Editor's note: the link may be paywalled; alternative source] New submitter RAYinNYC shares a report: At 7:59 p.m. E.D.T. on Saturday, the New York City Wireless Network, or NYCWiN, went dark, waylaying numerous city tasks and functions, including the collection and transmission of information from some Police Department license plate readers. The shutdown also interrupted the ability of the Department of Transportation to program traffic lights, and prevented agencies such as the sanitation and parks departments from staying connected with far-flung offices and work sites. The culprit was a long-anticipated calendar reset of the centralized Global Positioning System, which connects to devices and computer networks around the world. There has been no public disclosure that NYCWiN, a $500 million network built for the city by Northrop Grumman, was offline and remains so, even as workers are trying to restore it.

City officials tried to play down the shutdown when first asked about it on Monday, speaking of it as if it were a routine maintenance issue. "The city is in the process of upgrading some components of our private wireless network," Stephanie Raphael, a spokeswoman for the Department of Information Technology and Telecommunications, said in an email on Monday. She referred to the glitch as a "brief software installation period." By Tuesday, the agency acknowledged the network shutdown, but said in an emailed statement that "no critical public safety systems are affected." Ms. Raphael admitted that technicians have been unable to get the network back up and running, adding, "We're working overtime to update the network and bring all of it back online." The problem has raised questions about whether the city had taken appropriate measures to prepare the network for the GPS rollover.

An anonymous reader quotes a report from Motherboard: Tens of thousands of perfectly usable iPhones are scrapped each year by electronics recyclers because of the iPhone's "activation lock," according to a new analysis paper published Thursday. Earlier this year, we published a lengthy feature about the iPhone's activation lock (also called iCloud lock informally), an anti-theft feature that prevents new accounts from logging into iOS without the original user's iCloud password. This means that stolen phones can't be used by the person who stole it without the original owner's iCloud password (this lock can also be remotely enabled using Find My iPhone.) The feature makes the iPhone a less valuable theft target, but it has had unintended consequences, as well. iCloud lock has led to the proliferation of an underground community of hackers who use phishing and other techniques to steal iCloud passwords from the original owner and unlock phones. It's also impacted the iPhone repair, refurbishing, and recycling industry, because phones that are legitimately obtained often still have iCloud enabled, making that phone useless except for parts.

Between 2015 and 2018, the Wireless Alliance, the recycling company in question, collected roughly 6 million cell phones in donation boxes it set up around the country. Of those, 333,519 of them were iPhones deemed by the company to be "reusable." And of those, 33,000 of them were iCloud locked and had to be stripped for parts and scrap metal. Last year, a quarter of all reusable iPhones it collected were activation locked. Allison Conwell, a coauthor of the CoPIRG report, told me in a phone call that the Wireless Alliance's findings show that many people donate their devices intending for them to be reused, but they're scrapped instead. In her paper, Conwell suggests that Apple should work with certified recyclers to unlock phones that have been legitimately donated (a survey of random devices conducted by the Wireless Alliance found that more than 90 percent of them had not been reported lost or stolen.) The paper suggests that Apple could either unlock phones that have not been reported lost or stolen for 30 days, or affirmatively ask users whether they had donated their previous phone and unlock it that way.

The White House on Friday will unveil a new 5G push to position the US ahead of global rivals in the race to deploy the next-generation wireless technology. President Donald Trump and Federal Communications Chairman Ajit Pai will announce new airwaves auctions and plans to spend $20.4 billion over 10 years on rural broadband. From a report: The FCC will auction off three segments of millimeter-wave spectrum -- which can offer insane data speeds but has limited range -- for commercial use. The auction is scheduled for December, FCC Chairman Ajit Pai said on a conference call with reporters ahead of the White House event. He said the FCC plans to auction off 3,400 MHz of spectrum in three different high-frequency bands. "This will be the largest spectrum auction in American history," he said. Pai went onto say that this auction, along with others planned for the future, are putting the US on a good path. "The US is well-positioned to take a lead in 5G," he said.

The FCC is also announcing the Rural Digital Opportunity Fund. The agency plans to reallocate $20.4 billion from its Universal Service Fund over the next 10 years to subsidize eligible companies to build out broadband infrastructure in underserved areas. The money will be allocated to internet service providers that can provide a minimum of 25 megabit per second downloads in areas that are currently in need of connectivity, Pai said. He added that the new infrastructure will also help bring 5G to these rural areas. "There are a number of startups that are working on millimeter wave technology to bring 5G to rural America," he said on the call.

Two security researchers disclosed details this week about a group of vulnerabilities collectively referred to as Dragonblood that impact the Wi-Fi Alliance's recently launched WPA3 Wi-Fi security and authentication standard. From a report: If ever exploited, the vulnerabilities would allow an attacker within the range of a victim's network to recover the Wi-Fi password and infiltrate the target's network. In total, five vulnerabilities are part of the Dragonblood ensemble -- a denial of service attack, two downgrade attacks, and two side-channel information leaks.

While the denial of service attack is somewhat unimportant as it only leads to crashing WPA3-compatible access points, the other four are the ones that can be used to recover user passwords. Both the two downgrade attacks and two side-channel leaks exploit design flaws in the WPA3 standard's Dragonfly key exchange -- the mechanism through which clients authenticate on a WPA3 router or access point. In a downgrade attack, Wi-Fi WPA3-capable networks can be coerced in using an older and more insecure password exchange systems, which can allow attackers to retrieve the network passwords using older flaws.

T-Mobile today unveiled a new name for its Layer3 TV internet television service -- TVision Home -- with enhanced features, and announced a deal with Amazon to add Prime Video to the service later in 2019. From a report: TVision Home will be available starting April 14 in eight markets (the same areas Layer3 TV has already been available): Chicago, Dallas-Fort Worth, Los Angeles, New York City, Philadelphia, San Francisco, Washington D.C., and Longmont, Colo. It's not a skinny bundle: TVision Home starts at $90 per month, which includes more than 150 channels, local broadcast stations and regional sports networks, as well as 15,000 VOD titles. Premium TV packages like HBO and Showtime are extra. In addition, TVision Home users must pay a $10 monthly set-top fee per connected TV. (Actually, the regular price of TVision Home for non-T-Mobile wireless customers is $99.99 per month, but the carrier is including a $9.99-per-month discount to all new subs for a limited time.)

Salon just published a new interview with Susan Crawford, the author of "Fiber: The Coming Tech Revolution -- And Why America Might Miss It." Crawford has spent years studying the business of these underground fiber optic cables that make fast internet possible. As it turns out, the internet infrastructure situation in the United States is almost hopelessly compromised by the oligopolistic telecom industry, which, due to lack of competition and deregulation, is hesitant to invest in their aging infrastructure... This is going to pose a huge problem for the future, Crawford warns, noting that politicians as well as the telecom industry are largely inept when it comes to prepping us for a well-connected future...

"The decay started in 2004 when -- maybe out of gullibility, maybe out of naivety, maybe out of calculation -- then-chairman of the FCC, Michael Powell, now the head of cable association -- was persuaded that the telcos would battle it out with the cable companies, that their cable modem services would battle it out with wireless, and all of that competition would do a much better job than any regulatory structure could at ensuring that every American had a cheap and fantastic connection of the internet. That's just turned out that's just not true. Since then, he deregulated the entire sector -- and as a result, we got this very stagnant status quo where in most urban areas -- usually the local cable monopoly has a lock in the market and can charge whatever it wants for whatever type of quality services they're providing, leaving a lot of people out."
"Because Americans don't travel," she adds, "you don't get the sense of what a third-world country the U.S. is becoming when it comes to communications."

"While lawmakers debate what to do about the roboscourge, engineers have cooked up some clever ways to make bots work for us, not against us," writes the Washington Post, taking a look at apps like the $4-per-month RoboKiller -- which offers malicious "answer bots": They're voicemail messages that try to keep robots and human telemarketers on the line, listening to nonsense. Answer bot options range from Trump impersonators and extended coughing sessions to someone doing vocal exercises. Even better, RoboKiller will send you an often-hilarious recording of the interaction. (It only uses these recordings when it's very sure it's a spam call.)

Another service, called Jolly Roger, doesn't sell itself as a robocall blocker but takes this auto-generated annoyance idea a step further by actively trying to game the spammers' systems, such as when to press 1 to speak to a human. It calls this tech "artificial stupidity." It costs $11.88 per year.

It's possible you're better off not engaging with a robocall in the hopes the dialer with decide the line is dead. And it's also not clear how much these actually cost the people placing robocalls. But any time robocallers spend with your bot might be minutes they're not calling someone else, so you can think of it as community service.
I'm also not sure this does any good -- but the Post's article also includes a run-down of other robocall-blocking services available from both wireless carriers and independent companies. It recommends starting with the free YouMail app, which collates data from 10 million registered users to determine which calls to block -- and in addition, "tries to trick known robocallers into taking you off their lists by playing them the beep-beep-beep sound of a dead line."

If you live in America, you can also add your phone number to the Federal government's official "Do not call" registry. "It won't help much," writes the Post, "but it only takes 30 seconds so why not?"

An anonymous reader quotes a report from Ars Technica: A New Zealand family that booked an Airbnb in Ireland recently discovered an undisclosed camera in the living room, and the family says that Airbnb initially cleared the host of any wrongdoing before finally banning the offender from its platform. "Once the family had unpacked, Andrew Barker, who works in IT security, scanned the house's Wi-Fi network," CNN reported today. "The scan unearthed a camera and subsequently a live feed. From the angle of the video, the family tracked down the camera, concealed in what appeared to be a smoke alarm or carbon monoxide detector." Nealie Barker posted an image on Facebook showing the location of the camera in the living room and a shot of the family from the sneaky video feed.

Based on the photo, the video of the Barkers seems to have been taken on March 3 and was viewable on the local Wi-Fi network at 192.168.0.4/video/livemb.asp. The family relocated to a hotel and contacted both Airbnb and the property host. The host initially hung up but later called back and told them, "The camera in the living room was the only one in the house," CNN wrote. It's not clear whether the host was recording the video, whether he was capturing audio, whether he was monitoring it remotely in real time, or whether he was using it for anything more than monitoring guests. [...] Airbnb temporarily suspended the listing and promised to investigate, CNN wrote. But when Barker contacted Airbnb again two weeks later, "the company told her that the host had been 'exonerated,' and the listing reinstated." Airbnb finally banned the host after Nealie Barker posted about the disturbing incident on Facebook on Monday this week. Barker's Facebook post said that Airbnb's "investigation which didn't include any follow-up with us exonerated the host, no explanation provided," and that "the listing (with hidden camera not mentioned) is still on Airbnb." Airbnb said in a statement to Ars Technica: "Our original handling of this incident did not meet the high standards we set for ourselves, and we have apologized to the family and fully refunded their stay."

Airbnb's policy states that hosts must disclose "any type of surveillance device" in listings, "even if it's not turned on or hooked up." Cameras are allowed in certain spaces if they are disclosed, but Airbnb "prohibit[s] any surveillance devices that are in or that observe the interior of certain private spaces (such as bedrooms and bathrooms) regardless of whether they've been disclosed. [...] If a host discloses the device after booking, Airbnb will allow the guest to cancel the reservation and receive a refund. Host cancellation penalties may apply."