**Security News This Week: Kohler's Toilet Cameras Aren't Really End-to-End Encrypted**

The world of security and privacy has seen its fair share of surprises this week, but none as cringeworthy as the revelation that Kohler's toilet cameras aren't actually end-to-end encrypted. The Dekota, a smart device sold by Kohler, claims to use "end-to-end encryption" to secure user data, but security researcher Simon Fondrie-Teitler has blown the lid off this claim.

According to Fondrie-Teitler's investigation, the Dekota only encrypts data from the device to the server, leaving it vulnerable to interception. Kohler's definition of end-to-end encryption is... creative, to say the least. In their own words, "one end" refers to the user's rear end (yes, you read that right), while the other end is Kohler's backend, where images are decrypted and processed for analysis.

Needless to say, this isn't exactly what most people consider secure communication. In response to Fondrie-Teitler's exposé, Kohler has removed all mentions of "end-to-end encryption" from their marketing materials. It's a good thing they did, because their original definition was more than a little... embarrassing.

**US Won't Sanction China for Salt Typhoon Hacking Amid Trade Truce Efforts**

The US government has decided not to impose sanctions on China in response to the massive cyberespionage campaign known as Salt Typhoon. State-sponsored Chinese hackers infiltrated virtually every US telecom and gained access to real-time calls and texts of Americans, including then-presidential and vice-presidential candidates Donald Trump and J.D. Vance.

According to the Financial Times, the White House is prioritizing its trade deal with China's government over holding Beijing accountable for its hacking activities. Critics argue that this decision demonstrates a lack of commitment to national security initiatives in favor of economic goals.

**Sean Plankey's Nomination to Lead CISA May Be Terminally Stalled**

The Cybersecurity and Infrastructure Agency (CISA) still lacks a director, despite Sean Plankey's nomination being considered a shoo-in. However, his chances may have been dashed due to congressional hurdles, including a Senate vote that excluded him from the list of appointees.

Plankey's nomination faced opposition from senators on both sides of the aisle, with demands ranging from disaster relief funding to publication of a long-awaited report on telecom security. It remains to be seen whether Plankey will still secure the position or if his nomination is indeed over.

**Stealthy Chinese "Brickstorm" Espionage Malware Spotted**

The Chinese hacking campaign centered around the malware known as "Brickstorm" first came to light in September, when Google warned that it had been infecting dozens of victim organizations since 2022. CISA, the National Security Agency, and the Canadian Centre for Cybersecurity have now joined Google's warnings in an advisory about how to spot Brickstorm.

The hackers behind Brickstorm appear positioned not only for espionage targeting US infrastructure but also potentially disruptive cyberattacks. Perhaps most disturbing is the average time until a Brickstorm breach is discovered: 393 days. That's almost a year – and more than enough time for significant damage to be done.