Poking through 14+ years of posts I find information that’s as useful now as when it was written.

Golden Oldies is a collection of the most relevant and timeless posts during that time.

In August 2016 I wrote Self-driving Tech Not Ready for Primetime and a month later Tesla was hacked. But, as you’ll find out tomorrow, hacking isn’t the only problem — humans are actually way higher on the problem scale. While it’s not easy, hacking dangers can be minimized, but fixing humans is impossible.

Read other Golden Oldies here.

I’ve been writing (ranting?) about the security dangers of IoT and the connected world in general.

Security seems to be an afterthought— mostly after a public debacle, as Chrysler showed when Jeep was hacked.

GM took nearly five years to fully protect its vehicles from the hacking technique, which the researchers privately disclosed to the auto giant and to the National Highway Traffic Safety Administration in the spring of 2010.

Pity the half million at-risk OnStar owners.

A few days ago Tesla was hacked by Chinese white hat Keen Team.

“With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote control on Tesla Model S in both Parking and Driving Mode.”

They hacked the firmware and could activate the brakes, unlock the doors and hide the rear view mirrors.

Tesla is the darling of the Silicon Valley tech set and Elon Musk is one of the Valley gods, but it still got hacked. And the excuse of being new to connected tech just doesn’t fly.

And if connected car security is full of holes, imagine the hacking opportunities with self-driving cars.

The possibilities are endless. I can easily see hackers, or bored kids, taking over a couple of cars to play chicken on the freeway at rush hour.

Nice girls don’t say, ‘I told you so’, but I’m not nice, so — I told you so.

Image credit: mariordo59

Have you ever wondered what makes a new app fly?

Have you heard of early adopters?

Would it surprise you to know that they make up only 13.5% of the population?

But that small percentage dictates what new products and services you will be able to do on your phone, tablet and computer.

Not 100%, obviously, but close, especially if you are an entrepreneur without “connections.”

Doubly so if you are a woman and triple (or more) for a person of color.

That 13.5% dates back to 2012. Two years later it had doubled to 28%, according to the Pew Research Center.

Still not much considering the outsize impact.

Image credit: Pew Research Center

Do you invite strangers into your home and let them to listen to your most personal conversations or view your most intimate moments?

Would you leave them alone with your kids to say what they pleased using unquotable language?

Would you stand by while they rummaged through your files copying what they pleased, leaving chaos behind and demanding payment so you could clean up the mess?

No?

Chances are you already do.

You invite them in with every connected device you buy.

Even vaunted Apple isn’t immune.

Security hasn’t been a high priority for companies around the globe, especially those running startups.

Consider the saga of a doll called Cayla from Genesis Toys; banned in Germany and under investigation in the US.

Cayla and a similar toy, i-Que, made by the same company are Internet-connected and talk and interact with children by recording their conversations.

CloudPets are stuffed animals made by Spiral Toys, which didn’t even bother to secure their database.

In addition to storing the customer databases in a publicly accessible location, Spiral Toys also used an Amazon-hosted service with no authorization required to store the recordings, customer profile pictures, children’s names, and their relationships to parents, relatives, and friends.

Samsung’s smart refrigerator was hacked yielding up G-mail logins, which, in turn, can yield up your whole on-line life.

Besides the fridge, the hackers also found 25 vulnerabilities in 14 allegedly smart devices, including scales, coffee makers, wireless cameras, locks, home automation hubs, and fingerprint readers.  

Pretty lame, considering that in January 2014 security was ranked as the top spending priority for CIOs and 75% said it would increase in 2015.

Makes you wonder what it was spent on.

European countries, such as Germany and Denmark, have strong privacy laws and simply ban these products, but I doubt our government will do more than hold hearings and wring their hands.

So it’s up to you.

Your major protection is very simple.

1. Don‘t buy connected devices unless you really can’t live without them.

For those you do buy don’t expect anything from the manufacturer.

2. Learn how to reset the passwords and choose strong ones.
3. Don’t use all-purpose logins, such as those from Facebook or Google — no matter how convenient they are.

It’s called “personal responsibility.”

If you’re not familiar with the idea ask your parents — or, more likely, your grandparents.

Image credit: cea +

I just read about a new product out of Japan.

In Japan, nearly two thirds of single people aren’t in a relationship and there are quasi-similar results in the US, although not exactly parallel. (The big difference in the studies is the focus on sex. Unlike Japan, not being in a relationship in the US has nothing to do with having/not having sex.)

However, craving companionship seems to be universal.

Enter Gatebox, which is similar to Amazon Echo, but with a platonic, She-like twist.

Yes, that is an artificially intelligent character who lives in a glass tube in your home. Her name is Azuma Hikari, and she’s the star of Gatebox — a $2,500 Amazon Echo-esque device that acts as a home assistant and companion.

At $2500 it isn’t cheap and there are a lot of caveats around it’s operation in the US, but that isn’t the point of this article.

The point is that even with a $2500 (298,000 yen) price tag and a year-long delivery wait it’s still pre-selling both here and Japan.

What a sad, lonely, connected world people inhabit these days.

Credit: info vinclu

Edward Snowden’s revelations made people hyper-conscious of government snooping, while the proliferation of mobile and connected devices has made snooping easier, not to mention very profitable.

And profit is what’s behind the rise of global cyber-arms dealers that sell human suffering and death as surely as their real-world counterparts sell weapons.

Last summer, Bill Marczak stumbled across a program that could spy on your iPhone’s contact list and messages—and even record your calls. Illuminating shadowy firms that sell spyware to corrupt governments across the globe, Marczak’s story reveals the new arena of cyber-warfare.

Marczak’s stumble revealed three zero-day exploits (“Zero days” refers to the amount of time—i.e., none—a target has to fix an entirely new kind of hack before damage can be done.).

It’s called a jailbreak and the ability to do it remotely is every hacker’s dream.

… the ability to hack remotely into the digital brains of the world’s most popular hardware—the desktops, laptops, tablets, and especially the mobile phones made by Apple. And not just break into Apple devices but actually take control of them. It was a hacker’s dream: the ability to monitor a user’s communications in real time and also to turn on his microphone and record his conversations.

In a superhuman effort, Apple patched all three exploits in just 10 days.

It’s an uplifting story, but the fact is Apple and other computer-makers are fighting a losing battle. As long as there are hackers, they will continue to find ways to hack any device that interfaces with them. These dangers were highlighted this fall when a New England company found itself the target of a mass denial-of-service attack from millions of non-computer “zombie devices” connected to the Internet—most notably baby monitors.

“What these cyber-arms dealers have done is democratize digital surveillance,” says the A.C.L.U.’s Chris Soghoian. “The surveillance tools once only used by big governments are now available to anyone with a couple hundred grand to spend.” In fact, they may be coming to your iPhone sometime soon.

Hat tip to KG for sharing the Vanity Fair article about Marczak.

Flickr image credit: Pimkie

A Friday series exploring Startups and the people who make them go. Read all If the Shoe Fits posts here

Startups love to rail against regulations, claiming they stifle innovation.

Uber and Airbnb are two of the most aggressive fighting them, not to mention the loudest.

What do you think?

Do you believe that eliminating/diluting regulations would provide the necessary boost to bring innovations to fruition?

Uber and Airbnb brazenly ignored regulations and, when that didn’t work, took their fight to the court of public opinion, lobbied for legal change and sued.

Would eliminating regulations have made Theranos’ blood tests work and produced a better outcome for its customers?

Autonomous and semi-autonomous cars are another battlefield.

And for all its high-profile supporters, millions of people around the globe are concerned with safety —  with good reason.

Obviously, regulations aren’t all bad, especially when when the cost of ignoring or eliminating them could be measured in lives lost.

Regulations are something that startup CEOs need to deal with and most do.

Most, but not George Hotz.

When he received a letter from the National Highway Traffic Safety Administration found a third option — turn tail and run.

Comma.AI, a startup run by famous hacker George Hotz, has shut down its project dedicated to building a Tesla-like semi-autonomous driving system after a warning from the federal government. (…)  The cancellation was prompted by a letter Comma.AI received from the , which asked the startup to provide information to ensure the product’s safety or face civil penalties of up to $21,000 a day.

Considering the product was a $1000 DIY semi-autonomous kit the market would likely be huge.

It seems reasonable to me to ask for proof it was safe, just as Theranos was asked for proof.

However, unlike Theranos’ CEO, Hotz didn’t dance, blow smoke or wave mirrors — he turned tail and claimed a pivot.

Would much rather spend my life building amazing tech than dealing with regulators and lawyers. It isn’t worth it. -GH 2/3

— comma ai (@comma_ai) October 28, 2016

Maybe when you’re 27 and best known for hacking an iPhone as a teen and a PlayStation 3 a few years later that’s what you do when faced with authority.

Image credit: HikingArtist

I’ve been writing (ranting?) about the security dangers of IoT and the connected world in general.

Security seems to be an afterthought— mostly after a public debacle, as Chrysler showed when Jeep was hacked.

GM took nearly five years to fully protect its vehicles from the hacking technique, which the researchers privately disclosed to the auto giant and to the National Highway Traffic Safety Administration in the spring of 2010.

Pity the half million at-risk OnStar owners.

A few days ago Tesla was hacked by Chinese white hat Keen Team.

“With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote control on Tesla Model S in both Parking and Driving Mode.”

They hacked the firmware and could activate the brakes, unlock the doors and hide the rear view mirrors.

Tesla is the darling of the Silicon Valley tech set and Elon Musk is one of the Valley gods, but it still got hacked. And the excuse of being new to connected tech just doesn’t fly.

And if connected car security is full of holes, imagine the hacking opportunities with self-driving cars.

The possibilities are endless. I can easily see hackers, or bored kids, taking over a couple of cars to play chicken on the freeway at rush hour.

Nice girls don’t say, ‘I told you so’, but I’m not nice, so — I told you so.

Image credit: mariordo59