Do you lust for a smart refrigerator, smart doorbell or some other smart product?
Do you want a smart home?
What about a smart city?
We already have a smart electric grid.
What do they all have in common?
They can be hacked.
It’s something to think about.
Smart = hackable.
Hacking a personally owned smart device is bad, but it pales in comparison to what happens if (when) the grid is hacked, whether by a foreign power or civilians for ransom.
Ukraine’s power was hacked in 2015, but old technology saved it from a far worse outcome.
A bill introduced in 2016 has been working its way through the US Congress. It would require similar old tech for US power grids. The bill provides a study period, so it will be 2020 before anything actually happens.
The old tech is actually the only solution that is immune to cyber/digital attacks of any kind.
Can you guess what it is?
If you guessed analog/manual/human give yourself a gold star. If you are under 40 you get five gold stars.
“Specifically, it will examine ways to replace automated systems with low-tech redundancies, like manual procedures controlled by human operators,” said US Senators Angus King (I-Maine) and Jim Risch (R-Idaho), who introduced the bill on the Senate floor in 2016. (…) The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result.
Are you surprised? I’m not.
I always thought hooking the power grid up to the hackable internet was a dumb idea.
Kind of like locking your house and then taping spare keys to the doorframes.
Poking through 13+ years of posts I find information that’s as useful now as when it was written.
Golden Oldies is a collection of the most relevant and timeless posts during that time.
This post and the quote from the FTC dates back to 2015. Nothing on the government side has changed; the Feds are still investigating and Congress is still talking. And as we saw in last weeks posts the company executives are more arrogant and their actions are much worse. One can only hope that the US government will follow in the footsteps of European countries and rein them in.
Entrepreneurs are notorious for ignoring security — black hat hackers are a myth — until something bad happens, which, sooner or later, always does.
They go their merry way, tying all manner of things to the internet, even contraceptives and cars, and inventing search engines like Shodan to find them, with nary a thought or worry about hacking.
Concerns are pooh-poohed by the digerati and those voicing them are considered Luddites, anti-progress or worse.
“Any device that is connected to the Internet is at risk of being hijacked,” said Ms. Ramirez, who added that the large number of Internet-connected devices would “increase the number of access points” for hackers.
Interesting when you think about the millions of baby monitors, fitness trackers, glucose monitors, thermostats and dozens of other common items available and the hundreds being dreamed up daily by both startups and enterprise.
She also confronted tech’s (led by Google and Facebook) self-serving attitude towards collecting and keeping huge amounts of personal data that was (supposedly) the basis of future innovation.
“I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information.”
At least someone in a responsible position has finally voiced these concerns — but whether or not she can do anything against tech’s growing political clout/money/lobbying power remains to be seen.
I ended a post a couple of weeks ago by asking “when will they ever learn” and answering my own question with “never.”
“They” referred to the millions of people who continue to rely on Google, Facebook, Amazon, etc. — in spite of every security breech, hack, lie, prevarication, hedge, and excuse — not to mention buying all kinds of smart devices.
The tech giant is positioning itself in schools as a trusted authority on digital citizenship…
That is the message behind “Be Internet Awesome,” a so-called digital-citizenship education program that the technology giant developed for schools. (…) Google plans to reach five million schoolchildren with the program this year and has teamed up with the National Parent Teacher Association to offer related workshops to parents.
Impressive, considering that historically the NPTA has been dominantly female (although they’re working to change that) and Google is the company that not only protects high ranking abusers, but pays them millions.
Mr. [Andy] Rubin was one of three executives that Google protected over the past decade after they were accused of sexual misconduct. In two instances, it ousted senior executives, but softened the blow by paying them millions of dollars as they departed, even though it had no legal obligation to do so. In a third, the executive remained in a highly compensated post at the company. Each time Google stayed silent about the accusations against the men.
“Portal voice calling is built on the Messenger infrastructure, so when you make a video call on Portal, we collect the same types of information (i.e. usage data such as length of calls, frequency of calls) that we collect on other Messenger-enabled devices. We may use this information to inform the ads we show you across our platforms. Other general usage data, such as aggregate usage of apps, etc., may also feed into the information that we use to serve ads,” a spokesperson said in an email to Recode.
Amazon has submitted a patent application, recently granted, outlining how the company could recommend chicken soup or cough drops to people who use its Echo device if it detects symptoms like coughing and sniffling when they speak to it, according to a report by CNET. It could even suggest a visit to the movies after discerning boredom. Other patents submitted by the company have focused on how it could suggest products to people based on keywords in their conversations.
And, if you have one in the bedroom, just think what Echo could suggest based on what it hears.
Most smart devices cater to “what’s in it for me,” with little concern for their users.
However, some work a bit more for the public good, such as Kinsa smart thermometers, which has a public health focus.
“What this does is help us really target vulnerable populations where we have a clear signal about outbreaks,” Mr. Sarma said.
Mr. Singh, who was an executive vice president at the Clinton Health Access Initiative, said that Kinsa worked only with clients that can help with its mission of preventing the spread of illness through early detection. It made sense to work with Clorox, he said, because of the C.D.C. recommendation about disinfecting.
Since it’s Halloween, we’ll end with a truly terrifying look at Facebook in the detailed review of The Autocracy App by Jacob Weisberg
I’ve been writing (ranting?) about the security dangers of IoT and the connected world in general.
Security seems to be an afterthought— mostly after a public debacle, as Chrysler showed when Jeep was hacked.
GM took nearly five years to fully protect its vehicles from the hacking technique, which the researchers privately disclosed to the auto giant and to the National Highway Traffic Safety Administration in the spring of 2010.
“With several months of in-depth research on Tesla Cars, we have discovered multiple security vulnerabilities and successfully implemented remote control on Tesla Model S in both Parking and Driving Mode.”
They hacked the firmware and could activate the brakes, unlock the doors and hide the rear view mirrors.
Tesla is the darling of the Silicon Valley tech set and Elon Musk is one of the Valley gods, but it still got hacked. And the excuse of being new to connected tech just doesn’t fly.
And if connected car security is full of holes, imagine the hacking opportunities with self-driving cars.
The possibilities are endless. I can easily see hackers, or bored kids, taking over a couple of cars to play chicken on the freeway at rush hour.
Nice girls don’t say, ‘I told you so’, but I’m not nice, so — I told you so.
But contrary to tech lore, data isn’t black and white. It can be massaged and manipulated to support or contradict opposite sides of the same argument.
Take self-driving cars. Google claims the data proves them safer than human drivers.
But is that what the data really shows or is it being stage-managed?
“You can’t just extrapolate Google cars driving ~1.5 million miles under specific conditions (weather, topology, construction, traffic, accidents around it, etc.) to usurping the ~3 trillion miles/year under all conditions in the US. 1.09 fatalities per 100 million miles is the current non-self-driving numbers.
2014 had ~30k fatal crashes out of the 3 trillion miles traveled. We have to understand not how those crashes happened, but what makes the vast majority of them not happen. Luck is not a contributor, expertise is. Understanding human expertise is the key, not human frailty.”
Tech claims that security isn’t that big a problem and certainly not one that requires statutory approaches or regulation.
Two years ago Eddie Schwartz, vice president of global security solutions for Verizon’s enterprise subsidiary, said that self-driving cars will prove an irresistible target for hackers if they ever hit the roads.
Change if to when. Of course they’re irresistible; hacking and controlling a real car on a real road, with the potential of doing real damage, would be catnip to a large number of naïve kids (to prove they can), not to mention angry adults (getting even) and terrorists (creating chaos).
The cars aren’t yet able to handle bad weather, including standing water, drizzling rain, sudden downpours and snow, let alone police instructions (…) “I am decidedly less optimistic about what I perceive to be a rush to field systems that are absolutely not ready for widespread deployment, and certainly not ready for humans to be completely taken out of the driver’s seat.”
And now being added to the thrills and threats of hackable cars comes Otto — an affordable $30K (cheap when you consider the cost of a new rig) retrofit to make big rigs self driving.
It was co-hosted by Coinvent, Cheetah Mobile, and Silicon Valley Tech Innovation and Entrepreneurship Forum.
Connect featured a host of speakers that included executives from Yahoo, Skype, Google, Yandex, Twitter, Carnegie Mellon University Innovation Institute, Oxford Internet Institute and Al Gore.
The theme of the conference addressed how cultures connect from a technology innovation standpoint — a noble task.
There was a broad range of agenda topics, including:
The impact of big data across international borders
Tech society, and our future
Future of big data (not the band, actual big data)
What’s the big deal about big data
How not to confuse big data with big papi or David Ortiz who incidentally, will have his last season of pro ball in 2016. (not actually a discussion on the agenda)
End of Ad harassment
Future of mobile search
Vision for mobile presence
Differences between Asian and United States in mobile internet era development
Mobile Investment Outlook – Hottest Start-ups all VC’s chasing after
Start-up Scale Up – Comparisons between US & Asia
Crossing the Pacific to build new start-ups
Investment and technology flows between China and the U.S.
If any of the above sounds of interest, make an effort to add future Connect events to your calendar.
Taken as a whole, the discussion topics are certainly relevant enough, but the format of the conference didn’t seem to include adequate networking time to connect thought leaders and those interested in further development into the respective spaces.
Not to mention, they ran out of goodie bags of conference centric accoutrements.
However, one thing swirling through the tsunami of information was clear.
The effect of the enormous amount of data readily available in the IoT (Internet of Things) is unfolding in a sprawling fashion, with and over an ocean of opportunity for the intrepid across the globe, who cast out into the deep.
Less ‘me too’ and more ‘me new’, or, as Matt Rosoff puts it, stuff that impresses his 5-year-old son.
By groundbreaking, I mean a technology that changed society, changed every other industry in the world. The World Wide Web was groundbreaking. The internet was groundbreaking. The personal computer was groundbreaking.
And before you write Rosoff off as a know-nothing consider Peter Thiel’s comment.
“We wanted flying cars, instead we got 140 characters.”
It’s nice to know my nobody-know-nothing opinion is in good company.
In the tech world IoT is supposedly the bright light on the horizon, but don’t hold your breath.
Worse for tech, the public is waking up to the fact that it doesn’t give a damn about people’s privacy, security or even safety as long as they buy — at least not until it’s forced to and then only enough to shut up the noise.
As Accenture puts it, companies must “ignite” the next five years of growth by coming up with products that “offer a compelling value proposition,” “ensure a superior customer experience,” and “build security and trust.”
Read the article. Digest Accenture results.
Then think about what you can build that would impress a 5-year-old—even a little.
There are dozens of startups working on wiring everyday products to become part of the Internet of Things (IoT) and a few weeks ago I cited an article that raising money in that arena was tied to building security into a product from the beginning.
Security used to be a function to which consumers gave little thought, but that is rapidly changing.
The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.
And if none of this makes IoT startup founders rethink their cavalier attitude towards building tough security into their initial design, perhaps this comment from Colby Moore, a security research engineer at the cybersecurity firm Synack, will make them think twice.
“Really, the state of security on these things right now is pretty atrocious… A lot of these device manufacturers are just not security people and they really just don’t have security people on staff, especially when it comes to IoT start-ups. What they are doing is phenomenal with all of these new uses for technology. But security isn’t a concern for everybody. It’s ship now and patch later mentality.” (…) If you are worried about it then don’t put yourself at risk. It’s kind of up to us to demand a higher security standard and hold the manufacturers to it.”
How freely do you discuss the details about how you think, what you like, what you believe and the challenges you face with strangers?
Sites, apps, data brokers and marketing analytics firms are gathering more and more details about people’s personal lives — from their social connections and health concerns to the ways they toggle between their devices. The intelligence is often used to help tailor online experiences or marketing pitches. Such data can also potentially be used to make inferences about people’s financial status, addictions, medical conditions, fitness, politics or religion in ways they may not want or like.
How willing would you be to sell that information to benefit a total stranger?
You already give up your personal information in return for better access to their products and services, but you do so with the idea that you won’t be packaged and sold.
In fact, most sites tell you upfront that they won’t “share your personal data with third parties.”
But, as they say, the devil is in the details and buried deep in the privacy statements is a giant ‘but…’
Of the 99 sites with English-language terms of service or privacy policies, 85 said they might transfer users’ information if a merger, acquisition, bankruptcy, asset sale or other transaction occurred, The Times’s analysis found. The sites with these provisions include prominent consumer technology companies like Amazon, Apple, Facebook, Google and LinkedIn, in addition to Hulu.
It’s a safe bet that if these sites have that caveat, so do thousands of others — both large and small.
The expansion of the Internet of Things provides companies a far more intimate look at your life than ever dreamed possible.
It’s a trend that is likely to widen as companies introduce new Internet-enabled products, like connected cars and video cameras, which can collect and transmit a constant stream of data to the cloud.
Generally, caveat emptor is the contract law principle that controls the sale of real property after the date of closing, but may also apply to sales of other goods.
Your data is ‘other goods’.
Stuff happens; economies go up and down and businesses wax and wane.
Any company, no matter how large or seemingly stable can find itself in the position of having to sell or transfer its assets.
I often claim the label of Luddite and am know to my friends as a digital dinosaur (I spent the weekend upgrading from Office 2003 to 2007).
I’m not a lover of the Internet of Things, because I believe anything/everything can be hacked. (If you have evidence to the contrary, please share).
To me, the idea of hackable self-driving cars is a nightmare and drones make me cringe.
Obviously, I’m not the only one who feels this way.
It seems my revulsion is shared by my distant cousins.
However, if I react the same way I would probably be sued and possibly jailed.
The problem, of course, is that technology is light years ahead of society, not only on a moral/ethical level, but on a consideration of consequences — of which there seems to be none.
Entrepreneurs face difficulties that are hard for most people to imagine, let alone understand. You can find anonymous help and connections that do understand at 7 cups of tea.
Crises never end.
$10 really does make a difference and you’ll never miss it,