Subscribe to RSS - IoT

IoT

The eavesdropping Alexa … is it really that much of a shock?

 - 
Wednesday, May 15, 2019

For the past few weeks, I have been rather intrigued with IoT devices, smart homes, and security and safety of people in this context. (After all, aren’t our homes supposed to be our safe haven … our place of escape from the crazy, hurried world we live in?) After perusing the internet regarding this topic, I thought I had read about almost everything imaginable, but I was thrown a curve ball by a man, Geoffrey A. Fowler, technology columnist, The Washington Post, who literally made a song out of the recordings Alexa had of him! (Click here to listen.) 

Fowler reported that he listened to four years of his Alexa archive that highlighted fragments of his life: spaghetti-timer requests, houseguests joking and random snippets of a once-popular TV show. Alexa even captured and recorded sensitive conversations—a family discussion about medication and a friend conducting a business deal—apparently triggered by Alexa’s “wake word” to start recording. So, why are tech companies recording and saving our voice data? According to Amazon, “when using an Alexa-enabled device, the voice recordings associated with your account are used to improve the accuracy of the results.” 

Fact or fiction? Maybe both, because another main reason is to train their artificial intelligence (AI). 

I may be going out on a limb here, but if people’s voice data is being recorded and USED without their knowledge, isn’t this an invasion of privacy? I say, “Yes, without a doubt!” Not only that, but shouldn’t these tech companies hire and pay people for their voice data to train their AI? I mean, “free” saves the companies money, but to the extent of people’s private conversations and information being recorded and used without permission?  

So, what can be done? Defeating the purpose of Alexa would be to mute its microphone or unplug it, but, in my opinion, if I was going to have a private conversation, that would be better than putting my personal business out there. Another option would be to delete Alexa voice recordings, but Amazon warns

  • “If you delete voice recordings, it could degrade your experience when using the device.” 
  • “Deleting voice recordings does not delete your Alexa Messages.” 
  • “You may be able to review and play back voice recordings as the deletion request is being processed.” 

(I wonder what a “degraded Alexa experience” entails and I also wonder how long it takes to process a deletion request, as during this time voice data can be used.)

For me personally, I will stick with the “old-fashioned” way of living to preserve and protect my privacy—physically stand up, walk over to the window and close/open the blinds by hand; set alarms manually on my smartphone or built-in timer on my microwave; and even use the remote to turn the TV off and on, change channels and control the volume. 

By the way, don’t forget to listen to your own Alexa archive here or in the Alexa app: Settings > Alexa Account > Alexa Privacy. What all does Alexa have on you? 

 

Americans’ trust issues, or lack thereof, with IoT devices and other security-related issues

 - 
Wednesday, May 1, 2019

The last blog I wrote, “What your connected smart home IoT devices are really doing,” highlighted the fact that there are no security standards for IoT manufacturers to follow when creating networked devices. This should cause concern or at least pause for people using such devices, especially in their homes. But, just how aware are consumers about potential risks and do people actually trust the devices they use every day? 

ASecureLife conducted a survey of 300 Americans nationwide to determine how much participants trust the technology they use regularly in their homes as well as people’s biggest concerns related to smart home technology, home security and online privacy. The survey found:

1. A quarter of Americans are NOT concerned with being monitored online by criminals. This nonchalant attitude resulted in 23 percent of American households having someone victimized by cybercriminals in 2018, according to GALLUP

Additionally, in 2017, the FBI’s Internet Crime Complaint Center received more than 300,000 complaints, totaling more than $1.4 billion in monetary losses for victims. 

2. Americans are more concerned about being monitored online by the government than by businesses.

3. Two-thirds of Americans believe their smart devices are recording them. While it’s time consuming, and to be honest, boring, thoroughly read a company’s terms and conditions so you know what personal information that company is collecting from you, and how they’re using it.

Tip: Adjust the settings on your smart equipment to maximize your privacy. For example, turn off Amazon Echo’s “Drop In” setting to prevent the it from automatically syncing and conversing with other Echo devices. 

4. About one in five parents would let Alexa entertain their kids while they’re away. WOW! Parents are actually trusting their children’s safety and security to the virtual world!? (We’ll be discussing this later on in this blog post! Read on!) 

5. Seventy-five (75) percent of Americans believe smart homes can be easily hacked, but 33 percent have and use some type of smart home technology. This indicates that consumers are indeed buying these gadgets. In fact, a joint-consumer survey conducted by Coldwell Banker Real Estate and CNET found 47 percent of Millennials, aged 18 to 34 years, have and use smart home products. 

6. Women are typically more concerned with home security than financial security, and the opposite is true for men. Participants were asked if they fear a home invasion more than identity theft: 53 percent of women participants said “yes,” compared to 44 percent of men.

Participants were also asked which of the following they would rather do: stop locking your doors or change all your passwords to “1234.” Men’s responses were split evenly, while 59 percent of women preferred to change their passwords to this all-to-common numerical sequence. 

7. Americans aged 55 and older are more protective of their financial security than their home security; the opposite is true for younger people. Participants over age 54 were asked if they feared home invasion more than identity theft to which 70 percent answered “no.” However, participants under age 34 were more likely to fear home invasion. 

While all the findings were eye-opening, for me personally, the one that haunted me pretty deeply was the one about Alexa “babysitting” kids. It’s one thing for parents to allow their children to use Alexa under their supervision, but to allow minors to access Alexa while they are away can be extremely dangerous, in my opinion and based on the news we see every day concerning criminals hacking into security systems, devices recording home-based conversations, apps giving away data to advertisers, and the list goes on and on. 

Question for you parents out there: Would you allow your children to access Alexa when you aren’t at home? Why or why not? 

 

What your connected smart home IoT devices are really doing

 - 
Wednesday, April 24, 2019

As more and more people connect IoT devices to their homes, making them smarter, living machines, the more fodder hackers have to breach systems and gain access to consumers’ personal identifiable information, or even gain entrance into their humble abodes. The fact is, no security standards exist for IoT manufactures to follow when creating networked devices. 

Lawmakers and states are stepping up, looking at ways to help protect consumers.

Industry talk of late about protecting owners of IoT devices have circled around the Cybersecurity Improvement Act of 2019 which would require the National Institute of Standards and Technology to develop new recommendations for device makers to follow. Even some states have created specific rules for IoT device creators to follow, such as California, that will require devices to be shipped with unique passwords or force users to set or reset passwords when setting up a device as of January 1, 2020.

But, are laws really the answer to this seemingly never-ending debacle? Shouldn’t the security industry come together as a whole to offer protection to consumers, their data and their homes? After all, we are in the business of protecting people while offering comfort and ease of living. I think a more proactive approach is in order, where device manufacturers step up to protect consumer data as well as empowering consumers to protect themselves.

A group of computer scientists from Princeton University and the University of California, Berkeley created a tool called Princeton IoT Inspector, an open-source desktop application that passively monitors smart home networks, showing potential security and/or privacy issues. It identifies all IoT devices on a smart home network, shows when these devices communicate/exchange data with an external server, and determines which servers these devices contacted and if those communications are secure. According to the IoT Inspector website, the goal is to answer three questions:

  1. Who do your devices talk to?
  2. What information is gathered?
  3. Are the devices hacked?

Sounds great, right? Well, there are two cautions to be noted when using this tool. First, device names are included in the data sent, so that data will be accessible by Princeton. The app asks users to consent to this the first time the app is used. (Tip: Make sure your devices don’t include your name or any other personal identifiable information. If they do, rename them.)

Second, the research team is using a specific technique the “bad guys” typically use called ARP spoofing, a type of attack where a malicious actor sends false Address Resolution Protocol (ARP) messages over a local area network. Personally, I think it’s creative and smart to use the same techniques to beat the bad guys at their own games, turning malicious acts into something good. Just be sure you trust Princeton should you decide to use this tool. 

Currently, Princeton IoT Inspector is only available on macOS, but there is a waitlist for Windows, which will be released next month, and Linux to be released the week of April 24th, 2019.

 

Congress introduces legislation to establish security standards for government devices

 - 
Wednesday, March 13, 2019

Based on analyst firm Gartner’s research, 20.4 billion Internet of Things (IoT) devices will be deployed by 2020; that’s more than double the world’s population! Hackers tend to gravitate toward the weakest link in the security chain, and because more and more IoT devices have questionable defenses, they make easy targets. This has caused the U.S. government to take notice.

To date, there is no national standard for IoT security, leaving it up to each company to decide how they want to security their connected devices. So, on Monday, March 11th, the U.S. Senate and House of Representatives members introduced the Internet of Things Cybersecurity Improvement Act. If passed, this legislation would set minimum security standards for connected devices used by the government in an effort to prevent the federal government from purchasing hacker friendly devices. 

While the legislation won’t set security standards for all IoT companies—just the ones wanting to win federal contracts— it could provide a baseline of best practices for all connected device manufacturers to consider. 

Should the bill pass, here’s what would happen: 

  • Security standards from the National Institute of Standards and Technology (NIST), such as secure development, identity management, patching and configuration management, would be required; 
  • NIST would review every five years; 
  • All IoT venders selling to the U.S. government would have a vulnerability disclosure policy, allowing government officials to learn when the devices are open to cyberattacks.

 

Do you think this legislation would compel all connected device makers to adopt these security requirements or just the ones wanting to do business with the government? 

 

New tech holds the key to stopping cybercrime, study finds

 - 
Tuesday, February 12, 2019

You don’t have to look too hard to find a sobering example of cybercrime, as it's as pervasive as ever these days, even on the national level with recent reports that cyber criminals have access to critical infrastructure such as our national power grids and gas lines. The good news, though, is technology may be our best weapon against these invisible criminals.

In fact, the use of big data and blockchain technologies are key to fighting cybercrime, according to a new study from Frost & Sullivan that looks at how effective machine learning is in aiding early detection of cyber anomalies, and how good blockchain is at creating a trustworthy network between endpoints.

Frost and Sullivan noted that the rise of the Internet of Things has opened up numerous points of vulnerabilities, compelling cybersecurity companies, especially startups, to develop innovative solutions to protect enterprises from emerging threats. As cybercrime becomes more sophisticated and even a method of warfare, the research firm found, technologies such as machine learning, big data, and blockchain will become prominent.

"Deploying Big Data solutions is essential for companies to expand the scope of cybersecurity solutions beyond detection and mitigation of threats,” Hiten Shah, research analyst, TechVision, said in the announcement of the findings. "This technology can proactively predict breaches before they happen, as well as uncover patterns from past incidents to support policy decisions."

The study, Envisioning the Next-Generation Cybersecurity Practices, presents an overview of cybersecurity in enterprises and analyzes the drivers and challenges to the adoption of best practices in cybersecurity. It also covers the technologies impacting the future of cybersecurity and the main purchase factors.

"Startups need to make their products integrable with existing products and solutions as well as bundle their solutions with market-leading solutions from well-established companies," noted Shah. "Such collaborations will lead to mergers and acquisitions, ultimately enabling companies to provide more advanced solutions."

Technologies that are likely to find the most application opportunities include:

•    Big Data: It enables automated risk management and predictive analytics. Its  adoption will be mostly driven by the need to identify usage and behavioral patterns to help security operations spot anomalies.
•    Machine Learning: It allows security teams to prioritize corrective actions and automate real-time analysis of multiple variables. Using the vast pools of data collected by companies, machine-learning algorithms can zero in on the root cause of the attack and fix detected anomalies in the network.
•    Blockchain: The data stored on blockchain cannot be manipulated or erased by design. The tractability of activities performed on blockchain is integral to establishing a trustworthy network between endpoints. Furthermore, the decentralized nature of blockchain greatly increases the cost of breaching blockchain-based networks, which discourages hackers.

Envisioning the Next-Generation Cybersecurity Practices is part of Frost & Sullivan’s global Information & Communication Growth Partnership Service program.

Parks studies IoT interoperability and customer expectations

43 percent of survey respondents see Amazon Echo integration as important
 - 
08/08/2018

DALLAS—Parks Associates released a report, titled “Interoperability and the Internet of Things,” that said voice control integrations are high on consumers’ wish lists when it comes to new smart devices and most consumers only have one smart device, among other findings.

Gorilla Technology integrates with VMS provider Airship

Gorilla looks to increase its U.S. presence
 - 
02/28/2018

TAIPEI, Taiwan—Gorilla Technology, a video IoT platform company based here, recently announced a partnership with VMS provider Airship, based in Redmond, Wash.

SIA supports reintroduction of IoT legislation

 - 
01/26/2017

SILVER SPRING, Md.—The Security Industry Association announced its continued support of the bipartisan Developing and Growing the Internet of Things (DIGIT) Act, reintroduced in the Senate in January by the Internet of Things working group.

Essence notes trends from 2016, makes predictions for 2017

Dealers will find additional revenue streams by harnessing analytics, company says
 - 
01/24/2017

TEL AVIV, Israel—Smart home device provider Essence made some predictions about 2017’s landscape for the Internet of Things.

Parks Associates: 10 top IoT trends

 - 
Wednesday, December 21, 2016

Parks Associates recently released a whitepaper that discusses key trends in the IoT space for 2017.

“The Internet of Things is driving the reinvention of consumer technology and entertainment markets,” Brett Sappington, senior research director, Parks Associates, said in the announcement.

“New players and product categories are emerging that challenge traditional players with established business models and distribution channels. Online giants have the scale and technology to take risks in new areas of innovation. In some cases, these innovations are transforming whole sectors of the connected home,” Sappington continued.

According to Parks’ research, the average U.S. broadband household has “more than eight connected computing, entertainment, or mobile devices, plus another two connected home devices such as networked cameras, smart thermostats, or smart lighting.”

That strikes me as very interesting, as my household contains only about five—and, as a millennial, I feel more is expected of me there.

“Consumer interaction with the devices and services in their lives – at home, in the car, on the go – will continue to evolve in 2017 to be more personal and targeted,”  Jennifer Kent, director, research quality and product development for Parks Associates, said in a prepared statement. “Approximately 50% of U.S. broadband households plan to buy a smart home device in the next 12 months, and they will tie these devices to their mobile platforms, broadband connections, and other devices to create a singular but ever-expanding user experience.”

Below are the 10 trends Parks Associates noted on in their announcement:

1.         Voice control is vying to become the primary user interface for the smart home and connected lifestyle.

2.         The smartphone market plateaus, and mobile carriers experiment to retain subscribers, which will threaten fixed broadband services.

3.         CE manufacturers focus on new product categories and ecosystem strategies to compensate for stagnation in a mature market.

4.         Virtual and augmented reality gain a foothold in niche operations and greater awareness among early adopters, creating opportunities for social VR experiences.

5.         The differences between on-demand and live viewing continue to blur as consumers embrace a variety of OTT video services.

6.         Consumers increasingly expect connectivity in their cars, but pricing, safety, and data privacy concerns inhibit market growth.

7.         To cross the chasm, the smart home industry will continue to develop new use cases for security, peace of mind, and energy management.

8.         Insurers are exploring new business opportunities in smart home products and services and will continue to launch trials and new partnerships.

9.         Wearables and smart watches are expanding as healthcare tools and will be integrated with other IoT applications.

10.       Consumerization of healthcare services and devices drives integration with smart home ecosystems and new business models.

The whitepaper also includes a list of “Players to watch in 2017” for a variety of categories, including voice control, security and the smart home, connected health devices, and insurance and the smart home.

 

Pages