Aug 022015

Last May at the ThingsCon conference in Berlin a group of European designers came together to form the IoT Manifesto.

Now vendors have the ability to put a chip into almost anything companies and designers are tempted to add connectivity simply for the sake of doing so.

In many cases this is opens up a range of security risks ranging from the screaming baby monitor to the hackable jeep.

Coupled with the security risks of your intimate devices being hacked there’s the related privacy risks as millions of devices collect data ranging from how hard you press your car’s brake pedal through to last time you burned your breakfast toast.

In an era where governments and businesses are seeking to amass even more information about us, there are genuine concerns about what that data is going to be used for and why it is being collected in the first place.

The IoT manifesto looks to manage these problems facing the sector through ten guiding design principles;

  1. Don’t believe the hype around the IoT
  2. Only design useful things
  3. Deliver benefits to all stakeholders
  4. Keep everything secure
  5. Promote a culture of privacy
  6. Gather only a minimal amount of data
  7. Be transparent about who that data will be shared with
  8. Give users control over their data
  9. Design durable products
  10. Use the IoT and its design to help people

All of the principles are laudable and it’s not hard to think that meeting the guidelines would make devices and services that aren’t just useful and safe but also simpler, cheaper and more effective.

There’s many ethical, business and safety issues facing the Internet of Things as connected devices rollout across almost every industry. The IoT Manifesto may well be a good framework in which to design them and the cloud services they’ll depend upon.

Jul 222015
radio programs for techonology, web, social media, cloud computing and computer advice

Security problems with smartcars and dating sites along with asking if a new version of Microsoft Windows matters any more are the topics for July’s Nightlife tech spot.

Paul Wallbank regularly joins Tony Delroy on ABC Nightlife on to discuss how technology affects your business and life.

If you missed this month’s show, you can listen to the program through the ABC website.

July’s Nightlife

A decade ago people lined up all night for a new version of the Windows operating system. Next week Microsoft will be launching Windows 10 to an indifferent market place, does what was once the world’s biggest software company matter anymore in a world of smartphones, connected cars and cloud computing?

Some of the questions we’ll be answering include.

  • So what are Microsoft announcing next week?
  • What happened to Windows 9?
  • Does Windows really matter any more?
  • The internet has changed things but not always for the better. What about connected cars being hacked?
  • Is this a bigger problem than just connected cars when we’re seeing things like kettles being wired up to the internet?
  • Of course it’s not just cars suffering problems on the Internet, adult dating site Ashley Madison has had potentially 37 million customers’ details leaked online.
  • Could this happen to any business? How do we protect ourselves?

Listeners’ questions

A few of the questions from listeners couldn’t be answered on air.

Running Flash of iPhones and iPads: Steve Jobs’ hatred of Adobe Flash was legendary and as consequence iOS devices like the iPhone and iPad don’t come with the ability to run the software. That’s a problem for those who need Flash for some packages.

The Puffin web browser gives iPad and iPhone users the ability to use Flash on their devices and is available from the iTunes store.

Securing Android: While smartphones are less prone to viruses and malware than personal computers, they still are at risk. For Android users there is no shortage of choice for security packages, some of which include;

Android power hogs: A downside with smartphone apps is they can drain battery life. One excellent feature on Android phones is the ability to easily check what’s using your juice.

  • Open device settings
  • Scroll to “about phone”
  • Click on “battery use”

Join us

Tune in on your local ABC radio station from 10pm Australian Eastern Summer time or listen online at

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on 1300 800 222 within Australia or +61 2 8333 1000 from outside Australia.

You can SMS Nightlife’s talkback on 19922702, or through twitter to@paulwallbank using the #abcnightlife hashtag or visit the Nightlife Facebook page.


May 112015

One of the ongoing discussions in the world of the Internet of Things are the security weaknesses in many devices that leave networks vulnerable to rogue devices or malicious hackers.

A good example of this is Craig Hockenberry’s post on his site on how bugs in Apple’s Bonjour software messes with networks.

While Apple won’t say what causes this issue – an ominous point in itself – Hockenberry surmises it’s due to older software in some devices that no longer have updates available, which is another problem facing the IoT.

On top of Hockenberry’s story, a piece in Threat Post reports the Open Smart Grid Protocol has serious security issues.

The writers of the package that’s installed on more than four million smart meters and similar devices worldwide decided to write their own encryption algorithm that has proved easy to break.

So the smart home which might feature both a slew of Apple devices and one of these exposed smart meters has a range of security holes that the occupier has no idea about. This hardly breeds confidence.

As the Internet of Things is rolled out, security is going to have to be at the front of developers’ and vendors’ minds. The stakes are too high for shoddy and ill thought out compromises or for vendors like Apple who rate secrecy over their customers’ security.

Apr 262015

Security experts have hacked a teleoperated surgical robot Security experts hack medical robot.

In a recently published paper, a group of academics showed how they had been able to change the instruction sequences, override commands or even take full control of the Raven II medical robot.

That such a lack of security isn’t in the least bit surprising is a sad commentary on the world of connected devices and the Internet of Things.

At the root of this problem is the software running this equipment has security added, at best, as an afterthought given the designers work from the assumption operators are in the room with the equipment,

If we’re going to connect these devices to the public internet then security has to be built into them from the beginning.

Whether we’re discussing remote medical equipment, driverless cars or the smart home, hardening and securing IoT devices is going to be of today’s industrial challenges.

Apr 042015
The law applies online to social media and other web services

Automakers Say You Don’t Really Own Your Car states the Electronic Frontiers Foundation.

In their campaign to amend the US Digital Millenium Copyright Act to give vehicle owners the right to access and modify their automobiles’ software the EFF raises an important point.

Should the software licensing model be applied to these devices then purchasers don’t really own them but rather have a license to use them until the vendor deems overwise.

Cars, of course, are not the only devices where this problem arises. The core of the entire Internet of Things lies in the software running intelligent equipment, not the hardware. If that software is proprietary and closed then no purchaser of a smart device truly owns it.

Locking down the smarthome

This raises problems in smarthomes, offices and businesses where the devices people come to depend upon are ‘black boxes’ that they aren’t allowed to peer into. It’s not hard to see how in industrial or agricultural applications that arrangement will often be at best unworkable.

Four years ago tech industry leader Marc Andreessen pointed out how software is eating the world; that most of the value in an information rich economy lies in the computer programs that processes the data, not the hardware which collects and distributes it.

That shift was flagged decades ago when the initial fights over software patents occurred in the 1980s and 90s and today we’re facing the consequences of poorly thought out laws, court decisions and patent approvals that now challenge the concepts of ownership as we know it.

Is ownership outdated?

However it may well be that ‘ownership’ itself is an outdated concept. We could be entering a period where most of our possessions are leased rather than owned.

If we are in a period where ownership is an antiquated concept then does it matter that our cars, fitness bands, kettles, smoke alarms and phones are in effect owned by a corporation incorporated in Delaware that pays most of its tax in the Dutch Antilles?

Who owns the smartcar’s data?

The next question of course is if the software in our smart devices is secret and untouchable then who owns the data they generate?

Ownership of a smartcar’s data could well be the biggest issue of all in the internet of things and the collection of Big Data. That promises to be a substantial battle.

In the meantime, it may not be a good idea to tinker too much with your car’s software or the data it generates.

Mar 252015
The law applies online to social media and other web services

Today the Australian internet industry celebrated twenty years of commercial operations with the Rewind/Fast Forward conference that looked at the evolution of the online economy down under and its future.

Naturally the Internet of Things was an important part of the discussion looking at the internet’s future and one of the panels examined the effects of the IoT on industry and society.

During the session chairman of the Communications Alliance industry association, John Stanton, raised an important point about how the IoT creates problems for existing laws and the regulators as a wave of connected devices are released onto the market place.

The risks are varied, and Stanton’s list isn’t exhaustive with a few other aspects such as liability not explored while some of the issues he raises are a problem for other internet based services like cloud computing and social media.

Roaming rules

Having fought many regulatory battles over roaming charges and access between networks, it’s not surprising Stanton and the Communications Alliance would raise this as an issue.

Dealing with roaming devices will probably be a big challenge for mobile Machine to Machine (M2M) technologies, particularly in the logistics, airline and travel industries. We can expect some bitter billing battles between clients and their providers before regulators start to step in.

Number schemes

Again this is more an issue for mobile M2M consumers. Currently every SIM card has its own phone number once the service is activated.  It may be that regulators have to revise their numbering schemes or allow providers to use alternative addressing methods to contact devices.

Data sovereignty

Where data lives is going to continue to be a vexed issue for cloud computing consumers, particularly given the varied laws between nations.

Short of an international treaty, it’s difficult to see how this problem is going to be resolved beyond companies learning to manage the risks.

Identity management

Data integrity is essential for the IoT and accurately determining the identity of individuals and devices is going to be a challenge for those designing systems.

Over time we can expect to see some elegant and clever solutions to identity management in the IoT however masquerading as a legitimate device will always be a way malicious actors will try to hack systems.


For domestic users, the privacy of what remains in data stores is going to be a major concern as domestic devices and wearables gather greater amounts of personal information. We can expect laws to be tightened on the duties and obligations of those collecting the data.

Access Security

Who can do what with a networked device is another problem, should a malicious player or a defective component get onto the system, the damage they can do needs to be minimised. What constitutes unlawful access to a computer network and the penalties needs to be carefully thought out.

Spectrum allocation and cost

Governments around the world have been reaping the rewards of selling licenses to network operators. As the need for reliable but low data usage IoT networks grows, the economics of many of the existing licenses changes which could present challenges for both the operators and governments.

Access to low cost and low data access networks

Following on from the economics of M2M networks, the question of mandating slicing of scarce spectrum for IoT applications or reserving some frequencies becomes a question. How such licenses are granted will cause much friction and many headaches between regulators and operators.

Commercial value of information

How much data is worth will always be a problem in an economy where information is power and money. This though may turn out to be more subtle as information is only valuable in the eyes of the beholder.

Where information becomes particularly valuable is in financial markets and highly competitive sectors so we can see the IoT becoming part of insider trading and unfair competition actions. These will, by definition, be complex.

Like any new set of technologies the internet of things raises a whole new range of legal issues as society adapts to new ways of doing business and communicating. What we’re going to see is a period of experimentation with laws as we try to figure out how the IoT fits into society.

Mar 192015
how to protect your computer and social media data with strong passwords

A lack of trust in technology’s security could be costing the global economy over a trillion dollars a panel at the Australian Cisco Live in Melbourne heard yesterday.

The panel “how do we create trust?” featured some of Cisco’s executives including John Stewart, the company’s Security and Trust lead, along with Mike Burgess, Telstra’s Chief Information Security Officer and Gary Blair, the CEO of the Australian Cyber Security Research Institute.

Blair sees trust in technology being split into two aspects; “do I as an individual trust an organisation to keep my data secure; safe from harm, safe from breaches and so forth?” He asks, “the second is will they be transparent in using my data and will I have control of my data.”

In turn Stewart sees security as being a big data problem rather than rules, patches and security software; “data driven security is the way forward.” He states, “we are constantly studying data to find out what our current risk profile is, what situations are we facing and what hacks we are facing.”

This was the thrust of last year’s Splunk conference where the CISO of NASDAQ, Mark Graff, described how data analytics were now the front line of information security as threats are so diverse and systems so complex that it’s necessary to watch for abnormal activity rather than try to build fortresses.

The stakes are high for both individual businesses and the economy as technology is now embedded in almost every activity.

“If you suddenly lack confidence in going to online sites, what would happen?” Asks Stewart. “You start using the phone, you go into the bank branch to check your account.”

“We have to get many of these things correct, because going backwards takes us to a place where we don’t know how to get back to.”

Gary Blair described how the Boston Consulting Group forecast digital economy would be worth between 1.5 and 2.5 trillion dollars across the G20 economies by 2016.

“The difference between the two numbers was trust. That’s how large a problem is in economic terms.”

As we move into the internet of things, that trust is going to extend to the integrity of the sensors telling us the state of our crops, transport and energy systems.

The stakes are only going to get higher and the issues more complex which in turn is going to demand well designed robust systems to retain the trust of businesses and users.