Hacking the smartcity

The hacking of the San Francisco Muni transit network is a reminder of the security imperatives of smartcity technologies.

Last Saturday the San Francisco Muni’s fare system came to a halt after hackers successfully penetrated the ticketing system.

Across the city’s stations, ticket machines were disabled and access gates were opened, resulting in free rides that many, including this writer, took advantage of.

While the Muni’s management are claiming public safety and customer information wasn’t compromised, it is a very public reminder of the weaknesses in the Internet of Things and smartcity technologies.

Given the complexity of smartcity technologies it’s inevitable that hackers and malicious actors will find their way into Internet facing networks. The range of vendors involved and the vast diversity of devices, old and new, in the systems guarantees there will always be weaknesses.

The great challenge for the Internet of Things industry and smartcity advocates is to secure these diverse systems. The stakes are high for the communities using these technology.

Similar posts:

  • No Related Posts

Time to rethink IT security

Last weekend’s webcam launched cyber attacks are a warning that we need to take security seriously

Last weekend a cyberattack launched from compromised webcams crippled a number of high profile services. In response, the Chinese manufacturer has withdrawn the devices from the market.

That dodgy webcams should have been used to launch a massive DDOS doesn’t surprise anyone who’s spent any time in the home automation field. These problems are endemic in the Internet of Things.

In the early 2000s I became involved in a home automation company through my IT support business. Basically we were kitting out Sydney’s harbourfront mansions with state of the art technology.

Very quickly I realised something was wrong. Almost all the home automation and CCTV systems were running on outdated, insecure software. The leading brand of home security systems used servers running on an old version of Windows 2000 at a time when malware was exploding.

It wasn’t a matter of if, but when, these systems would become hopelessly compromised given the networks they were running on were shared with the home users.

The real concern though was when I raised this with the vendors, installers and designers – no one cared. It was clear security wasn’t a concern for the market and the industry.

We could have patched the systems and boosted their security policies but given the shoddy software being used – mainly DOS batch files – and the assumed file permissions we’d have completely broken the systems and it would up to us to fix it given the attitudes of vendors and clients.

After realising this problem was industry wide I pulled the pin on that business venture as I wasn’t prepared to carry the legal risk and moral obligation of helping install dangerous equipment into people’s homes or businesses.

I’ve since watched as the Internet of Things has become fashionable with the knowledge that the industry’s cavalier attitude towards customer security hasn’t changed.

Now we’re at the stage where script kiddies can launch massive attacks from compromised webcams – God knows what the serious bad guys like state sponsored actors, criminal organisations and commercial spies are up to with these things – which shows the industry’s robotic chickens have come home to roost.

What last weekend’s events show is we have to demand better security from our technology suppliers. That though comes at a cost – we’ll pay more, we’ll have to sacrifice some convenience and we’ll have to spend time maintaining systems.

Are we prepared to wear those costs? Is the tech industry prepared to move beyond it’s ‘good enough’ attitude toward security? Are governments prepared to legislate and enforce proper design rules?

We may not have a choice if we want to enjoy the benefits of technology.

Similar posts:

  • No Related Posts

Huawei’s attempt to shape the cloud

For the last two days Chinese network equipment vendor Huawei has been holding its first Huawei connect conference in Shanghai.

There’s alway plenty to announce at these conferences and Huawei had consultancy partnerships with both Accenture and Infosys, their IoT strategy and their big push into cloud computing.

Ken Hu, the company’s current CEO, even had a new word – cloudification – to describe how business processes are going onto the cloud. Although during the segment on their relationship with SAP, the Huawei executives were at pains to emphasise that in their view most enterprises are a long way from going to a public cloud and will be hosting their own services for some time yet.

Despite the clumsy buzzwords, Huawei does have an interesting selling point in the market with its tie up with telcos giving it both a strong sales channel and a unique selling point. How well they execute with telecommunications companies that are notoriously poor at selling these services remains to be seen.

Huawei’s internet of things services are a similar proposition. Being close to the carriers means the company is well positioned to compete in the market, particularly in M2M applications, but again that closeness to telcos could be a hindrance.

The big message from Huawei Connect is that Chinese companies are genuine competitors to European and North American companies like Ericsson and Cisco, something illustrated on Tuesday when Tencent previewed their new head office in Shenzhen that will act as a live R&D lab for their IoT offerings.

Overall Huawei Connect was a good example of the Chinese government’s efforts to shift the nation’s economy up the value chain.

Similar posts:

Trust, security and the internet of things

It may prove impossible to secure the Internet of Things. If so, we’re going to have to develop new trust mechanisms.

I’ve spent the last week in Las Vegas attending the Black Hat and DefCon security conferences. Among much of the discussion about protecting oneself against the misuse of technology, one thing that stood out was the focus on the Internet of Things.

Listening to some of the discussions and speaking to various people, it’s increasingly clear the consensus is the IoT is effectively unsecurable – the range of devices connected to the internet is just too great to be protected.

Compounding the problem are the plethora of poorly designed devices where security is, at best, a vague afterthought along with an older generation of equipment that was never intended to be connected to the public facing internet.

Given many of these devices are going to be critical to business and individual lifestyles, their reliability and quality of the data gathered by them is going to increasingly come into question and the systems that rely upon them are going to need ways to validate the information they receive.

Perhaps this is where machine learning and artificial intelligence are going to be valuable in watching for anomalies in the information and flagging where problems are happening within networks.

As those networks become more essential to society, we’re going to have build more  redundancy and robustness into our systems, the key component though may be trust.

Similar posts:

  • No Related Posts

Google bets on artificial intelligence

Google bets on artificial intelligence and machine learning as the company deals with the shift to mobile

Breaking with the company’s tradition of the Sergi, Google’s CEO Sundar Pichai writes this year’s founders letter laying out how the search engine giant is focusing of artificial intelligence and the machine learning.

Pichai’s view of the world seems to tie in very closely with founders Larry Page and Sergei Brin with him laying out a vision of making the internet and computers accessible to all.

The challenge for Google is the shift away from personal computers, something that the company is struggling with and a factor that Pichai acknowledges.

Today’s proliferation of “screens” goes well beyond phones, desktops, and tablets. Already, there are exciting developments as screens extend to your car, like Android Auto, or your wrist, like Android Wear. Virtual reality is also showing incredible promise—Google Cardboard has introduced more than 5 million people to the incredible, immersive and educational possibilities of VR.

Whether Google can execute on that vision and manages to diversify its revenues away from depending almost exclusively upon web advertising will be what defines Pichai’s time as the company’s CEO. He has a challenging task ahead.

Similar posts:

  • No Related Posts

Tracking seals across the Southern Ocean

Tracking seals with the IoT is making it easier to collect data on our changing environment

Tracking environmental changes across the oceans a huge undertaking. To deal with the scale of the task Australian researchers have started equipping seals marine animals with a maritime equivalent of a fitbit to monitor the effects of our changing planet.

One of the interesting case studies that came across my desk in recent weeks was the IMOS animal tracking program. The Integrated Marine Observing System is a consortium of research institutions lead by the University of Tasmania that collects data for the Australian marine and climate science community and its international collaborators.

The data is collected from ten different technology platforms including floats, ships, autonomous vehicles such as gliders and deep ocean probes, and by fitting tracking devices onto animals.

Along with sharks and fish, seals are one of the animals IMOS use to track water conditions, one of the benefits of using seals is they can transmit data to a satellite when they return to the surface to breath and they never get stuck under ice.

The tags themselves are made by a Scottish company and are designed to gather information on the depth, temperature, salinity of the seas the animals travel in. They are also useful for tracking the behaviour of the animals.

Along with research into conditions across the vast Southern Ocean, IMOS is also being used to monitor the effects of port development in the mining regions of Western Australia and other areas where environments are undergoing dramatic change.

Once the data is collected it’s open to use by the research community in their understanding the effects of a warming planet, that open data and the cloud storage it is based upon are critical to the program’s success as there’s little point in collecting the data.

We have the devices to collect a tremendous amount of data on our environment, whether it’s our personal fitbits, financial records or information on agriculture or wild animals. The challenge though is to use that data effectively.

In the case of a changing environment, understanding what is happening and the effects could be a matter of our survival. While the idea of a fitbit for seals seems cute, the data they collect could prove critical.

 

Similar posts:

  • No Related Posts

Probing the weakest links of the banking system

The Bangladeshi bank hack was a lucky escape but it is an early warning about securing our networks.

The breach of the Bangladeshi banking network has been shocking on a number of levels, not least for the allegations the institutions were using second hand network equipment with no security precautions.

Fortunately for the Bangladesh financial system the hackers could spell and so only got away with a fraction of what they could have.

Now there are claims the SWIFT international funds transfer system may have been compromised by the breach, which shows the fragility of global networks and how they are only as strong as the weakest link.

As the growth of the internet shows, it’s almost impossible to build a totally secure global communications network. As connected devices, intelligent systems and algorithms become integral parts of our lives, trusting information is going to become even more critical.

The Bangladeshi bank hack was a lucky escape but it is an early warning about securing our networks.

Update: It appears the hackers were successful in getting malware onto the network according to Reuters but, like their main efforts, were somewhat crude and easily detected. One wonders how many sophisticated bad actors have quietly exploited these weaknesses.

Similar posts: