Tag: safety

Keeping the IoT simple and safe

Making the IoT simple and safe is the most important tasks facing Internet of Things vendors

Ten years ago a joke going around was “what if Microsoft built cars?” The answer summed up the frustrations users had with personal computers and the differences in engineering standards between traditional industries and that of the IT sector.

As we enter the Internet of Things era, that tension between consumer devices and good engineering continues as shown by a software bug that rendered Nest thermostats useless.

That poor software would drain the battery without warning the user, illustrates how poorly designed many of these devices are.

Ironically Nest’s owners, Google, held a conference earlier this week where the company’s leaders flagged the importance of standards, security and privacy.

In a call to action for the IoT industry, Google’s lead advocate Vint Cerf, also known as one of the “fathers of the Internet,” warned that compatibility, security, and privacy could be obstacles to the IoT’s success.

Reliability is also important, particularly when talking about safety and security – Nest also make carbon monoxide detectors – where a device crashing or failing can have terrible consequences.

At present most of the Internet of Things is about the gimmick of connecting devices to the cloud and controlling them from your mobile phone. Consumers are not going to embrace IoT products if they add cost, complexity and risk to their lives.

Keeping it simple and safe are probably the most important things designers of IoT devices can do.

Designing a secure IoT ecosystem

Ensuring the next generation of IoT devices is secure will be one of the challenges facing the next generations of designers.

Ensuring the next generation of IoT devices is secure and a good citizen of the wider ecosystem will be one of the challenges facing the next generations of designers.

Diego Tamburini, Manufacturing Industry Strategist of design software company Autodesk, spoke to Decoding The New Economy about how the IoT will change the design industry. “We’ve been designing equipment to connect to the internet for a generation,” he said. “What’s changing is that now the addition of software, electronics, networking and communication is breeding into objects that were purely mechanical.”

Melding the physical and software worlds doesn’t come without risks however, something that worries Internet pioneer Vint Cerf who foresees headlines like ‘100,000 fridges hack the Bank of America’ in an interview with Matthew Braga of Motherboard Canada.

Apart from the fact it could be a hundred million, Cerf has good reason to be worried. Most consumer IoT devices are hopelessly insecure and the recent stories of hacked cars only emphasises the weaknesses with connected household items.

Cerf and Braga make the point the ‘I Love You’ worm of the year 2000 became a crisis because the world had reached the point where personal computers were ubiquitous. A similar piece of malware in a world where everything from kettles to wristwatches are vulnerable would be exponentially worse.

These risks put a great onus on product designers, even more so given much of the functionality is based upon those devices communicating with others across the internet and cloud services, something that Tamburini emphasised.

“One important thing that is happening with thing being connected is we are not just designing things that function in a vacuum, we’re increasingly designing members of a larger ecosystem.” Tamburini states, “now we have to think of how the product will have to connect to other products and how they will collectively perform a function.”

Part of that risk is that should those devices malfunction, either deliberately as part of a botnet or malware attack, or accidentally as we saw with the connected home being disabled due to a defective smart lightbulb flooding the network with error messages, then the wider community may be affected in ways we may not expect.

Cerf believes it’s going to take a big, catastrophic hack on a grand, connected scale before a shift in security begins to happen, and before people begin to even consider that such a vulnerabilities even exist.

If that’s the case, it will be that society has ignored the clear warning signs we’ve seen from events like the Jeep hack and the Stuxnet worm, not to mention the massive privacy breaches at Target and Sony. For designers of these systems hardening them is going to be an essential part of making them fit for today and the future.

What happens when software is wrong

A phone company software glitch puts one man’s life and the safety of thousands at risk. It reminds us that computers are not always correct.

The Las Vegas Review Journal yesterday told the story of Wayne Dobson, a retiree living to the north of the city whose home is being fingered as harbouring lost cellphones thanks to a software bug at US telco Sprint which is giving out the wrong location of customer’s mobile devices.

While it appears funny at first the situation is quite serious for Mr Dobson as angry phone owners are showing up at his home to claim their lost mobiles back.

Making the situation even more serious is that 911 calls are being flagged at coming from his home and already he has had to deal with one police raid.

While the local cops have flagged this problem, it’s likely other agencies won’t know about this bug which exposes the home owner to some serious nastiness.

That a simple software bug can cause such risk to an innocent man illustrates why we need to be careful with what technology tells us – the computer is not always right.

Another aspect is our rush to judgement,  we assume because a smartphone app indicates a lost mobile is in a house that everyone inside is a thief. That the app could be wrong, or we don’t understand the data to properly interpret it, doesn’t enter our minds. This is more a function of our tabloid way of thinking rather than any flaws in technology.

The whole Find My Phone phenomenon is an interesting experiment in our lack of understanding risk; not only is there a possibility of going to the wrong place but there’s also a strong chance that an angry middle class boy is going to find himself quickly out of his depth when confronted by a genuine armed thief.

For Wayne Dobson, we should pray that Sprint fixes this problem before he encounters a stupid, violent person. For the rest of us we should remember that the computer is not always right.

Ending the era of the computer password

Has the humble computer password reached the end of the line?

Earlier this year, Wired Magazine writer Mat Honan had his entire digital identity stolen from him when hackers cracked his email password and then systemically took over all of his cloud and social media accounts.

Matt writes of his experience on Wired and proposes it’s time to kill the password.

The problem with Mat’s proposal is that he doesn’t suggest an alternative.

The age of the password has come to an end; we just haven’t realized it yet. And no one has figured out what will take its place.

Every alternative authentication method to passwords has flaws just as serious, if not worse. Many are plainly impractical.

All of them, including passwords, have the common weakness that those holding the information can’t be trusted either – one of the greatest ways for passwords to get into the wild is when incompetents like Sony give them away.

Security is evolving, in the meantime we need to keep in mind some basic rules.

  • Use different passwords for different accounts
  • Only access accounts from trusted and up-to-date computers
  • Create strong passwords for accounts that matter, like online banking and email
  • Strong passwords are multiword phrases
  • Use two-factor authentication if its available
  • Don’t link unnecessary social media and cloud accounts together
  • Be very careful

We should also remember that a skilled, motivated hacker will probably break into your account regardless of your computer security. In this respect it’s no different to the physical world where a determined criminal will get you regardless of the locks and alarms on your house.

It’s also important to remember that security is more than just evil hackers; data can be damaged or given away by a whole range of means and people breaking into systems is only one risk of many.

Computer security is an evolving field and while it might be premature to declare the password dead, we’re going to see big changes as we try to lock down our valuable digital assets.

Facebook and Families

Family use of social media can be problematic

As the Internet has become a normal part of our family lives, social media services like Facebook are becoming important in the way people, particularly our kids, socialise and communicate.

Most of this web use is positive however there are risks with these online tools so we do need to know how to manage social media services and reduce any problems we may have in our families and businesses.

Understand the risks

Facebook is an online service and all web based platforms share the same risks such as stranger danger, bullying, fraud and offensive behaviour – both kids and adults need to understand the risks.

A good start is sitting down with younger kids and using some of the online resources available, the US Virginia Department of Education has a good interactive presentation on online safety.

For Australian specific content, the Federal government’s Cyber Smart website offers advice to families at all ages; from grandparents to kids.

Respect the rules

All online services have rules that govern behaviour, one of the most common is a restriction on under 13s. This is partly because of the US COPPA law that restricts websites and social media services from advertising to children.

Of the other rules that can cause problems Facebook has bans on hate speech and an almost pathological obsession with nudity. It pay to read the terms and conditions so you know what is acceptable.

Under 13s should not use Facebook

While for many kids Facebook is the way to talk to their friends online, parents should resist the pressure to sign their kids up until they are of the legal age.

Regardless of what you think of the rules, many kids don’t have the maturity of to understand or deal with the issues of using social media sites. For that matter, neither do many adults.

Should Facebook find out that an account is owned by a child under 13, they will shut it down immediately.

Choose your friends carefully

Everybody – kids and adults – should be cautious about friends they make online. Just accepting friend requests from anybody, or from those who look cute or cool, can lead to problems later.

Set your privacy

In Facebook you should set your default privacy settings to “Friends”. You can do this by clicking the arrow pointing down in the top right hand corner of the Facebook screen and selecting privacy.

Having set your default privacy settings to Friends, you may want to further improve your privacy by continuing down the privacy screen and selecting functions like not allowing friends to post to your Facebook wall.

Be careful what you like

Liking products and pages can have consequences, at the very least others know what causes you’ve joined.

Joining hate or bullying campaigns or pages is not a good look, so don’t do it if you think you may upset people around you.

You are what you post

Anything you put online is in writing against your name. If it’s going to upset people or cause trouble then don’t do it.

In the United States one teenager found this out the hard way when her father discovered a Facebook post criticising him and her mother. He shot her laptop and then posted the video onto her Facebook page.

Practice Safe Computing

Services do get hijacked, so have strong passwords, up to date virus checkers and make sure the computer is fully up to date with security patches.

Never share passwords with friends or siblings and use different passwords on each service so if Minecraft gets compromised, Facebook or email doesnt’ as well.

Put computers in common areas

Kids’ computers should be in common areas and use of any Internet enabled devices like iPods and mobile phones in places like bedrooms should be strongly discouraged.

Be open to talking

If anyone in your family seems to have a problem with computer use such as getting upset, socially withdrawal or acting unusually then talk to them. This happens with adults as well.

One thing to remember is that punishing people, particularly kids, rarely works well with these technologies so it’s best to make it clear they won’t be in trouble if they come to you with a problem they are having on the net.

It’s not just kids

We have to remember its not just kids who get into trouble online, there’s no shortage of adults who have created problems for themselves and their families through irresponsible online behaviour. So parents need to watch their own social media usage as well.

Should someone in your family be having a problem, then don’t hesitate to talk to the school, employer or Internet provider if there’s issues that need to be addressed.

There’s lot of online services services and resources such as Cybersafe listed above. Also don’t hesitate to call any support lines such as Lifeline or Beyond Blue if you are seriously concerned about a family member’s wellbeing.

On balance, the web and social media are positive influences on most people’s lives so by using commonsense and playing safely, the majority of families will avoid the really terrible stories we hear about online problems.

Password blues

Sharing passwords is like giving away the keys to your car, be careful.

“Johnny down the street hacked my Minecraft account!” is something almost every parent today has heard in one way or another.

If you believed the kids, the schools are full of 12 year old hacking geniuses that can unravel passwords faster than a CIA super computer.

Usually it turns out the “evil hacker” in Grade 5 had the password all along as the kids share their login details with all their friends.

The New York Times recently pulled together story showing how teenagers are sharing passwords to show their affection. One wonders how many abusive relationships see the dominant partner control the other’s social media and online accounts.

It isn’t just kids and teenagers who find themselves in trouble though, businesses make the same mistakes. Commonly sharing a password to important files and tech functions across the organisation.

Thinking this is just a small business problem would be a mistake; Australia’s Vodafone made all their entire customer base available on the Internet thanks to single logins and shared passwords for each of their dealers.

Over the years this caused major problems for customers and the honest Vodafone dealers as their unscrupulous competitors hijacked accounts and churned clients to new plans. The cost to Vodafone Australia must have been huge but impossible to quantify given they apparently had no tracking mechanism to figure out who had accessed accounts.

In households and business, the main reason we share passwords is convenience – security by nature is always inconvenient. It’s convenient not to bother locking your front door or leaving your keys in the car.

When you really value something, you lock it up and you don’t give a key to everyone in your neighbourhood. It should be the same with passwords, keep them strong and keep them secret.

Our kids learn this the hard way, we shouldn’t have to.

The beast in the machine: Protecting your online profile

The people you meet online can affect you in the real world. We look at some ways to protect yourself online.

Every village has an idiot and there’s a particular brand of idiot who’s attracted to the perceived anonymity of the Internet.

Being big communities, online networking sites like Facebook and MySpace combine the problem of having a lot of idiots who think they can’t be held responsible for what they do in cyberspace.

Last week we saw this with the shameful behaviour on Facebook where posters defaced memorial pages to a murdered girl. That disgraceful episode shows why it’s important to take precautions against idiots online. Here’s some ideas on protecting your online profile;

Take responsibility

You are responsible for what you post so if you create a Facebook fan page, LinkedIn group or blog then you need to maintain it, particularly the comments. If the posters become unwieldy then you need to moderate them or turn off visitor comments. Remember too that you are responsible for comments you make and the messages left on your site.

Be careful with joining groups

In life you are judged by the company you keep and the same applies online. If you join a group full of idiots you’ll be identified as one of them. Worse, those fools will be attracted to people they consider to be like minded. Think twice before accepting invitations.

Choose friends wisely

It’s tempting with Internet networking sites to try and get as many friends as possible. That misses the point of these tools and it increases the likelihood idiots will become part of your circle. Only allow people you know to connect. Using Facebook for family and friends while referring business colleagues to LinkedIn is a common way of separate work and social life online.

Avoid strangers

We tell our kids not to accept lollies from strangers yet many otherwise sensible adults link up with people they don’t know. Avoid doing this unless you are absolutely sure of who they are. The famous cartoon of “on the Internet nobody knows you’re dog” is true of thieves, stalkers and all manner of knaves.

Hide your details

Don’t go overboard spilling out your personal life to strangers. The more details you give out, the easier it is for troublemakers to find you or steal your identity. Keep the musings about your cats and your children to your close friends.

Used well, Internet networking tools are a fantastic feature of the Internet which can enrich your life and the lives of those around you. however all tools can be misused so be aware of the risks of these tools and act responsibly.

Remember if things get uncomfortable you can hit the delete button and turn the computer off. It’s best to do that at the first sign of trouble.