Internet of Things

Spy on your smart home with this open source research tool

Posted by | chromium, Gadgets, Internet of Things, IoT, IoT Inspector, Princeton University, privacy, privacy research, Security, smart devices, smart home devices, traffic analyzer, WireShark | No Comments

Researchers at Princeton University have built a web app that lets you (and them) spy on your smart home devices to see what they’re up to.

The open source tool, called IoT Inspector, is available for download here. (Currently it’s Mac OS only, with a wait list for Windows or Linux.)

In a blog about the effort the researchers write that their aim is to offer a simple tool for consumers to analyze the network traffic of their Internet connected gizmos. The basic idea is to help people see whether devices such as smart speakers or wi-fi enabled robot vacuum cleaners are sharing their data with third parties. (Or indeed how much snitching their gadgets are doing.)

Testing the IoT Inspector tool in their lab the researchers say they found a Chromecast device constantly contacting Google’s servers even when not in active use.

A Geeni smart bulb was also found to be constantly communicating with the cloud — sending/receiving traffic via a URL (tuyaus.com) that’s operated by a China-based company with a platform which controls IoT devices.

There are other ways to track devices like this — such as setting up a wireless hotspot to sniff IoT traffic using a packet analyzer like WireShark. But the level of technical expertise required makes them difficult for plenty of consumers.

Whereas the researchers say their web app doesn’t require any special hardware or complicated set-up so it sounds easier than trying to go packet sniffing your devices yourself. (Gizmodo, which got an early look at the tool, describes it as “incredibly easy to install and use”.)

One wrinkle: The web app doesn’t work with Safari; requiring either Firefox or Google Chrome (or a Chromium-based browser) to work.

The main caveat is that the team at Princeton do want to use the gathered data to feed IoT research — so users of the tool will be contributing to efforts to study smart home devices.

The title of their research project is Identifying Privacy, Security, and Performance Risks of Consumer IoT Devices. The listed principle investigators are professor Nick Feamster and postdoctoral researcher Danny Yuxing Huang at the university’s Computer Science department.

The Princeton team says it intends to study privacy and security risks and network performance risks of IoT devices. But they also note they may share the full dataset with other non-Princeton researchers after a standard research ethics approval process. So users of IoT Inspector will be participating in at least one research project. (Though the tool also lets you delete any collected data — per device or per account.)

“With IoT Inspector, we are the first in the research community to produce an open-source, anonymized dataset of actual IoT network traffic, where the identity of each device is labelled,” the researchers write. “We hope to invite any academic researchers to collaborate with us — e.g., to analyze the data or to improve the data collection — and advance our knowledge on IoT security, privacy, and other related fields (e.g., network performance).”

They have produced an extensive FAQ which anyone thinking about running the tool should definitely read before getting involved with a piece of software that’s explicitly designed to spy on your network traffic. (tl;dr, they’re using ARP-spoofing to intercept traffic data — a technique they warn may slow your network, in addition to the risk of their software being buggy.)

The dataset that’s being harvesting by the traffic analyzer tool is anonymized and the researchers specify they’re not gathering any public-facing IP addresses or locations. But there are still some privacy risks — such as if you have smart home devices you’ve named using your real name. So, again, do read the FAQ carefully if you want to participate.

For each IoT device on a network the tool collects multiple data-points and sends them back to servers at Princeton University — including DNS requests and responses; destination IP addresses and ports; hashed MAC addresses; aggregated traffic statistics; TLS client handshakes; and device manufacturers.

The tool has been designed not to track computers, tablets and smartphones by default, given the study focus on smart home gizmos. Users can also manually exclude individual smart devices from being tracked if they’re able to power them down during set up or by specifying their MAC address.

Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is asked to contact the researchers to ask for an increase to that limit.

The project team has produced a video showing how to install the app on Mac:

Powered by WPeMatico

Huawei opens a cybersecurity transparency center in the heart of Europe

Posted by | 5g, Asia, Brussels, China, computer security, cybersecurity, EC, Europe, General Data Protection Regulation, huawei, Internet of Things, Mobile, Network Security, Security, telecommunications | No Comments

5G kit maker Huawei opened a Cyber Security Transparency center in Brussels yesterday as the Chinese tech giant continues to try to neutralize suspicion in Western markets that its networking gear could be used for espionage by the Chinese state.

Huawei announced its plan to open a European transparency center last year but giving a speech at an opening ceremony for the center yesterday the company’s rotating CEO, Ken Hu, said: “Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.”

Huawei said the center, which will demonstrate the company’s security solutions in areas including 5G, IoT and cloud, aims to provide a platform to enhance communication and “joint innovation” with all stakeholders, as well as providing a “technical verification and evaluation platform for our
customers”.

“Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry,” it said in a press release.

“To build a trustworthy environment, we need to work together,” Hu also said in his speech. “Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour.

“We believe that facts must be verifiable, and verification must be based on standards. So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust. This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.”

The company made a similar plea at Mobile World Congress last week when its rotating chairman, Guo Ping, used a keynote speech to claim its kit is secure and will never contain backdoors. He also pressed the telco industry to work together on creating standards and structures to enable trust.

“Government and the mobile operators should work together to agree what this assurance testing and certification rating for Europe will be,” he urged. “Let experts decide whether networks are safe or not.”

Also speaking at MWC last week the EC’s digital commissioner, Mariya Gabriel, suggested the executive is prepared to take steps to prevent security concerns at the EU Member State level from fragmenting 5G rollouts across the Single Market.

She told delegates at the flagship industry conference that Europe must have “a common approach to this challenge” and “we need to bring it on the table soon”.

Though she did not suggest exactly how the Commission might act.

A spokesman for the Commission confirmed that EC VP Andrus Ansip and Huawei’s Hu met in person yesterday to discuss issues around cybersecurity, 5G and the Digital Single Market — adding that the meeting was held at the request of Hu.

“The Vice-President emphasised that the EU is an open rules based market to all players who fulfil EU rules,” the spokesman told us. “Specific concerns by European citizens should be addressed. We have rules in place which address security issues. We have EU procurement rules in place, and we have the investment screening proposal to protect European interests.”

“The VP also mentioned the need for reciprocity in respective market openness,” he added, further noting: “The College of the European Commission will hold today an orientation debate on China where this issue will come back.”

In a tweet following the meeting Ansip also said: “Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security.”

Met with @Huawei rotating CEO Ken Hu to discuss #5G and #cybersecurity.

Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security. pic.twitter.com/ltATdnnzvL

— Andrus Ansip (@Ansip_EU) March 4, 2019

Reuters reports Hu saying the pair had discussed the possibility of setting up a cybersecurity standard along the lines of Europe’s updated privacy framework, the General Data Protection Regulation (GDPR).

Although the Commission did not respond when we asked it to confirm that discussion point.

GDPR was multiple years in the making and before European institutions had agreed on a final text that could come into force. So if the Commission is keen to act “soon” — per Gabriel’s comments on 5G security — to fashion supportive guardrails for next-gen network rollouts a full blown regulation seems an unlikely template.

More likely GDPR is being used by Huawei as a byword for creating consensus around rules that work across an ecosystem of many players by providing standards that different businesses can latch on in an effort to keep moving.

Hu referenced GDPR directly in his speech yesterday, lauding it as “a shining example” of Europe’s “strong experience in driving unified standards and regulation” — so the company is clearly well-versed in how to flatter hosts.

“It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe,” he went on. “As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.”

Hu ended his speech with a further industry-wide plea, saying: “We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.”

Huawei’s appetite to do business in Europe is not in doubt, though.

The question is whether Europe’s telcos and governments can be convinced to swallow any doubts they might have about spying risks and commit to working with the Chinese kit giant as they roll out a new generation of critical infrastructure.

Powered by WPeMatico

5G phones are here but there’s no rush to upgrade

Posted by | 5g, Android, Apple, Asia, barcelona, broadband, Caching, China, deutsche telekom, donovan sung, Europe, european commission, european union, huawei, Intel, Internet of Things, iPhone, LG, Mobile, mwc 2019, Qualcomm, Samsung, singtel, smartphone, smartphones, south korea, TC, telecommunications, Xiaomi | No Comments

This year’s Mobile World Congress — the CES for Android device makers — was awash with 5G handsets.

The world’s No.1 smartphone seller by marketshare, Samsung, got out ahead with a standalone launch event in San Francisco, showing off two 5G devices, just before fast-following Android rivals popped out their own 5G phones at launch events across Barcelona this week.

We’ve rounded up all these 5G handset launches here. Prices range from an eye-popping $2,600 for Huawei’s foldable phabet-to-tablet Mate X — and an equally eye-watering $1,980 for Samsung’s Galaxy Fold; another 5G handset that bends — to a rather more reasonable $680 for Xiaomi’s Mi Mix 3 5G, albeit the device is otherwise mid-tier. Other prices for 5G phones announced this week remain tbc.

Android OEMs are clearly hoping the hype around next-gen mobile networks can work a little marketing magic and kick-start stalled smartphone growth. Especially with reports suggesting Apple won’t launch a 5G iPhone until at least next year. So 5G is a space Android OEMs alone get to own for a while.

Chipmaker Qualcomm, which is embroiled in a bitter patent battle with Apple, was also on stage in Barcelona to support Xiaomi’s 5G phone launch — loudly claiming the next-gen tech is coming fast and will enhance “everything”.

“We like to work with companies like Xiaomi to take risks,” lavished Qualcomm’s president Cristiano Amon upon his hosts, using 5G uptake to jibe at Apple by implication. “When we look at the opportunity ahead of us for 5G we see an opportunity to create winners.”

Despite the heavy hype, Xiaomi’s on stage demo — which it claimed was the first live 5G video call outside China — seemed oddly staged and was not exactly lacking in latency.

“Real 5G — not fake 5G!” finished Donovan Sung, the Chinese OEM’s director of product management. As a 5G sales pitch it was all very underwhelming. Much more ‘so what’ than ‘must have’.

Whether 5G marketing hype alone will convince consumers it’s past time to upgrade seems highly unlikely.

Phones sell on features rather than connectivity per se, and — whatever Qualcomm claims — 5G is being soft-launched into the market by cash-constrained carriers whose boom times lie behind them, i.e. before over-the-top players had gobbled their messaging revenues and monopolized consumer eyeballs.

All of which makes 5G an incremental consumer upgrade proposition in the near to medium term.

Use-cases for the next-gen network tech, which is touted as able to support speeds up to 100x faster than LTE and deliver latency of just a few milliseconds (as well as connecting many more devices per cell site), are also still being formulated, let alone apps and services created to leverage 5G.

But selling a network upgrade to consumers by claiming the killer apps are going to be amazing but you just can’t show them any yet is as tough as trying to make theatre out of a marginally less janky video call.

“5G could potentially help [spark smartphone growth] in a couple of years as price points lower, and availability expands, but even that might not see growth rates similar to the transition to 3G and 4G,” suggests Carolina Milanesi, principal analyst at Creative Strategies, writing in a blog post discussing Samsung’s strategy with its latest device launches.

“This is not because 5G is not important, but because it is incremental when it comes to phones and it will be other devices that will deliver on experiences, we did not even think were possible. Consumers might end up, therefore, sharing their budget more than they did during the rise of smartphones.”

The ‘problem’ for 5G — if we can call it that — is that 4G/LTE networks are capably delivering all the stuff consumers love right now: Games, apps and video. Which means that for the vast majority of consumers there’s simply no reason to rush to shell out for a ‘5G-ready’ handset. Not if 5G is all the innovation it’s got going for it.

LG V50 ThinQ 5G with a dual screen accessory for gaming

Use cases such as better AR/VR are also a tough sell given how weak consumer demand has generally been on those fronts (with the odd branded exception).

The barebones reality is that commercial 5G networks are as rare as hen’s teeth right now, outside a few limited geographical locations in the U.S. and Asia. And 5G will remain a very patchy patchwork for the foreseeable future.

Indeed, it may take a very long time indeed to achieve nationwide coverage in many countries, if 5G even ends up stretching right to all those edges. (Alternative technologies do also exist which could help fill in gaps where the ROI just isn’t there for 5G.)

So again consumers buying phones with the puffed up idea of being able to tap into 5G right here, right now (Qualcomm claimed 2019 is going to be “the year of 5G!”) will find themselves limited to just a handful of urban locations around the world.

Analysts are clear that 5G rollouts, while coming, are going to be measured and targeted as carriers approach what’s touted as a multi-industry-transforming wireless technology cautiously, with an eye on their capex and while simultaneously trying to figure out how best to restructure their businesses to engage with all the partners they’ll need to forge business relations with, across industries, in order to successfully sell 5G’s transformative potential to all sorts of enterprises — and lock onto “the sweep spot where 5G makes sense”.

Enterprise rollouts therefore look likely to be prioritized over consumer 5G — as was the case for 5G launches in South Korea at the back end of last year.

“4G was a lot more driven by the consumer side and there was an understanding that you were going for national coverage that was never really a question and you were delivering on the data promise that 3G never really delivered… so there was a gap of technology that needed to be filled. With 5G it’s much less clear,” says Gartner’s Sylvain Fabre, discussing the tech’s hype and the reality with TechCrunch ahead of MWC.

“4G’s very good, you have multiple networks that are Gbps or more and that’s continuing to increase on the downlink with multiple carrier aggregation… and other densification schemes. So 5G doesn’t… have as gap as big to fill. It’s great but again it’s applicability of where it’s uniquely positioned is kind of like a very narrow niche at the moment.”

“It’s such a step change that the real power of 5G is actually in creating new business models using network slicing — allocation of particular aspects of the network to a particular use-case,” Forrester analyst Dan Bieler also tells us. “All of this requires some rethinking of what connectivity means for an enterprise customer or for the consumer.

“And telco sales people, the telco go-to-market approach is not based on selling use-cases, mostly — it’s selling technologies. So this is a significant shift for the average telco distribution channel to go through. And I would believe this will hold back a lot of the 5G ambitions for the medium term.”

To be clear, carriers are now actively kicking the tyres of 5G, after years of lead-in hype, and grappling with technical challenges around how best to upgrade their existing networks to add in and build out 5G.

Many are running pilots and testing what works and what doesn’t, such as where to place antennas to get the most reliable signal and so on. And a few have put a toe in the water with commercial launches (globally there are 23 networks with “some form of live 5G in their commercial networks” at this point, according to Fabre.)

But at the same time 5G network standards are yet to be fully finalized so the core technology is not 100% fully baked. And with it being early days “there’s still a long way to go before we have a real significant impact of 5G type of services”, as Bieler puts it. 

There’s also spectrum availability to factor in and the cost of acquiring the necessary spectrum. As well as the time required to clear and prepare it for commercial use. (On spectrum, government policy is critical to making things happen quickly (or not). So that’s yet another factor moderating how quickly 5G networks can be built out.)

And despite some wishful thinking industry noises at MWC this week — calling for governments to ‘support digitization at scale’ by handing out spectrum for free (uhhhh, yeah right) — that’s really just whistling into the wind.

Rolling out 5G networks is undoubtedly going to be very expensive, at a time when carriers’ businesses are already faced with rising costs (from increasing data consumption) and subdued revenue growth forecasts.

“The world now works on data” and telcos are “at core of this change”, as one carrier CEO — Singtel’s Chua Sock Koong — put it in an MWC keynote in which she delved into the opportunities and challenges for operators “as we go from traditional connectivity to a new age of intelligent connectivity”.

Chua argued it will be difficult for carriers to compete “on the basis of connectivity alone” — suggesting operators will have to pivot their businesses to build out standalone business offerings selling all sorts of b2b services to support the digital transformations of other industries as part of the 5G promise — and that’s clearly going to suck up a lot of their time and mind for the foreseeable future.

In Europe alone estimates for the cost of rolling out 5G range between €300BN and €500BN (~$340BN-$570BN), according to Bieler. Figures that underline why 5G is going to grow slowly, and networks be built out thoughtfully; in the b2b space this means essentially on a case-by-case basis.

Simply put carriers must make the economics stack up. Which means no “huge enormous gambles with 5G”. And omnipresent ROI pressure pushing them to try to eke out a premium.

“A lot of the network equipment vendors have turned down the hype quite a bit,” Bieler continues. “If you compare this to the hype around 3G many years ago or 4G a couple of years ago 5G definitely comes across as a soft launch. Sort of an evolutionary type of technology. I have not come across a network equipment vendors these days who will say there will be a complete change in everything by 2020.”

On the consumer pricing front, carriers have also only just started to grapple with 5G business models. One early example is TC parent Verizon’s 5G home service — which positions the next-gen wireless tech as an alternative to fixed line broadband with discounts if you opt for a wireless smartphone data plan as well as 5G broadband.

From the consumer point of view, the carrier 5G business model conundrum boils down to: What is my carrier going to charge me for 5G? And early adopters of any technology tend to get stung on that front.

Although, in mobile, price premiums rarely stick around for long as carriers inexorably find they must ditch premiums to unlock scale — via consumer-friendly ‘all you can eat’ price plans.

Still, in the short term, carriers look likely to experiment with 5G pricing and bundles — basically seeing what they can make early adopters pay. But it’s still far from clear that people will pay a premium for better connectivity alone. And that again necessitates caution. 

5G bundled with exclusive content might be one way carriers try to extract a premium from consumers. But without huge and/or compelling branded content inventory that risks being a too niche proposition too. And the more carriers split their 5G offers the more consumers might feel they don’t need to bother, and end up sticking with 4G for longer.

It’ll also clearly take time for a 5G ‘killer app’ to emerge in the consumer space. And such an app would likely need to still be able to fallback on 4G, again to ensure scale. So the 5G experience will really need to be compellingly different in order for the tech to sell itself.

On the handset side, 5G chipset hardware is also still in its first wave. At MWC this week Qualcomm announced a next-gen 5G modem, stepping up from last year’s Snapdragon 855 chipset — which it heavily touted as architected for 5G (though it doesn’t natively support 5G).

If you’re intending to buy and hold on to a 5G handset for a few years there’s thus a risk of early adopter burn at the chipset level — i.e. if you end up with a device with a suckier battery life vs later iterations of 5G hardware where more performance kinks have been ironed out.

Intel has warned its 5G modems won’t be in phones until next year — so, again, that suggests no 5G iPhones before 2020. And Apple is of course a great bellwether for mainstream consumer tech; the company only jumps in when it believes a technology is ready for prime time, rarely sooner. And if Cupertino feels 5G can wait, that’s going to be equally true for most consumers.

Zooming out, the specter of network security (and potential regulation) now looms very large indeed where 5G is concerned, thanks to East-West trade tensions injecting a strange new world of geopolitical uncertainty into an industry that’s never really had to grapple with this kind of business risk before.

Chinese kit maker Huawei’s rotating chairman, Guo Ping, used the opportunity of an MWC keynote to defend the company and its 5G solutions against U.S. claims its network tech could be repurposed by the Chinese state as a high tech conduit to spy on the West — literally telling delegates: “We don’t do bad things” and appealing to them to plainly to: “Please choose Huawei!”

Huawei rotating resident, Guo Ping, defends the security of its network kit on stage at MWC 2019

When established technology vendors are having to use a high profile industry conference to plead for trust it’s strange and uncertain times indeed.

In Europe it’s possible carriers’ 5G network kit choices could soon be regulated as a result of security concerns attached to Chinese suppliers. The European Commission suggested as much this week, saying in another MWC keynote that it’s preparing to step in try to prevent security concerns at the EU Member State level from fragmenting 5G rollouts across the bloc.

In an on stage Q&A Orange’s chairman and CEO, Stéphane Richard, couched the risk of destabilization of the 5G global supply chain as a “big concern”, adding: “It’s the first time we have such an important risk in our industry.”

Geopolitical security is thus another issue carriers are having to factor in as they make decisions about how quickly to make the leap to 5G. And holding off on upgrades, while regulators and other standards bodies try to figure out a trusted way forward, might seem the more sensible thing to do — potentially stalling 5G upgrades in the meanwhile.

Given all the uncertainties there’s certainly no reason for consumers to rush in.

Smartphone upgrade cycles have slowed globally for a reason. Mobile hardware is mature because it’s serving consumers very well. Handsets are both powerful and capable enough to last for years.

And while there’s no doubt 5G will change things radically in future, including for consumers — enabling many more devices to be connected and feeding back data, with the potential to deliver on the (much hyped but also still pretty nascent) ‘smart home’ concept — the early 5G sales pitch for consumers essentially boils down to more of the same.

“Over the next ten years 4G will phase out. The question is how fast that happens in the meantime and again I think that will happen slower than in early times because [with 5G] you don’t come into a vacuum, you don’t fill a big gap,” suggests Gartner’s Fabre. “4G’s great, it’s getting better, wi’fi’s getting better… The story of let’s build a big national network to do 5G at scale [for all] that’s just not happening.”

“I think we’ll start very, very simple,” he adds of the 5G consumer proposition. “Things like caching data or simply doing more broadband faster. So more of the same.

“It’ll be great though. But you’ll still be watching Netflix and maybe there’ll be a couple of apps that come up… Maybe some more interactive collaboration or what have you. But we know these things are being used today by enterprises and consumers and they’ll continue to be used.”

So — in sum — the 5G mantra for the sensible consumer is really ‘wait and see’.

Powered by WPeMatico

Amazon stops selling stick-on Dash buttons

Posted by | Amazon, amazon dash, api, button, connected objects, Dash, dash button, Dash Replenishment, e-commerce, eCommerce, Gadgets, Germany, Internet of Things, IoT, voice assistant | No Comments

Amazon has confirmed it has retired physical stick-on Dash buttons from sale — in favor of virtual alternatives that let Prime Members tap a digital button to reorder a staple product.

It also points to its Dash Replenishment service — which offers an API for device makers wanting to build internet-connected appliances that can automatically reorder the products they need to function, be it cat food, batteries or washing power — as another reason why physical Dash buttons, which launched back in 2015 (costing $5 a pop), are past their sell-by date.

Amazon says “hundreds” of IoT devices capable of self-ordering on Amazon have been launched globally to date by brands including Beko, Epson, illy, Samsung and Whirlpool, to name a few.

So why press a physical button when a digital one will do? Or, indeed, why not do away with the need to push a button all and just let your gadgets rack up your grocery bill all by themselves while you get on with the importance business of consuming all the stuff they’re ordering?

You can see where Amazon wants to get to with its “so customers don’t have to think at all about restocking” line. Consumption that entirely removes the consumer’s decision-making process from the transactional loop is quite the capitalist wet dream. Though the company does need to be careful about consumer protection rules as it seeks to excise friction from the buying process.

The e-commerce behemoth also claims customers are “increasingly” using its Alexa voice assistant to reorder staples, such as via the Alexa Shopping voice shopping app (Amazon calls it “hands-free shopping”) that lets people inform the machine about a purchase intent and it will suggest items to buy based on their Amazon order history.

Albeit, it offers no actual usage metrics for Alexa Shopping. So that’s meaningless PR.

A less flashy but perhaps more popular option than “hands-free shopping,” which Amazon also says has contributed to making physical Dash buttons redundant, is its Subscribe & Save program.

This “lets customers automatically receive their favorite items every month,” as Amazon puts it. It offers an added incentive of discounts that kick in if the user signs up to buy five or more products per month. But the mainstay of the sales pitch is convenience with Amazon touting time saved by subscribing to “essentials” — and time saved from compiling boring shopping lists once again means more time to consume the stuff being bought on Amazon…

In a statement about retiring physical Dash buttons from global sale on February 28, Amazon also confirmed it will continue to support existing Dash owners — presumably until their buttons wear down to the bare circuit board from repeat use.

“Existing Dash Button customers can continue to use their Dash Button devices,” it writes. “We look forward to continuing support for our customers’ shopping needs, including growing our Dash Replenishment product line-up and expanding availability of virtual Dash Buttons.”

So farewell then clunky Dash buttons. Another physical push-button bites the dust. Though plastic-y Dash buttons were quite unlike the classic iPhone home button — always seeming temporary and experimental rather than slick and coolly reassuring. Even so, the end of both buttons points to the need for tech businesses to tool up for the next wave of contextually savvy connected devices. More smarts, and more controllable smarts is key.

Amazon’s statement about “shifting focus” for Dash does not mention potential legal risks around the buttons related to consumer rights challenges — but that’s another angle here.

In January a court in Germany ruled Dash buttons breached local e-commerce rules, following a challenge by a regional consumer watchdog that raised concerns about T&Cs that allow Amazon to substitute a product of a higher price or even a different product entirely than what the consumer had originally selected. The watchdog argued consumers should be provided with more information about price and product before taking the order — and the judges agreed — though Amazon said it would seek to appeal.

While it’s not clear whether or not that legal challenge contributed to Amazon’s decision to shutter Dash, it’s clear that virtual Dash buttons offer more opportunities for displaying additional information prior to a purchase than a screen-less physical Dash button. They also are more easily adaptable to any tightening legal requirements across different markets.

The demise of the physical Dash was reported earlier by CNET.

Powered by WPeMatico

Europe is prepared to rule over 5G cybersecurity

Posted by | 5g, artificial intelligence, Australia, barcelona, broadband, China, computer security, EC, Emerging-Technologies, Europe, european commission, european union, Germany, huawei, Internet of Things, Mariya Gabriel, Mobile, mwc 2019, network technology, New Zealand, Security, telecommunications, trump, UK government, United Kingdom, United States, zte | No Comments

The European Commission’s digital commissioner has warned the mobile industry to expect it to act over security concerns attached to Chinese network equipment makers.

The Commission is considering a defacto ban on kit made by Chinese companies including Huawei in the face of security and espionage concerns, per Reuters.

Appearing on stage at the Mobile World Congress tradeshow in Barcelona today, Mariya Gabriel, European commissioner for digital economy and society, flagged network “cybersecurity” during her scheduled keynote, warning delegates it’s stating the obvious for her to say that “when 5G services become mission critical 5G networks need to be secure”.

Geopolitical concerns between the West and China are being accelerated and pushed to the fore as the era of 5G network upgrades approach, as well as by ongoing tensions between the U.S. and China over trade.

“I’m well away of the unrest among all of you key actors in the telecoms sectors caused by the ongoing discussions around the cybersecurity of 5G,” Gabriel continued, fleshing out the Commission’s current thinking. “Let me reassure you: The Commission takes your view very seriously. Because you need to run these systems everyday. Nobody is helped by premature decisions based on partial analysis of the facts.

“However it is also clear that Europe has to have a common approach to this challenge. And we need to bring it on the table soon. Otherwise there is a risk that fragmentation rises because of diverging decisions taken by Member States trying to protect themselves.”

“We all know that this fragmentation damages the digital single market. So therefore we are working on this important matter with priority. And to the Commission we will take steps soon,” she added.

The theme of this year’s show is “intelligent connectivity”; the notion that the incoming 5G networks will not only create links between people and (many, many more) things but understand the connections they’re making at a greater depth and resolution than has been possible before, leveraging the big data generated by many more connections to power automated decision-making in near real time, with low latency another touted 5G benefit (as well as many more connections per cell).

Futuristic scenarios being floated include connected cars neatly pulling to the sides of the road ahead of an ambulance rushing a patient to hospital — or indeed medical operations being aided and even directed remotely in real-time via 5G networks supporting high resolution real-time video streaming.

But for every touted benefit there are easy to envisage risks to network technology that’s being designed to connect everything all of the time — thereby creating a new and more powerful layer of critical infrastructure society will be relying upon.

Last fall the Australia government issued new security guidelines for 5G networks that essential block Chinese companies such as Huawei and ZTE from providing equipment to operators — justifying the move by saying that differences in the way 5G operates compared to previous network generations introduces new risks to national security.

New Zealand followed suit shortly after, saying kit from the Chinese companies posed a significant risk to national security.

While in the U.S. President Trump has made 5G network security a national security priority since 2017, and a bill was passed last fall banning Chinese companies from supplying certain components and services to government agencies.

The ban is due to take effect over two years but lawmakers have been pressuring to local carriers to drop 5G collaborations with companies such as Huawei.

In Europe the picture is so far more mixed. A UK government report last summer investigating Huawei’s broadband and mobile infrastructure raised further doubts, and last month Germany was reported to be mulling a 5G ban on the Chinese kit maker.

But more recently the two EU Member States have been reported to no longer be leaning towards a total ban — apparently believing any risk can be managed and mitigated by oversight and/or partial restrictions.

It remains to be seen how the Commission could step in to try to harmonize security actions taken by Member States around nascent 5G networks. But it appears prepared to set rules.

That said, Gabriel gave no hint of its thinking today, beyond repeating the Commission’s preferred position of less fragmentation, more harmonization to avoid collateral damage to its overarching Digital Single Market initiative — i.e. if Member States start fragmenting into a patchwork based on varying security concerns.

We’ve reached out to the Commission for further comment and will update this story with any additional context.

During the keynote she was careful to talk up the transformative potential of 5G connectivity while also saying innovation must work in lock-step with European “values”.

“Europe has to keep pace with other regions and early movers while making sure that its citizens and businesses benefit swiftly from the new infrastructures and the many applications that will be built on top of them,” she said.

“Digital is helping us and we need to reap its opportunities, mitigate its risks and make sure it is respectful of our values as much as driven by innovation. Innovation and values. Two key words. That is the vision we have delivered in terms of the defence for our citizens in Europe. Together we have decided to construct a Digital Single Market that reflects the values and principles upon which the European Union has been built.”

Her speech also focused on AI, with the commissioner highlighting various EC initiatives to invest in and support private sector investment in artificial intelligence — saying it’s targeting €20BN in “AI-directed investment” across the private and public sector by 2020, with the goal for the next decade being “to reach the same amount as an annual average” — and calling on the private sector to “contribute to ensure that Europe reaches the level of investment needed for it to become a world stage leader also in AI”.

But again she stressed the need for technology developments to be thoughtfully managed so they reflect the underlying society rather than negatively disrupting it. The goal should be what she dubbed “human-centric AI”.

“When we talk about AI and new technologies development for us Europeans it is not only about investing. It is mainly about shaping AI in a way that reflects our European values and principles. An ethical approach to AI is key to enable competitiveness — it will generate user trust and help facilitate its uptake,” she said.

“Trust is the key word. There is no other way. It is only by ensuring trustworthiness that Europe will position itself as a leader in cutting edge, secure and ethical AI. And that European citizens will enjoy AI’s benefits.”

Powered by WPeMatico

Cheap Internet of Things gadgets betray you even after you toss them in the trash

Posted by | Gadgets, hardware, Internet of Things, Security, smart bulbs, smart home | No Comments

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called Internet of Things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. You may not need to do much, but you still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home or other standards. This may give users a false sense that they are in some way accredited, inspected or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire, or at least a short, waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Make sure that the devices, and of course your router, are password protected, and take common sense measures like changing that password regularly.

Powered by WPeMatico

Wrest control from a snooping smart speaker with this teachable ‘parasite’

Posted by | Advertising Tech, Alexa, artificial intelligence, connected devices, Europe, Gadgets, GitHub, Google, google home, hardware, Home Automation, Internet of Things, IoT, neural network, privacy, Security, smart assistant, smart speaker, Speaker | No Comments

What do you get when you put one internet-connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite’” — an IoT project smart speaker topper made by two designers, Bjørn Karmann and Tore Knudsen.

The Raspberry Pi-powered, fungus-inspired blob’s mission is to whisper sweet nonsense into Amazon Alexa’s (or Google Home’s) always-on ear so it can’t accidentally snoop on your home.

Project Alias from Bjørn Karmann on Vimeo.

Alias will only stop feeding noise into its host’s speakers when it hears its own wake command — which can be whatever you like.

The middleman IoT device has its own local neural network, allowing its owner to christen it with a name (or sound) of their choosing via a training interface in a companion app.

The open-source TensorFlow library was used for building the name training component.

So instead of having to say “Alexa” or “Ok Google” to talk to a commercial smart speaker — and thus being stuck parroting a big tech brand name in your own home, not to mention being saddled with a device that’s always vulnerable to vocal pranks (and worse: accidental wiretapping) — you get to control what the wake word is, thereby taking back a modicum of control over a natively privacy-hostile technology.

This means you could rename Alexa “Bezosallseeingeye,” or refer to your Google Home as “Carelesswhispers.” Whatever floats your boat.

Once Alias hears its custom wake command it will stop feeding noise into the host speaker — enabling the underlying smart assistant to hear and respond to commands as normal.

“We looked at how cordyceps fungus and viruses can appropriate and control insects to fulfill their own agendas and were inspired to create our own parasite for smart home systems,” explain Karmann and Knudsen in a write-up of the project here. “Therefore we started Project Alias to demonstrate how maker-culture can be used to redefine our relationship with smart home technologies, by delegating more power from the designers to the end users of the products.”

Alias offers a glimpse of a richly creative custom future for IoT, as the means of producing custom but still powerful connected technology products becomes more affordable and accessible.

And so also perhaps a partial answer to IoT’s privacy problem, for those who don’t want to abstain entirely. (Albeit, on the security front, more custom and controllable IoT does increase the hackable surface area — so that’s another element to bear in mind; more custom controls for greater privacy does not necessarily mesh with robust device security.)

If you’re hankering after your own Alexa-disrupting blob-topper, the pair have uploaded a build guide to Instructables and put the source code on GitHub. So fill yer boots.

Project Alias is of course not a solution to the underlying tracking problem of smart assistants — which harvest insights gleaned from voice commands to further flesh out interest profiles of users, including for ad targeting purposes.

That would require either proper privacy regulation or, er, a new kind of software virus that infiltrates the host system and prevents it from accessing user data. And — unlike this creative physical IoT add-on — that kind of tech would not be at all legal.

Powered by WPeMatico

Verizon and T-Mobile call out AT&T over fake 5G labels

Posted by | 4G, 5g, 5g network, AT&T, deutsche telekom, Gadgets, Internet of Things, Mobile, mobile technology, T-Mobile, technology, Verizon, Verizon Communications, wireless industry, wireless networks | No Comments

AT&T recently started a shady marketing tactic that labeled its 4G network as a 5G network. Now, rivals Verizon and T-Mobile are not having any of it.

In an open letter, in which AT&T is not named directly, Verizon says in part “the potential to over-hype and under-deliver on the 5G promise is a temptation that the wireless industry must resist.” TechCrunch agrees. The advantages of 5G networks are profound. The next generation of wireless networks will bring more than just increased speeds, and AT&T’s current campaign of calling a 4G network a 5G network clouds the water.

T-Mobile is more direct in its criticism of AT&T. Because that’s how T-Mobile rolls. Watch.

didn’t realize it was this easy, brb updating pic.twitter.com/dCmnd6lspH

— T-Mobile (@TMobile) January 7, 2019

This isn’t the first time AT&T has employed this mislabeling campaign. The wireless carrier did something similar prior to launching its LTE network; it was shady then and it’s shady now.

Disclosure: TechCrunch is a Verizon Media company.

Powered by WPeMatico

D-Link thinks 5G will cut your cords forever

Posted by | 5g, Best-Buy, CES 2019, computing, D Link, DSP, Gadgets, Internet of Things, Router, TC, technology, wi-fi, wireless | No Comments

Network gear maker D-Link just announced a 5G router that sends high-speed Wi-Fi through your house without cables. The router, called the DWR-2010, should allow users to get massive speeds over 5G networks without running cable. Don’t expect to pick this up at the local Best Buy, however, as the 5G router will probably ship from wireless service providers.

The DWR-2010 also offers customization options for service providers, making it suitable for deployment on a range of network configurations. The gateway features an embedded 5G NR (New Radio) NSA module and can operate on the sub-6 GHz or mmWave frequencies in 200 MHz (2 x 100 MHz) or 800 MHz (8 x 100 MHz) configurations. Complete with remote management (TR-069) and FOTA, the DWR-2010 provides hassle-free operation and a better customer experience.

D-Link also announced some new Exo mesh routers as well as a cute little mydlink devices including a smart switch and a weird little water sensor that will warn you when your water heater explodes. The Indoor Wi-Fi Smart Plug (DSP-W118) and Outdoor Wi-Fi Smart Plug (DSP-W320) will control your lights and appliances both indoors and out.

Expect these cool tools to hit stores in Q2 2019.

Powered by WPeMatico

AT&T is lying to customers with 5G marketing

Posted by | 4G, 5g, AT&T, CES 2019, Gadgets, Internet of Things, LTE, Mobile, mobile technology, technology, Verizon, wireless | No Comments

After a recent update some AT&T phones now have a 5G E icon. This icon replaces the one indicated the phone is running on a 4G network. But here’s the thing: The phone is still on a 4G network. AT&T has played these games before, too.

This nonsense is a marketing ploy by AT&T. The so-called 5G E (5G Evolution) network is just a beefed-up 4G network and not true 5G, which is still far from being ready for general consumption. AT&T used the same deceptive tactics before launching its LTE network.

Right now only select phones in a few markets will see the change. The wireless carrier intends to roll out this madness to even more phones and even more markets throughout the year.

Disclosure: TechCrunch is a Verizon Media company.

Powered by WPeMatico