Internet of Things

Cheap Internet of Things gadgets betray you even after you toss them in the trash

Posted by | Gadgets, hardware, Internet of Things, Security, smart bulbs, smart home | No Comments

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called Internet of Things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. You may not need to do much, but you still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home or other standards. This may give users a false sense that they are in some way accredited, inspected or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire, or at least a short, waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Make sure that the devices, and of course your router, are password protected, and take common sense measures like changing that password regularly.

Powered by WPeMatico

Wrest control from a snooping smart speaker with this teachable ‘parasite’

Posted by | Advertising Tech, Alexa, artificial intelligence, connected devices, Europe, Gadgets, GitHub, Google, google home, hardware, Home Automation, Internet of Things, IoT, neural network, privacy, Security, smart assistant, smart speaker, Speaker | No Comments

What do you get when you put one internet-connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite’” — an IoT project smart speaker topper made by two designers, Bjørn Karmann and Tore Knudsen.

The Raspberry Pi-powered, fungus-inspired blob’s mission is to whisper sweet nonsense into Amazon Alexa’s (or Google Home’s) always-on ear so it can’t accidentally snoop on your home.

Project Alias from Bjørn Karmann on Vimeo.

Alias will only stop feeding noise into its host’s speakers when it hears its own wake command — which can be whatever you like.

The middleman IoT device has its own local neural network, allowing its owner to christen it with a name (or sound) of their choosing via a training interface in a companion app.

The open-source TensorFlow library was used for building the name training component.

So instead of having to say “Alexa” or “Ok Google” to talk to a commercial smart speaker — and thus being stuck parroting a big tech brand name in your own home, not to mention being saddled with a device that’s always vulnerable to vocal pranks (and worse: accidental wiretapping) — you get to control what the wake word is, thereby taking back a modicum of control over a natively privacy-hostile technology.

This means you could rename Alexa “Bezosallseeingeye,” or refer to your Google Home as “Carelesswhispers.” Whatever floats your boat.

Once Alias hears its custom wake command it will stop feeding noise into the host speaker — enabling the underlying smart assistant to hear and respond to commands as normal.

“We looked at how cordyceps fungus and viruses can appropriate and control insects to fulfill their own agendas and were inspired to create our own parasite for smart home systems,” explain Karmann and Knudsen in a write-up of the project here. “Therefore we started Project Alias to demonstrate how maker-culture can be used to redefine our relationship with smart home technologies, by delegating more power from the designers to the end users of the products.”

Alias offers a glimpse of a richly creative custom future for IoT, as the means of producing custom but still powerful connected technology products becomes more affordable and accessible.

And so also perhaps a partial answer to IoT’s privacy problem, for those who don’t want to abstain entirely. (Albeit, on the security front, more custom and controllable IoT does increase the hackable surface area — so that’s another element to bear in mind; more custom controls for greater privacy does not necessarily mesh with robust device security.)

If you’re hankering after your own Alexa-disrupting blob-topper, the pair have uploaded a build guide to Instructables and put the source code on GitHub. So fill yer boots.

Project Alias is of course not a solution to the underlying tracking problem of smart assistants — which harvest insights gleaned from voice commands to further flesh out interest profiles of users, including for ad targeting purposes.

That would require either proper privacy regulation or, er, a new kind of software virus that infiltrates the host system and prevents it from accessing user data. And — unlike this creative physical IoT add-on — that kind of tech would not be at all legal.

Powered by WPeMatico

Verizon and T-Mobile call out AT&T over fake 5G labels

Posted by | 4G, 5g, 5g network, AT&T, deutsche telekom, Gadgets, Internet of Things, Mobile, mobile technology, T-Mobile, technology, Verizon, Verizon Communications, wireless industry, wireless networks | No Comments

AT&T recently started a shady marketing tactic that labeled its 4G network as a 5G network. Now, rivals Verizon and T-Mobile are not having any of it.

In an open letter, in which AT&T is not named directly, Verizon says in part “the potential to over-hype and under-deliver on the 5G promise is a temptation that the wireless industry must resist.” TechCrunch agrees. The advantages of 5G networks are profound. The next generation of wireless networks will bring more than just increased speeds, and AT&T’s current campaign of calling a 4G network a 5G network clouds the water.

T-Mobile is more direct in its criticism of AT&T. Because that’s how T-Mobile rolls. Watch.

didn’t realize it was this easy, brb updating pic.twitter.com/dCmnd6lspH

— T-Mobile (@TMobile) January 7, 2019

This isn’t the first time AT&T has employed this mislabeling campaign. The wireless carrier did something similar prior to launching its LTE network; it was shady then and it’s shady now.

Disclosure: TechCrunch is a Verizon Media company.

Powered by WPeMatico

D-Link thinks 5G will cut your cords forever

Posted by | 5g, Best-Buy, CES 2019, computing, D Link, DSP, Gadgets, Internet of Things, Router, TC, technology, wi-fi, wireless | No Comments

Network gear maker D-Link just announced a 5G router that sends high-speed Wi-Fi through your house without cables. The router, called the DWR-2010, should allow users to get massive speeds over 5G networks without running cable. Don’t expect to pick this up at the local Best Buy, however, as the 5G router will probably ship from wireless service providers.

The DWR-2010 also offers customization options for service providers, making it suitable for deployment on a range of network configurations. The gateway features an embedded 5G NR (New Radio) NSA module and can operate on the sub-6 GHz or mmWave frequencies in 200 MHz (2 x 100 MHz) or 800 MHz (8 x 100 MHz) configurations. Complete with remote management (TR-069) and FOTA, the DWR-2010 provides hassle-free operation and a better customer experience.

D-Link also announced some new Exo mesh routers as well as a cute little mydlink devices including a smart switch and a weird little water sensor that will warn you when your water heater explodes. The Indoor Wi-Fi Smart Plug (DSP-W118) and Outdoor Wi-Fi Smart Plug (DSP-W320) will control your lights and appliances both indoors and out.

Expect these cool tools to hit stores in Q2 2019.

Powered by WPeMatico

AT&T is lying to customers with 5G marketing

Posted by | 4G, 5g, AT&T, CES 2019, Gadgets, Internet of Things, LTE, Mobile, mobile technology, technology, Verizon, wireless | No Comments

After a recent update some AT&T phones now have a 5G E icon. This icon replaces the one indicated the phone is running on a 4G network. But here’s the thing: The phone is still on a 4G network. AT&T has played these games before, too.

This nonsense is a marketing ploy by AT&T. The so-called 5G E (5G Evolution) network is just a beefed-up 4G network and not true 5G, which is still far from being ready for general consumption. AT&T used the same deceptive tactics before launching its LTE network.

Right now only select phones in a few markets will see the change. The wireless carrier intends to roll out this madness to even more phones and even more markets throughout the year.

Disclosure: TechCrunch is a Verizon Media company.

Powered by WPeMatico

Bumblebees bearing high-tech backpacks act as a living data collection platform

Posted by | bees, biotech, Gadgets, hardware, Internet of Things, IoT, science, TC, university of washington, Wearables | No Comments

There’s lots of research going into tiny drones, but one of the many hard parts is keeping them in the air for any real amount of time. Why not hitch a ride on something that already flies all day? That’s the idea behind this project that equips bumblebees with sensor-filled backpacks that charge wirelessly and collect data on the fields they visit.

A hive full of these cyber-bees could help monitor the health of a field by checking temperature and humidity, as well as watching for signs of rot or distress in the crops. A lot of this is done manually now, and of course drones are being set to work doing it, but if the bees are already there, why not get them to help out?

The “Living IoT” backpack, a tiny wafer loaded with electronics and a small battery, was designed by University of Washington engineers led by Shyam Gollakotta. He’s quick to note that although the research does to a certain extent take advantage of these clumsy, fuzzy creatures, they were careful to “follow best methods for care and handling.”

Part of that is minimizing the mass of the pack; other experiments have put RFID antennas and such on the backs of bees and other insects, but this is much more sophisticated.

The chip has sensors and an integrated battery that lets it run for seven hours straight, yet weighs just 102 milligrams. A full-grown bumblebee, for comparison, could weigh anywhere from two to six times that.

They’re strong fliers, if not graceful ones, and can carry three-quarters of their body weight in pollen and nectar when returning to the hive. So the backpack, while far from unnoticeable, is still well within their capabilities; the team checked with biologists in the know first, of course.

“We showed for the first time that it’s possible to actually do all this computation and sensing using insects in lieu of drones,” explained Gollakotta in a UW news release. “We decided to use bumblebees because they’re large enough to carry a tiny battery that can power our system, and they return to a hive every night where we could wirelessly recharge the batteries.”

The backpacks can track location passively by monitoring the varying strengths of signals from nearby antennas, up to a range of about 80 meters. The data they collect is transferred while they’re in the hive via an energy-efficient backscatter method that Gollakotta has used in other projects.

The applications are many and various, though obviously limited to what can be observed while the bees go about their normal business. It could even help keep the bees themselves healthy.

“It would be interesting to see if the bees prefer one region of the farm and visit other areas less often,” said co-author Sawyer Fuller. “Alternatively, if you want to know what’s happening in a particular area, you could also program the backpack to say: ‘Hey bees, if you visit this location, take a temperature reading.’ ”

It is of course just in prototype form right now, but one can easily imagine the tech being deployed by farmers in the near future, or perhaps in a more sinister way by three-letter agencies wanting to put a bee on the wall near important conversations. The team plans to present their work (PDF) at the ACM MobiCom conference next year.

Powered by WPeMatico

Smart home makers hoard your data, but won’t say if the police come for it

Posted by | Amazon, Apple, computer security, Facebook, Gadgets, Google, Government, hardware, Internet of Things, law enforcement, national security, privacy, Security, smart home devices, television, transparency report | No Comments

A decade ago, it was almost inconceivable that nearly every household item could be hooked up to the internet. These days, it’s near impossible to avoid a non-smart home gadget, and they’re vacuuming up a ton of new data that we’d never normally think about.

Thermostats know the temperature of your house, and smart cameras and sensors know when someone’s walking around your home. Smart assistants know what you’re asking for, and smart doorbells know who’s coming and going. And thanks to the cloud, that data is available to you from anywhere — you can check in on your pets from your phone or make sure your robot vacuum cleaned the house.

Because the data is stored or accessible by the smart home tech makers, law enforcement and government agencies have increasingly sought data from the companies to solve crimes.

And device makers won’t say if your smart home gadgets have been used to spy on you.

For years, tech companies have published transparency reports — a semi-regular disclosure of the number of demands or requests a company gets from the government for user data. Google was first in 2010. Other tech companies followed in the wake of Edward Snowden’s revelations that the government had enlisted tech companies’ aid in spying on their users. Even telcos, implicated in wiretapping and turning over Americans’ phone records, began to publish their figures to try to rebuild their reputations.

As the smart home revolution began to thrive, police saw new opportunities to obtain data where they hadn’t before. Police sought Echo data from Amazon to help solve a murder. Fitbit data was used to charge a 90-year old man with the murder of his stepdaughter. And recently, Nest was compelled to turn over surveillance footage that led to gang members pleading guilty to identity theft.

Yet, Nest — a division of Google — is the only major smart home device maker that has published how many data demands it receives.

As first noted by Forbes last week, Nest’s little-known transparency report doesn’t reveal much — only that it’s turned over user data about 300 times since mid-2015 on over 500 Nest users. Nest also said it hasn’t to date received a secret order for user data on national security grounds, such as in cases of investigating terrorism or espionage. Nest’s transparency report is woefully vague compared to some of the more detailed reports by Apple, Google and Microsoft, which break out their data requests by lawful request, by region and often by the kind of data the government demands.

As Forbes said, “a smart home is a surveilled home.” But at what scale?

We asked some of the most well-known smart home makers on the market if they plan to release a transparency report, or disclose the number of demands they receive for data from their smart home devices.

For the most part, we received fairly dismal responses.

What the big four tech giants said

Amazon did not respond to requests for comment when asked if it will break out the number of demands it receives for Echo data, but a spokesperson told me last year that while its reports include Echo data, it would not break out those figures.

Facebook said that its transparency report section will include “any requests related to Portal,” its new hardware screen with a camera and a microphone. Although the device is new, a spokesperson did not comment on if the company will break out the hardware figures separately.

Google pointed us to Nest’s transparency report but did not comment on its own efforts in the hardware space — notably its Google Home products.

And Apple said that there’s no need to break out its smart home figures — such as its HomePod — because there would be nothing to report. The company said user requests made to HomePod are given a random identifier that cannot be tied to a person.

What the smaller but notable smart home players said

August, a smart lock maker, said it “does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA),” but did not comment on the number of subpoenas, warrants and court orders it receives. “August does comply with all laws and when faced with a court order or warrant, we always analyze the request before responding,” a spokesperson said.

Roomba maker iRobot said it “has not received any demands from governments for customer data,” but wouldn’t say if it planned to issue a transparency report in the future.

Both Arlo, the former Netgear smart home division, and Signify, formerly Philips Lighting, said they do not have transparency reports. Arlo didn’t comment on its future plans, and Signify said it has no plans to publish one. 

Ring, a smart doorbell and security device maker, did not answer our questions on why it doesn’t have a transparency report, but said it “will not release user information without a valid and binding legal demand properly served on us” and that Ring “objects to overbroad or otherwise inappropriate demands as a matter of course.” When pressed, a spokesperson said it plans to release a transparency report in the future, but did not say when.

Spokespeople for Honeywell and Canary — both of which have smart home security products — did not comment by our deadline.

And, Samsung, a maker of smart sensors, trackers and internet-connected televisions and other appliances, did not respond to a request for comment.

Only Ecobee, a maker of smart switches and sensors, said it plans to publish its first transparency report “at the end of 2018.” A spokesperson confirmed that, “prior to 2018, Ecobee had not been requested nor required to disclose any data to government entities.”

All in all, that paints a fairly dire picture for anyone thinking that when the gadgets in your home aren’t working for you, they could be helping the government.

As helpful and useful as smart home gadgets can be, few fully understand the breadth of data that the devices collect — even when we’re not using them. Your smart TV may not have a camera to spy on you, but it knows what you’ve watched and when — which police used to secure a conviction of a sex offender. Even data from when a murder suspect pushed the button on his home alarm key fob was enough to help convict someone of murder.

Two years ago, former U.S. director of national intelligence James Clapper said the government was looking at smart home devices as a new foothold for intelligence agencies to conduct surveillance. And it’s only going to become more common as the number of internet-connected devices spread. Gartner said more than 20 billion devices will be connected to the internet by 2020.

As much as the chances are that the government is spying on you through your internet-connected camera in your living room or your thermostat are slim — it’s naive to think that it can’t.

But the smart home makers wouldn’t want you to know that. At least, most of them.

Powered by WPeMatico

Banksy’s rigged art frame was supposed to shred the whole thing

Posted by | arts, Banksy, Canvas, connected objects, designer, Europe, Gadgets, hardware, Internet of Things, London, sotheby's | No Comments

In the connected future will anyone truly own any thing? Banksy’s artworld shocker performance piece, earlier this month, when a canvas of his went under the hammer at Sothebys in London, suggests not.

Immediately the Girl with Balloon canvas sold — for a cool ~$1.1M (£860,000) — it proceeded to self-destruct, via a shredder built into the frame, leaving a roomful of designer glasses paired with a lot of shock and awe, before facial muscles twisted afresh as new calculations kicked in.

As we reported at the time, the anonymous artist had spent years planning this particular prank. Yet the stunt immediately inflated the value of the canvas — some suggested by as much as 50% — despite the work itself being half shredded, with just a heart-shaped balloon left in clear view.

The damaged canvas even instantly got a new title: Love Is in the Bin.

Thereby undermining what might otherwise be interpreted as a grand Banksy gesture critiquing the acquisitive, money-loving bent of the art world. After all, street art is his big thing.

However it turns out that the shredder malfunctioned. And had in fact been intended to send the whole canvas into the bin the second after it sold.

Or, at least, so the prankster says — via a ‘director’s cut’ video posted to his YouTube channel yesterday (and given the title: ‘Shred the love’, which is presumably what he wanted the resulting frame-sans-canvas to be called).

“In rehearsals it worked every time…” runs a caption towards the end of the video, before footage of a complete shredding is shown…

The video also appears shows how the canvas was triggered to get to work cutting.

After the hammer goes down the video cuts to a close-up shot of a pair of man’s hands pressing a button on a box with a blinking red LED — presumably sending a wireless signal to shreddy to get to work…

The suggestion, also from the video (which appears to show close up shots of some of the reactions of people in the room watching the shredding taking place in real time), is that the man — possibly Banksy himself — attended the auction in person and waited for the exact moment to manually trigger the self-destruct mechanism.

There are certainly lots of low power, short range radio technologies that could have been used for such a trigger scenario. Although the artwork itself was apparently gifted to its previous owner by Banksy all the way back in 2006. So the built-in shredder, batteries and radio seemingly had to sit waiting for their one-time public use for 12 years. Unless, well, Banksy snuck into the friend’s house to swap out batteries periodically.

Whatever the exact workings of the mechanism underpinning the stunt, the act is of course the point.

It’s almost as if Banksy is trying to warn us that technology is eroding ownership, concentrating power and shifting agents of control.

Powered by WPeMatico

The Das Keyboard 5Q adds IoT to your I/O keys

Posted by | apple inc, apple keyboard, computing, das keyboard, Gadgets, IFTTT, Internet of Things, Nest Labs, TC, zapier | No Comments

Just when you thought you were safe from IoT on your keyboard, Das Keyboard has come out with the 5Q, a smart keyboard that can send you notifications and change colors based on the app you’re using.

These kinds of keyboards aren’t particularly new — you can find gaming keyboards that light up all the colors of the rainbow. But the 5Q is almost completely programmable and you can connect to the automation services IFTTT or Zapier. This means you can do things like blink the Space Bar red when someone passes your Nest camera or blink the Tab key white when the outdoor temperature falls below 40 degrees.

You also can make a key blink when someone Tweets, which could be helpful or frustrating:

The $249 keyboard is delightfully rugged and the switches — called Gamma Zulu and made by Das Keyboard — are nicely clicky but not too loud. The keys have a bit of softness to them at the half-way point, so if you’re used to Cherry-style keyboards you might notice a difference here. That said, the keys are rated for 100 million actuations, far more than any competing switch. The RGB LEDs in each key, as you can see below, are very bright and visible, but when the keys’ lights are all off the keyboard is completely unreadable. This, depending on your desire to be Case from Neuromancer, is a feature or a bug. There also is a media control knob in the top-right corner that brings up the Q app when pressed.

The entire package is nicely designed, but the 5Q begs the question: Do you really need a keyboard that can notify you when you get a new email? The Mac version of the software is also a bit buggy right now, but they are updating it constantly and I was able to install it and run it without issue. Weird things sometimes happen, however. For example currently my Escape and F1 keys are now blinking red and I don’t know how to turn them off.

That said, Das Keyboard makes great keyboards. They’re my absolute favorite in terms of form factor and key quality, and if you need a keyboard that can notify you when a cryptocurrency goes above a certain point or your Tesla stock is about to tank, look no further than the 5Q. It’s a keyboard for hackers by hackers and, as you can see below, the color transitions are truly mesmerizing.

My keyboard glows pic.twitter.com/Kk2roSsszi

— John Biggs (@johnbiggs) October 1, 2018

Powered by WPeMatico

Microsoft Azure bets big on IoT

Posted by | ambient intelligence, Android, api, Azure, Azure IoT, cloud computing, Google, Internet of Things, IoT, Java, Microsoft, Microsoft Ignite 2018, TC | No Comments

At its Ignite conference in Orlando, Florida, Microsoft today announced a plethora of new Internet of Things-focused updates to its Azure cloud computing platform. It’s no secret that the amount of data generated by IoT devices is a boon to cloud computing services like Azure — and Microsoft is definitely aiming to capitalize on this (and its existing relationships with companies in this space).

Some of today’s announcements are relatively minor. Azure IoT Central, the company’s solution for helping you get started with IoT, is now generally available, for example, and there are updates to Microsoft’s IoT provisioning service, IoT hub message routing tools and Map Control API.

Microsoft also today announced that the Azure IoT platform will now support Google’s Android and Android Things platform via its Java SDK.

What’s more interesting, though, is the new services. The highlight here is probably the launch of Azure Digital Twins. Using this new service, enterprises can now build their own digital models of any physical environment.

Think of it as the virtual counterpart to a real-world IoT deployment — and as the IoT deployment in the real world changes, so does the digital model. It will provide developers with a full view of all the devices they have deployed and allows them to run advanced analytics and test scenarios as needed without having to make changes to the actual physical deployment.

“As the world enters the next wave of innovation in IoT where the connected objects such as buildings, equipment or factory floors need to be understood in the context of their environments, Azure Digital Twins provides a complete picture of the relationships and processes that connect people, places and devices,” the company explains in today’s announcement.

Azure Digital Twins will launch into preview on October 15.

The other major announcement is that Azure Sphere, Microsoft’s play for getting into small connected microcontroller devices, is now in public preview, with development kits shipping to developers now. For Azure Sphere, Microsoft built its own Linux-based kernel, but the focus here is obviously on selling services around it, not getting licensing fees. Every year, hardware companies ship nine billion of these small chips and few of them are easily updated and hence prone to security issues once they are out in the wild. Azure Sphere aims to offer a combination of cloud-based security, a secure OS and a certified microcontroller to remedy this situation.

Microsoft also notes that Azure IoT Edge, its fully managed service for delivering Azure services, custom logic and AI models to the edge, is getting a few updates, too, including the ability to submit third-party IoT Edge modules for certification and inclusion in the Azure Marketplace. It’s also about to launch the public preview of IoT Edge extended offline for those kinds of use cases where an IoT device goes offline for — you guessed it — and extended period.

more Microsoft Ignite 2018 coverage

Powered by WPeMatico