The Internet of Things Could Kill You, Or At Least Jab You With A Screwdriver

 

2017 08 21 18 25 05

Lucas and his killer robots. Photo: JW

(This is the transcript of my BBC World Service piece which ran today. The original Reuters story is here.) 

I’m sure you’ve seen those cute little humanoid robots around? They’re either half size, or quarter size, they look like R2D2, and if you believe the ads, they could play with your kids or hold a screwdriver while you fix something under the sink. Some of them under $1,000. Nice, right?

Well, maybe not. The problem with these robots is that, a lot like everything else connected to the internet, they’re vulnerable to hackers. Lucas Apa, a researcher from ioactive, brought a couple into my office recently to show just how easy it is. These robots connect through wifi so you can control them, but that connection is really easy to hack, he showed. He says there’s very little if any security involved at all. In short, a bad guy could take over control of the robots and make them move, or monitor you — what you’re saying, what you’re doing — and send that back out to people. Or attack you. 

To prove it he made one of the robots wander around as if he were drunk, while another, mimicking the ad, jabbed a screwdriver viciously while reciting lines from horror movie doll Chucky. These things, frankly, are scary enough with their unblinking eyes and the way they tilt their head to face you, even if you move.  But Chucky’s voice and the screwdriver really freaked me out. 

Lucas’ demonstration was just that: this is what could happen, he says, if we allow these things into our home and let kids play with them. He says there’s no evidence so far anyone has actually done this. The scariest thing, though, was that he’d been in touch with the half-dozen manufacturers of these things, some based in the US, some in Asia, for months and for the most part they’d either ignored him or said it wasn’t a problem. I got back to him recently and asked him whether things had improved when he’d gone public . No, he says; the companies that say they’ve addressed the problems haven’t. 

For those of us watching the internet of things this is a familiar refrain. There are so many things connecting to the internet these days it’s not surprising that there are problems.  There are dozens of devices in a home connecting, or trying to connect, to the wifi network. A senior cybersecurity guy told me he had found a bug in his wifi-connected barbeque that could theoretically have allowed someone to start a fire remotely. 
In short. the people making these devices do not treat security as a priority, and indeed may not understand it.

The irony is that these are physical devices, not just computers, and so they could actually do more real-world damage, if not cause us physical harm, than a computer sitting in the corner. Sure, the latter contains credit cards and personal data, but we rely on these connected devices to feed us, carry us, clean us, protect us from intruders. 

As Lucas showed with his Chucky-esque robot, this is not something we should be doing without a) thinking hard about how useful this is and b) quizzing the companies — hard — about how secure their devices are.  I’m not convinced we’ve really thought this all the way through.

Right Ears, Masked Passwords and Nail Printing

image

I have actually been appearing on Radio Australia’s Breakfast Club pretty much every Friday—around 1.15 GMT–for the past year or so, but don’t always remember to post the links to the things I talk about (or intend to; there’s not always time).

Here’s to trying to remember to do it (and audio, now it’s available.)

  • Researchers in Italy have been going around nightlcubs in Chieti asking people for cigarettes. Turns out if you ask them in their right ear, you’re more likely to be successful. It’s called the right ear advantage (via the Daily Telegraph.)
  • Password masking is stupid, according to user interface expert Jakob Nielsen. Users make more errors when they can’t see what they’re typing, he says, and that makes them more likely to use overly simple ones. (Interestingly, one commenter on FriendFeed said the masking thing has less to do with fear of shoulder-surfing than of old CRT monitors, whose analog connections would give off radio noise which could be reconstituted with special equipment.)
  • Polaroid spin-off Zink has selected finalists for a competition to find novel ways to use its inkless printing (via Technology Review). My favorite: nail printing, via Singapore’s own Sonny Lim (above)
  • CEOs are media slackers, according to UberCEO.com. Most don’t have a twitter feed, a Facebook page or even a LinkedIn profile. Only Tom Glocer of Thomson Reuters seems to be doing well.  (via WIRED)

Customer Abuse in Exotic Locales, Part I

imageimage

HP have long been fighting a battle against refill cartridges, especially in my part of the world. But I think they’re going too far in this case — abusing customers and damaging their credibility and brand in the process.  

Recently I received spam in my inbox from the website www.hporiginalsupplies.com, in Indonesian, inviting me to the HP Original Supplies Zone, where it said I could receive information about original HP products. (The email said I had received it because I had participated in HP promotions before. The only way that they could have received that particular email address was through my official dealings with HP, when at no time do I recall giving permission to be spammed — which raises its own concerns.)

The email itself contained some links to HP.com but its images etc were mostly hosted on the hporiginalsupplies.com website. I could find no easy way of confirming this was a legit HP site — the website was registered by a local webhosting company called Master Web Network. So no way of telling there. And as you may have found if you clicked on the link, the home URL itself throws up only a blank page; only this one, for unsubscribing, seems to.

It took a while for the HP guys to figure it out too: They came back to me today to tell me it is legit. It’s a website for an “electronic direct mailer” or eDM for “the HP Original Rewards program in Indonesia…. HP Original Rewards is an HP loyalty program designed for Small and Medium Businesses (SMB) for the purchase of original HP print cartridges.”

To their credit, HP acknowledge that the “eDM doesn’t comply with HP’s brand standards” and have promised to do something about it. But that’s not really what troubles me. What troubles me is this:

  • Why is HP setting up website addresses with its brand name in without following the usual brand procedures — a way for consumers to check whether it is, indeed, an HP site through the usual methods.
  • Why is HP sending out spam, sorry, eDMs? OK, this is just Indonesia, but hey, we’re still people, right? I don’t like being spammed at any hour of the day by anyone, but especially not by a big player who doesn’t even bother to identify themselves properly.
  • What makes this worse is that we’re talking about HP trying to persuade people to buy non-fake, non-refilled disposables. But how would I know that isn’t a company pretending to sell legit goods? The malls and streets here are full of exactly that: HP boxes and containers full of goods that aren’t, or are no longer, legit HP products.

I can understand HP’s difficulties here. It must be hard to launch these kinds of promotions while keeping an eagle eye on agencies and promoters you may outsource the work to. But if you’re trying to get the message across to consumers that they should be buying your genuine products and not falling for fakes and knock-offs, you shouldn’t be spamming them from a domain that itself looks fake and dodgy.

You’ve Read the Column and Blog. Now Read the Book.

LwbI promise I’m not going to harp on too much about this, but today marks the moment when Loose Wire becomes not just a column and a blog (and an occasional podcast) but a book. LOOSE WIRE, A Personal Guide to Making Technology Work for You is now available for pre-ordering here.

The book is based around columns from the past six years, and is aimed at anyone who felt that, as the blurb says:

EVER GET THE FEELING that technology is taking over your life and not asking you first? When you’ve mislaid that important file or can’t connect your new camera, do you just want to hurl your computer out of the window? When your kids/friends/grandparents start talking about blogging, podcasting and RSS feeds do you nod as wisely as you can while wrestling with the urge to throw them out of the window too?

This is of course a bit excitment for me, because the columns have all been written with a vague idea in my mind that the world of technology could be sliced into thin enough pieces for anyone to digest. Now putting all those pieces back together in book form reveals a kind of pattern that surprised me. Not many surprises in there for the geeks among us, but those of you wanting an accessible guide you can read in the bath might find what you’re looking for.

The book is being launched on October 1 in Bali (where else?) at the Ubud Writers Festival which is playing a host to bunch of internationally acclaimed writers, i.e., people not like me. The launch party will be on October 1, 5.30 pm at Tutmak restaurant and café. If you’re around please do drop by. There will be drinks. I will also be appearing on a blogging panel the following day at 2 pm alongside (or probably slightly behind) Deepika Shetty [Singapore], Dina Zamen [Australia/Malaysia] and Sharon Bakar [Malaysia]. There will also be a launch later that week in Jakarta, and then maybe one later in the year in Hong Kong.

OK, no more plugs, I promise. Well, not too many.

Spark That Line

I’m a fan of sparklines, Ed Tufte’s graphical depiction within text of numerical data (it’s more exciting than I’ve made it sound). Here’s a couple of updates: First off, The Hardball Times is using them to show a month of scores of the major U.S. baseball teams:

Sl1

The bars are win (up) and loss (down). But also they’ve packed in a bit more information there: horizontal lines denote home games while gray bars represent games decided by two runs or less. You can see it better here:

Sl2

Nice work, guys. Meanwhile one of the best sparkline makers on the block, the Microsoft Office add-on SparkMaker from Nicholas Bissantz, is now into version 3.0. Sparklines will now update automatically when data in the original spreadsheet changes. The images are now scalable and more easily tweaked, and look better in print. Other tweaks are in there which I look forward to playing with.

Sl3

In short, sparklines are a great way to pack useful and yet otherwise boring looking information into a visual display that fits into, or alongside, ordinary text. One day it will be big. It deserves to be.