Tag: Internet Of Things

Categories
Links Writing

Older Adults’ Perception of Smart Home Technologies

Percy Campbell et al.’s article, “User Perception of Smart Home Surveillance Among Adults Aged 50 Years and Older: Scoping Review,” is a really interesting bit of work into older adults/ perceptions of Smart Home Technologies (SMTs). The authors conducted a review of other studies on this topic to, ultimately, derive a series of aggregated insights that clarify the state of the literature and, also, make clear how policy makers could start to think about the issues older adults associate with SMTs.

Some key themes/issues that arose from the studies included:

  • Privacy: different SMTs were perceived differently. But key was that the privacy concerns were sometimes highly contextual based on region, with one possible effect being that it can be challenging to generalize from one study about specific privacy interests to a global population
  • Collection of Data — Why and How: People were generally unclear what was being collected or for what purpose. A lack of literacy may raise issues of ongoing meaningful consent of collection.
  • Benefits and Risks: Data breaches/hacks, malfunction, affordability, and user trust were all possible challenges/risks. However, participants in studies also generally found that there were considerable benefits with these technologies, and most significantly they perceived that their physical safety was enhanced.
  • Safety Perceptions: All types of SHT’s were seen as useful for safety purposes, especially in accident or emergency. Safety-enhancing features may be preferred in SHT’s for those 50+ years of age.

Given the privacy, safety, etc themes, and how regulatory systems are sometimes being outpaced by advances in technology, they authors propose a data justice framework to regulate or govern SHTs. This entails:

  • Visibility: there are benefits to being ‘seen’ by SHTs but, also, privacy needs to be applied so individuals can selectively remove themselves from being visible to commercial etc parties.
  • Digital engagement/ disengagement: individuals should be supported in making autonomous decisions about how engaged or in-control of systems they are. They should, also, be able to disengage, or only have certain SHTs used to monitor or affect them.
  • Right to challenge: individuals should be able to challenge decisions made about them by SHT. This is particularly important in the face of AI which may have ageist biases built into it.

While I still think that there is the ability of regulatory systems to be involved in this space — if only regulators are both appropriately resourced and empowered! — I take the broader points that regulatory approaches should, also, include ‘data justice’ components. At the same time, I think that most contemporary or recently updated Western privacy and human rights legislation includes these precepts and, also, that there is a real danger in asserting there is a need to build a new (more liberal/individualistic) approach to collective action problems that regulators, generally, are better equipped to address than are individuals.

Categories
Links

Finnish Residents Briefly Left in Cold After DDoS Attack

Per Motherboard:

Simo Rounela, CEO of Valtia, a Finnish company that manages the buildings, told Motherboard that the attack hit a DNS service; that is, servers that translate human-readable internet domain names into computer IP addresses.

Shortly after, Valtia received a number of alerts from one of their building’s automation systems, made by a company called Fidelix.

“Remote connection was not working, so went on-site for more inspections,” Rounela explained. The automated system controlling the heating, ventilation and hot water for the homes kept rebooting every 5 minutes. Eventually, it just didn’t boot-up anymore, he said.

We generally don’t understand the full impacts of connecting things to the Internet; it’s a hugely complex system that we can’t easily ‘fault test’ without breaking a lot of different services and systems. The result is that an attack on one aspect of the Internet – such as the DNS infrastructure – can have unexpected impacts around the world. It’s this potential for untold, and cross-national, impacts linked to cyber attacks that makes many of them so risky and dangerous to the general public.

Categories
Links

How hard is it to hack the average DVR? Sadly, not hard at all

Ars Technica:

Johannes B. Ullrich, a researcher and chief technology officer for the SANS Internet Storm Center, wanted to know just how vulnerable these devices are to remote takeover, so he connected an older DVR to a cable modem Internet connection. What he saw next—a barrage of telnet connection attempts so dizzying it crashed his device—was depressing.

“The sad part is, that I didn’t have to wait long,” he wrote in a blog post published Monday. “The IP address is hit by telnet attempts pretty much every minute. Instead of having to wait for a long time to see an attack, my problem was that the DVR was often overwhelmed by the attacks, and the telnet server stopped responding. I had to reboot it every few minutes.”

The Internet of Things should, at this point, mostly be renamed the Internet of Threats.

Categories
Links Writing

Brace yourselves—source code powering potent IoT DDoSes just went public

Brace yourselves—source code powering potent IoT DDoSes just went public:

Both Mirai and Bashlight exploit the same IoT vulnerabilities, mostly or almost exclusively involving weakness involving the telnet remote connection protocol in devices running a form of embedded Linux known as BusyBox. But unlike Bashlight, the newer Mirai botnet software encrypts traffic passing between the infected devices and the command and control servers that feed them instructions. That makes it much harder for researchers to monitor the malicious network. There’s also evidence that Mirai is able to seize control of Bashlight-infected devices and possibly even patch them so they can never be infected again by a rival botnet. About 80,000 of the 963,000 Bashlight devices now belong to Mirai operators, Drew said.

Next time you see a vendor sell you something that can be connected to the Internet, be sure to ask:

  • How long will you be providing support for this product?
  • How will you be pushing security updates to this product?
  • What mitigation strategies have you implemented to ensure that a third-party doesn’t take control of this product?
  • What will you do to help me when this device is compromised because of a vulnerability in this product?

I can almost guarantee that whomever is selling the product will either look at you slackjawed or try to use buzzwords to indicate the product is secure. But they will almost certainly be unable to genuinely answer the questions because vendors are not securing their devices. It’s their failures which are have created the current generation of threats that the global Internet is just now starting to grapple with.

Categories
Links

The cyberpunk dystopia we were warned about is already here – Versions

The cyberpunk dystopia we were warned about is already here:

It seems that what companies like Cisco and app developers and startups seem to forget is that people can tell the difference between transformative innovation and shopping. Bogost adds: “It’s time to admit that the Internet of Things is really just the colonization of formerly non-computational devices for no other reason than to bring them into the fold of computation. […] Operational benefit is deemphasized in favor of computational grandstanding, data collection, and centralization.”

The best definition of the Internet of Things I’ve come across in a while.