Tag Archives: IoT security

Weekly output: a fixed Hue vulnerability, techno-optimism, mobile apps versus mobile sites

Posted on by
4

I’m watching the Oscars as I type this, and a look at this year’s nominees shows I’m even more out of touch with pop culture than usual, having seen only two of the pictures nominated. I’m sure none of you are surprised to learn that I watched one–American Factory–on an airplane.

Speaking of that, if my travel posts here have you interested in hearing more on that subject, I’ll be discussing the finer points of business travel at Frequent Traveler University Washington DC on Sunday, March, 8. Twice: once that morning with travel blogger Tess Zhao (you’ll need a pass to the Travel and Adventure Show happening around FTU DC, $11 in advance for the day), and then an advanced version that afternoon for FTU DC pass holders ($129). For more on this event, I’ll point you to FTU DC speakers Tiffany Funk of One Mile At a Time and Matthew Klint of Live and Let’s Fly.

2/5/2020: Yet another joy of the smart home: Light bulbs at risk from hackers, Fast Company

I got an advance on Check Point’s documentation of an already-fixed vulnerability in the hardware bridge used by many Hue connected light bulbs–as did many other reporters who wrote up this story.  I hope that my critiquing the hopelessly-vague release notes for the patch that closed this “vuln” added some distinct value.

2/7/2020: New Industries & Opportunities: The Case for Techno-optimism, Greater Good Gathering

I headed up to New York Thursday to moderate this panel Friday morning, in which Microsoft Research director Eric Horvitz, Ownable president and CEO Brian Selander, CoverUS co-founder Peter Shanley, and Columbia University engineering professor Vijay Modi spoke about reasons to feel some optimism about where technology is taking us.

Yes, this was another manel for me. Until a week ago, I was supposed to moderate a different panel at this conference at Columbia that would have had some gender balance, but then the organizers had to reshuffle a few speaking slots.

2/9/2020: No, there doesn’t have to be an app for that, USA Today

About that Iowa app: Couldn’t the work of transmitting caucus results have been done much more simply via a mobile-friendly site? Mobile sites have other advantages over mobile apps for users–if not necessarily developers–and I outlined them in this USAT column.

Updated 2/22/2020 to add a YouTube embed of my panel.

Advertisement

Weekly output: AirPlay gaps, smart-home security

Posted on by
Reply

This will be a short workweek for me on both ends. I can’t expect many people to answer my e-mails tomorrow, and then the second half of Friday will be occupied by me starting my journey to Barcelona for Mobile World Congress. This trip will be seventh to MWC; if you will be heading there for your first time, you may appreciate the cheat sheet I wrote last year.

2/13/2019: More smart TVs are getting Apple AirPlay but that doesn’t mean you’ll be able to use it, USA Today

Now that connected televisions from Samsung and others are arriving with support for Apple’s AirPlay in-home media streaming built-in, many more people are likely to discover how many cable-TV apps disable this output option.

2/15/2019: A new tactic for smart-home security: shaming Walmart, Yahoo Finance

I wrote about an open letter from the Mozilla Foundation, the Internet Society and several other interest groups urging Amazon, Best Buy, Target and Walmart to stop selling insecure Internet-of-Things hardware. One complicating factor: There isn’t any canonical list of secure or insecure IoT gear that a retailer or a customer could consult. The best such option at the moment seems to be Mozilla’s Privacy Not Included, which excludes a great many devices.

Weekly output: wireless plans, cities meet 5G, GM + Honda, Twitter business models, Hack the Capitol, smartphone biometric locks, Tech Night Owl

Posted on by
Reply

This week saw a couple of long-running projects finally go online. It also saw a tweet I sent during a combative onstage appearance by Sen. Lindsey Graham (R.-S.C.) at the Atlantic Festival go slightly viral, as in 1,651 retweets and 2,843 likes. That one tweet doesn’t fairly capture Graham’s discussion–that’s why I posted it as part of a thread that wound up spanning 11 updates–but I fear most of the 185,556 impressions for the tweet in question did not result in my new readers sticking around to read the rest of that thread. Once again, Twitter is where context goes to die; in other news, water is wet.

10/1/2018: The Best Cell Phone Plans, Wirecutter

We posted yet another update to the guide to reflect the addition of tiered “unlimited”-data plans at all four carriers and tried to streamline the text a bit. And by the end of this work, we realized we would need to update the guide yet again in a few months, should changes we’re seeing in usage levels continue showing up in third-party studies.

10/2/2018: Why 5G Internet Is a Policy Minefield for Cities, CityLab

When I started interviewing people for this story, 5G wireless deployment was months away, but now it’s a commercial reality in four U.S. cities. Appropriately enough, I wrapped up work on this piece for this subsidiary of The Atlantic’s parent firm while attending that magazine’s conference in Washington.

10/3/2018: GM’s self-driving-car project will have Honda riding shotgun, Yahoo Finance

This writeup of GM’s Cruise Automation’s deal with Honda to co-develop its second self-driving electric car benefited from a quick interview with Cruise CEO Kyle Vogt I did right after their press call Wednesday morning.

10/3/2018: Twitter business models, Al Jazeera

The Arabic news channel had me to discuss this subject, inspired by the “We can’t believe this website is free” joke tweeted by Twitter’s own Twitter account. Right before I went on the air, I though to ask the interpreter if there was an Arabic term for “freemium”; he told me there was not, so we agreed that I would take a minute to describe that concept so he could translate it correctly.

10/4/2018: Hack the Capitol event reminds lawmakers that IoT security needs help, The Parallax

I wrote about this brief conference in D.C. about the security of industrial control systems from the week before in the light of… wait for it… Congress not acting on a vital tech-policy issue.

10/5/2018: Unlock your phone with your face or fingerprint? Here’s how to shut that off – quickly, USA Today

This how-to walks readers through quickly disabling the facial- or fingerprint-recognition unlock features in iOS and Android. A reader wrote to me afterwards to ask why I didn’t mention just restarting the phone, which will also disable those biometric unlocks; that would not be as quick to do, but I should have included that anyway.

10/6/2018: October 6, 2018 — Rob Pegoraro and Bryan Chaffin, Tech Night Owl

I talked with host Gene Steinberg about the puzzling mismatch between Bloomberg BusinessWeek’s story alleging a long-running Chinese campaign to hide spy chips on server circuit boards with increasingly direct denials by Apple, Amazon and others. There’s also some banter about transit in our roughly hour-long discussion.

Weekly output: IoT security, Facebook privacy pop-up, L0pht hacker testimony, Tech Night Owl

Posted on by
1

This edition of my weekly recap features a new client: The Parallax, the security-news site founded in 2015 by former C|Net writer Seth Rosenblatt. At least two friends had suggested earlier that I look into writing there, but that didn’t happen until I spotted Seth at the Google I/O press lounge earlier this month and introduced myself. If you were going to ask about the absence of another client in this post: Yahoo Finance hasn’t forgotten about me, I haven’t forgotten about them, and I’ve got three posts in the works there this coming week. Hint: One involves a hydrogen-fueled car.

5/22/2018: IoT regulation is coming, regardless of what Washington does, The Parallax

I wrote up the panel I moderated at RightsCon two weeks ago–which required me to record the whole thing on my phone and then spend an hour and change transcribing everything. On the upside, having to set aside my phone to capture the audio meant I couldn’t be distracted by the Twitter backchannel during the panel.

5/24/2018: Don’t ignore this alert from Facebook. It’s your chance to quickly curb what it knows, USA Today

I filed a cheat sheet on the privacy-settings pop-up you may have already seen. I got my version of this interruption Friday; mine did not advise me to check the info in my profile, maybe because I don’t have anything there advertising my political or religious leanings.

5/24/2018: 20 years on, L0pht hackers return to D.C. with dire warnings, The Parallax

The lede for this popped into my head not long after arriving at the Rayburn House Office Building for this panel Tuesday afternoon and noticing that the name tags in front of the room featured the hacker handles of the four speakers instead of their given names: Kingpin (Joe Grand), Mudge (Peiter Zatko), Weld Pond (Chris Wysopal), and Space Rogue (Cris Thomas). At one point, Zatko complained about companies that try to win over customers by stapling on “flashy security products” like anti-malware utilities; as the Parallax is sponsored by the anti-malware vendor Avast, I made sure to include that line, and it went into the post intact.

5/26/2018: May 26, 2017 — Rob Pegoraro and Ben Williams, Tech Night Owl

I showed up on Gene Steinberg’s podcast to talk about my at-the-time incomplete iMac drive transplant (by the time he rang me on Skype, I hadn’t finished disassembling the old drive, which is an anxious point at which to have to set aside the work), the weird case of an Amazon Echo capturing and sending a recording of people’s in-home banter, and the European Union’s General Data Protection Regulation.

Weekly output: disinformation, IoT security, do not disturb while driving, GDPR

Posted on by
5

I wrapped up three weeks in a row of business travel by going to Toronto for Access Now’s RightsCon conference. This was somehow my first trip to Canada’s largest city, and now I’m already looking forward to returning there next year for Collision.

5/16/2018: The Perfect Storm? Misinformation and Extremist Propaganda, RightsCon

I moderated this discussion with Institute for Strategic Dialogue project coordinator Chloe Colliver, Data & Society media-manipulation project lead Joan Donovan, and Graphika research and analysis director Camille François. It all went well, aside from when I thought the panel only ran for an hour and needed the audience to remind me that we actually had a 75-minute timeslot.

5/17/2018: Internet of (Stranger) Things: Privacy threats of the next generation of vulnerable devices, RightsCon

I’ve been quoting security researcher Bruce Schneier for years, and somehow Access saw fit to have me moderate a panel featuring him–as well as Ryerson University expert-in-residence Ann Cavoukian, Access policy manager Amie Stepanovich, and Atlantic Council fellow Beau Woods. The stage for this panel happened to feature a large fern on either side, so I had no choice but to rip off “Between Two Ferns” for my introduction.

Although RightsCon didn’t record video of either panel, a new client asked me to write up our discussion, so I recorded it on my phone; you can listen to that audio after the jump.

5/20/2018: This new smartphone feature should be used by every driver, from teen to seasoned commuter, USA Today

I wrote a cheat sheet for using the “Do Not Disturb while driving” feature Apple added to iOS 11, as well as the Android Auto app that should be in Google’s standard Android bundle but is not. Neither is all that new, but I don’t always get to write the headlines.

5/20/2018: EU to install sweeping changes to online privacy rules, PBS NewsHour

I did this remote interview with NYC-based NewsHour anchor Alison Stewart about the EU’s General Data Protection Regulation from a studio in D.C. before this afternoon’s Nats game. My last appearance on the show came in 2011; I’ll try not to wait so long before a return.

Continue reading

Weekly output: Android P, crytocurrency security, Android Things, Sprint-T-Mobile

Posted on by
2

My eighth Google I/O conference–and my seventh in a row–is in the books. Once again, I came home from the Bay Area with way more in my notes than I could put into stories at the time. (See my Flickr album to get a sense of the event.) This Tuesday will continue another streak: My third consecutive week of work travel has me heading to Toronto that morning for Access Now’s RightsCon conference, at which I’m moderating two panels.

5/8/2018: New in Android P, Tools to Help You Put Down Your Phone, Consumer Reports

I made my first appearance in CR in months with this recap of the major features in the next version of Android–which I expect get on my Pixel phone within days of its debut later this year, but which many other Android users may not see so quickly.

5/9/2018: Your crypto exchange may be less secure than your email account, Yahoo Finance

I wrote this recap of Chris Wysopal’s talk at Collision last week, but for reasons not quite clear to me it didn’t get posted until this week.

5/10/2018: Google is trying to make your smart home safer, Yahoo Finance

My I/O coverage continued with this explanation of Google’s Android Things connected-device platform and the broader “IoT” security problem that needs fixing.

5/11/2018: Could the Sprint-T-Mobile merger mean higher bills for Boost or MetroPCS customers?, USA Today

All the time I’ve spent poring over the pricing of prepaid and resold wireless service informed this assessment of how Sprint and T-Mobile’s proposed merger might affect those markets.