A Twitter feed, at its best, is like an algorithm you written to keep yourself amused and informed. At the same time it offers us direct access to the best minds and the worst bots on the planet. And in a field like the IoT, where theres so much noise and so little signal, getting new information without constantly reading "Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, growing to 20.8 billion by 2020" over and over is a bit tough. That's great information but when a "connected thing" can be anything from a kettle to car to a pacemaker, it's hard to get a sense of what matters now. So we want to know who on Twitter is giving you the most addictive IoT information. Here are the best accounts we've come across. 1. The Straight Sh*t @internetofshit Bio: Obviously the best thing to do is put a chip in it. 2. A Straight Newsfeed (tweets a lot, more B2B related) @TheIoT Bio: The most comprehensive & up to date #IoT news 3. Another Straight Newsfeed (tweets less, more product related) @wtvox Bio: WT VOX is the most trustworthy, authoritative resource in #WearableTech. Daily news in #FashionTech #Wearables #BigData #IoT #DigitalHealth #Robotics #AR #VR 4. Data Dude @AjitJaokar Bio: #Datascience, #IoT, #MachineLearning, #BigData, Mobile,#Smartcities, #edtech 5. "Long Tail"/Drones Guy @chr1sa Bio: 3D Robotics CEO, DIY Drones, ex Wired EIC, Long Tail, FREE, Makers, GeekDad, etc. 6. Tech Meets Policy @ITI_TechTweets Bio: The Information Technology Industry Council (ITI) is the global voice of the tech sector. 7. The Big Picture @Doug_Laney Bio: Gartner VP & Distinguished Analyst -- Data & Analytics Strategy, Infonomics & Data Monetization, Big Data & Info Innovation. 8. Your Friendly Austrian Researcher Pal @_zeiner Bio: Researcher - interested in internet of things (#IoT, #WebOfThings - #NFC, #RFID, #robots), data analytics (#bigdata), and cloud computing (#cloud) 9. The Aggregator @IoTwatcher Bio: @_trendspotter made this aggregation account. Topics: -//- Internet of Things -//- Web of Things -//- #IoT, #WoT, #M2M 10. Fun News @JournalOfThings Bio: We cover the internet of things and big data. #iot #m2m #b2b #bigdata And, of course, there's @FSecure_IoT and @FSecure_Sense. Who did we miss? [Image Image by Andreas Eldh via Flickr]
While speaking at South by Southwest, President Obama used a striking metaphor to make the government's case for demanding Apple break into an iPhone used by one of San Bernardino killers. "Because if in fact you can’t crack that at all, and government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket," he said. Have smartphones really made more information inaccessible to law enforcement? Techdirt's Mike Masnick notes "there has always been information that was inaccessible -- such as information that came from an in-person conversation or information in our brains or information that has been destroyed." What's unique about this point in history, Masnick argues is that, there is "much more recorded evidence."  Some argue that the government already has nearly all the information that might be on the iPhone in question and is pursuing access to 12 other phones that may have nothing to do with terrorism. Cloud services, email and tons of metadata are all available with a court order. In fact, we are speedily heading to a point where it might be possible that everything that we ever do is recorded or captured in some way or another thanks to the Internet of Things. What if the government potentially had backdoor access to every smart device in your smart home? F-Secure Labs Security Advisor did a quick thought experiment about what could happen if the government used"All Writs Act to expand FBiOS development to include wiretapping functionality of a phone in use. " He concluded that what the government's proposing has huge potential for abuse: "...while your data in transit might remain fully encrypted, every device will now include the potential to be wiretapped unless you compile the OS yourself (or install from trusted sources) and maintain control of the update channel. History suggests that FBiOS wiretapping functionality would be too easily abused by multiple governments. And the creation of a spying potential of this sort would be a massive prize for hackers. "We shouldn't undermine our entire security setup just because there are some bad people out there," Masnick wrote. "In fact, that makes us less safe." These debates tend to circle around to the need to defend against criminals and terrorists, which is definitely true, and the fact that most of us consider ourselves law-abiding citizens with nothing to hide. But imagine if you did have something to hide, something you were born with and something you couldn't change. "LGBTQ people around the world depend on encryption every day to stay alive and to protect themselves from violence and discrimination, relying on the basic security features of their phones to prevent online bullies, stalkers, and others from prying into their personal lives and using their sexuality or gender identity against them," Cory Doctorow and Victoria Ruiz wrote. These dangers are not theoretical for millions of people around the world, which is why we at F-Secure we stand with Apple. It's important to make a case for the right to encryption now before it's too late.  
The insecurity of IoT devices is a common theme on this blog. Cool and novel yes, but smart “Things” often fall short on security and privacy. We’ve talked about the pitfalls of smart baby monitors, water kettles, cars, and Hello Barbie. Why do these connected things slip up so badly when it comes to security? Let’s look at it from another point of view – the view of the maker of an IoT device. Imagine you own a company that has been making cookie jars for 30 years. You make cute, classy and creative cookie jars to fit every type of kitchen decor. You know everything about them – the best materials, most popular designs, ideal sizes, the best-sealing lids for the freshest cookies, everything. You are an authority in making great cookie jars. Now you decide to get on the IoT train and introduce a smart cookie jar. It will be the first of its kind! This cookie jar will put an end to the age-old problem of kids sneaking treats before dinner and ruining their appetites. It will connect to an app in the user’s phone. The app will alert the user when someone is opening the cookie jar. From the app, the user will also be able to remotely lock and unlock the cookie jar. So even if Mom is away, she can still keep Billy out of the Chocolate Chunkies. You’ve been making cookie jars for three decades – you’re an expert. But when it comes to making a smart cookie jar, that’s another thing. Because you are not an expert in software tech. In fact, you pretty much know nothing about it. You’re excited about your new product. You’re thinking of new features you could build in, like password protection right on the jar, or a sensor that can tell how many cookies have been removed. You’re in a hurry to get the product to market. After all, you’ve heard that some new Silicon Valley startup is working on a similar product, and you don’t want to be upstaged. In all your excitement, security is forgotten. Or rather not forgotten, since you never had it in your mind to begin with. Because you, after all, are a cookie jar maker. You’re working with a few other companies on the technology. Your goal is to get the jar made as quickly and as inexpensively as possible. None of the other vendors stress about security. After all, it’s not going to be their brand name on the final product. It will be yours. You don’t realize that the software being used in your product is five years old. You’ve never thought about what might happen if a vulnerability needs to be patched. Is it even possible to patch, and if so, how will you alert your customers who purchase the jar? But these thoughts don’t enter your mind. Your main concern is that it will work, and that it will look cool, and have that “wow” factor. So you keep working. Eventually your cookie jar gets made and hits the market. It works. It looks cool. And it has that “wow” factor. But, oops. It leaks the password to the home Wi-Fi network. It’s really no surprise. You are, after all, a cookie jar maker.* Security is challenging enough to get right for the software industry itself – how much more so for those companies who are completely new to software and security. As security researcher Runa Sandvik put it, “When you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.”   *No disrespect to cookie jar makers – I myself am a big fan of cookies of all kinds, and cookie jars are a great way to keep them accessible. I would trust my cookies any day to them, but I’d be more careful about my data. Banner image courtesy Personal Creations, flickr.com. Modified.  
It’s almost time for the annual Mobile World Conference in Barcelona. That means you’ll be hearing all about the latest gadgets, gizmos, and whatchamacallits that the tech industry has to offer over the next few days. Companies wheel out a lot of amazing stuff at MWC. Some products are just new versions of old favorites, like new or refreshed smartphone models. Others might be innovative takes on simple objects. And some of them will blow your mind. And one space brimming with innovation is the Internet of Things (IoT). Based on the Digital Agenda’s Twitter poll, it looks like lots of people are stoked to learn more about what manufacturers have in store for the IoT. F-Secure’s interested in the IoT too. But not just because of all the cool gadgets. It’s more about what it means for people’s security and personal privacy. After all, how are you supposed to keep your personal information safely inside of your home if you’re surrounded by Internet-connected cameras, thermostats, televisions, and light switches? If you’re interested in the IoT and want to know how you can keep your smart devices from exposing details about your bank account info, sex life, or other information you’d rather not share, one of the latest gadgets you’ll want to check out is F-Secure SENSE. SENSE is a brand new security and privacy product designed to protect people, smart homes, and all of the Internet-connected devices people use to get online. [protected-iframe id="e08dcfcc9034d0976fb6555ee2a36868-90277660-81725797" info="https://www.youtube.com/embed/0y9A7IlswkU" width="560" height="315" frameborder="0" allowfullscreen=""] SENSE was announced at last year’s SLUSH conference in Heslinki. But at #MWC16 people will be able to get up close and personal with SENSE. Maybe even get some pictures taken like these guys did at SLUSH. You can meet SENSE and learn more about F-Secure and other privacy and security products, like Freedome and SAFE, by visiting us at Hall 6, Stand B60 at MWC.
"In 2012, hackers were able to gain remote access to 4.5 million DSL modems in Brazil through a flaw in the devices’ firmware," F-Secure Security Advisor Tom Gaffney explains in a new article for CED Magazine. In this case hackers were using a "man-in-the-middle-attack" to go after after banking credentials. In others, criminals used routers to direct people to malicious website. Both hacktivists and extortionist have overrun routers in order to build botnets that can be used to stage larger attacks. Routers are persistently vulnerable and that's a bad omen for the developing Internet of Things. "There’s not one security issue making routers vulnerable to attacks – there are several," Gaffney explains before focusing on the most common issue -- firmware, which is "the software that controls the basic functions of a particular device." Like any software, firmware needs to be kept updated to stay functional and secure. And while we're getting better at making this happen on our smartphones and PCs, developers haven't yet seriously taken the necessary steps to make sure routers are patched and protected. "Mark Shuttleworth, founder of the Ubuntu Linux Distribution, called firmware a 'cesspool of insecurity' on his blog. Consumers rarely think about applying security patches or installing updates in devices like routers," Gaffney writes. "People don’t receive notifications about firmware issues like they do with software on their PCs, so it’s completely up to them to monitor the websites of manufacturers for updates." Updating your router's firmware is one of our three key recommendations for securing your smart home, as Adam explained last summer: But updating firmware isn’t as easy as updating apps on your PC or phone. It’s something many people either don’t know how to do, or they simply aren’t aware when it’s required. Most routers can’t be updated automatically, or even directly online. People typically have to download the update to their PC first and then use that to install it on the router. There are some generic guides online that can give you an overview on how it works, but how to update and when depends on the manufacturer, so you should consult their website for specific instructions. It might also be worth simply buying a new router if yours is quite old and hasn’t been updated regularly. Manufacturers will often stop providing updates after a few years, even though the devices can last for a decade. Plus, many newer routers offer additional capabilities, and [F-Secure Security Advisor Sean] Sullivan admits that some of the newer features (such as guest settings) not only offer security benefits, but also allow them to work better with the diverse range of IoT devices used in smart homes. Firmware could easily become the Kryptonite of the IoT, Gaffney explains, if we don't learn from the issues we've seen with securing routers. "Routers are not widely recognized as IoT devices, but they’re strikingly similar," he writes. "They’re small, relatively inexpensive gadgets that have a very limited set of functions compared to smartphones and computers. It wouldn’t be surprising to see routers replaced with some kind of new IoT device that combines the functions of routers with a TV, fridge, thermostat, or other type of product." Given the massive amounts of data these smart devices will have on us securing them will be increasingly important to consumers. "The key issue that needs to be understood is that routers, IoT devices, computers, phones and anything else that connects to another device creates a network. And not securing the different parts of a network risks compromises the entire thing, including all of its devices and data." While he fears that there's "a good chance that firmware vulnerabilities will spread with the IoT," he does see light at the end of the tunnel. "Firmware is evolving into 'light' operating systems that make managing devices with limited functionality (like routers and IoT devices) easier for users by offering features like auto-updates and notifications." The real question, as always, is if it can evolve fast enough to out evolve the hackers. [Image by Sunil Soundarapandian |Flickr]
You car is not a mechanical device. Nope. Your car is "probably the most complex distributed system that you personally own," Professor Stefan Savage explained earlier this month in a talk at USENIX Enigma 2016 entitled "Modern Automotive Security: History, Disclosure, and Consequences". This is why: This are the basic computing features of most any car purchased in the last 5 years. But the computerization of cars began 45-years ago with the advent of the airbag. A typical automobile network is now vastly most complex than what most of us have in our homes. And there's a good chance that your "off-the-shelf, unmodified sedan" could be compromised by a third party. "Compromised" as in your brakes could remotely be made useless, as Professor Savage did for this episode of 60 Minutes. The answer to these problems isn't simply "hire better people and it will all be better," Savage explained. Cars are vulnerable for a lot of reasons -- including the security problems emerging in much of the Internet of Things. Savage calls it "a huge amount of pressure on feature creation." Often, in the rush to add functionality, security is often not considered or actively ignored. Additionally, there are underlying issues with code ownership and laws that deny even security researchers access to internal workings of car software. “The thing that parents need to know about smart toys is that they’re new terrain for parents and children, but also manufacturers,” our security advisor Sean Sullivan told Newsweek. And his critique of the connected toys industry is certainly true of the computing revolution that's been going on inside our cars over the past decade. From OnStar to keyless entry to electric car charging station, two-way digital communication makes vulnerabilities likely if not inevitable. Car companies seem to have changed their approach and heightened their concern for security after the Jeep hack last summer, which led to the recall of more than a million Chrysler automobiles. But recalls aren't a very effective way to update cars, given the large percentage of owners who just won't bring their cars in unless they stop working. Savage told the story of a vulnerability his team discovered in Generation 8 OnStar units that they decided not to disclose based on the low rediscovery risk. Five years later it came out that GM had updated all of the units even though Generation 8 OnStar "has no ability to do remote updates." So what happened? "I'm not saying that GM hacked millions of its own cars..." Savage mused. "But something happened." (Hat tip to Antti Tikkanen.) [Image by Day Donaldson | Flickr]  
  The U.S. Department of Defense played a "pioneering" role the development of technology now utilized by the IoT -- including the sensor and computer networking -- but today "few military systems leverage the full IoT stack." Why? "Security is the most significant challenge to broader IoT adoption across the military, with the large number of simple devices and applications raising unique vulnerabilities to electronic and cyber warfare." That's the main reason the Pentagon has been slow to adapt to the Internet of Things, according to a Center for Strategic and International Studies report on "Leveraging the Internet for a More Efficient and Effective Military (PDF)." In order seize the imperative to use machine learning to "revolutionize modern warfare," the report calls for developing "Common Standards and Protocols" along with "new security techniques that can be applied to commercial, off-the-shelf (COTS) devices and applications, including those hosted in the cloud, focusing on invest- ing in scalable security measures instead of securing individual systems." The problems of IoT security cut two ways for the U.S. military presenting outside risks and limiting adoption of new technology.  Lt. Gen. Edward Cardon, head of the U.S. Army Cyber Command, argues that national security requires increased monitoring and securing the internet wherever it exists to counter the risks that come from the end of any illusion of compartmentalization that is fading as the IoT emerges.   "What we're starting to realize is an event that happens in the commercial space could be happening in the government space and could be happening in the military space," Cardon said at the Institute of World Politics in Washington last month. "So it's not like it's all compartmentalized." A boundary-less internet presents a whole world of security issues and privacy issues for early adopters. And failing to address them is leaving the world's best funded military struggling to catch up.
It’s easy to be pessimistic about how the Internet of Things (IoT) could change the world. Some people might see it as just a gimmick to sell new TVs or other devices. Others might feel that it’s more of the same old thing, or just a bunch of new mobile devices. Many people are concerned about how safe these devices are, or if they’ll usher in a big brother type world where privacy is a thing of the past. But many people and companies are learning how to leverage new Internet-connected technologies in extremely positive ways. Here’s a few examples of how IoT devices are making life better for people all over the world. Keep an eye on things while you’re away Surveillance isn’t a bad thing when it’s not infringing on people’s privacy or personal space. And that’s exactly what one Australian man learned when he was able to use various smart gadgets to prevent his home from being destroyed in a bushfire. Professor Simon Maddocks from Charles Darwin University was able to spot the fire using his Internet-connected security cameras and a smartphone. Once he saw that the fire was approaching his home, he was able to use his smartphone to activate his property's irrigation system. Unfortunately, he was unable to save his crops. But his livestock and house survived the fire, which makes him quite lucky compared to some of his neighbors. Cases like these demonstrate how Internet-connected devices can help protect people. If Professor Maddocks wasn’t able to monitor his home he wouldn’t have understood the immediacy of the approaching threat – a capability F-Secure Director of Strategic Threat Research Mika Stahlberg has called the potential killer apps for smart homes. And being able to use his irrigation system to douse his property would have been much more difficult had he not been able to do this remotely. Information sharing made easy Many popular IoT devices are being developed for use in smart homes. But thinking that IoT devices are limited to innovating homes is a complete misconception. Wearables are a pretty big product category for IoT devices, and features well-known items like the Apple Watch and FitBit. One recent project, called Wearables for Good, was created with the intent to encourage companies to develop wearables that serve the needs of people in both developed and developing nations. The project was a competition that awarded two design initiatives with cash prizes, as well as support in launching the products. One of the winners was Khushi Baby – a wearable necklace designed to store immunization data to make administering vaccinations in the field easier for health care workers. The necklace can store medical data and then share it with mobile devices via NFC transmitters. Making this information more accessible to people responsible for administering vaccines will help them make informed decisions while they’re in the field, and make vaccinating large groups of people much easier and safer. The designers behind Khushi Baby are currently using the product in Northern India to prevent fatalities due to vaccine-preventable diseases. Monitoring the health of people that count on you People now have access to technologies that can help them keep track of their own daily activities, and make improvements like getting more exercise, monitoring sleeping habits, etc. And while this is a great way for people to keep themselves healthy, other manufacturers are now beginning to focus on how to use these technologies to monitor people that have trouble staying healthy without a little extra help. For example, a Boston-based company has developed a “wearable baby monitor” that allows parents to monitor things such as their baby’s breathing, heart rate, movements, etc. This gives them a more complete picture of their baby’s health so that they can take better care of newborns. Another company has developed a series of activity monitors that can be placed around the home to help monitor older adults that are living alone. These monitors can be placed throughout the home and monitor activities, and then make this data accessible online. The caveat of these home monitoring technologies is that they collect, store and exchange massive amounts of data – data that can easily be repurposed by hackers or criminals. Hacking has already been proven to be a serious risk for Internet-connected baby monitors. So everyone has a reason to be excited about what IoT devices can do, but remember to take steps to secure your new smart devices, and the data they collect and share online. [Image by Al404 | Flickr]