10 Best #IoT Accounts to Follow on Twitter
A Twitter feed, at its best, is like an algorithm you written to keep yourself amused and informed. At the same time it offers us direct access to the best minds and the worst bots on the planet. And in a field like the IoT, where theres so much noise and so little signal, getting new information without constantly reading "Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, growing to 20.8 billion by 2020" over and over is a bit tough. That's great information but when a "connected thing" can be anything from a kettle to car to a pacemaker, it's hard to get a sense of what matters now. So we want to know who on Twitter is giving you the most addictive IoT information. Here are the best accounts we've come across. 1. The Straight Sh*t @internetofshit Bio: Obviously the best thing to do is put a chip in it. 2. A Straight Newsfeed (tweets a lot, more B2B related) @TheIoT Bio: The most comprehensive & up to date #IoT news 3. Another Straight Newsfeed (tweets less, more product related) @wtvox Bio: WT VOX is the most trustworthy, authoritative resource in #WearableTech. Daily news in #FashionTech #Wearables #BigData #IoT #DigitalHealth #Robotics #AR #VR 4. Data Dude @AjitJaokar Bio: #Datascience, #IoT, #MachineLearning, #BigData, Mobile,#Smartcities, #edtech 5. "Long Tail"/Drones Guy @chr1sa Bio: 3D Robotics CEO, DIY Drones, ex Wired EIC, Long Tail, FREE, Makers, GeekDad, etc. 6. Tech Meets Policy @ITI_TechTweets Bio: The Information Technology Industry Council (ITI) is the global voice of the tech sector. 7. The Big Picture @Doug_Laney Bio: Gartner VP & Distinguished Analyst -- Data & Analytics Strategy, Infonomics & Data Monetization, Big Data & Info Innovation. 8. Your Friendly Austrian Researcher Pal @_zeiner Bio: Researcher - interested in internet of things (#IoT, #WebOfThings - #NFC, #RFID, #robots), data analytics (#bigdata), and cloud computing (#cloud) 9. The Aggregator @IoTwatcher Bio: @_trendspotter made this aggregation account. Topics: -//- Internet of Things -//- Web of Things -//- #IoT, #WoT, #M2M 10. Fun News @JournalOfThings Bio: We cover the internet of things and big data. #iot #m2m #b2b #bigdata And, of course, there's @FSecure_IoT and @FSecure_Sense. Who did we miss? [Image Image by Andreas Eldh via Flickr]
What the Apple/FBI battle means for the IoT
While speaking at South by Southwest, President Obama used a striking metaphor to make the government's case for demanding Apple break into an iPhone used by one of San Bernardino killers. "Because if in fact you can’t crack that at all, and government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket," he said. Have smartphones really made more information inaccessible to law enforcement? Techdirt's Mike Masnick notes "there has always been information that was inaccessible -- such as information that came from an in-person conversation or information in our brains or information that has been destroyed." What's unique about this point in history, Masnick argues is that, there is "much more recorded evidence." Some argue that the government already has nearly all the information that might be on the iPhone in question and is pursuing access to 12 other phones that may have nothing to do with terrorism. Cloud services, email and tons of metadata are all available with a court order. In fact, we are speedily heading to a point where it might be possible that everything that we ever do is recorded or captured in some way or another thanks to the Internet of Things. What if the government potentially had backdoor access to every smart device in your smart home? F-Secure Labs Security Advisor did a quick thought experiment about what could happen if the government used"All Writs Act to expand FBiOS development to include wiretapping functionality of a phone in use. " He concluded that what the government's proposing has huge potential for abuse: "...while your data in transit might remain fully encrypted, every device will now include the potential to be wiretapped unless you compile the OS yourself (or install from trusted sources) and maintain control of the update channel. History suggests that FBiOS wiretapping functionality would be too easily abused by multiple governments. And the creation of a spying potential of this sort would be a massive prize for hackers. "We shouldn't undermine our entire security setup just because there are some bad people out there," Masnick wrote. "In fact, that makes us less safe." These debates tend to circle around to the need to defend against criminals and terrorists, which is definitely true, and the fact that most of us consider ourselves law-abiding citizens with nothing to hide. But imagine if you did have something to hide, something you were born with and something you couldn't change. "LGBTQ people around the world depend on encryption every day to stay alive and to protect themselves from violence and discrimination, relying on the basic security features of their phones to prevent online bullies, stalkers, and others from prying into their personal lives and using their sexuality or gender identity against them," Cory Doctorow and Victoria Ruiz wrote. These dangers are not theoretical for millions of people around the world, which is why we at F-Secure we stand with Apple. It's important to make a case for the right to encryption now before it's too late.
The Simple Reason IoT Devices Are So Hackable
The insecurity of IoT devices is a common theme on this blog. Cool and novel yes, but smart “Things” often fall short on security and privacy. We’ve talked about the pitfalls of smart baby monitors, water kettles, cars, and Hello Barbie. Why do these connected things slip up so badly when it comes to security? Let’s look at it from another point of view – the view of the maker of an IoT device. Imagine you own a company that has been making cookie jars for 30 years. You make cute, classy and creative cookie jars to fit every type of kitchen decor. You know everything about them – the best materials, most popular designs, ideal sizes, the best-sealing lids for the freshest cookies, everything. You are an authority in making great cookie jars. Now you decide to get on the IoT train and introduce a smart cookie jar. It will be the first of its kind! This cookie jar will put an end to the age-old problem of kids sneaking treats before dinner and ruining their appetites. It will connect to an app in the user’s phone. The app will alert the user when someone is opening the cookie jar. From the app, the user will also be able to remotely lock and unlock the cookie jar. So even if Mom is away, she can still keep Billy out of the Chocolate Chunkies. You’ve been making cookie jars for three decades – you’re an expert. But when it comes to making a smart cookie jar, that’s another thing. Because you are not an expert in software tech. In fact, you pretty much know nothing about it. You’re excited about your new product. You’re thinking of new features you could build in, like password protection right on the jar, or a sensor that can tell how many cookies have been removed. You’re in a hurry to get the product to market. After all, you’ve heard that some new Silicon Valley startup is working on a similar product, and you don’t want to be upstaged. In all your excitement, security is forgotten. Or rather not forgotten, since you never had it in your mind to begin with. Because you, after all, are a cookie jar maker. You’re working with a few other companies on the technology. Your goal is to get the jar made as quickly and as inexpensively as possible. None of the other vendors stress about security. After all, it’s not going to be their brand name on the final product. It will be yours. You don’t realize that the software being used in your product is five years old. You’ve never thought about what might happen if a vulnerability needs to be patched. Is it even possible to patch, and if so, how will you alert your customers who purchase the jar? But these thoughts don’t enter your mind. Your main concern is that it will work, and that it will look cool, and have that “wow” factor. So you keep working. Eventually your cookie jar gets made and hits the market. It works. It looks cool. And it has that “wow” factor. But, oops. It leaks the password to the home Wi-Fi network. It’s really no surprise. You are, after all, a cookie jar maker.* Security is challenging enough to get right for the software industry itself – how much more so for those companies who are completely new to software and security. As security researcher Runa Sandvik put it, “When you put technology on items that haven’t had it before, you run into security challenges you haven’t thought about before.” *No disrespect to cookie jar makers – I myself am a big fan of cookies of all kinds, and cookie jars are a great way to keep them accessible. I would trust my cookies any day to them, but I’d be more careful about my data. Banner image courtesy Personal Creations, flickr.com. Modified.
Will 2016 be the year you wear a wearble?
The growth of wearable technology has beyond exponential, beyond explosive. In 2010, U.S. consumers spent a mere $6.5 million on devices worn on your body. By 2015, sales have multiplied more than 1,000 times to over $7 billion and are expected to top $12 billion in 2018. The Apple Watch has played a crucial role in rise of the wearable and one of the key functions users are seeking are the health monitoring functions of the device, with smart watches incorporating the features that fitness activity trackers have popularized. Samsung has just announced the release of a Bio-Processor, which "measures body fat, and skeletal muscle mass, heart rate, heart rhythm, skin temperature and stress level," according to the tech giant. It is scheduled to begin to be available in new devices by the first half of 2015. Beyond self-monitoring, wearables now offer medical uses that could transform the treatment of many chronic diseases. "The healthcare industry has started to adopt wearable technology with solutions such as automated devices for asthma monitoring and management, back therapy devices to bring relief from lower back pain, battery operated knee brace to provide relief from pain for more than 40 hours as well as sensors to monitor family members with memory problems attributed to conditions such as Alzheimer’s," Glenn Blake at CloudTweaks reports. But the biggest sign that wearables have reached a crucial tipping point is the fashion industry's increasing attempts to embrace of the technology. As smartphones have become commonplace, many developers are incorporating digital text and "smart ink" as fashion statements. This year's Consumer Electronic Show is the first since the release of the Apple Watch, which Cnet's Richard Nieva called a "gateway drug for many into the habit of wearing computer chip." The show will feature its annual FashionWare show and far more wearable technologies than ever before. "Compared to last year, the square footage of the wearable tech section at CES has quadrupled to 9,400, according to the Consumer Technology Association," Nieva reports. "The number of wearables exhibitors has almost tripled to 41, not including the companies that fall into the health and fitness category, like Fitbit." If wearables do become as commonplace as many expect, the potential for secondary uses -- like cashless payments -- is massive. But the surest sign of this category's success would be the demise of the word "wearable," which is kind of terrible. It even rhymes with terrible. We won't need a special word for devices we wear because wearable technology will be in everything. [Image by Teppo Kotirinta | Flickr]
How Sense protects you without you even noticing
As the Sense team began developing the one device that will protect your entire home, they new the protection needed to be light, fast and seamless. The UltraLight Antivirus technology F-Secure Labs has been developing for years turned out to be the perfect fit. [youtube https://www.youtube.com/watch?v=vv20Kp1c_1M] The blazingly quick cloud-based scanning offers detection of bad application behavior and artificial intelligence to go along the always developing analysis of the experts from our Labs. It also provides a new development platform that enables faster innovation of new solutions as the Internet of Things develops. If you're in the U.S., you can pre-order Sense right now for half off. For a deeper dive into the sort of threats smart home users face, check out this introduction to Sense from our Samu Konttinen. [youtube https://www.youtube.com/watch?v=0y9A7IlswkU]
Shopping for Smart Home Gifts? Shop Smart
Even if you're not considering a Wi-Fi connected Barbie, you may be giving others or expect to get one of the 50 million smart home devices expected to be sold this holiday season. Given that this is the first holiday season when appliances offering internet-connected automation have hit the mainstream, a lot of people aren't sure what to look for when shopping for IoT devices. Making your home smart presents new security risks, but it can also save you or your family's lives. A Harris poll from earlier this year found that what IoT adoption is looking like in the U.S.: Speaker systems are proving to be the most widely adopted smart devices both for the practicality and relatively few security risks. Thermostats come in second, though hacking a net-connected central temperature device could give criminals details about your comings and goings. Wireless security devices require a lot of trust in the manufacturer -- but so do so "non-smart" security systems. Most of the risks the millions of smart home users face are largely theoretical at this point -- unless you're a high-level target. But that could change quickly after this holiday season puts tens of millions more people on the IoT. The Online Trust Alliance recognizes that many of us are just getting into the IoT's who new world of possibilities and vulnerabilities so it has put out a checklist of all the questions you should ask before buying a smart home device. It's quite comprehensive, so the group has boiled its work down to three concerns: Before purchase, confirm your ability to return the device for a refund if upon set up you find the security and/or privacy practices do not meet your personal requirements. If you cannot opt out of sharing data with third parties or are not provided the option of opting in, consider alternative products. Before purchase, review the device’s warranty and support policies and verify that security and software patches are provided for the life of the product, beyond that of the warranty offered by the manufacturer. Review the privacy practices of connected devices you own or are considering buying, including data collection and sharing policies with third parties. Reset permissions to reflect your preferences (for example – data collection and sharing, camera and microphone settings and other functions). If your settings cannot be modified, consider the “reset to factory settings” option to force a clean setup. If you're still shopping around Tom's Guide has put out a list of the best smart home devices it has found. As have Tech Crunch and Tech Hive. And if you're serious about security your new smart home, be sure to check out our F-Secure Sense, which will plug the security holes created by connecting your life to the net.
Can a smart Barbie be a safe Barbie?
The New York Times calls it a "Wi-Fi Barbie Doll With the Soul of Siri" and for many kids it may be a dream come true: A doll that listens and responds to you. Mattel's Hello Barbie is one of the most buzzed about gifts of the 2015 holiday season. And thanks to an app that connects the toy to your Wi-Fi network, the world's most popular doll is now on the Internet of Things. Here's a look at how it works: [youtube https://www.youtube.com/watch?v=RJMvmVCwoNM] If you don't shop for kids' toys, you might not have not even realized that there is smart Barbie -- until news of the VTech hack broke. More than 6 million children's profiles have been exposed in the hack of the Hong Kong toymaker. Suddenly in the midst of the biggest toy buying time of the year, parents are forced to consider the security implications of connected toys they couldn't have imagined when they were kids. If there's a theme to this blog, it's that if it's smart, it's vulnerable. Researchers have questioned VTech's security before. And now some experts are raising similar concerns about Hello Barbie, which sends all of the voice data it hears into a cloud run by ToyTalk. Security researcher Matt Jakubowski was able to "access users' system information, Wi-Fi network names, internal MAC addresses, account IDs and MP3 files" And he said "it was only a matter of time" before he could hack the doll to speak directly to kids. Like many IoT threats, proximity is key. On the company's Tumblr , ToyTalk's Chief Technology Officer points out that the company isn't "aware of" anyone being able to use the doll to access "your WiFi passwords or your kid’s audio data." Given that it is the first Wi-Fi doll, the company is preparing for breaches and has a bug bounty program in place. Jakubowski told Global News, “Overall I think ToyTalk has done a outstanding job on the security protocols they have in place. The doll when in wifi mode requires a client-side cert to be valid in order to access any of the data, it also limits the data that it can accept thus limiting the attack surface.” He added, “ToyTalk also appears to be using HTTPS for all communications to ensure no eavesdropping of any kind can happen. These are all good levels of security that you don’t typically see in many IoT devices. ToyTalk has certainly taken many of the concerns and has addressed them as best as they could.” These are positive steps and completely necessary given the intimacy many children already feel toward Barbie. But some privacy experts are still skeptical. In the wake of VTech, HaveIBeenPwnded.com's Troy Hunt is warning against anything that expands your child's digital footprint. "Given the way children have been shown to interact with dolls, then, there’s a strong likelihood that they will tell Hello Barbie everything," Mary Emily O'Hara writes in The Kernel. Chances are that Hello Barbie won't be the last doll that's on the IoT and with the advances of artificial intelligence, toys will become even more immeshed in kids' lives. For criminals the attack is risky. "Is it worth staging a user-by-user attack against a child's doll?" Richard Chirgwin asked in The Register. Since this is a whole new world, who knows for sure. For now, parents should start to think of Wi-Fi connected toys like smartphones or tablets. Parents should be observant of how kids use them, supervise their use and put them away when they're not being used. Also, make sure your child's password and your Wi-Fi network are unique, strong and unguessable, of course. [Image by Patrick Quinn-Graham | Flickr]
If your smart home could talk
The old cliche "If these walls could talk..." is taking on new meaning in the world of the Internet of Things. Smart walls that actually talk aren't on the market yet. But your smart home is capable of listening, remembering and divulging more about you than you may have imagined, explains researcher Charles Givre, a data scientist at Booz Allen Hamilton. (Yep, the same company that employed whistleblower Edward Snowden.) In a talk at the Make Data Work conference in New York, Givre described what IoT devices Nest Thermostat, the Automatic Car dongle and the Wink hub learned about him as he used them as designed. His conclusion? "'Smart' devices collect and broadcast a lot of information beyond what you might expect. In aggregate, this information can reveal a great deal about the device’s owner." This information includes: Your Facebook and Twitter handles What other "smart" devices you have in your home and when they were connected Your home's location Your internet service provider When you are home All the trips you take in your car (depending on your privacy settings) Possibly your religion (if you, like Givre and Walter from The Big Lebowski, "don't roll on Shabbos") Givre pointed out that most of the information is transferred securely but is stored in the cloud. Anyone who has access to your email address and password could reach it all. At this point, smart homes are rare enough that it's probably more convenient for thieves to physically stake out your home to note your comings and goings. But given the explosion of smart home technology, it's just smart security to make sure your important passwords are unique, strong and unable to be guessed by anyone. This basic step -- and thinking ahead about securing your smart home -- is the best you can do, now that you're aware just how much your smart home knows about you. The makers of IoT devices also need to do due diligence to protect the sensitive data their devices are collecting -- especially since government regulation isn't erring on the side of consumers privacy. "The Federal Trade Commission put out a report this year with best practices about how companies should notify their customers about data retention," ProPublica's Lauren Kirchner reports. "Device makers say that customers can opt in or out of sharing their personal information with developers and third-party apps." So your smart devices may be talking to others without you even realizing you have the choice. "If these walls could talk..." shouldn't you at least have a chance to decide whom they talk to?
3 Ways to Make your Man Cave Smart
Home automation has been a staple of science fiction stories for many years, and the Internet of Things (IoT) is slowly ushering in a world where devices are smart enough to handle tasks that used to require the attention of people. One part of the house ripe for such automation is the “man cave”. Man caves are a relatively new lifestyle trend that basically describe a room or area designed to cater to the tastes and lifestyles of guys, essentially allowing men to indulge in things away from the pressures or stress of the rest of the world. Workshops and garages have traditionally been seen as male-centric areas, but man caves are spaces where manliness is just as much about aesthetics as it is about more “male-oriented work”. Basements, garages, spare bedrooms, studies, and similar spaces are increasingly being converted into these man caves. According to Wikihow, setting up a man cave requires loads of home entertainment devices such as TVs, video game consoles, computers, and other gadgets, as well as decorations that emphasize the “manliness” of the area. Many will even include small appliances, such as mini refrigerators, to allow cave dwellers to remain in isolation for long periods of time. IoT devices are going to give home owners lots of new gadgets to put in their homes, making it a dream come true for tech enthusiasts. TVs will become smart TVs. Mini fridges will become smart fridges. Locks will become smart locks. Microsoft recently developed a smart air hockey table using their Windows 10 IoT core, so it seems fair to say the only limit for automating and “smartening” man caves is the imagination (and maybe a little bit of technical know-how). IoT technologies are going to give guys everywhere a whole new way to conceptualize and design man caves, as well as other rooms in their smart homes. But like many developments in home automation, there are significant security implications to using new devices. Here’s a few suggestion on what to do to keep smart man caves safe and secure. Get smart about protection: IoT devices are designed to make living more convenient. But sadly, many manufacturers are not building their smart devices to be particularly secure. Before you surround yourself with devices that connect your life to the Internet, you should give some serious consideration to how you can prevent people from using that connection against you. It’s already been demonstrated that hackers can use IoT devices to monitor and record what’s going on in your home, and security researchers say these problems will become more serious as IoT devices become more popular. Fortunately, security providers are beginning to offer smart protection for people to use to make sure they stay protected as they develop smarter lifestyles. Manage your devices: A lot of smart devices contain various sensors and transmitters so they can record data about you and share it with some kind of online service. Samsung’s smart TVs, for example, use voice activation to let you control your TV with your voice. Unfortunately, this means your TV records everything you say, and the company has acknowledged that this data can be shared with third parties. This kind of invasion of privacy could become a serious security risk in the event one of these companies has a data breach, so it’s best to control how devices work to make sure its not recording personal conversations, financial information, etc. Many devices allow you to adjust their functionality through the settings options, and F-Secure Labs’ Karmina Aquino recommends people use this to help protect their personal data. Make smart password choices: F-Secure Director of Strategic Threat Research Mika Stahlberg has said that one way hackers will try to hack smart homes is by simply guessing at the passwords used for various devices. This tactic is already being used by hackers to take control of routers used in homes and small offices. The reason for this is because many people will buy small devices, such as routers, and simply never change the passwords set at the factory. These factory-default passwords are readily available on the Internet, so all attackers need to do is match up the password with your device, and then you’re network is compromised. So take a few moments when you’re setting up new devices to choose a decent password. It might take a few extra minutes, but it’s worth it if it keeps hackers and Internet snoops out of your man cave. [Image by Christian Collins | Flickr]
Protecting your smart home takes SENSE
If you follow security news, you've probably heard about F-Secure SENSE -- a totally new kind of security gadget introduced by our Samu Konttinen at Slush in Helsinki. Based on the buzz since the announcement, it seems people were ready for a simple answer to the security questions raised by the transformative promise of smart homes. "A smart thermostat, coffee maker, television, and speaker system may make life easier and more customizable, but they also present a new class of entry points for a hacker to infiltrate your home network and steal valuable personal information," BuzzFeed's Joseph Bernstein explained. Protecting these devices, which have often been rushed to market without security in mind, presents a unique and daunting challenge. "By drawing all of the IoT devices in the home into one protected network, SENSE presents a remarkably elegant solution to a problem the cybersecurity world has been worrying about for a long time," Bernstein wrote. Nice. We agree. The combination of a hardware device that plugs into your router along with two different software solutions was conceived by F-Secure Labs conceived to protect the next generation of smart devices from the next generation of threats. What does the next of threats look like? We already know because they're being used by nation states that are investing massive sums and PhD-level brainpower into cyber-attacks that target critical infrastructure for both surveillance and warfare purposes. Decades of defending threats has taught us that it's impossible to put the cyber-genie into the bottle once an attack has been made public. Advanced techniques trickle down to common criminals soon enough. An attack designed to take out a nuclear power plant today may be repurposed to infiltrate your smart refrigerator tomorrow. SENSE is a whole new kind of product in that it provides advanced cyber defense for your IoT gadgets without slowing them down or requiring constant maintenance. The biggest innovation is that threats are blocked by artificial intelligence based on their reputation and behavior -- they are "sensed" instead of "scanned". While SENSE analyses network traffic and can prevent attacks from ever reaching the various devices in the home, it is not only about your network. Protection that's based only on analyzing network traffic is vulnerable to bypass techniques such as malware waiting for a week before performing any malicious actions.Also, in a post-Snowden world, more and more traffic is encrypted with https or VPN technologies and hence deeper analysis of traffic is not possible on the network. SENSE has lightweight end-point agent that talks to the SENSE device and adds protection by providing visibility into what's happening inside the various devices in your smart home. F-Secure SENSE and the end-point software are just sensors. The real analysis takes place in F-Secure data centers. This, however, doesn't mean that all traffic or even applications would be sent to our cloud. F-Secure takes privacy very seriously and the system has been designed to reduce data transfer and anonymize all data before it hits F-Secure databases. If deeper analysis is needed, the metadata of an object (URL, file) or even the object itself could be sent to an F-Secure server where it will be analyzed and discarded almost immediately. Once the data is in the cloud, analysis is performed by cutting-edge machine learning technologies. Our malware experts at F-Secure Labs are no longer just analysts. They're teachers -- with very unique students. Our human experts train our systems how to tell malware from clean applications. Then the machine handles the analysis. This is not just a better way of doing malware analysis, it's also a necessity with daily incoming unique samples to analyze average at around 350,000 per day. F-Secure SENSE makes next generation protection as easy and satisfying to use as your Smart TV. It's smart security for a future that's already near. And we're very grateful people are noticing. You can pre-order Sense for its 2016 launch here. The first 5000 customers will receive a 50% discount.
F-Secure SENSE – Smart Security, Smart You
The future is becoming smart. We hear about it all the time. Smart TVs are becoming as common as desktops. There’s smart thermostats, smart watches, smart baby monitors, and so on. But the spread of smart devices means security needs to get smarter too, so F-Secure has stepped up the security game by building F-Secure SENSE. SENSE is the first piece of security hardware designed entirely by F-Secure, and it’s setting a new standard for what security products are capable of delivering. SENSE was built to keep up with how technologies are changing what people actually want and need from security providers, so that they can stay protected as Internet-connected devices become a bigger part of their lives. [youtube https://www.youtube.com/watch?v=bR6gvGdDsc4&w=560&h=315] SENSE is a completely new way for people to protect their security and online privacy. It combines hardware and software to give people a single system that can secure all of their Internet-connected devices. Instead of using traditional security apps to protect one or two devices at a time, SENSE works by creating a private, secure network inside of people’s homes that protects the Internet traffic exchanged between the devices in this network and the rest of the Internet. This allows SENSE to protect things like PCs, smartphones, and tablets, but also Internet of Things (IoT) devices that are unable to run traditional security apps. SENSE also comes with the SENSE app, which can be installed on devices like laptops, smartphones, and tablets, so these devices can stay protected even when they leave the home. There’s no limit to the number of devices that SENSE can protect, so you don’t have to buy individual subscriptions for each device. This makes SENSE a completely unique way to protect people – and not just individual devices – from online threats. “The beauty of SENSE is that it is irrelevant whether you have 1 PC, 1 tablet, and 2 phones, or whether you have 3 PCs, 4 tablets, 3 phones, a smart TV, 2 game consoles, and a connected security camera,” says F-Secure Director of Product Management Mika Majapuro. “People don’t think about security and privacy on a device level – they want to protect all their devices in a smart way. This is what SENSE delivers, and it will continue to evolve as your needs and priorities change.” So SENSE is a completely new security product that delivers three key benefits that can help empower people to stop being afraid of using new technologies, and start enjoying a truly smart lifestyle. Smart Convenience According to Gartner, the average home could contain more than 500 connected devices by 2022, making it completely impractical to try and protect each and every device with a separate piece of software. Plus, many IoT devices won’t even let people install their own security apps. So the old way of protecting devices is dying, and SENSE is there to make it easy for people to get used to thinking about security in an entirely new way. SENSE’s app gives people an easy way to administer the security and privacy of their network and devices. It lets people see all the devices connected to the network, and their security status. It will also send notifications to people’s mobile device if it finds any issues with their devices or network. Plus, it provides people with general security tips to help them learn more about how to stay safe online, and lots of other information about online security and privacy. Smart Privacy People are more worried about their privacy now than ever before. One research firm found that 92% of Americans and Britons worry (at least sometimes) about their online privacy, with both nationalities citing the behavior of companies as the most common reason for their concerns. PEW’s research has produced similar findings, saying 91% of Americans feel that people have lost control over how data is collected and used by companies. And controlling privacy is going to be an ongoing challenge as more people put IoT devices in their homes. These devices contain all kinds of sensors and transmitters that collect and share information, and it’s been confirmed that one manufacturer’s smart TVs are constantly collecting data and sharing it with companies. So SENSE helps people keep control of their privacy by securing Internet traffic. It blocks the invasive technologies that companies use to monitor people’s online behavior, such as spyware and other tracking tools. Smart Security IoT devices are giving people exciting new ways to live smart lifestyles, but there’s certainly security risks involved with this. Mika Majapuro describes some of the security problems many IoT devices suffer from in this blog post. And you can read one family’s account of how their “smart” baby monitor had been hacked here. SENSE layers three kinds of security together to give people complete protection: local network security, cloud security, and local security software. It uses unique machine-based learning technologies in F-Secure’s Security Cloud to “sense” threats hidden within Internet traffic, so it actively learns about potential security threats before they hit devices. And it comes with software that can be installed on smartphones, tablets, and PCs, ensuring those devices receive the very best protection that’s made F-Secure famous. Mika says combining these three benefits helps SENSE strike a balance between offering sophisticated protection and ease of use, making it an ideal product for people to use as a foundation for building a truly smart lifestyle. “SENSE is a unique product because it was designed to let people grow and develop their own smart lifestyle without leaving their comfort zone. So even though it’s easy to use and can be set up in just a few minutes, it’s sophisticated enough for people to use the in-depth information it offers to customize the way it works with other devices. It’s really our first consumer product that makes next generation technologies, like machine-based learning, fully accessible and useful to home users.” F-Secure SENSE will start shipping in spring 2016, and is priced at 199 EUR/USD, which includes the hardware, software, and a 12-month subscription. It is currently available for preordering for customers in Europe, and the first 5000 customers will receive a 50% discount.
Are you inviting hackers in your baby's room?
Imagine inviting thousands of strangers into your home to watch your sleeping baby. That's essentially what happened when parents who purchased Foscam's internet-connected baby monitors found out the hard way that they hadn't taken their privacy seriously. One couple in Rochester, Minnesota discovered something was wrong when they heard their monitor playing music at night. They traced the origin of the sounds back to an IP address in Amsterdam. And they also discovered something terrifying -- thousands of images from people's homes. "There's at least fifteen different countries listed and it's not just nurseries – it's people's living rooms, their bedrooms, their kitchens," the mom told local station KTTC. "Every place that people think is sacred and private in their home is being accessed." Revealing the insecurity of Foscam monitors has become something of a game for some hackers. "That's a really poopy diaper," one hacker told a couple in Houston, Texas before offering a bit of advice about updating the monitor's password. That's good advice, says F-Secure's Director of Strategic Threat Research Mika Stahlberg. But it may not be good enough given potential vulnerabilities in the device that could allow hackers to reach the password through the server. "To make matters worse, Foscam allows for easy use of UPnP to open its web server on the public internet so that parents can use it also when not at home," Mika told me. Foscam offers advice on how to secure its monitor, noting that "All devices connected to the Internet run the risk of being hacked." This is true, but IoT devices, especially baby monitors, are especially prone to pretty simplistic hacks for at least 7 reasons. A recent study by security company Rapid7 finds that 9 out of 10 of the most popular brands of internet-connected monitor are vulnerable to cyber intrusion. Given that most parents aren't familiar with security basics like keeping firmware updated and changing default passwords, that seems likely -- even if the design of the devices meets basic security needs. If it's smart, it's exploitable. And if it has a camera, someone may want to watch it -- even if it's in your baby's room. [Image by Abigail Batchelder | via Flickr]
7 reasons why IoT device hacks keep happening
Let’s skip the part where we talk about how many fancy IoT devices people will have in 5 years. We can also skip the part where we talk about the benefits of these devices. Let’s face it, we love these devices and we will keep buying them. We do that because we believe in the connected future. But some of us (at least I am) are a little bit concerned about the potential risks related to the security and privacy of these connected devices. Hacks happen almost on a daily basis. In fact, some say that every single Fortune 500 company has been hacked. But with IoT, these hacks will be very personal: someone will hack into your living room, someone will hack into your baby monitor, and someone will take over your smart TV. Examples of IoT hacks can be found from here. Why is it that these connected devices are being hacked over and over again? The list below, while not exhaustive, explains some of the reasons why these new connected devices are so easy to hack and why we’re likely to see more hacks in the future. MVP mindset Usability > security Lack of skills and resources Ship and forget mindset You (the user) Complex supply chain Cybercrime as a service MVP stands for Minimum Viable Product. The point an MVP is to build something fast and put it on the market to learn about customer reactions. As you get more feedback you iterate or maybe pivot. Needless to say, there is tremendous pressure to release the MVP as soon as possible. As the team is spending all their waking hours getting the product released, do you think security and privacy get the right amount of attention? There are numerous examples that indicate that the answer is no. Ease of use and coolness trumps security. Another problem is that security loses against usability and coolness when new products are being designed. In most cases we’re talking about simple tradeoffs: do you ask the user, for example, to create a strong password during the setup process? By skipping this step, the setup process will be shorter and smoother. Often, the (initial) customer experience is more important than security and privacy. Security experts can be difficult to come by. Pick an established company that has been making, for example, thermostats for the past 50 years. In the old world, that thermostat was not connected to the internet and customers didn’t control it with an app. Security and privacy were not issues. The new world is obviously different and modern thermostats are connected to the internet, perhaps to an IoT hub, and they may be controlled by a smartphone. Clearly engineering teams need new talent with a focus on cyber security and how to manage customer data. But this talent may not come cheap (and it might not be readily available). Ship fast (and forget it). Anyone who has ever worked at product company knows the happiness (and pressure) of releasing new products quickly. Immediately after the first product is released, you start working on the next one and then the next one. Customers don’t, however, always buy all of the latest and greatest models (even if we want them to). Customers probably expect that a connected thermostat, for example, will stay put for the next 3, 5, maybe even 10+ years. The question is, will the vendor keep updating the software on the first generation thermostat? Or are their best and brightest people working on the 11th generation product? The “Ship and forget” mentality leaves customers with devices that are running several years old software that has never been updated, and hence, these devices might have severe security flaws. Customer as the weakest link. Even if an update was available, would your typical customers go through the hassle of updating their IoT devices? Would they have the energy? Would they have the skills? Would they bother to change the default password on their new gadget? No matter what manufacturers do, the customer might still be the weakest link when it comes to securing various IoT devices. Complex supply chain. The worst part for the device vendors? Suppliers and partners who let you down! Very simple: you built a great product and yes, you cared about security and privacy…only to find out that your manufacturer got hacked several years ago and every device leaving their factory is already compromised. Or maybe the cloud vendor you used to store valuable customer data didn’t bother to secure its cloud. Choose your partners carefully: you never know who will jeopardize your brand. Cybercrime as a service. By now you’re starting to get the point. Securing IoT devices can be quite complicated. Let’s add one more factor: the fact that nowadays almost anyone can become a hacker. Just by watching YouTube videos people can learn basic skills. For people who want to take this to a new level, there is the dark web. Anyone can buy exploit kits from the dark web, pay with bitcoins, and the customer service is actually better than with most cable providers! Why would someone bother? Money. Some believe that ransomware will move from computers to IoT devices. Does this mean that we’re doomed? Should people put their IoT shopping sprees on hold? I don’t think so. But should consumers pay more attention when it comes to buying devices and connecting them to the Internet? Yes. Should the consumers go through the hassle of using unique passwords and making sure they update the software on their various devices? Yes, absolutely. My old boss used to ask us a critical question whenever we were working on a new feature or when we were about to release a new product: “Are you proud of this product?”. It was a simple question that made us all think if we were truly ready. I can challenge you to add a second part to that question: “Do we have plans to keep this product and the customer data we collect secure?”. For my part, I will keep debating with my wife which devices are connected to the Internet and which are not.
Designing the User Experience of Sense
Protection technology behind Sense
Why a new internet security solution is needed
The Internet of "what ifs"
Meet the team behind Sense
Game Over For GameOverZeus?
Most Popular Articles
F-Secure SENSE – Smart Security, Smart You
What's keeping the Military off the IoT?
10 Best #IoT Accounts to Follow on Twitter
Why is my Denon's remote management wide open?